Search in sources :

Example 1 with UsernameTokenProcessor

use of org.apache.wss4j.dom.processor.UsernameTokenProcessor in project cxf by apache.

the class UsernameTokenInterceptor method validateToken.

protected WSSecurityEngineResult validateToken(Element tokenElement, final SoapMessage message) throws WSSecurityException, Base64DecodingException {
    boolean bspCompliant = isWsiBSPCompliant(message);
    boolean allowNoPassword = isAllowNoPassword(message.get(AssertionInfoMap.class));
    UsernameTokenProcessor p = new UsernameTokenProcessor();
    RequestData data = new CXFRequestData();
    Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
    try {
        data.setCallbackHandler(SecurityUtils.getCallbackHandler(o));
    } catch (Exception ex) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
    }
    data.setMsgContext(message);
    // Configure replay caching
    ReplayCache nonceCache = WSS4JUtils.getReplayCache(message, SecurityConstants.ENABLE_NONCE_CACHE, SecurityConstants.NONCE_CACHE_INSTANCE);
    data.setNonceReplayCache(nonceCache);
    data.setAllowUsernameTokenNoPassword(allowNoPassword);
    data.setWssConfig(WSSConfig.getNewInstance());
    if (!bspCompliant) {
        data.setDisableBSPEnforcement(true);
    }
    data.setMsgContext(message);
    WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument());
    data.setWsDocInfo(wsDocInfo);
    try {
        List<WSSecurityEngineResult> results = p.handleToken(tokenElement, data);
        return results.get(0);
    } catch (WSSecurityException ex) {
        throw WSS4JUtils.createSoapFault(message, message.getVersion(), ex);
    }
}
Also used : UsernameTokenProcessor(org.apache.wss4j.dom.processor.UsernameTokenProcessor) WSDocInfo(org.apache.wss4j.dom.WSDocInfo) ReplayCache(org.apache.wss4j.common.cache.ReplayCache) RequestData(org.apache.wss4j.dom.handler.RequestData) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Aggregations

AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)1 ReplayCache (org.apache.wss4j.common.cache.ReplayCache)1 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1 WSDocInfo (org.apache.wss4j.dom.WSDocInfo)1 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)1 RequestData (org.apache.wss4j.dom.handler.RequestData)1 UsernameTokenProcessor (org.apache.wss4j.dom.processor.UsernameTokenProcessor)1 Base64DecodingException (org.apache.xml.security.exceptions.Base64DecodingException)1