Example 6 with SecureConversationToken
use of org.apache.wss4j.policy.model.SecureConversationToken in project cxf by apache.
the class SymmetricBindingHandler method doEncryptBeforeSign.
private void doEncryptBeforeSign() {
try {
AbstractTokenWrapper encryptionWrapper = getEncryptionToken();
assertTokenWrapper(encryptionWrapper);
AbstractToken encryptionToken = encryptionWrapper.getToken();
if (encryptionToken != null) {
// The encryption token can be an IssuedToken or a
// SecureConversationToken
String tokenId = null;
SecurityToken tok = null;
if (encryptionToken instanceof IssuedToken || encryptionToken instanceof KerberosToken || encryptionToken instanceof SecureConversationToken || encryptionToken instanceof SecurityContextToken || encryptionToken instanceof SpnegoContextToken) {
tok = getSecurityToken();
} else if (encryptionToken instanceof X509Token) {
if (isRequestor()) {
tokenId = setupEncryptedKey(encryptionWrapper, encryptionToken);
} else {
tok = getEncryptedKey();
}
} else if (encryptionToken instanceof UsernameToken) {
if (isRequestor()) {
tokenId = setupUTDerivedKey((UsernameToken) encryptionToken);
} else {
tok = getUTDerivedKey();
}
}
if (tok == null) {
// }
if (tokenId != null && tokenId.startsWith("#")) {
tokenId = tokenId.substring(1);
}
/*
* Get hold of the token from the token storage
*/
tok = tokenStore.getToken(tokenId);
}
boolean attached = false;
if (isTokenRequired(encryptionToken.getIncludeTokenType())) {
Element el = tok.getToken();
this.addEncryptedKeyElement(cloneElement(el));
attached = true;
} else if (encryptionToken instanceof X509Token && isRequestor()) {
Element el = tok.getToken();
this.addEncryptedKeyElement(cloneElement(el));
attached = true;
}
List<WSEncryptionPart> sigParts = new ArrayList<>();
if (timestampEl != null) {
WSEncryptionPart timestampPart = convertToEncryptionPart(timestampEl.getElement());
sigParts.add(timestampPart);
}
addSupportingTokens(sigParts);
sigParts.addAll(this.getSignedParts(null));
List<WSEncryptionPart> encrParts = getEncryptedParts();
WSSecBase encr = doEncryption(encryptionWrapper, tok, attached, encrParts, true);
handleEncryptedSignedHeaders(encrParts, sigParts);
if (!isRequestor()) {
addSignatureConfirmation(sigParts);
}
// We should use the same key in the case of EncryptBeforeSig
if (!sigParts.isEmpty()) {
addSig(this.doSignature(sigParts, encryptionWrapper, encryptionToken, tok, attached));
}
if (isRequestor()) {
this.doEndorse();
}
// Check for signature protection and encryption of UsernameToken
if (sbinding.isEncryptSignature() || !encryptedTokensList.isEmpty() && isRequestor()) {
List<WSEncryptionPart> secondEncrParts = new ArrayList<>();
// Now encrypt the signature using the above token
if (sbinding.isEncryptSignature()) {
if (this.mainSigId != null) {
WSEncryptionPart sigPart = new WSEncryptionPart(this.mainSigId, "Element");
sigPart.setElement(bottomUpElement);
secondEncrParts.add(sigPart);
}
if (sigConfList != null && !sigConfList.isEmpty()) {
secondEncrParts.addAll(sigConfList);
}
assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
}
if (isRequestor()) {
secondEncrParts.addAll(encryptedTokensList);
}
Element secondRefList = null;
if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys && !secondEncrParts.isEmpty()) {
secondRefList = ((WSSecDKEncrypt) encr).encryptForExternalRef(null, secondEncrParts);
} else if (!secondEncrParts.isEmpty()) {
// Encrypt, get hold of the ref list and add it
secondRefList = ((WSSecEncrypt) encr).encryptForRef(null, secondEncrParts);
}
if (secondRefList != null) {
this.addDerivedKeyElement(secondRefList);
}
}
}
} catch (RuntimeException ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
throw ex;
} catch (Exception ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
throw new Fault(ex);
}
}
Also used :
WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart)
WSSecEncrypt(org.apache.wss4j.dom.message.WSSecEncrypt)
KerberosToken(org.apache.wss4j.policy.model.KerberosToken)
QName(javax.xml.namespace.QName)
IssuedToken(org.apache.wss4j.policy.model.IssuedToken)
Element(org.w3c.dom.Element)
UsernameToken(org.apache.wss4j.policy.model.UsernameToken)
WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken)
ArrayList(java.util.ArrayList)
Fault(org.apache.cxf.interceptor.Fault)
SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken)
SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken)
SOAPException(javax.xml.soap.SOAPException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
WSSecBase(org.apache.wss4j.dom.message.WSSecBase)
AbstractToken(org.apache.wss4j.policy.model.AbstractToken)
X509Token(org.apache.wss4j.policy.model.X509Token)
SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken)
AbstractTokenWrapper(org.apache.wss4j.policy.model.AbstractTokenWrapper)
Example 7 with SecureConversationToken
use of org.apache.wss4j.policy.model.SecureConversationToken in project cxf by apache.
the class SymmetricBindingHandler method doEncryptionDerived.
private WSSecBase doEncryptionDerived(AbstractTokenWrapper recToken, SecurityToken encrTok, AbstractToken encrToken, boolean attached, List<WSEncryptionPart> encrParts, boolean atEnd) {
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(secHeader);
dkEncr.setEncryptionSerializer(new StaxSerializer());
dkEncr.setIdAllocator(wssConfig.getIdAllocator());
dkEncr.setCallbackLookup(callbackLookup);
dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
dkEncr.setStoreBytesInAttachment(storeBytesInAttachment);
dkEncr.setExpandXopInclude(isExpandXopInclude());
dkEncr.setWsDocInfo(wsDocInfo);
if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
}
if (attached && encrTok.getAttachedReference() != null) {
dkEncr.setExternalKey(encrTok.getSecret(), cloneElement(encrTok.getAttachedReference()));
} else if (encrTok.getUnattachedReference() != null) {
dkEncr.setExternalKey(encrTok.getSecret(), cloneElement(encrTok.getUnattachedReference()));
} else if (!isRequestor() && encrTok.getSHA1() != null) {
// If the Encrypted key used to create the derived key is not
// attached use key identifier as defined in WSS1.1 section
// 7.7 Encrypted Key reference
SecurityTokenReference tokenRef = new SecurityTokenReference(saaj.getSOAPPart());
String tokenType = encrTok.getTokenType();
if (encrToken instanceof KerberosToken) {
tokenRef.setKeyIdentifier(WSS4JConstants.WSS_KRB_KI_VALUE_TYPE, encrTok.getSHA1(), true);
if (tokenType == null) {
tokenType = WSS4JConstants.WSS_GSS_KRB_V5_AP_REQ;
}
} else {
tokenRef.setKeyIdentifierEncKeySHA1(encrTok.getSHA1());
if (tokenType == null) {
tokenType = WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE;
}
}
tokenRef.addTokenType(tokenType);
dkEncr.setExternalKey(encrTok.getSecret(), tokenRef.getElement());
} else {
if (attached) {
String id = encrTok.getWsuId();
if (id == null && (encrToken instanceof SecureConversationToken || encrToken instanceof SecurityContextToken)) {
dkEncr.setTokenIdDirectId(true);
id = encrTok.getId();
} else if (id == null) {
id = encrTok.getId();
}
if (id.startsWith("#")) {
id = id.substring(1);
}
dkEncr.setExternalKey(encrTok.getSecret(), id);
} else {
dkEncr.setTokenIdDirectId(true);
dkEncr.setExternalKey(encrTok.getSecret(), encrTok.getId());
}
}
if (encrTok.getSHA1() != null) {
String tokenType = encrTok.getTokenType();
if (tokenType == null) {
tokenType = WSS4JConstants.WSS_ENC_KEY_VALUE_TYPE;
}
dkEncr.setCustomValueType(tokenType);
} else {
String tokenType = encrTok.getTokenType();
if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
dkEncr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
dkEncr.setCustomValueType(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
} else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
dkEncr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
dkEncr.setCustomValueType(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
} else if (encrToken instanceof UsernameToken) {
dkEncr.setCustomValueType(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
} else {
dkEncr.setCustomValueType(tokenType);
}
}
AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
dkEncr.prepare();
Element encrDKTokenElem = null;
encrDKTokenElem = dkEncr.getdktElement();
addDerivedKeyElement(encrDKTokenElem);
Element refList = dkEncr.encryptForExternalRef(null, encrParts);
List<Element> attachments = dkEncr.getAttachmentEncryptedDataElements();
addAttachmentsForEncryption(atEnd, refList, attachments);
return dkEncr;
} catch (Exception e) {
LOG.log(Level.FINE, e.getMessage(), e);
unassertPolicy(recToken, e);
}
return null;
}
Also used :
AlgorithmSuiteType(org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)
KerberosToken(org.apache.wss4j.policy.model.KerberosToken)
Element(org.w3c.dom.Element)
UsernameToken(org.apache.wss4j.policy.model.UsernameToken)
WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken)
WSSecDKEncrypt(org.apache.wss4j.dom.message.WSSecDKEncrypt)
SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken)
SOAPException(javax.xml.soap.SOAPException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
StaxSerializer(org.apache.cxf.ws.security.wss4j.StaxSerializer)
SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference)
SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken)
AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)
Example 8 with SecureConversationToken
use of org.apache.wss4j.policy.model.SecureConversationToken in project cxf by apache.
the class SymmetricBindingHandler method doEncryption.
private WSSecBase doEncryption(AbstractTokenWrapper recToken, SecurityToken encrTok, boolean attached, List<WSEncryptionPart> encrParts, boolean atEnd) {
// Do encryption
if (recToken != null && recToken.getToken() != null && !encrParts.isEmpty()) {
AbstractToken encrToken = recToken.getToken();
assertPolicy(recToken);
assertPolicy(encrToken);
AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite();
if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
return doEncryptionDerived(recToken, encrTok, encrToken, attached, encrParts, atEnd);
}
try {
WSSecEncrypt encr = new WSSecEncrypt(secHeader);
encr.setEncryptionSerializer(new StaxSerializer());
encr.setIdAllocator(wssConfig.getIdAllocator());
encr.setCallbackLookup(callbackLookup);
encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
encr.setStoreBytesInAttachment(storeBytesInAttachment);
encr.setExpandXopInclude(isExpandXopInclude());
encr.setWsDocInfo(wsDocInfo);
String encrTokId = encrTok.getId();
if (attached) {
encrTokId = encrTok.getWsuId();
if (encrTokId == null && (encrToken instanceof SecureConversationToken || encrToken instanceof SecurityContextToken)) {
encr.setEncKeyIdDirectId(true);
encrTokId = encrTok.getId();
} else if (encrTokId == null) {
encrTokId = encrTok.getId();
}
if (encrTokId.startsWith("#")) {
encrTokId = encrTokId.substring(1);
}
} else {
encr.setEncKeyIdDirectId(true);
}
if (encrTok.getTokenType() != null) {
encr.setCustomReferenceValue(encrTok.getTokenType());
}
encr.setEncKeyId(encrTokId);
encr.setEphemeralKey(encrTok.getSecret());
Crypto crypto = getEncryptionCrypto();
if (crypto != null) {
setEncryptionUser(encr, encrToken, false, crypto);
}
encr.setEncryptSymmKey(false);
encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
encr.setMGFAlgorithm(algorithmSuite.getAlgorithmSuiteType().getMGFAlgo());
encr.setDigestAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryptionDigest());
if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken || encrToken instanceof SecureConversationToken) {
// Setting the AttachedReference or the UnattachedReference according to the flag
Element ref;
if (attached) {
ref = encrTok.getAttachedReference();
} else {
ref = encrTok.getUnattachedReference();
}
String tokenType = encrTok.getTokenType();
if (ref != null) {
SecurityTokenReference secRef = new SecurityTokenReference(cloneElement(ref), new BSPEnforcer());
encr.setSecurityTokenReference(secRef);
} else if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
encr.setCustomReferenceValue(WSS4JConstants.WSS_SAML_KI_VALUE_TYPE);
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
} else if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
encr.setCustomReferenceValue(WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE);
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
} else {
encr.setCustomReferenceValue(tokenType);
encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
}
} else if (encrToken instanceof UsernameToken) {
encr.setCustomReferenceValue(WSS4JConstants.WSS_USERNAME_TOKEN_VALUE_TYPE);
} else if (encrToken instanceof KerberosToken && !isRequestor()) {
encr.setCustomReferenceValue(WSS4JConstants.WSS_KRB_KI_VALUE_TYPE);
encr.setEncKeyId(encrTok.getSHA1());
} else if (!isRequestor() && encrTok.getSHA1() != null) {
encr.setCustomReferenceValue(encrTok.getSHA1());
encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
}
encr.prepare(crypto);
if (encr.getBSTTokenId() != null) {
encr.prependBSTElementToHeader();
}
Element refList = encr.encryptForRef(null, encrParts);
List<Element> attachments = encr.getAttachmentEncryptedDataElements();
addAttachmentsForEncryption(atEnd, refList, attachments);
return encr;
} catch (WSSecurityException e) {
LOG.log(Level.FINE, e.getMessage(), e);
unassertPolicy(recToken, e);
}
}
return null;
}
Also used :
WSSecEncrypt(org.apache.wss4j.dom.message.WSSecEncrypt)
KerberosToken(org.apache.wss4j.policy.model.KerberosToken)
IssuedToken(org.apache.wss4j.policy.model.IssuedToken)
Element(org.w3c.dom.Element)
UsernameToken(org.apache.wss4j.policy.model.UsernameToken)
WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken)
BSPEnforcer(org.apache.wss4j.common.bsp.BSPEnforcer)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken)
SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken)
AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite)
StaxSerializer(org.apache.cxf.ws.security.wss4j.StaxSerializer)
Crypto(org.apache.wss4j.common.crypto.Crypto)
AbstractToken(org.apache.wss4j.policy.model.AbstractToken)
SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference)
SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken)
AttachmentCallbackHandler(org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)
Example 9 with SecureConversationToken
use of org.apache.wss4j.policy.model.SecureConversationToken in project cxf by apache.
the class SecureConversationOutInterceptor method handleMessage.
public void handleMessage(SoapMessage message) throws Fault {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
if (aim != null) {
Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SECURE_CONVERSATION_TOKEN);
if (ais.isEmpty()) {
return;
}
if (isRequestor(message)) {
SecureConversationToken itok = (SecureConversationToken) ais.iterator().next().getAssertion();
SecurityToken tok = (SecurityToken) message.getContextualProperty(SecurityConstants.TOKEN);
if (tok == null) {
String tokId = (String) message.getContextualProperty(SecurityConstants.TOKEN_ID);
if (tokId != null) {
tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
}
}
if (tok == null) {
tok = issueToken(message, aim, itok);
} else {
tok = renewToken(message, aim, tok, itok);
}
if (tok != null) {
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
message.getExchange().getEndpoint().put(SecurityConstants.TOKEN, tok);
message.getExchange().getEndpoint().put(SecurityConstants.TOKEN_ID, tok.getId());
message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
message.getExchange().put(SecurityConstants.TOKEN, tok);
TokenStoreUtils.getTokenStore(message).add(tok);
}
PolicyUtils.assertPolicy(aim, SPConstants.BOOTSTRAP_POLICY);
} else {
// server side should be checked on the way in
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
PolicyUtils.assertPolicy(aim, SPConstants.BOOTSTRAP_POLICY);
}
}
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Example 10 with SecureConversationToken
use of org.apache.wss4j.policy.model.SecureConversationToken in project cxf by apache.
the class SecureConversationInInterceptor method handleMessageForAction.
void handleMessageForAction(SoapMessage message, String s, AssertionInfoMap aim, Collection<AssertionInfo> ais) {
String addNs = null;
AddressingProperties inProps = (AddressingProperties) message.getContextualProperty(JAXWSAConstants.ADDRESSING_PROPERTIES_INBOUND);
if (inProps != null) {
addNs = inProps.getNamespaceURI();
if (s == null) {
// MS/WCF doesn't put a soap action out for this, must check the headers
s = inProps.getAction().getValue();
}
}
if (s != null && s.contains("/RST/SCT") && (s.startsWith(STSUtils.WST_NS_05_02) || s.startsWith(STSUtils.WST_NS_05_12))) {
SecureConversationToken tok = (SecureConversationToken) ais.iterator().next().getAssertion();
Policy pol = tok.getBootstrapPolicy().getPolicy();
if (s.endsWith("Cancel")) {
// Cancel just sign with the token
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
Assertion ass = NegotiationUtils.getAddressingPolicy(aim, false);
all.addPolicyComponent(ass);
ea.addPolicyComponent(all);
final SecureConversationToken secureConversationToken = new SecureConversationToken(SPConstants.SPVersion.SP12, SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER, null, null, null, new Policy());
Policy sctPolicy = new Policy();
ExactlyOne sctPolicyEa = new ExactlyOne();
sctPolicy.addPolicyComponent(sctPolicyEa);
All sctPolicyAll = new All();
sctPolicyAll.addPolicyComponent(secureConversationToken);
sctPolicyEa.addPolicyComponent(sctPolicyAll);
Policy bindingPolicy = new Policy();
ExactlyOne bindingPolicyEa = new ExactlyOne();
bindingPolicy.addPolicyComponent(bindingPolicyEa);
All bindingPolicyAll = new All();
AbstractBinding origBinding = PolicyUtils.getSecurityBinding(aim);
bindingPolicyAll.addPolicyComponent(origBinding.getAlgorithmSuite());
bindingPolicyAll.addPolicyComponent(new ProtectionToken(SPConstants.SPVersion.SP12, sctPolicy));
bindingPolicyAll.addAssertion(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
bindingPolicyAll.addAssertion(new PrimitiveAssertion(SP12Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
bindingPolicyEa.addPolicyComponent(bindingPolicyAll);
DefaultSymmetricBinding binding = new DefaultSymmetricBinding(SPConstants.SPVersion.SP12, bindingPolicy);
binding.setOnlySignEntireHeadersAndBody(true);
binding.setProtectTokens(false);
all.addPolicyComponent(binding);
SignedParts signedParts = getSignedParts(aim, addNs);
all.addPolicyComponent(signedParts);
pol = p;
message.getInterceptorChain().add(SecureConversationTokenFinderInterceptor.INSTANCE);
} else {
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
Assertion ass = NegotiationUtils.getAddressingPolicy(aim, false);
all.addPolicyComponent(ass);
ea.addPolicyComponent(all);
pol = p.merge(pol);
}
// setup SCT endpoint and forward to it.
unmapSecurityProps(message);
String ns = STSUtils.WST_NS_05_12;
if (s.startsWith(STSUtils.WST_NS_05_02)) {
ns = STSUtils.WST_NS_05_02;
}
NegotiationUtils.recalcEffectivePolicy(message, ns, pol, new SecureConversationSTSInvoker(), true);
// recalc based on new endpoint
SoapActionInInterceptor.getAndSetOperation(message, s);
} else {
message.getInterceptorChain().add(SecureConversationTokenFinderInterceptor.INSTANCE);
}
assertPolicies(aim);
}
Also used :
Policy(org.apache.neethi.Policy)
All(org.apache.neethi.All)
PrimitiveAssertion(org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion)
Assertion(org.apache.neethi.Assertion)
PrimitiveAssertion(org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion)
DefaultSymmetricBinding(org.apache.cxf.ws.security.trust.DefaultSymmetricBinding)
AbstractBinding(org.apache.wss4j.policy.model.AbstractBinding)
ExactlyOne(org.apache.neethi.ExactlyOne)
SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken)
AddressingProperties(org.apache.cxf.ws.addressing.AddressingProperties)
SignedParts(org.apache.wss4j.policy.model.SignedParts)
ProtectionToken(org.apache.wss4j.policy.model.ProtectionToken)
Aggregations
SecureConversationToken (org.apache.wss4j.policy.model.SecureConversationToken)18
SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)15
KerberosToken (org.apache.wss4j.policy.model.KerberosToken)14
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)12
SpnegoContextToken (org.apache.wss4j.policy.model.SpnegoContextToken)12
UsernameToken (org.apache.wss4j.policy.model.UsernameToken)12
X509Token (org.apache.wss4j.policy.model.X509Token)12
QName (javax.xml.namespace.QName)9
AbstractToken (org.apache.wss4j.policy.model.AbstractToken)9
Element (org.w3c.dom.Element)9
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)8
WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)8
SOAPException (javax.xml.soap.SOAPException)6
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)6
AlgorithmSuiteType (org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)6
WSSSecurityProperties (org.apache.wss4j.stax.ext.WSSSecurityProperties)6
WSEncryptionPart (org.apache.wss4j.common.WSEncryptionPart)5
SamlToken (org.apache.wss4j.policy.model.SamlToken)5
WSSConstants (org.apache.wss4j.stax.ext.WSSConstants)5
ArrayList (java.util.ArrayList)4
