Example 46 with WSSSecurityProperties
use of org.apache.wss4j.stax.ext.WSSSecurityProperties in project cxf by apache.
the class StaxToDOMRoundTripTest method testEncryptUsernameToken.
@Test
public void testEncryptUsernameToken() throws Exception {
// Create + configure service
Service service = createService();
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.USERNAME_TOKEN + " " + ConfigurationConstants.ENCRYPT);
inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback());
inProperties.put(ConfigurationConstants.DEC_PROP_FILE, "insecurity.properties");
WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties);
service.getInInterceptors().add(inInterceptor);
// Create + configure client
Echo echo = createClientProxy();
Client client = ClientProxy.getClient(echo);
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
WSSSecurityProperties properties = new WSSSecurityProperties();
List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>();
actions.add(WSSConstants.USERNAMETOKEN);
actions.add(XMLSecurityConstants.ENCRYPT);
properties.setActions(actions);
properties.addEncryptionPart(new SecurePart(new QName(WSSConstants.NS_WSSE10, "UsernameToken"), SecurePart.Modifier.Element));
properties.setEncryptionUser("myalias");
properties.setTokenUser("username");
properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128);
Properties cryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader());
properties.setEncryptionCryptoProperties(cryptoProperties);
properties.setCallbackHandler(new TestPwdCallback());
WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
client.getOutInterceptors().add(ohandler);
assertEquals("test", echo.echo("test"));
}
Also used :
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
WSSConstants(org.apache.wss4j.stax.ext.WSSConstants)
HashMap(java.util.HashMap)
QName(javax.xml.namespace.QName)
ArrayList(java.util.ArrayList)
Service(org.apache.cxf.service.Service)
Properties(java.util.Properties)
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
LoggingOutInterceptor(org.apache.cxf.ext.logging.LoggingOutInterceptor)
LoggingInInterceptor(org.apache.cxf.ext.logging.LoggingInInterceptor)
Client(org.apache.cxf.endpoint.Client)
Test(org.junit.Test)
Example 47 with WSSSecurityProperties
use of org.apache.wss4j.stax.ext.WSSSecurityProperties in project cxf by apache.
the class StaxToDOMRoundTripTest method testSignaturePKI.
@Test
public void testSignaturePKI() throws Exception {
// Create + configure service
Service service = createService();
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SIGNATURE);
inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new KeystorePasswordCallback());
inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "cxfca.properties");
WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties);
service.getInInterceptors().add(inInterceptor);
// Create + configure client
Echo echo = createClientProxy();
Client client = ClientProxy.getClient(echo);
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
WSSSecurityProperties properties = new WSSSecurityProperties();
List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>();
actions.add(XMLSecurityConstants.SIGNATURE);
properties.setActions(actions);
properties.setSignatureUser("alice");
Properties cryptoProperties = CryptoFactory.getProperties("alice.properties", this.getClass().getClassLoader());
properties.setSignatureCryptoProperties(cryptoProperties);
properties.setCallbackHandler(new KeystorePasswordCallback());
properties.setUseSingleCert(true);
properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
client.getOutInterceptors().add(ohandler);
assertEquals("test", echo.echo("test"));
}
Also used :
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
WSSConstants(org.apache.wss4j.stax.ext.WSSConstants)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
Service(org.apache.cxf.service.Service)
Properties(java.util.Properties)
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
LoggingOutInterceptor(org.apache.cxf.ext.logging.LoggingOutInterceptor)
LoggingInInterceptor(org.apache.cxf.ext.logging.LoggingInInterceptor)
Client(org.apache.cxf.endpoint.Client)
Test(org.junit.Test)
Example 48 with WSSSecurityProperties
use of org.apache.wss4j.stax.ext.WSSSecurityProperties in project cxf by apache.
the class ActionTest method testSignatureProgrammaticStAX.
@org.junit.Test
public void testSignatureProgrammaticStAX() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = ActionTest.class.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL wsdl = ActionTest.class.getResource("DoubleItAction.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItSignatureConfigPort");
DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
// Programmatic interceptor
WSSSecurityProperties properties = new WSSSecurityProperties();
properties.setActions(Collections.singletonList(WSSConstants.SIGNATURE));
properties.setSignatureUser("alice");
properties.setCallbackHandler(new KeystorePasswordCallback());
properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
Properties sigProperties = CryptoFactory.getProperties("alice.properties", this.getClass().getClassLoader());
properties.setSignatureCryptoProperties(sigProperties);
WSS4JStaxOutInterceptor outInterceptor = new WSS4JStaxOutInterceptor(properties);
Client client = ClientProxy.getClient(port);
client.getOutInterceptors().add(outInterceptor);
assertEquals(50, port.doubleIt(25));
((java.io.Closeable) port).close();
bus.shutdown(true);
}
Also used :
WSS4JStaxOutInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor)
Bus(org.apache.cxf.Bus)
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
QName(javax.xml.namespace.QName)
Service(javax.xml.ws.Service)
Properties(java.util.Properties)
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
URL(java.net.URL)
SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory)
DoubleItPortType(org.example.contract.doubleit.DoubleItPortType)
Client(org.apache.cxf.endpoint.Client)
KeystorePasswordCallback(org.apache.cxf.systest.ws.common.KeystorePasswordCallback)
Example 49 with WSSSecurityProperties
use of org.apache.wss4j.stax.ext.WSSSecurityProperties in project cxf by apache.
the class WSS4JStaxInInterceptor method handleMessage.
@Override
public void handleMessage(SoapMessage soapMessage) throws Fault {
if (soapMessage.containsKey(SECURITY_PROCESSED) || isGET(soapMessage)) {
return;
}
soapMessage.getInterceptorChain().add(new StaxStartBodyInterceptor());
XMLStreamReader originalXmlStreamReader = soapMessage.getContent(XMLStreamReader.class);
XMLStreamReader newXmlStreamReader;
soapMessage.getInterceptorChain().add(new StaxSecurityContextInInterceptor());
try {
@SuppressWarnings("unchecked") List<SecurityEvent> requestSecurityEvents = (List<SecurityEvent>) soapMessage.getExchange().get(SecurityEvent.class.getName() + ".out");
WSSSecurityProperties secProps = createSecurityProperties();
translateProperties(soapMessage, secProps);
configureCallbackHandler(soapMessage, secProps);
configureProperties(soapMessage, secProps);
if (secProps.getActions() != null && secProps.getActions().size() > 0) {
soapMessage.getInterceptorChain().add(new StaxActionInInterceptor(secProps.getActions()));
}
if (secProps.getAttachmentCallbackHandler() == null) {
secProps.setAttachmentCallbackHandler(new AttachmentCallbackHandler(soapMessage));
}
final TokenStoreCallbackHandler callbackHandler = new TokenStoreCallbackHandler(secProps.getCallbackHandler(), TokenStoreUtils.getTokenStore(soapMessage));
secProps.setCallbackHandler(callbackHandler);
setTokenValidators(secProps, soapMessage);
secProps.setMsgContext(soapMessage);
final List<SecurityEventListener> securityEventListeners = configureSecurityEventListeners(soapMessage, secProps);
boolean returnSecurityError = MessageUtils.getContextualBoolean(soapMessage, SecurityConstants.RETURN_SECURITY_ERROR, false);
final InboundWSSec inboundWSSec = WSSec.getInboundWSSec(secProps, MessageUtils.isRequestor(soapMessage), returnSecurityError);
newXmlStreamReader = inboundWSSec.processInMessage(originalXmlStreamReader, requestSecurityEvents, securityEventListeners);
final Object provider = soapMessage.getExchange().get(Provider.class);
if (provider != null && ThreadLocalSecurityProvider.isInstalled()) {
newXmlStreamReader = new StreamReaderDelegate(newXmlStreamReader) {
@Override
public int next() throws XMLStreamException {
try {
ThreadLocalSecurityProvider.setProvider((Provider) provider);
return super.next();
} finally {
ThreadLocalSecurityProvider.unsetProvider();
}
}
};
}
soapMessage.setContent(XMLStreamReader.class, newXmlStreamReader);
// Warning: The exceptions which can occur here are not security relevant exceptions
// but configuration-errors. To catch security relevant exceptions you have to catch
// them e.g.in the FaultOutInterceptor. Why? Because we do streaming security. This
// interceptor doesn't handle the ws-security stuff but just setup the relevant stuff
// for it. Exceptions will be thrown as a wrapped XMLStreamException during further
// processing in the WS-Stack.
soapMessage.put(SECURITY_PROCESSED, Boolean.TRUE);
} catch (WSSecurityException e) {
throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), e);
} catch (XMLSecurityException e) {
throw new SoapFault(new Message("STAX_EX", LOG), e, soapMessage.getVersion().getSender());
} catch (WSSPolicyException e) {
throw new SoapFault(e.getMessage(), e, soapMessage.getVersion().getSender());
} catch (XMLStreamException e) {
throw new SoapFault(new Message("STAX_EX", LOG), e, soapMessage.getVersion().getSender());
}
}
Also used :
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
SoapFault(org.apache.cxf.binding.soap.SoapFault)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
Message(org.apache.cxf.common.i18n.Message)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
LinkedList(java.util.LinkedList)
List(java.util.List)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
Provider(java.security.Provider)
ThreadLocalSecurityProvider(org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider)
XMLStreamException(javax.xml.stream.XMLStreamException)
StreamReaderDelegate(javax.xml.stream.util.StreamReaderDelegate)
WSSPolicyException(org.apache.wss4j.common.WSSPolicyException)
SecurityEventListener(org.apache.xml.security.stax.securityEvent.SecurityEventListener)
InboundWSSec(org.apache.wss4j.stax.setup.InboundWSSec)
Example 50 with WSSSecurityProperties
use of org.apache.wss4j.stax.ext.WSSSecurityProperties in project cxf by apache.
the class WSS4JStaxOutInterceptor method handleMessage.
public void handleMessage(SoapMessage mc) throws Fault {
OutputStream os = mc.getContent(OutputStream.class);
String encoding = getEncoding(mc);
XMLStreamWriter newXMLStreamWriter;
try {
WSSSecurityProperties secProps = createSecurityProperties();
translateProperties(mc, secProps);
configureCallbackHandler(mc, secProps);
final OutboundSecurityContext outboundSecurityContext = new OutboundSecurityContextImpl();
configureProperties(mc, outboundSecurityContext, secProps);
if (secProps.getActions() == null || secProps.getActions().isEmpty()) {
// If no actions configured then return
return;
}
handleSecureMTOM(mc, secProps);
if (secProps.getAttachmentCallbackHandler() == null) {
secProps.setAttachmentCallbackHandler(new AttachmentCallbackHandler(mc));
}
SecurityEventListener securityEventListener = configureSecurityEventListener(mc, secProps);
OutboundWSSec outboundWSSec = WSSec.getOutboundWSSec(secProps);
@SuppressWarnings("unchecked") final List<SecurityEvent> requestSecurityEvents = (List<SecurityEvent>) mc.getExchange().get(SecurityEvent.class.getName() + ".in");
outboundSecurityContext.putList(SecurityEvent.class, requestSecurityEvents);
outboundSecurityContext.addSecurityEventListener(securityEventListener);
newXMLStreamWriter = outboundWSSec.processOutMessage(os, encoding, outboundSecurityContext);
mc.setContent(XMLStreamWriter.class, newXMLStreamWriter);
} catch (WSSecurityException e) {
throw new Fault(e);
} catch (WSSPolicyException e) {
throw new Fault(e);
}
mc.put(AbstractOutDatabindingInterceptor.DISABLE_OUTPUTSTREAM_OPTIMIZATION, Boolean.TRUE);
try {
newXMLStreamWriter.writeStartDocument(encoding, "1.0");
} catch (XMLStreamException e) {
throw new Fault(e);
}
mc.removeContent(OutputStream.class);
mc.put(OUTPUT_STREAM_HOLDER, os);
// Add a final interceptor to write end elements
mc.getInterceptorChain().add(ending);
}
Also used :
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
TokenSecurityEvent(org.apache.xml.security.stax.securityEvent.TokenSecurityEvent)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
OutputStream(java.io.OutputStream)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Fault(org.apache.cxf.interceptor.Fault)
OutboundSecurityContextImpl(org.apache.xml.security.stax.impl.OutboundSecurityContextImpl)
OutboundSecurityContext(org.apache.xml.security.stax.ext.OutboundSecurityContext)
OutboundWSSec(org.apache.wss4j.stax.setup.OutboundWSSec)
XMLStreamException(javax.xml.stream.XMLStreamException)
XMLStreamWriter(javax.xml.stream.XMLStreamWriter)
LinkedList(java.util.LinkedList)
List(java.util.List)
WSSPolicyException(org.apache.wss4j.common.WSSPolicyException)
SecurityEventListener(org.apache.xml.security.stax.securityEvent.SecurityEventListener)
Aggregations
WSSSecurityProperties (org.apache.wss4j.stax.ext.WSSSecurityProperties)107
Client (org.apache.cxf.endpoint.Client)90
LoggingInInterceptor (org.apache.cxf.ext.logging.LoggingInInterceptor)89
LoggingOutInterceptor (org.apache.cxf.ext.logging.LoggingOutInterceptor)89
Service (org.apache.cxf.service.Service)89
Test (org.junit.Test)89
WSSConstants (org.apache.wss4j.stax.ext.WSSConstants)68
Properties (java.util.Properties)67
ArrayList (java.util.ArrayList)63
HashMap (java.util.HashMap)59
QName (javax.xml.namespace.QName)27
SecurePart (org.apache.xml.security.stax.ext.SecurePart)19
AbstractSecurityTest (org.apache.cxf.ws.security.wss4j.AbstractSecurityTest)12
Echo (org.apache.cxf.ws.security.wss4j.Echo)12
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)9
WSS4JStaxOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor)8
AbstractToken (org.apache.wss4j.policy.model.AbstractToken)8
WSS4JStaxInInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor)7
X509Token (org.apache.wss4j.policy.model.X509Token)7
WSS4JInInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor)6
