Examples with UsernameTokenPrincipal org.apache.wss4j.common.principal.UsernameTokenPrincipal used on opensource projects

Search in sources :

Example 6 with UsernameTokenPrincipal

use of org.apache.wss4j.common.principal.UsernameTokenPrincipal in project cxf by apache.

the class DefaultSubjectProvider method createSubjectBean.

/**
 * Create the SubjectBean using the specified principal.
 */
protected SubjectBean createSubjectBean(Principal principal, SubjectProviderParameters subjectProviderParameters) {
    TokenProviderParameters providerParameters = subjectProviderParameters.getProviderParameters();
    TokenRequirements tokenRequirements = providerParameters.getTokenRequirements();
    KeyRequirements keyRequirements = providerParameters.getKeyRequirements();
    String tokenType = tokenRequirements.getTokenType();
    String keyType = keyRequirements.getKeyType();
    String confirmationMethod = getSubjectConfirmationMethod(tokenType, keyType);
    String subjectName = principal.getName();
    String localSubjectNameIDFormat = subjectNameIDFormat;
    if (SAML2Constants.NAMEID_FORMAT_UNSPECIFIED.equals(localSubjectNameIDFormat) && principal instanceof X500Principal) {
        // Just use the "cn" instead of the entire DN
        try {
            LdapName ln = new LdapName(principal.getName());
            for (Rdn rdn : ln.getRdns()) {
                if ("CN".equalsIgnoreCase(rdn.getType()) && (rdn.getValue() instanceof String)) {
                    subjectName = (String) rdn.getValue();
                    break;
                }
            }
        } catch (Throwable ex) {
            subjectName = principal.getName();
        // Ignore, not X500 compliant thus use the whole string as the value
        }
    } else if (!SAML2Constants.NAMEID_FORMAT_UNSPECIFIED.equals(localSubjectNameIDFormat)) {
        /* Set subjectNameIDFormat correctly based on type of principal
                unless already set to some value other than unspecified */
        if (principal instanceof UsernameTokenPrincipal) {
            localSubjectNameIDFormat = SAML2Constants.NAMEID_FORMAT_PERSISTENT;
        } else if (principal instanceof X500Principal) {
            localSubjectNameIDFormat = SAML2Constants.NAMEID_FORMAT_X509_SUBJECT_NAME;
        } else if (principal instanceof KerberosPrincipal) {
            localSubjectNameIDFormat = SAML2Constants.NAMEID_FORMAT_KERBEROS;
        } else if (localSubjectNameIDFormat == null) {
            localSubjectNameIDFormat = SAML2Constants.NAMEID_FORMAT_UNSPECIFIED;
        }
    }
    SubjectBean subjectBean = new SubjectBean(subjectName, subjectNameQualifier, confirmationMethod);
    if (LOG.isLoggable(Level.FINE)) {
        LOG.fine("Creating new subject with principal name: " + principal.getName());
    }
    subjectBean.setSubjectNameIDFormat(localSubjectNameIDFormat);
    return subjectBean;
}
Also used : KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal) X500Principal(javax.security.auth.x500.X500Principal) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) Rdn(javax.naming.ldap.Rdn) LdapName(javax.naming.ldap.LdapName)

Example 7 with UsernameTokenPrincipal

use of org.apache.wss4j.common.principal.UsernameTokenPrincipal in project jbossws-cxf by jbossws.

the class SubjectCreatingPolicyInterceptor method handleMessage.

@Override
public void handleMessage(Message message) throws Fault {
    Endpoint ep = message.getExchange().get(Endpoint.class);
    SecurityDomainContext sdc = ep.getSecurityDomainContext();
    SecurityContext context = message.get(SecurityContext.class);
    if (context == null || context.getUserPrincipal() == null) {
        Loggers.SECURITY_LOGGER.userPrincipalNotAvailableOnCurrentMessage();
        return;
    }
    SecurityToken token = message.get(SecurityToken.class);
    Subject subject = null;
    if (token != null) {
        // Try authenticating using SecurityToken info
        if (token.getTokenType() != TokenType.UsernameToken) {
            throw Messages.MESSAGES.unsupportedTokenType(token.getTokenType());
        }
        UsernameToken ut = (UsernameToken) token;
        subject = createSubject(sdc, ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime());
    } else {
        // Try authenticating using WSS4J internal info (previously set into SecurityContext by WSS4JInInterceptor)
        Principal p = context.getUserPrincipal();
        if (!(p instanceof UsernameTokenPrincipal)) {
            throw Messages.MESSAGES.couldNotGetSubjectInfo();
        }
        UsernameTokenPrincipal up = (UsernameTokenPrincipal) p;
        subject = createSubject(sdc, up.getName(), up.getPassword(), up.isPasswordDigest(), up.getNonce(), up.getCreatedTime());
    }
    Principal principal = getPrincipal(context.getUserPrincipal(), subject);
    message.put(SecurityContext.class, createSecurityContext(principal, subject));
}
Also used : SecurityToken(org.apache.cxf.common.security.SecurityToken) Endpoint(org.jboss.wsf.spi.deployment.Endpoint) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal) SecurityContext(org.apache.cxf.security.SecurityContext) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) UsernameToken(org.apache.cxf.common.security.UsernameToken) SecurityDomainContext(org.jboss.wsf.spi.security.SecurityDomainContext) Subject(javax.security.auth.Subject) Principal(java.security.Principal) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)

Aggregations

UsernameTokenPrincipal (org.apache.wss4j.common.principal.UsernameTokenPrincipal)7 Principal (java.security.Principal)5 SecurityContext (org.apache.cxf.security.SecurityContext)4 Subject (javax.security.auth.Subject)3 UsernameToken (org.apache.cxf.common.security.UsernameToken)3 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)2 X500Principal (javax.security.auth.x500.X500Principal)2 SecurityToken (org.apache.cxf.common.security.SecurityToken)2 DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)2 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)2 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)2 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 LdapName (javax.naming.ldap.LdapName)1 Rdn (javax.naming.ldap.Rdn)1 SoapMessage (org.apache.cxf.binding.soap.SoapMessage)1 Header (org.apache.cxf.headers.Header)1 Fault (org.apache.cxf.interceptor.Fault)1 SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)1 KeyRequirements (org.apache.cxf.sts.request.KeyRequirements)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial