use of org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl in project cxf by apache.
the class UsernameTokenValidator method createPrincipal.
/**
* Create a principal based on the authenticated UsernameToken.
* @throws Base64DecodingException
*/
private Principal createPrincipal(String username, String passwordValue, String passwordType, String nonce, String createdTime) {
boolean hashed = false;
if (WSS4JConstants.PASSWORD_DIGEST.equals(passwordType)) {
hashed = true;
}
WSUsernameTokenPrincipalImpl principal = new WSUsernameTokenPrincipalImpl(username, hashed);
if (nonce != null) {
principal.setNonce(Base64.getMimeDecoder().decode(nonce));
}
principal.setPassword(passwordValue);
principal.setCreatedTime(createdTime);
principal.setPasswordType(passwordType);
return principal;
}
use of org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl in project cxf by apache.
the class WSS4JBasicAuthValidator method validate.
protected void validate(Message message) throws WSSecurityException {
AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
if (policy == null || policy.getUserName() == null || policy.getPassword() == null) {
String name = null;
if (policy != null) {
name = policy.getUserName();
}
String errorMsg = "No user name and/or password is available, name: " + name;
LOG.warning(errorMsg);
throw new SecurityException(errorMsg);
}
UsernameToken token = convertPolicyToToken(policy);
Credential credential = new Credential();
credential.setUsernametoken(token);
RequestData data = new RequestData();
data.setMsgContext(message);
data.setCallbackHandler(callbackHandler);
credential = getValidator().validate(credential, data);
// Create a Principal/SecurityContext
SecurityContext sc = null;
if (credential != null && credential.getPrincipal() != null) {
sc = createSecurityContext(message, credential);
} else {
Principal p = new WSUsernameTokenPrincipalImpl(policy.getUserName(), false);
((WSUsernameTokenPrincipalImpl) p).setPassword(policy.getPassword());
sc = createSecurityContext(p);
}
message.put(SecurityContext.class, sc);
}
use of org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl in project testcases by coheigea.
the class SpringSecurityBasicAuthInterceptor method handleMessage.
public void handleMessage(Message message) throws Fault {
AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
if (policy == null || policy.getUserName() == null || policy.getPassword() == null) {
String name = null;
if (policy != null) {
name = policy.getUserName();
}
String error = "No user credentials are available";
LOG.warning(error + " " + "for name: " + name);
throw new SecurityException(error);
}
try {
UsernameToken token = convertPolicyToToken(policy);
Credential credential = new Credential();
credential.setUsernametoken(token);
RequestData data = new RequestData();
data.setMsgContext(message);
credential = validator.validate(credential, data);
// Create a Principal/SecurityContext
Principal p = null;
if (credential != null && credential.getPrincipal() != null) {
p = credential.getPrincipal();
} else {
p = new WSUsernameTokenPrincipalImpl(policy.getUserName(), false);
((WSUsernameTokenPrincipalImpl) p).setPassword(policy.getPassword());
}
message.put(SecurityContext.class, createSecurityContext(p));
} catch (Exception ex) {
throw new Fault(ex);
}
}
use of org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl in project testcases by coheigea.
the class SpringSecurityHeaderProcessor method process.
public void process(Exchange exchange) throws Exception {
Subject subject = exchange.getIn().getHeader(Exchange.AUTHENTICATION, Subject.class);
if (subject != null && subject.getPrincipals() != null && !subject.getPrincipals().isEmpty()) {
UsernamePasswordAuthenticationToken authToken = null;
for (Principal principal : subject.getPrincipals()) {
if (principal instanceof WSUsernameTokenPrincipalImpl) {
authToken = new UsernamePasswordAuthenticationToken(principal.getName(), ((WSUsernameTokenPrincipalImpl) principal).getPassword());
break;
}
}
if (authToken != null) {
subject.getPrincipals().clear();
subject.getPrincipals().add(authToken);
}
}
}
use of org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl in project testcases by coheigea.
the class ShiroHeaderProcessor method process.
public void process(Exchange exchange) throws Exception {
Subject subject = exchange.getIn().getHeader(Exchange.AUTHENTICATION, Subject.class);
if (subject != null && subject.getPrincipals() != null && !subject.getPrincipals().isEmpty()) {
for (Principal principal : subject.getPrincipals()) {
if (principal instanceof WSUsernameTokenPrincipalImpl) {
exchange.getIn().setHeader("SHIRO_SECURITY_USERNAME", principal.getName());
exchange.getIn().setHeader("SHIRO_SECURITY_PASSWORD", ((WSUsernameTokenPrincipalImpl) principal).getPassword());
break;
}
}
}
}
Aggregations