Search in sources :

Example 6 with WSUsernameTokenPrincipalImpl

use of org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl in project cxf by apache.

the class UsernameTokenValidator method createPrincipal.

/**
 * Create a principal based on the authenticated UsernameToken.
 * @throws Base64DecodingException
 */
private Principal createPrincipal(String username, String passwordValue, String passwordType, String nonce, String createdTime) {
    boolean hashed = false;
    if (WSS4JConstants.PASSWORD_DIGEST.equals(passwordType)) {
        hashed = true;
    }
    WSUsernameTokenPrincipalImpl principal = new WSUsernameTokenPrincipalImpl(username, hashed);
    if (nonce != null) {
        principal.setNonce(Base64.getMimeDecoder().decode(nonce));
    }
    principal.setPassword(passwordValue);
    principal.setCreatedTime(createdTime);
    principal.setPasswordType(passwordType);
    return principal;
}
Also used : WSUsernameTokenPrincipalImpl(org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)

Example 7 with WSUsernameTokenPrincipalImpl

use of org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl in project cxf by apache.

the class WSS4JBasicAuthValidator method validate.

protected void validate(Message message) throws WSSecurityException {
    AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
    if (policy == null || policy.getUserName() == null || policy.getPassword() == null) {
        String name = null;
        if (policy != null) {
            name = policy.getUserName();
        }
        String errorMsg = "No user name and/or password is available, name: " + name;
        LOG.warning(errorMsg);
        throw new SecurityException(errorMsg);
    }
    UsernameToken token = convertPolicyToToken(policy);
    Credential credential = new Credential();
    credential.setUsernametoken(token);
    RequestData data = new RequestData();
    data.setMsgContext(message);
    data.setCallbackHandler(callbackHandler);
    credential = getValidator().validate(credential, data);
    // Create a Principal/SecurityContext
    SecurityContext sc = null;
    if (credential != null && credential.getPrincipal() != null) {
        sc = createSecurityContext(message, credential);
    } else {
        Principal p = new WSUsernameTokenPrincipalImpl(policy.getUserName(), false);
        ((WSUsernameTokenPrincipalImpl) p).setPassword(policy.getPassword());
        sc = createSecurityContext(p);
    }
    message.put(SecurityContext.class, sc);
}
Also used : AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy) Credential(org.apache.wss4j.dom.validate.Credential) RequestData(org.apache.wss4j.dom.handler.RequestData) UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Principal(java.security.Principal) WSUsernameTokenPrincipalImpl(org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)

Example 8 with WSUsernameTokenPrincipalImpl

use of org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl in project testcases by coheigea.

the class SpringSecurityBasicAuthInterceptor method handleMessage.

public void handleMessage(Message message) throws Fault {
    AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
    if (policy == null || policy.getUserName() == null || policy.getPassword() == null) {
        String name = null;
        if (policy != null) {
            name = policy.getUserName();
        }
        String error = "No user credentials are available";
        LOG.warning(error + " " + "for name: " + name);
        throw new SecurityException(error);
    }
    try {
        UsernameToken token = convertPolicyToToken(policy);
        Credential credential = new Credential();
        credential.setUsernametoken(token);
        RequestData data = new RequestData();
        data.setMsgContext(message);
        credential = validator.validate(credential, data);
        // Create a Principal/SecurityContext
        Principal p = null;
        if (credential != null && credential.getPrincipal() != null) {
            p = credential.getPrincipal();
        } else {
            p = new WSUsernameTokenPrincipalImpl(policy.getUserName(), false);
            ((WSUsernameTokenPrincipalImpl) p).setPassword(policy.getPassword());
        }
        message.put(SecurityContext.class, createSecurityContext(p));
    } catch (Exception ex) {
        throw new Fault(ex);
    }
}
Also used : AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy) Credential(org.apache.wss4j.dom.validate.Credential) RequestData(org.apache.wss4j.dom.handler.RequestData) UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) Fault(org.apache.cxf.interceptor.Fault) Principal(java.security.Principal) WSUsernameTokenPrincipalImpl(org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)

Example 9 with WSUsernameTokenPrincipalImpl

use of org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl in project testcases by coheigea.

the class SpringSecurityHeaderProcessor method process.

public void process(Exchange exchange) throws Exception {
    Subject subject = exchange.getIn().getHeader(Exchange.AUTHENTICATION, Subject.class);
    if (subject != null && subject.getPrincipals() != null && !subject.getPrincipals().isEmpty()) {
        UsernamePasswordAuthenticationToken authToken = null;
        for (Principal principal : subject.getPrincipals()) {
            if (principal instanceof WSUsernameTokenPrincipalImpl) {
                authToken = new UsernamePasswordAuthenticationToken(principal.getName(), ((WSUsernameTokenPrincipalImpl) principal).getPassword());
                break;
            }
        }
        if (authToken != null) {
            subject.getPrincipals().clear();
            subject.getPrincipals().add(authToken);
        }
    }
}
Also used : UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Subject(javax.security.auth.Subject) Principal(java.security.Principal) WSUsernameTokenPrincipalImpl(org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)

Example 10 with WSUsernameTokenPrincipalImpl

use of org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl in project testcases by coheigea.

the class ShiroHeaderProcessor method process.

public void process(Exchange exchange) throws Exception {
    Subject subject = exchange.getIn().getHeader(Exchange.AUTHENTICATION, Subject.class);
    if (subject != null && subject.getPrincipals() != null && !subject.getPrincipals().isEmpty()) {
        for (Principal principal : subject.getPrincipals()) {
            if (principal instanceof WSUsernameTokenPrincipalImpl) {
                exchange.getIn().setHeader("SHIRO_SECURITY_USERNAME", principal.getName());
                exchange.getIn().setHeader("SHIRO_SECURITY_PASSWORD", ((WSUsernameTokenPrincipalImpl) principal).getPassword());
                break;
            }
        }
    }
}
Also used : Subject(javax.security.auth.Subject) Principal(java.security.Principal) WSUsernameTokenPrincipalImpl(org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)

Aggregations

WSUsernameTokenPrincipalImpl (org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)12 Principal (java.security.Principal)6 UsernameToken (org.apache.wss4j.dom.message.token.UsernameToken)5 Credential (org.apache.wss4j.dom.validate.Credential)5 AuthorizationPolicy (org.apache.cxf.configuration.security.AuthorizationPolicy)4 RequestData (org.apache.wss4j.dom.handler.RequestData)4 Subject (javax.security.auth.Subject)3 Fault (org.apache.cxf.interceptor.Fault)3 X500Principal (javax.security.auth.x500.X500Principal)1 SimpleGroup (org.apache.cxf.common.security.SimpleGroup)1 SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)1 SecurityContext (org.apache.cxf.security.SecurityContext)1 BSPEnforcer (org.apache.wss4j.common.bsp.BSPEnforcer)1 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1 WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)1 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1