Examples with WSSecUsernameToken org.apache.wss4j.dom.message.WSSecUsernameToken used on opensource projects

Search in sources :

Example 6 with WSSecUsernameToken

use of org.apache.wss4j.dom.message.WSSecUsernameToken in project cxf by apache.

the class AbstractBindingBuilder method addUsernameToken.

protected WSSecUsernameToken addUsernameToken(UsernameToken token) {
    assertToken(token);
    if (!isTokenRequired(token.getIncludeTokenType())) {
        return null;
    }
    String userName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
    if (!StringUtils.isEmpty(userName)) {
        WSSecUsernameToken utBuilder = new WSSecUsernameToken(secHeader);
        utBuilder.setIdAllocator(wssConfig.getIdAllocator());
        utBuilder.setWsTimeSource(wssConfig.getCurrentTime());
        // If NoPassword property is set we don't need to set the password
        if (token.getPasswordType() == UsernameToken.PasswordType.NoPassword) {
            utBuilder.setUserInfo(userName, null);
            utBuilder.setPasswordType(null);
        } else {
            String password = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
            if (StringUtils.isEmpty(password)) {
                password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN);
            }
            if (password != null) {
                // If the password is available then build the token
                if (token.getPasswordType() == UsernameToken.PasswordType.HashPassword) {
                    utBuilder.setPasswordType(WSS4JConstants.PASSWORD_DIGEST);
                } else {
                    utBuilder.setPasswordType(WSS4JConstants.PASSWORD_TEXT);
                }
                utBuilder.setUserInfo(userName, password);
            } else {
                unassertPolicy(token, "No password available");
                return null;
            }
        }
        if (token.isCreated() && token.getPasswordType() != UsernameToken.PasswordType.HashPassword) {
            utBuilder.addCreated();
        }
        if (token.isNonce() && token.getPasswordType() != UsernameToken.PasswordType.HashPassword) {
            utBuilder.addNonce();
        }
        return utBuilder;
    }
    unassertPolicy(token, "No username available");
    return null;
}
Also used : WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken)

Example 7 with WSSecUsernameToken

use of org.apache.wss4j.dom.message.WSSecUsernameToken in project cxf by apache.

the class AbstractBindingBuilder method addDKUsernameToken.

protected WSSecUsernameToken addDKUsernameToken(UsernameToken token, boolean useMac) {
    assertToken(token);
    if (!isTokenRequired(token.getIncludeTokenType())) {
        return null;
    }
    String userName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
    if (!StringUtils.isEmpty(userName)) {
        WSSecUsernameToken utBuilder = new WSSecUsernameToken(secHeader);
        utBuilder.setIdAllocator(wssConfig.getIdAllocator());
        utBuilder.setWsTimeSource(wssConfig.getCurrentTime());
        String password = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
        if (StringUtils.isEmpty(password)) {
            password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN);
        }
        if (!StringUtils.isEmpty(password)) {
            // If the password is available then build the token
            utBuilder.setUserInfo(userName, password);
            utBuilder.addDerivedKey(useMac, null, 1000);
            utBuilder.prepare();
        } else {
            unassertPolicy(token, "No password available");
            return null;
        }
        return utBuilder;
    }
    unassertPolicy(token, "No username available");
    return null;
}
Also used : WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken)

Example 8 with WSSecUsernameToken

use of org.apache.wss4j.dom.message.WSSecUsernameToken in project cxf by apache.

the class AbstractBindingBuilder method handleUsernameTokenSupportingToken.

protected void handleUsernameTokenSupportingToken(UsernameToken token, boolean endorse, boolean encryptedToken, List<SupportingToken> ret) throws WSSecurityException {
    if (endorse) {
        WSSecUsernameToken utBuilder = addDKUsernameToken(token, true);
        if (utBuilder != null) {
            utBuilder.prepare();
            addSupportingElement(utBuilder.getUsernameTokenElement());
            ret.add(new SupportingToken(token, utBuilder, null));
            if (encryptedToken) {
                WSEncryptionPart part = new WSEncryptionPart(utBuilder.getId(), "Element");
                part.setElement(utBuilder.getUsernameTokenElement());
                encryptedTokensList.add(part);
            }
        }
    } else {
        WSSecUsernameToken utBuilder = addUsernameToken(token);
        if (utBuilder != null) {
            utBuilder.prepare();
            addSupportingElement(utBuilder.getUsernameTokenElement());
            ret.add(new SupportingToken(token, utBuilder, null));
            // encryptedTokensIdList.add(utBuilder.getId());
            if (encryptedToken || MessageUtils.getContextualBoolean(message, SecurityConstants.ALWAYS_ENCRYPT_UT, true)) {
                WSEncryptionPart part = new WSEncryptionPart(utBuilder.getId(), "Element");
                part.setElement(utBuilder.getUsernameTokenElement());
                encryptedTokensList.add(part);
            }
        }
    }
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken)

Example 9 with WSSecUsernameToken

use of org.apache.wss4j.dom.message.WSSecUsernameToken in project cxf by apache.

the class TransportBindingHandler method handleEndorsingToken.

private void handleEndorsingToken(AbstractToken token, SupportingTokens wrapper) throws Exception {
    assertToken(token);
    if (token != null && !isTokenRequired(token.getIncludeTokenType())) {
        return;
    }
    if (token instanceof IssuedToken || token instanceof SecureConversationToken || token instanceof SecurityContextToken || token instanceof KerberosToken || token instanceof SpnegoContextToken) {
        addSig(doIssuedTokenSignature(token, wrapper));
    } else if (token instanceof X509Token || token instanceof KeyValueToken) {
        addSig(doX509TokenSignature(token, wrapper));
    } else if (token instanceof SamlToken) {
        SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken) token);
        Element envelope = saaj.getSOAPPart().getEnvelope();
        envelope = (Element) DOMUtils.getDomElement(envelope);
        assertionWrapper.toDOM(envelope.getOwnerDocument());
        storeAssertionAsSecurityToken(assertionWrapper);
        addSig(doIssuedTokenSignature(token, wrapper));
    } else if (token instanceof UsernameToken) {
        // Create a UsernameToken object for derived keys and store the security token
        WSSecUsernameToken usernameToken = addDKUsernameToken((UsernameToken) token, true);
        String id = usernameToken.getId();
        byte[] secret = usernameToken.getDerivedKey();
        Instant created = Instant.now();
        Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
        SecurityToken tempTok = new SecurityToken(id, usernameToken.getUsernameTokenElement(), created, expires);
        tempTok.setSecret(secret);
        getTokenStore().add(tempTok);
        message.put(SecurityConstants.TOKEN_ID, tempTok.getId());
        addSig(doIssuedTokenSignature(token, wrapper));
    }
}
Also used : SamlToken(org.apache.wss4j.policy.model.SamlToken) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) Element(org.w3c.dom.Element) Instant(java.time.Instant) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken)

Example 10 with WSSecUsernameToken

use of org.apache.wss4j.dom.message.WSSecUsernameToken in project cxf by apache.

the class TransportBindingHandler method addSignedSupportingTokens.

private void addSignedSupportingTokens(SupportingTokens sgndSuppTokens) throws Exception {
    for (AbstractToken token : sgndSuppTokens.getTokens()) {
        assertToken(token);
        if (token != null && !isTokenRequired(token.getIncludeTokenType())) {
            continue;
        }
        if (token instanceof UsernameToken) {
            WSSecUsernameToken utBuilder = addUsernameToken((UsernameToken) token);
            if (utBuilder != null) {
                utBuilder.prepare();
                utBuilder.appendToHeader();
            }
        } else if (token instanceof IssuedToken || token instanceof KerberosToken || token instanceof SpnegoContextToken) {
            SecurityToken secTok = getSecurityToken();
            if (isTokenRequired(token.getIncludeTokenType())) {
                // Add the token
                addEncryptedKeyElement(cloneElement(secTok.getToken()));
            }
        } else if (token instanceof SamlToken) {
            SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken) token);
            if (assertionWrapper != null) {
                Element envelope = saaj.getSOAPPart().getEnvelope();
                envelope = (Element) DOMUtils.getDomElement(envelope);
                addSupportingElement(assertionWrapper.toDOM(envelope.getOwnerDocument()));
            }
        } else {
        // REVISIT - not supported for signed.  Exception?
        }
    }
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) SamlToken(org.apache.wss4j.policy.model.SamlToken) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken)

Aggregations

WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)10 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)5 Element (org.w3c.dom.Element)4 Instant (java.time.Instant)3 WSEncryptionPart (org.apache.wss4j.common.WSEncryptionPart)3 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)3 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)3 SecurityTokenReference (org.apache.wss4j.common.token.SecurityTokenReference)2 WSSecSignature (org.apache.wss4j.dom.message.WSSecSignature)2 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)2 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)2 SamlToken (org.apache.wss4j.policy.model.SamlToken)2 SpnegoContextToken (org.apache.wss4j.policy.model.SpnegoContextToken)2 Document (org.w3c.dom.Document)2 ArrayList (java.util.ArrayList)1 Reference (javax.xml.crypto.dsig.Reference)1 SOAPException (javax.xml.soap.SOAPException)1 XMLStreamException (javax.xml.stream.XMLStreamException)1 XPathExpressionException (javax.xml.xpath.XPathExpressionException)1 Header (org.apache.cxf.headers.Header)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial