Examples with UsernameToken org.apache.wss4j.dom.message.token.UsernameToken used on opensource projects

Search in sources :

Example 21 with UsernameToken

use of org.apache.wss4j.dom.message.token.UsernameToken in project cxf by apache.

the class UsernameTokenPolicyValidator method checkTokens.

/**
 * All UsernameTokens must conform to the policy
 */
public boolean checkTokens(org.apache.wss4j.policy.model.UsernameToken usernameTokenPolicy, AssertionInfo ai, List<WSSecurityEngineResult> utResults) {
    for (WSSecurityEngineResult result : utResults) {
        UsernameToken usernameToken = (UsernameToken) result.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);
        PasswordType passwordType = usernameTokenPolicy.getPasswordType();
        boolean isHashPassword = passwordType == PasswordType.HashPassword;
        boolean isNoPassword = passwordType == PasswordType.NoPassword;
        if (isHashPassword != usernameToken.isHashed()) {
            ai.setNotAsserted("Password hashing policy not enforced");
            return false;
        }
        if (isNoPassword && (usernameToken.getPassword() != null)) {
            ai.setNotAsserted("Username Token NoPassword policy not enforced");
            return false;
        } else if (!isNoPassword && (usernameToken.getPassword() == null) && isNonEndorsingSupportingToken(usernameTokenPolicy)) {
            ai.setNotAsserted("Username Token No Password supplied");
            return false;
        }
        if (usernameTokenPolicy.isCreated() && (usernameToken.getCreated() == null || usernameToken.isHashed())) {
            ai.setNotAsserted("Username Token Created policy not enforced");
            return false;
        }
        if (usernameTokenPolicy.isNonce() && (usernameToken.getNonce() == null || usernameToken.isHashed())) {
            ai.setNotAsserted("Username Token Nonce policy not enforced");
            return false;
        }
    }
    return true;
}
Also used : UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) PasswordType(org.apache.wss4j.policy.model.UsernameToken.PasswordType)

Example 22 with UsernameToken

use of org.apache.wss4j.dom.message.token.UsernameToken in project cxf by apache.

the class CustomUTValidator method validate.

public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
    Credential cred = super.validate(credential, data);
    UsernameToken ut = credential.getUsernametoken();
    WSUsernameTokenPrincipalImpl principal = new WSUsernameTokenPrincipalImpl(ut.getName(), ut.isHashed());
    principal.setCreatedTime(ut.getCreated());
    principal.setNonce(principal.getNonce());
    principal.setPassword(ut.getPassword());
    principal.setPasswordType(ut.getPasswordType());
    Subject subject = new Subject();
    subject.getPrincipals().add(principal);
    if ("Alice".equals(ut.getName())) {
        subject.getPrincipals().add(new SimpleGroup("manager", ut.getName()));
    }
    subject.getPrincipals().add(new SimpleGroup("worker", ut.getName()));
    cred.setSubject(subject);
    return cred;
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) SimpleGroup(org.apache.cxf.common.security.SimpleGroup) Subject(javax.security.auth.Subject) WSUsernameTokenPrincipalImpl(org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)

Example 23 with UsernameToken

use of org.apache.wss4j.dom.message.token.UsernameToken in project cxf by apache.

the class WSSUsernameCallbackHandler method createWSSEUsernameToken.

private UsernameToken createWSSEUsernameToken(String username, Document doc) {
    UsernameToken usernameToken = new UsernameToken(true, doc, null);
    usernameToken.setName(username);
    usernameToken.addWSUNamespace();
    usernameToken.addWSSENamespace();
    usernameToken.setID("id-" + username);
    return usernameToken;
}
Also used : UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)

Example 24 with UsernameToken

use of org.apache.wss4j.dom.message.token.UsernameToken in project cxf by apache.

the class CallbackHandlerLoginHandler method createSubject.

@Override
public UserSubject createSubject(Client client, String user, String pass) {
    Document doc = DOMUtils.getEmptyDocument();
    UsernameToken token = new UsernameToken(false, doc, WSS4JConstants.PASSWORD_TEXT);
    token.setName(user);
    token.setPassword(pass);
    Credential credential = new Credential();
    credential.setUsernametoken(token);
    RequestData data = new RequestData();
    data.setMsgContext(PhaseInterceptorChain.getCurrentMessage());
    data.setCallbackHandler(callbackHandler);
    UsernameTokenValidator validator = new UsernameTokenValidator();
    try {
        credential = validator.validate(credential, data);
        UserSubject subject = new UserSubject();
        subject.setLogin(user);
        return subject;
    } catch (Exception ex) {
        throw ExceptionUtils.toInternalServerErrorException(ex, null);
    }
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject) UsernameTokenValidator(org.apache.wss4j.dom.validate.UsernameTokenValidator) RequestData(org.apache.wss4j.dom.handler.RequestData) UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) Document(org.w3c.dom.Document)

Example 25 with UsernameToken

use of org.apache.wss4j.dom.message.token.UsernameToken in project ddf by codice.

the class StsIssueTest method testBearerWebSsoTokenSaml2.

/**
     * Test the Web SSO Token
     */
public void testBearerWebSsoTokenSaml2(StsPortTypes portType) throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = StsIssueTest.class.getResource("/cxf-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    SpringBusFactory.setDefaultBus(bus);
    SpringBusFactory.setThreadDefaultBus(bus);
    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
    DocumentBuilder builder = factory.newDocumentBuilder();
    Document doc = builder.newDocument();
    // Create a Username Token
    UsernameToken oboToken = new UsernameToken(false, doc, WSConstants.PASSWORD_TEXT);
    // Workout the details of how to fill out the username token
    // ID - the Key that tells the validator its an SSO token
    // Name - the SSO ticket
    oboToken.setID(CAS_ID);
    oboToken.setName("ST-098ASDF13245WERT");
    // Build the Claims object
    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement(WST, CLAIMS, STSUtils.WST_NS_05_12);
    writer.writeNamespace(WST, STSUtils.WST_NS_05_12);
    writer.writeNamespace(IC, IDENTITY_URI);
    writer.writeAttribute(DIALECT, IDENTITY_URI);
    // Add the Role claim
    writer.writeStartElement(IC, CLAIM_TYPE, IDENTITY_URI);
    // writer.writeAttribute("Uri",
    // "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
    writer.writeAttribute(URI, "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uid");
    writer.writeEndElement();
    Element claims = writer.getDocument().getDocumentElement();
    // Get a token
    SecurityToken token = requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, oboToken.getElement(), bus, StsAddresses.valueOf(portType.toString()).toString(), WsdlLocations.valueOf(portType.toString()).toString(), EndPoints.valueOf(portType.toString()).toString(), claims);
    if (token != null) {
        validateSecurityToken(token);
    }
    bus.shutdown(true);
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Bus(org.apache.cxf.Bus) W3CDOMStreamWriter(org.apache.cxf.staxutils.W3CDOMStreamWriter) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory) DocumentBuilder(javax.xml.parsers.DocumentBuilder) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) Document(org.w3c.dom.Document) URL(java.net.URL)

Aggregations

UsernameToken (org.apache.wss4j.dom.message.token.UsernameToken)46 Document (org.w3c.dom.Document)32 Credential (org.apache.wss4j.dom.validate.Credential)16 RequestData (org.apache.wss4j.dom.handler.RequestData)15 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12 Element (org.w3c.dom.Element)10 Principal (java.security.Principal)9 WSUsernameTokenPrincipalImpl (org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)5 Test (org.junit.Test)5 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)4 JAXBElement (javax.xml.bind.JAXBElement)4 AuthorizationPolicy (org.apache.cxf.configuration.security.AuthorizationPolicy)4 Message (org.apache.cxf.message.Message)4 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)4 UsernameTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType)4 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)4 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)4 CallbackHandler (javax.security.auth.callback.CallbackHandler)3 Fault (org.apache.cxf.interceptor.Fault)3 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial