use of org.apache.wss4j.policy.model.UsernameToken.PasswordType in project cxf by apache.
the class UsernameTokenPolicyValidator method assertToken.
private void assertToken(org.apache.wss4j.policy.model.UsernameToken token, AssertionInfoMap aim) {
String namespace = token.getName().getNamespaceURI();
if (token.isCreated()) {
PolicyUtils.assertPolicy(aim, SP13Constants.CREATED);
}
if (token.isNonce()) {
PolicyUtils.assertPolicy(aim, SP13Constants.NONCE);
}
PasswordType passwordType = token.getPasswordType();
if (passwordType != null) {
PolicyUtils.assertPolicy(aim, new QName(namespace, passwordType.name()));
}
UsernameTokenType usernameTokenType = token.getUsernameTokenType();
if (usernameTokenType != null) {
PolicyUtils.assertPolicy(aim, new QName(namespace, usernameTokenType.name()));
}
}
use of org.apache.wss4j.policy.model.UsernameToken.PasswordType in project cxf by apache.
the class UsernameTokenPolicyValidator method checkTokens.
/**
* All UsernameTokens must conform to the policy
*/
public boolean checkTokens(org.apache.wss4j.policy.model.UsernameToken usernameTokenPolicy, AssertionInfo ai, List<WSSecurityEngineResult> utResults) {
for (WSSecurityEngineResult result : utResults) {
UsernameToken usernameToken = (UsernameToken) result.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);
PasswordType passwordType = usernameTokenPolicy.getPasswordType();
boolean isHashPassword = passwordType == PasswordType.HashPassword;
boolean isNoPassword = passwordType == PasswordType.NoPassword;
if (isHashPassword != usernameToken.isHashed()) {
ai.setNotAsserted("Password hashing policy not enforced");
return false;
}
if (isNoPassword && (usernameToken.getPassword() != null)) {
ai.setNotAsserted("Username Token NoPassword policy not enforced");
return false;
} else if (!isNoPassword && (usernameToken.getPassword() == null) && isNonEndorsingSupportingToken(usernameTokenPolicy)) {
ai.setNotAsserted("Username Token No Password supplied");
return false;
}
if (usernameTokenPolicy.isCreated() && (usernameToken.getCreated() == null || usernameToken.isHashed())) {
ai.setNotAsserted("Username Token Created policy not enforced");
return false;
}
if (usernameTokenPolicy.isNonce() && (usernameToken.getNonce() == null || usernameToken.isHashed())) {
ai.setNotAsserted("Username Token Nonce policy not enforced");
return false;
}
}
return true;
}
use of org.apache.wss4j.policy.model.UsernameToken.PasswordType in project cxf by apache.
the class AbstractStaxBindingHandler method addUsernameToken.
protected SecurePart addUsernameToken(UsernameToken usernameToken) {
assertToken(usernameToken);
IncludeTokenType includeToken = usernameToken.getIncludeTokenType();
if (!isTokenRequired(includeToken)) {
return null;
}
// Action
properties.addAction(WSSConstants.USERNAMETOKEN);
// Password Type
PasswordType passwordType = usernameToken.getPasswordType();
if (passwordType == PasswordType.HashPassword) {
properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_DIGEST);
} else if (passwordType == PasswordType.NoPassword) {
properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_NONE);
} else {
properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_TEXT);
}
// Nonce + Created
if (usernameToken.isNonce()) {
properties.setAddUsernameTokenNonce(true);
}
if (usernameToken.isCreated()) {
properties.setAddUsernameTokenCreated(true);
}
// Check if a CallbackHandler was specified
if (properties.getCallbackHandler() == null) {
String password = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
if (password != null) {
String username = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
UTCallbackHandler callbackHandler = new UTCallbackHandler(username, password);
properties.setCallbackHandler(callbackHandler);
}
}
return new SecurePart(WSSConstants.TAG_WSSE_USERNAME_TOKEN, Modifier.Element);
}
Aggregations