Examples with UsernameToken - org.apache.wss4j.dom.message.token.UsernameToken

Example 31 with UsernameToken

use of org.apache.wss4j.dom.message.token.UsernameToken in project testcases by coheigea.

the class SpringSecurityBasicAuthInterceptor method handleMessage.

public void handleMessage(Message message) throws Fault {
    AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
    if (policy == null || policy.getUserName() == null || policy.getPassword() == null) {
        String name = null;
        if (policy != null) {
            name = policy.getUserName();
        }
        String error = "No user credentials are available";
        LOG.warning(error + " " + "for name: " + name);
        throw new SecurityException(error);
    }
    try {
        UsernameToken token = convertPolicyToToken(policy);
        Credential credential = new Credential();
        credential.setUsernametoken(token);
        RequestData data = new RequestData();
        data.setMsgContext(message);
        credential = validator.validate(credential, data);
        // Create a Principal/SecurityContext
        Principal p = null;
        if (credential != null && credential.getPrincipal() != null) {
            p = credential.getPrincipal();
        } else {
            p = new WSUsernameTokenPrincipalImpl(policy.getUserName(), false);
            ((WSUsernameTokenPrincipalImpl) p).setPassword(policy.getPassword());
        }
        message.put(SecurityContext.class, createSecurityContext(p));
    } catch (Exception ex) {
        throw new Fault(ex);
    }
}

Also used : AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy) Credential(org.apache.wss4j.dom.validate.Credential) RequestData(org.apache.wss4j.dom.handler.RequestData) UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) Fault(org.apache.cxf.interceptor.Fault) Principal(java.security.Principal) WSUsernameTokenPrincipalImpl(org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)

Example 32 with UsernameToken

use of org.apache.wss4j.dom.message.token.UsernameToken in project testcases by coheigea.

the class ShiroBasicAuthInterceptor method handleMessage.

public void handleMessage(Message message) throws Fault {
    AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
    if (policy == null || policy.getUserName() == null || policy.getPassword() == null) {
        String name = null;
        if (policy != null) {
            name = policy.getUserName();
        }
        String error = "No user credentials are available";
        LOG.warning(error + " " + "for name: " + name);
        throw new SecurityException(error);
    }
    try {
        UsernameToken token = convertPolicyToToken(policy);
        Credential credential = new Credential();
        credential.setUsernametoken(token);
        RequestData data = new RequestData();
        data.setMsgContext(message);
        credential = validator.validate(credential, data);
        // Create a Principal/SecurityContext
        Principal p = null;
        if (credential != null && credential.getPrincipal() != null) {
            p = credential.getPrincipal();
        } else {
            p = new WSUsernameTokenPrincipalImpl(policy.getUserName(), false);
            ((WSUsernameTokenPrincipalImpl) p).setPassword(policy.getPassword());
        }
        message.put(SecurityContext.class, createSecurityContext(p));
    } catch (Exception ex) {
        throw new Fault(ex);
    }
}

Example 33 with UsernameToken

use of org.apache.wss4j.dom.message.token.UsernameToken in project testcases by coheigea.

the class ShiroBasicAuthInterceptor method convertPolicyToToken.

protected UsernameToken convertPolicyToToken(AuthorizationPolicy policy) throws Exception {
    Document doc = DOMUtils.createDocument();
    UsernameToken token = new UsernameToken(false, doc, WSConstants.PASSWORD_TEXT);
    token.setName(policy.getUserName());
    token.setPassword(policy.getPassword());
    return token;
}

Also used : UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) Document(org.w3c.dom.Document)

Example 34 with UsernameToken

use of org.apache.wss4j.dom.message.token.UsernameToken in project wildfly by wildfly.

the class UsernameTokenCallbackHandler method createWSSEUsernameToken.

private UsernameToken createWSSEUsernameToken(String username, String password, Document doc) {
    UsernameToken usernameToken = new UsernameToken(true, doc, (password == null) ? null : WSConstants.PASSWORD_TEXT);
    usernameToken.setName(username);
    usernameToken.addWSUNamespace();
    usernameToken.addWSSENamespace();
    usernameToken.setID("id-" + username);
    if (password != null) {
        usernameToken.setPassword(password);
    }
    return usernameToken;
}

Also used : UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)

Example 35 with UsernameToken

use of org.apache.wss4j.dom.message.token.UsernameToken in project cxf by apache.

the class WSSUsernameCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof DelegationCallback) {
            DelegationCallback callback = (DelegationCallback) callbacks[i];
            Message message = callback.getCurrentMessage();
            String username = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
            if (username != null) {
                Node contentNode = message.getContent(Node.class);
                final Document doc;
                if (contentNode != null) {
                    doc = contentNode.getOwnerDocument();
                } else {
                    doc = DOMUtils.getEmptyDocument();
                }
                UsernameToken usernameToken = createWSSEUsernameToken(username, doc);
                callback.setToken(usernameToken.getElement());
            }
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}

Also used : Message(org.apache.cxf.message.Message) Node(org.w3c.dom.Node) UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Document(org.w3c.dom.Document)

Aggregations

UsernameToken (org.apache.wss4j.dom.message.token.UsernameToken)46 Document (org.w3c.dom.Document)32 Credential (org.apache.wss4j.dom.validate.Credential)16 RequestData (org.apache.wss4j.dom.handler.RequestData)15 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12 Element (org.w3c.dom.Element)10 Principal (java.security.Principal)9 WSUsernameTokenPrincipalImpl (org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl)5 Test (org.junit.Test)5 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)4 JAXBElement (javax.xml.bind.JAXBElement)4 AuthorizationPolicy (org.apache.cxf.configuration.security.AuthorizationPolicy)4 Message (org.apache.cxf.message.Message)4 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)4 UsernameTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType)4 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)4 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)4 CallbackHandler (javax.security.auth.callback.CallbackHandler)3 Fault (org.apache.cxf.interceptor.Fault)3 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)3