Example 26 with UsernameToken
use of org.apache.wss4j.dom.message.token.UsernameToken in project ddf by codice.
the class StsIssueTest method testBearerUsernameTokenSaml2.
/**
* Test the Username Token
*/
public void testBearerUsernameTokenSaml2(StsPortTypes portType) throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = StsIssueTest.class.getResource("/cxf-client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
Document doc = builder.newDocument();
// Create a Username Token
UsernameToken oboToken = new UsernameToken(false, doc, WSConstants.PASSWORD_TEXT);
oboToken.setName("pangerer");
oboToken.setPassword("password");
// Build the Claims object
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement(WST, CLAIMS, STSUtils.WST_NS_05_12);
writer.writeNamespace(WST, STSUtils.WST_NS_05_12);
writer.writeNamespace(IC, IDENTITY_URI);
writer.writeAttribute(DIALECT, IDENTITY_URI);
// Add the Role claim
writer.writeStartElement(IC, CLAIM_TYPE, IDENTITY_URI);
// writer.writeAttribute("Uri",
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
writer.writeAttribute(URI, "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uid");
writer.writeEndElement();
Element claims = writer.getDocument().getDocumentElement();
// Get a token
SecurityToken token = requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, oboToken.getElement(), bus, StsAddresses.valueOf(portType.toString()).toString(), WsdlLocations.valueOf(portType.toString()).toString(), EndPoints.valueOf(portType.toString()).toString(), claims);
if (token != null) {
validateSecurityToken(token);
}
bus.shutdown(true);
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Bus(org.apache.cxf.Bus)
W3CDOMStreamWriter(org.apache.cxf.staxutils.W3CDOMStreamWriter)
SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory)
DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
Element(org.w3c.dom.Element)
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
Document(org.w3c.dom.Document)
URL(java.net.URL)
Example 27 with UsernameToken
use of org.apache.wss4j.dom.message.token.UsernameToken in project testcases by coheigea.
the class SyncopeBasicAuthInterceptor method convertPolicyToToken.
protected UsernameToken convertPolicyToToken(AuthorizationPolicy policy) throws Exception {
Document doc = DOMUtils.createDocument();
UsernameToken token = new UsernameToken(false, doc, WSConstants.PASSWORD_TEXT);
token.setName(policy.getUserName());
token.setPassword(policy.getPassword());
return token;
}
Also used :
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
Document(org.w3c.dom.Document)
Example 28 with UsernameToken
use of org.apache.wss4j.dom.message.token.UsernameToken in project testcases by coheigea.
the class CallbackHandlerLoginHandler method createSubject.
@Override
public UserSubject createSubject(Client client, String user, String pass) {
Document doc = DOMUtils.createDocument();
UsernameToken token = new UsernameToken(false, doc, WSConstants.PASSWORD_TEXT);
token.setName(user);
token.setPassword(pass);
Credential credential = new Credential();
credential.setUsernametoken(token);
RequestData data = new RequestData();
data.setMsgContext(PhaseInterceptorChain.getCurrentMessage());
data.setCallbackHandler(callbackHandler);
UsernameTokenValidator validator = new UsernameTokenValidator();
try {
credential = validator.validate(credential, data);
UserSubject subject = new UserSubject();
subject.setLogin(user);
return subject;
} catch (Exception ex) {
throw ExceptionUtils.toInternalServerErrorException(ex, null);
}
}
Also used :
Credential(org.apache.wss4j.dom.validate.Credential)
UserSubject(org.apache.cxf.rs.security.oauth2.common.UserSubject)
UsernameTokenValidator(org.apache.wss4j.dom.validate.UsernameTokenValidator)
RequestData(org.apache.wss4j.dom.handler.RequestData)
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
Document(org.w3c.dom.Document)
Example 29 with UsernameToken
use of org.apache.wss4j.dom.message.token.UsernameToken in project testcases by coheigea.
the class ShiroUTValidator method validate.
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
if (credential == null || credential.getUsernametoken() == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
}
// Validate the UsernameToken
UsernameToken usernameToken = credential.getUsernametoken();
String pwType = usernameToken.getPasswordType();
if (log.isDebugEnabled()) {
log.debug("UsernameToken user " + usernameToken.getName());
log.debug("UsernameToken password type " + pwType);
}
if (!WSConstants.PASSWORD_TEXT.equals(pwType)) {
if (log.isDebugEnabled()) {
log.debug("Authentication failed - digest passwords are not accepted");
}
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
if (usernameToken.getPassword() == null) {
if (log.isDebugEnabled()) {
log.debug("Authentication failed - no password was provided");
}
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
// Validate it via Shiro
Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(usernameToken.getName(), usernameToken.getPassword());
try {
currentUser.login(token);
} catch (AuthenticationException ex) {
if (log.isDebugEnabled()) {
log.debug(ex.getMessage(), ex);
}
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
// Perform authorization check
if (!requiredRoles.isEmpty() && !currentUser.hasAllRoles(requiredRoles)) {
log.debug("Authorization failed for authenticated user");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
return credential;
}
Also used :
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Subject(org.apache.shiro.subject.Subject)
UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken)
Example 30 with UsernameToken
use of org.apache.wss4j.dom.message.token.UsernameToken in project testcases by coheigea.
the class SpringSecurityUTValidator method validate.
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
if (credential == null || credential.getUsernametoken() == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
}
// Validate the UsernameToken
UsernameToken usernameToken = credential.getUsernametoken();
String pwType = usernameToken.getPasswordType();
if (log.isDebugEnabled()) {
log.debug("UsernameToken user " + usernameToken.getName());
log.debug("UsernameToken password type " + pwType);
}
if (!WSConstants.PASSWORD_TEXT.equals(pwType)) {
if (log.isDebugEnabled()) {
log.debug("Authentication failed - digest passwords are not accepted");
}
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
if (usernameToken.getPassword() == null) {
if (log.isDebugEnabled()) {
log.debug("Authentication failed - no password was provided");
}
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
// Validate it via Spring Security
// Set a Subject up
UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(usernameToken.getName(), usernameToken.getPassword());
Subject subject = new Subject();
subject.getPrincipals().add(authToken);
Set<Authentication> authentications = subject.getPrincipals(Authentication.class);
Authentication authenticated = null;
try {
authenticated = authenticationManager.authenticate(authentications.iterator().next());
} catch (AuthenticationException ex) {
if (log.isDebugEnabled()) {
log.debug(ex.getMessage(), ex);
}
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
if (!authenticated.isAuthenticated()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
for (GrantedAuthority authz : authenticated.getAuthorities()) {
System.out.println("Granted: " + authz.getAuthority());
}
// Authorize request
if (accessDecisionManager != null && !requiredRoles.isEmpty()) {
List<ConfigAttribute> attributes = SecurityConfig.createList(requiredRoles.toArray(new String[requiredRoles.size()]));
for (ConfigAttribute attr : attributes) {
System.out.println("Attr: " + attr.getAttribute());
}
accessDecisionManager.decide(authenticated, this, attributes);
}
credential.setSubject(subject);
return credential;
}
Also used :
AuthenticationException(org.springframework.security.core.AuthenticationException)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
Authentication(org.springframework.security.core.Authentication)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Subject(javax.security.auth.Subject)
Aggregations
UsernameToken (org.apache.wss4j.dom.message.token.UsernameToken)46
Document (org.w3c.dom.Document)32
Credential (org.apache.wss4j.dom.validate.Credential)16
RequestData (org.apache.wss4j.dom.handler.RequestData)15
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12
Element (org.w3c.dom.Element)10
Principal (java.security.Principal)9
WSUsernameTokenPrincipalImpl (org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)5
Test (org.junit.Test)5
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)4
JAXBElement (javax.xml.bind.JAXBElement)4
AuthorizationPolicy (org.apache.cxf.configuration.security.AuthorizationPolicy)4
Message (org.apache.cxf.message.Message)4
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)4
UsernameTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType)4
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)4
CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)4
CallbackHandler (javax.security.auth.callback.CallbackHandler)3
Fault (org.apache.cxf.interceptor.Fault)3
STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)3
