Search in sources :

Example 1 with PasswordType

use of org.apache.wss4j.policy.model.UsernameToken.PasswordType in project cxf by apache.

the class UsernameTokenPolicyValidator method assertToken.

private void assertToken(org.apache.wss4j.policy.model.UsernameToken token, AssertionInfoMap aim) {
    String namespace = token.getName().getNamespaceURI();
    if (token.isCreated()) {
        PolicyUtils.assertPolicy(aim, SP13Constants.CREATED);
    }
    if (token.isNonce()) {
        PolicyUtils.assertPolicy(aim, SP13Constants.NONCE);
    }
    PasswordType passwordType = token.getPasswordType();
    if (passwordType != null) {
        PolicyUtils.assertPolicy(aim, new QName(namespace, passwordType.name()));
    }
    UsernameTokenType usernameTokenType = token.getUsernameTokenType();
    if (usernameTokenType != null) {
        PolicyUtils.assertPolicy(aim, new QName(namespace, usernameTokenType.name()));
    }
}
Also used : UsernameTokenType(org.apache.wss4j.policy.model.UsernameToken.UsernameTokenType) QName(javax.xml.namespace.QName) PasswordType(org.apache.wss4j.policy.model.UsernameToken.PasswordType)

Example 2 with PasswordType

use of org.apache.wss4j.policy.model.UsernameToken.PasswordType in project cxf by apache.

the class UsernameTokenPolicyValidator method checkTokens.

/**
 * All UsernameTokens must conform to the policy
 */
public boolean checkTokens(org.apache.wss4j.policy.model.UsernameToken usernameTokenPolicy, AssertionInfo ai, List<WSSecurityEngineResult> utResults) {
    for (WSSecurityEngineResult result : utResults) {
        UsernameToken usernameToken = (UsernameToken) result.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);
        PasswordType passwordType = usernameTokenPolicy.getPasswordType();
        boolean isHashPassword = passwordType == PasswordType.HashPassword;
        boolean isNoPassword = passwordType == PasswordType.NoPassword;
        if (isHashPassword != usernameToken.isHashed()) {
            ai.setNotAsserted("Password hashing policy not enforced");
            return false;
        }
        if (isNoPassword && (usernameToken.getPassword() != null)) {
            ai.setNotAsserted("Username Token NoPassword policy not enforced");
            return false;
        } else if (!isNoPassword && (usernameToken.getPassword() == null) && isNonEndorsingSupportingToken(usernameTokenPolicy)) {
            ai.setNotAsserted("Username Token No Password supplied");
            return false;
        }
        if (usernameTokenPolicy.isCreated() && (usernameToken.getCreated() == null || usernameToken.isHashed())) {
            ai.setNotAsserted("Username Token Created policy not enforced");
            return false;
        }
        if (usernameTokenPolicy.isNonce() && (usernameToken.getNonce() == null || usernameToken.isHashed())) {
            ai.setNotAsserted("Username Token Nonce policy not enforced");
            return false;
        }
    }
    return true;
}
Also used : UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) PasswordType(org.apache.wss4j.policy.model.UsernameToken.PasswordType)

Example 3 with PasswordType

use of org.apache.wss4j.policy.model.UsernameToken.PasswordType in project cxf by apache.

the class AbstractStaxBindingHandler method addUsernameToken.

protected SecurePart addUsernameToken(UsernameToken usernameToken) {
    assertToken(usernameToken);
    IncludeTokenType includeToken = usernameToken.getIncludeTokenType();
    if (!isTokenRequired(includeToken)) {
        return null;
    }
    // Action
    properties.addAction(WSSConstants.USERNAMETOKEN);
    // Password Type
    PasswordType passwordType = usernameToken.getPasswordType();
    if (passwordType == PasswordType.HashPassword) {
        properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_DIGEST);
    } else if (passwordType == PasswordType.NoPassword) {
        properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_NONE);
    } else {
        properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_TEXT);
    }
    // Nonce + Created
    if (usernameToken.isNonce()) {
        properties.setAddUsernameTokenNonce(true);
    }
    if (usernameToken.isCreated()) {
        properties.setAddUsernameTokenCreated(true);
    }
    // Check if a CallbackHandler was specified
    if (properties.getCallbackHandler() == null) {
        String password = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
        if (password != null) {
            String username = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
            UTCallbackHandler callbackHandler = new UTCallbackHandler(username, password);
            properties.setCallbackHandler(callbackHandler);
        }
    }
    return new SecurePart(WSSConstants.TAG_WSSE_USERNAME_TOKEN, Modifier.Element);
}
Also used : SecurePart(org.apache.xml.security.stax.ext.SecurePart) IncludeTokenType(org.apache.wss4j.policy.SPConstants.IncludeTokenType) UsernameTokenPasswordType(org.apache.wss4j.stax.ext.WSSConstants.UsernameTokenPasswordType) PasswordType(org.apache.wss4j.policy.model.UsernameToken.PasswordType)

Aggregations

PasswordType (org.apache.wss4j.policy.model.UsernameToken.PasswordType)3 QName (javax.xml.namespace.QName)1 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)1 UsernameToken (org.apache.wss4j.dom.message.token.UsernameToken)1 IncludeTokenType (org.apache.wss4j.policy.SPConstants.IncludeTokenType)1 UsernameTokenType (org.apache.wss4j.policy.model.UsernameToken.UsernameTokenType)1 UsernameTokenPasswordType (org.apache.wss4j.stax.ext.WSSConstants.UsernameTokenPasswordType)1 SecurePart (org.apache.xml.security.stax.ext.SecurePart)1