Search in sources :

Example 31 with UsernameToken

use of org.apache.wss4j.policy.model.UsernameToken in project cxf by apache.

the class SignedEncryptedTokenPolicyValidator method validatePolicies.

/**
 * Validate policies.
 */
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
    // Tokens must be encrypted even if TLS is used unless we have a TransportBinding policy available
    if (isTLSInUse(parameters.getMessage())) {
        AssertionInfo transportAi = PolicyUtils.getFirstAssertionByLocalname(parameters.getAssertionInfoMap(), SPConstants.TRANSPORT_BINDING);
        super.setEnforceEncryptedTokens(transportAi == null);
    }
    for (AssertionInfo ai : ais) {
        SupportingTokens binding = (SupportingTokens) ai.getAssertion();
        ai.setAsserted(true);
        setSignedParts(binding.getSignedParts());
        setEncryptedParts(binding.getEncryptedParts());
        setSignedElements(binding.getSignedElements());
        setEncryptedElements(binding.getEncryptedElements());
        List<AbstractToken> tokens = binding.getTokens();
        for (AbstractToken token : tokens) {
            if (!isTokenRequired(token, parameters.getMessage())) {
                continue;
            }
            boolean processingFailed = false;
            if (token instanceof UsernameToken) {
                if (!processUsernameTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof KerberosToken) {
                if (!processKerberosTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof X509Token) {
                if (!processX509Tokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof KeyValueToken) {
                if (!processKeyValueTokens(parameters)) {
                    processingFailed = true;
                }
            } else if (token instanceof SecurityContextToken || token instanceof SpnegoContextToken) {
                if (!processSCTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof SamlToken) {
                if (!processSAMLTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof IssuedToken) {
                IssuedToken issuedToken = (IssuedToken) token;
                if (isSamlTokenRequiredForIssuedToken(issuedToken) && !processSAMLTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else {
                processingFailed = true;
            }
            if (processingFailed) {
                ai.setNotAsserted("The received token does not match the signed encrypted supporting token requirement");
                continue;
            }
        }
    }
}
Also used : SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) SamlToken(org.apache.wss4j.policy.model.SamlToken) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken)

Aggregations

UsernameToken (org.apache.wss4j.policy.model.UsernameToken)31 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)23 SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)22 WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)19 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)19 SpnegoContextToken (org.apache.wss4j.policy.model.SpnegoContextToken)18 X509Token (org.apache.wss4j.policy.model.X509Token)18 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)17 Element (org.w3c.dom.Element)16 SecureConversationToken (org.apache.wss4j.policy.model.SecureConversationToken)14 SamlToken (org.apache.wss4j.policy.model.SamlToken)13 KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)12 SecurityTokenReference (org.apache.wss4j.common.token.SecurityTokenReference)11 AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)10 AttachmentCallbackHandler (org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler)10 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)10 AlgorithmSuiteType (org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType)10 SOAPException (javax.xml.soap.SOAPException)9 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)8 SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)8