Example 1 with PasswordType
use of org.apache.wss4j.policy.model.UsernameToken.PasswordType in project cxf by apache.
the class UsernameTokenPolicyValidator method assertToken.
private void assertToken(org.apache.wss4j.policy.model.UsernameToken token, AssertionInfoMap aim) {
String namespace = token.getName().getNamespaceURI();
if (token.isCreated()) {
PolicyUtils.assertPolicy(aim, SP13Constants.CREATED);
}
if (token.isNonce()) {
PolicyUtils.assertPolicy(aim, SP13Constants.NONCE);
}
PasswordType passwordType = token.getPasswordType();
if (passwordType != null) {
PolicyUtils.assertPolicy(aim, new QName(namespace, passwordType.name()));
}
UsernameTokenType usernameTokenType = token.getUsernameTokenType();
if (usernameTokenType != null) {
PolicyUtils.assertPolicy(aim, new QName(namespace, usernameTokenType.name()));
}
}
Also used :
UsernameTokenType(org.apache.wss4j.policy.model.UsernameToken.UsernameTokenType)
QName(javax.xml.namespace.QName)
PasswordType(org.apache.wss4j.policy.model.UsernameToken.PasswordType)
Example 2 with PasswordType
use of org.apache.wss4j.policy.model.UsernameToken.PasswordType in project cxf by apache.
the class UsernameTokenPolicyValidator method checkTokens.
/**
* All UsernameTokens must conform to the policy
*/
public boolean checkTokens(org.apache.wss4j.policy.model.UsernameToken usernameTokenPolicy, AssertionInfo ai, List<WSSecurityEngineResult> utResults) {
for (WSSecurityEngineResult result : utResults) {
UsernameToken usernameToken = (UsernameToken) result.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);
PasswordType passwordType = usernameTokenPolicy.getPasswordType();
boolean isHashPassword = passwordType == PasswordType.HashPassword;
boolean isNoPassword = passwordType == PasswordType.NoPassword;
if (isHashPassword != usernameToken.isHashed()) {
ai.setNotAsserted("Password hashing policy not enforced");
return false;
}
if (isNoPassword && (usernameToken.getPassword() != null)) {
ai.setNotAsserted("Username Token NoPassword policy not enforced");
return false;
} else if (!isNoPassword && (usernameToken.getPassword() == null) && isNonEndorsingSupportingToken(usernameTokenPolicy)) {
ai.setNotAsserted("Username Token No Password supplied");
return false;
}
if (usernameTokenPolicy.isCreated() && (usernameToken.getCreated() == null || usernameToken.isHashed())) {
ai.setNotAsserted("Username Token Created policy not enforced");
return false;
}
if (usernameTokenPolicy.isNonce() && (usernameToken.getNonce() == null || usernameToken.isHashed())) {
ai.setNotAsserted("Username Token Nonce policy not enforced");
return false;
}
}
return true;
}
Also used :
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
PasswordType(org.apache.wss4j.policy.model.UsernameToken.PasswordType)
Example 3 with PasswordType
use of org.apache.wss4j.policy.model.UsernameToken.PasswordType in project cxf by apache.
the class AbstractStaxBindingHandler method addUsernameToken.
protected SecurePart addUsernameToken(UsernameToken usernameToken) {
assertToken(usernameToken);
IncludeTokenType includeToken = usernameToken.getIncludeTokenType();
if (!isTokenRequired(includeToken)) {
return null;
}
// Action
properties.addAction(WSSConstants.USERNAMETOKEN);
// Password Type
PasswordType passwordType = usernameToken.getPasswordType();
if (passwordType == PasswordType.HashPassword) {
properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_DIGEST);
} else if (passwordType == PasswordType.NoPassword) {
properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_NONE);
} else {
properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_TEXT);
}
// Nonce + Created
if (usernameToken.isNonce()) {
properties.setAddUsernameTokenNonce(true);
}
if (usernameToken.isCreated()) {
properties.setAddUsernameTokenCreated(true);
}
// Check if a CallbackHandler was specified
if (properties.getCallbackHandler() == null) {
String password = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
if (password != null) {
String username = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
UTCallbackHandler callbackHandler = new UTCallbackHandler(username, password);
properties.setCallbackHandler(callbackHandler);
}
}
return new SecurePart(WSSConstants.TAG_WSSE_USERNAME_TOKEN, Modifier.Element);
}
Also used :
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
IncludeTokenType(org.apache.wss4j.policy.SPConstants.IncludeTokenType)
UsernameTokenPasswordType(org.apache.wss4j.stax.ext.WSSConstants.UsernameTokenPasswordType)
PasswordType(org.apache.wss4j.policy.model.UsernameToken.PasswordType)
Aggregations
PasswordType (org.apache.wss4j.policy.model.UsernameToken.PasswordType)3
QName (javax.xml.namespace.QName)1
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)1
UsernameToken (org.apache.wss4j.dom.message.token.UsernameToken)1
IncludeTokenType (org.apache.wss4j.policy.SPConstants.IncludeTokenType)1
UsernameTokenType (org.apache.wss4j.policy.model.UsernameToken.UsernameTokenType)1
UsernameTokenPasswordType (org.apache.wss4j.stax.ext.WSSConstants.UsernameTokenPasswordType)1
SecurePart (org.apache.xml.security.stax.ext.SecurePart)1
