Example 41 with AbstractToken
use of org.apache.wss4j.policy.model.AbstractToken in project cxf by apache.
the class SignedEncryptedTokenPolicyValidator method validatePolicies.
/**
* Validate policies.
*/
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
// Tokens must be encrypted even if TLS is used unless we have a TransportBinding policy available
if (isTLSInUse(parameters.getMessage())) {
AssertionInfo transportAi = PolicyUtils.getFirstAssertionByLocalname(parameters.getAssertionInfoMap(), SPConstants.TRANSPORT_BINDING);
super.setEnforceEncryptedTokens(transportAi == null);
}
for (AssertionInfo ai : ais) {
SupportingTokens binding = (SupportingTokens) ai.getAssertion();
ai.setAsserted(true);
setSignedParts(binding.getSignedParts());
setEncryptedParts(binding.getEncryptedParts());
setSignedElements(binding.getSignedElements());
setEncryptedElements(binding.getEncryptedElements());
List<AbstractToken> tokens = binding.getTokens();
for (AbstractToken token : tokens) {
if (!isTokenRequired(token, parameters.getMessage())) {
continue;
}
boolean processingFailed = false;
if (token instanceof UsernameToken) {
if (!processUsernameTokens(parameters, false)) {
processingFailed = true;
}
} else if (token instanceof KerberosToken) {
if (!processKerberosTokens(parameters, false)) {
processingFailed = true;
}
} else if (token instanceof X509Token) {
if (!processX509Tokens(parameters, false)) {
processingFailed = true;
}
} else if (token instanceof KeyValueToken) {
if (!processKeyValueTokens(parameters)) {
processingFailed = true;
}
} else if (token instanceof SecurityContextToken || token instanceof SpnegoContextToken) {
if (!processSCTokens(parameters, false)) {
processingFailed = true;
}
} else if (token instanceof SamlToken) {
if (!processSAMLTokens(parameters, false)) {
processingFailed = true;
}
} else if (token instanceof IssuedToken) {
IssuedToken issuedToken = (IssuedToken) token;
if (isSamlTokenRequiredForIssuedToken(issuedToken) && !processSAMLTokens(parameters, false)) {
processingFailed = true;
}
} else {
processingFailed = true;
}
if (processingFailed) {
ai.setNotAsserted("The received token does not match the signed encrypted supporting token requirement");
continue;
}
}
}
}
Also used :
SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
SamlToken(org.apache.wss4j.policy.model.SamlToken)
KerberosToken(org.apache.wss4j.policy.model.KerberosToken)
IssuedToken(org.apache.wss4j.policy.model.IssuedToken)
UsernameToken(org.apache.wss4j.policy.model.UsernameToken)
SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken)
AbstractToken(org.apache.wss4j.policy.model.AbstractToken)
X509Token(org.apache.wss4j.policy.model.X509Token)
SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken)
KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken)
Example 42 with AbstractToken
use of org.apache.wss4j.policy.model.AbstractToken in project tesb-rt-se by Talend.
the class SingleBusLocatorRegistrar method isSecuredByPolicy.
/**
* Is the transport secured by a policy
*/
private boolean isSecuredByPolicy(Server server) {
boolean isSecured = false;
EndpointInfo ei = server.getEndpoint().getEndpointInfo();
PolicyEngine pe = bus.getExtension(PolicyEngine.class);
if (null == pe) {
LOG.finest("No Policy engine found");
return isSecured;
}
Destination destination = server.getDestination();
EndpointPolicy ep = pe.getServerEndpointPolicy(ei, destination, null);
Collection<Assertion> assertions = ep.getChosenAlternative();
for (Assertion a : assertions) {
if (a instanceof TransportBinding) {
TransportBinding tb = (TransportBinding) a;
TransportToken tt = tb.getTransportToken();
AbstractToken t = tt.getToken();
if (t instanceof HttpsToken) {
isSecured = true;
break;
}
}
}
Policy policy = ep.getPolicy();
List<PolicyComponent> pcList = policy.getPolicyComponents();
for (PolicyComponent a : pcList) {
if (a instanceof TransportBinding) {
TransportBinding tb = (TransportBinding) a;
TransportToken tt = tb.getTransportToken();
AbstractToken t = tt.getToken();
if (t instanceof HttpsToken) {
isSecured = true;
break;
}
}
}
return isSecured;
}
Also used :
TransportToken(org.apache.wss4j.policy.model.TransportToken)
EndpointPolicy(org.apache.cxf.ws.policy.EndpointPolicy)
Policy(org.apache.neethi.Policy)
Destination(org.apache.cxf.transport.Destination)
PolicyComponent(org.apache.neethi.PolicyComponent)
Assertion(org.apache.neethi.Assertion)
PolicyEngine(org.apache.cxf.ws.policy.PolicyEngine)
EndpointPolicy(org.apache.cxf.ws.policy.EndpointPolicy)
EndpointInfo(org.apache.cxf.service.model.EndpointInfo)
HttpsToken(org.apache.wss4j.policy.model.HttpsToken)
AbstractToken(org.apache.wss4j.policy.model.AbstractToken)
TransportBinding(org.apache.wss4j.policy.model.TransportBinding)
Aggregations
AbstractToken (org.apache.wss4j.policy.model.AbstractToken)42
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)29
X509Token (org.apache.wss4j.policy.model.X509Token)23
KerberosToken (org.apache.wss4j.policy.model.KerberosToken)21
SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)21
SpnegoContextToken (org.apache.wss4j.policy.model.SpnegoContextToken)20
SamlToken (org.apache.wss4j.policy.model.SamlToken)18
UsernameToken (org.apache.wss4j.policy.model.UsernameToken)17
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)16
Element (org.w3c.dom.Element)14
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)13
QName (javax.xml.namespace.QName)12
SOAPException (javax.xml.soap.SOAPException)12
AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)12
Fault (org.apache.cxf.interceptor.Fault)11
SecureConversationToken (org.apache.wss4j.policy.model.SecureConversationToken)11
SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)11
WSSSecurityProperties (org.apache.wss4j.stax.ext.WSSSecurityProperties)11
TokenStoreException (org.apache.cxf.ws.security.tokenstore.TokenStoreException)10
AlgorithmSuite (org.apache.wss4j.policy.model.AlgorithmSuite)9
