Example 1 with Event
use of org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event in project cxf by apache.
the class StaxActionInInterceptor method handleMessage.
@Override
public void handleMessage(SoapMessage soapMessage) throws Fault {
if (inActions == null || inActions.isEmpty()) {
return;
}
@SuppressWarnings("unchecked") final List<SecurityEvent> incomingSecurityEventList = (List<SecurityEvent>) soapMessage.get(SecurityEvent.class.getName() + ".in");
if (incomingSecurityEventList == null) {
LOG.warning("Security processing failed (actions mismatch)");
WSSecurityException ex = new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR);
throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), ex);
}
// First check for a SOAP Fault with no security header if we are the client
if (MessageUtils.isRequestor(soapMessage) && isEventInResults(WSSecurityEventConstants.NO_SECURITY, incomingSecurityEventList)) {
OperationSecurityEvent securityEvent = (OperationSecurityEvent) findEvent(WSSecurityEventConstants.OPERATION, incomingSecurityEventList);
if (securityEvent != null && soapMessage.getVersion().getFault().equals(securityEvent.getOperation())) {
LOG.warning("Request does not contain Security header, but it's a fault.");
return;
}
}
for (XMLSecurityConstants.Action action : inActions) {
Event requiredEvent = null;
if (WSSConstants.TIMESTAMP.equals(action)) {
requiredEvent = WSSecurityEventConstants.TIMESTAMP;
} else if (WSSConstants.USERNAMETOKEN.equals(action)) {
requiredEvent = WSSecurityEventConstants.USERNAME_TOKEN;
} else if (XMLSecurityConstants.SIGNATURE.equals(action)) {
requiredEvent = WSSecurityEventConstants.SignatureValue;
} else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action) || WSSConstants.SAML_TOKEN_UNSIGNED.equals(action)) {
requiredEvent = WSSecurityEventConstants.SAML_TOKEN;
}
if (requiredEvent != null && !isEventInResults(requiredEvent, incomingSecurityEventList)) {
LOG.warning("Security processing failed (actions mismatch)");
WSSecurityException ex = new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR);
throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), ex);
}
if (XMLSecurityConstants.ENCRYPT.equals(action)) {
boolean foundEncryptionPart = isEventInResults(WSSecurityEventConstants.ENCRYPTED_PART, incomingSecurityEventList);
if (!foundEncryptionPart) {
foundEncryptionPart = isEventInResults(WSSecurityEventConstants.EncryptedElement, incomingSecurityEventList);
}
if (!foundEncryptionPart) {
LOG.warning("Security processing failed (actions mismatch)");
WSSecurityException ex = new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR);
throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), ex);
}
}
}
}
Also used :
OperationSecurityEvent(org.apache.wss4j.stax.securityEvent.OperationSecurityEvent)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
XMLSecurityConstants(org.apache.xml.security.stax.ext.XMLSecurityConstants)
OperationSecurityEvent(org.apache.wss4j.stax.securityEvent.OperationSecurityEvent)
Event(org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event)
OperationSecurityEvent(org.apache.wss4j.stax.securityEvent.OperationSecurityEvent)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
List(java.util.List)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 2 with Event
use of org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event in project cxf by apache.
the class StaxSecurityContextInInterceptor method doResults.
private void doResults(SoapMessage msg, List<SecurityEvent> incomingSecurityEventList) throws WSSecurityException {
// Now go through the results in a certain order to set up a security context. Highest priority is first.
List<Event> desiredSecurityEvents = new ArrayList<>();
desiredSecurityEvents.add(WSSecurityEventConstants.SAML_TOKEN);
desiredSecurityEvents.add(WSSecurityEventConstants.USERNAME_TOKEN);
desiredSecurityEvents.add(WSSecurityEventConstants.KERBEROS_TOKEN);
desiredSecurityEvents.add(WSSecurityEventConstants.X509Token);
desiredSecurityEvents.add(WSSecurityEventConstants.KeyValueToken);
for (Event desiredEvent : desiredSecurityEvents) {
SubjectAndPrincipalSecurityToken token = null;
try {
token = getSubjectPrincipalToken(incomingSecurityEventList, desiredEvent, msg);
} catch (XMLSecurityException ex) {
// proceed
}
if (token != null) {
Principal p = token.getPrincipal();
Subject subject = token.getSubject();
if (subject != null) {
String roleClassifier = (String) msg.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER);
if (roleClassifier != null && !"".equals(roleClassifier)) {
String roleClassifierType = (String) msg.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER_TYPE);
if (roleClassifierType == null || "".equals(roleClassifierType)) {
roleClassifierType = "prefix";
}
msg.put(SecurityContext.class, new RolePrefixSecurityContextImpl(subject, roleClassifier, roleClassifierType));
} else {
msg.put(SecurityContext.class, new DefaultSecurityContext(subject));
}
break;
} else if (p != null) {
Object receivedAssertion = null;
if (desiredEvent == WSSecurityEventConstants.SAML_TOKEN) {
String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
if (roleAttributeName == null || roleAttributeName.length() == 0) {
roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
}
receivedAssertion = ((SAMLTokenPrincipal) token.getPrincipal()).getToken();
if (receivedAssertion != null) {
ClaimCollection claims = SAMLUtils.getClaims((SamlAssertionWrapper) receivedAssertion);
Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
SAMLSecurityContext context = new SAMLSecurityContext(p, roles, claims);
msg.put(SecurityContext.class, context);
}
} else {
msg.put(SecurityContext.class, createSecurityContext(p));
}
break;
}
}
}
}
Also used :
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal)
Set(java.util.Set)
SubjectAndPrincipalSecurityToken(org.apache.wss4j.stax.securityToken.SubjectAndPrincipalSecurityToken)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
ArrayList(java.util.ArrayList)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
Subject(javax.security.auth.Subject)
RolePrefixSecurityContextImpl(org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
SamlTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent)
KerberosTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.KerberosTokenSecurityEvent)
KeyValueTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.KeyValueTokenSecurityEvent)
Event(org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
X509TokenSecurityEvent(org.apache.wss4j.stax.securityEvent.X509TokenSecurityEvent)
UsernameTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal)
Principal(java.security.Principal)
Aggregations
SecurityEvent (org.apache.xml.security.stax.securityEvent.SecurityEvent)2
Event (org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event)2
Principal (java.security.Principal)1
ArrayList (java.util.ArrayList)1
List (java.util.List)1
Set (java.util.Set)1
Subject (javax.security.auth.Subject)1
DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)1
RolePrefixSecurityContextImpl (org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl)1
ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)1
SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)1
SecurityContext (org.apache.cxf.security.SecurityContext)1
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1
SAMLTokenPrincipal (org.apache.wss4j.common.principal.SAMLTokenPrincipal)1
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)1
KerberosTokenSecurityEvent (org.apache.wss4j.stax.securityEvent.KerberosTokenSecurityEvent)1
KeyValueTokenSecurityEvent (org.apache.wss4j.stax.securityEvent.KeyValueTokenSecurityEvent)1
OperationSecurityEvent (org.apache.wss4j.stax.securityEvent.OperationSecurityEvent)1
SamlTokenSecurityEvent (org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent)1
UsernameTokenSecurityEvent (org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent)1
