Example 1 with WSUsernameTokenPrincipalImpl
use of org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl in project ddf by codice.
the class UPBSTValidator method createPrincipal.
/**
* Create a principal based on the authenticated UsernameToken.
*/
private Principal createPrincipal(String username, String passwordValue, String passwordType, String nonce, String createdTime) {
boolean hashed = false;
if (WSConstants.PASSWORD_DIGEST.equals(passwordType)) {
hashed = true;
}
WSUsernameTokenPrincipalImpl principal = new WSUsernameTokenPrincipalImpl(username, hashed);
if (nonce != null) {
principal.setNonce(nonce.getBytes(StandardCharsets.UTF_8));
}
principal.setPassword(passwordValue);
principal.setCreatedTime(createdTime);
principal.setPasswordType(passwordType);
return principal;
}
Also used :
WSUsernameTokenPrincipalImpl(org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)
Example 2 with WSUsernameTokenPrincipalImpl
use of org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl in project testcases by coheigea.
the class SyncopeBasicAuthInterceptor method handleMessage.
public void handleMessage(Message message) throws Fault {
AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
if (policy == null || policy.getUserName() == null || policy.getPassword() == null) {
String name = null;
if (policy != null) {
name = policy.getUserName();
}
String error = "No user credentials are available";
LOG.warning(error + " " + "for name: " + name);
throw new SecurityException(error);
}
try {
UsernameToken token = convertPolicyToToken(policy);
Credential credential = new Credential();
credential.setUsernametoken(token);
RequestData data = new RequestData();
data.setMsgContext(message);
credential = validator.validate(credential, data);
// Create a Principal/SecurityContext
Principal p = null;
if (credential != null && credential.getPrincipal() != null) {
p = credential.getPrincipal();
} else {
p = new WSUsernameTokenPrincipalImpl(policy.getUserName(), false);
((WSUsernameTokenPrincipalImpl) p).setPassword(policy.getPassword());
}
message.put(SecurityContext.class, createSecurityContext(p));
} catch (Exception ex) {
throw new Fault(ex);
}
}
Also used :
AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy)
Credential(org.apache.wss4j.dom.validate.Credential)
RequestData(org.apache.wss4j.dom.handler.RequestData)
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
Fault(org.apache.cxf.interceptor.Fault)
Principal(java.security.Principal)
WSUsernameTokenPrincipalImpl(org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)
Example 3 with WSUsernameTokenPrincipalImpl
use of org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl in project cxf by apache.
the class CustomUTValidator method validate.
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
Credential cred = super.validate(credential, data);
UsernameToken ut = credential.getUsernametoken();
WSUsernameTokenPrincipalImpl principal = new WSUsernameTokenPrincipalImpl(ut.getName(), ut.isHashed());
principal.setCreatedTime(ut.getCreated());
principal.setNonce(principal.getNonce());
principal.setPassword(ut.getPassword());
principal.setPasswordType(ut.getPasswordType());
Subject subject = new Subject();
subject.getPrincipals().add(principal);
if ("Alice".equals(ut.getName())) {
subject.getPrincipals().add(new SimpleGroup("manager", ut.getName()));
}
subject.getPrincipals().add(new SimpleGroup("worker", ut.getName()));
cred.setSubject(subject);
return cred;
}
Also used :
Credential(org.apache.wss4j.dom.validate.Credential)
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
SimpleGroup(org.apache.cxf.common.security.SimpleGroup)
Subject(javax.security.auth.Subject)
WSUsernameTokenPrincipalImpl(org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)
Example 4 with WSUsernameTokenPrincipalImpl
use of org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl in project ddf by codice.
the class UsernameTokenValidator method createPrincipal.
/**
* Create a principal based on the authenticated UsernameToken.
*/
private Principal createPrincipal(String username, String passwordValue, String passwordType, String nonce, String createdTime) {
boolean hashed = false;
if (WSConstants.PASSWORD_DIGEST.equals(passwordType)) {
hashed = true;
}
WSUsernameTokenPrincipalImpl principal = new WSUsernameTokenPrincipalImpl(username, hashed);
if (nonce != null) {
principal.setNonce(nonce.getBytes(StandardCharsets.UTF_8));
}
principal.setPassword(passwordValue);
principal.setCreatedTime(createdTime);
principal.setPasswordType(passwordType);
return principal;
}
Also used :
WSUsernameTokenPrincipalImpl(org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)
Example 5 with WSUsernameTokenPrincipalImpl
use of org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl in project testcases by coheigea.
the class SpringSecurityBasicAuthInterceptor method handleMessage.
public void handleMessage(Message message) throws Fault {
AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
if (policy == null || policy.getUserName() == null || policy.getPassword() == null) {
String name = null;
if (policy != null) {
name = policy.getUserName();
}
String error = "No user credentials are available";
LOG.warning(error + " " + "for name: " + name);
throw new SecurityException(error);
}
try {
UsernameToken token = convertPolicyToToken(policy);
Credential credential = new Credential();
credential.setUsernametoken(token);
RequestData data = new RequestData();
data.setMsgContext(message);
credential = validator.validate(credential, data);
// Create a Principal/SecurityContext
Principal p = null;
if (credential != null && credential.getPrincipal() != null) {
p = credential.getPrincipal();
} else {
p = new WSUsernameTokenPrincipalImpl(policy.getUserName(), false);
((WSUsernameTokenPrincipalImpl) p).setPassword(policy.getPassword());
}
message.put(SecurityContext.class, createSecurityContext(p));
} catch (Exception ex) {
throw new Fault(ex);
}
}
Also used :
AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy)
Credential(org.apache.wss4j.dom.validate.Credential)
RequestData(org.apache.wss4j.dom.handler.RequestData)
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
Fault(org.apache.cxf.interceptor.Fault)
Principal(java.security.Principal)
WSUsernameTokenPrincipalImpl(org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)
Aggregations
WSUsernameTokenPrincipalImpl (org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)12
Principal (java.security.Principal)6
UsernameToken (org.apache.wss4j.dom.message.token.UsernameToken)5
Credential (org.apache.wss4j.dom.validate.Credential)5
AuthorizationPolicy (org.apache.cxf.configuration.security.AuthorizationPolicy)4
RequestData (org.apache.wss4j.dom.handler.RequestData)4
Subject (javax.security.auth.Subject)3
Fault (org.apache.cxf.interceptor.Fault)3
X500Principal (javax.security.auth.x500.X500Principal)1
SimpleGroup (org.apache.cxf.common.security.SimpleGroup)1
SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)1
SecurityContext (org.apache.cxf.security.SecurityContext)1
BSPEnforcer (org.apache.wss4j.common.bsp.BSPEnforcer)1
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1
WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)1
UsernameToken (org.apache.wss4j.policy.model.UsernameToken)1
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1
