Example 1 with UsernameTokenCallbackHandler
use of org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallbackHandler in project jbossws-cxf by jbossws.
the class SubjectCreator method createSubject.
public Subject createSubject(SecurityDomainContext ctx, String name, String password, boolean isDigest, String nonce, String created) {
if (isDigest) {
verifyUsernameToken(nonce, created);
// It is not possible at the moment to figure out if the digest has been created
// using the original nonce bytes or the bytes of the (Base64)-encoded nonce, some
// legacy clients might use the (Base64)-encoded nonce bytes when creating a digest;
// lets default to true and assume the nonce has been Base-64 encoded, given that
// WSS4J client Base64-decodes the nonce before creating the digest
CallbackHandler handler = new UsernameTokenCallbackHandler(nonce, created, decodeNonce);
CallbackHandlerPolicyContextHandler.setCallbackHandler(handler);
}
// authenticate and populate Subject
Principal principal = new SimplePrincipal(name);
Subject subject = new Subject();
boolean TRACE = SECURITY_LOGGER.isTraceEnabled();
if (TRACE)
SECURITY_LOGGER.aboutToAuthenticate(ctx.getSecurityDomain());
try {
ClassLoader tccl = SecurityActions.getContextClassLoader();
// allow PicketBox to see jbossws modules' classes
SecurityActions.setContextClassLoader(createDelegateClassLoader(ClassLoaderProvider.getDefaultProvider().getServerIntegrationClassLoader(), tccl));
try {
if (ctx.isValid(principal, password, subject) == false) {
throw MESSAGES.authenticationFailed(principal.getName());
}
} finally {
SecurityActions.setContextClassLoader(tccl);
}
} finally {
if (isDigest) {
// does not remove the TL entry completely but limits the potential
// growth to a number of available threads in a container
CallbackHandlerPolicyContextHandler.setCallbackHandler(null);
}
}
if (TRACE)
SECURITY_LOGGER.authenticated(name);
if (propagateContext) {
ctx.pushSubjectContext(subject, principal, password);
if (TRACE)
SECURITY_LOGGER.securityContextPropagated(name);
}
return subject;
}
Also used :
UsernameTokenCallbackHandler(org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallbackHandler)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
DelegateClassLoader(org.jboss.ws.common.utils.DelegateClassLoader)
UsernameTokenCallbackHandler(org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallbackHandler)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Subject(javax.security.auth.Subject)
Example 2 with UsernameTokenCallbackHandler
use of org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallbackHandler in project jbossws-cxf by jbossws.
the class SubjectCreator method createSubject.
// TODO:refactor this
public Subject createSubject(JBossAuthenticationManager manager, String name, String password, boolean isDigest, String nonce, String created) {
if (isDigest) {
verifyUsernameToken(nonce, created);
// It is not possible at the moment to figure out if the digest has been created
// using the original nonce bytes or the bytes of the (Base64)-encoded nonce, some
// legacy clients might use the (Base64)-encoded nonce bytes when creating a digest;
// lets default to true and assume the nonce has been Base-64 encoded, given that
// WSS4J client Base64-decodes the nonce before creating the digest
CallbackHandler handler = new UsernameTokenCallbackHandler(nonce, created, decodeNonce);
CallbackHandlerPolicyContextHandler.setCallbackHandler(handler);
}
// authenticate and populate Subject
Principal principal = new SimplePrincipal(name);
Subject subject = new Subject();
boolean TRACE = SECURITY_LOGGER.isTraceEnabled();
if (TRACE)
SECURITY_LOGGER.aboutToAuthenticate(manager.getSecurityDomain());
try {
ClassLoader tccl = SecurityActions.getContextClassLoader();
// allow PicketBox to see jbossws modules' classes
SecurityActions.setContextClassLoader(createDelegateClassLoader(ClassLoaderProvider.getDefaultProvider().getServerIntegrationClassLoader(), tccl));
try {
if (manager.isValid(principal, password, subject) == false) {
throw MESSAGES.authenticationFailed(principal.getName());
}
} finally {
SecurityActions.setContextClassLoader(tccl);
}
} finally {
if (isDigest) {
// does not remove the TL entry completely but limits the potential
// growth to a number of available threads in a container
CallbackHandlerPolicyContextHandler.setCallbackHandler(null);
}
}
if (TRACE)
SECURITY_LOGGER.authenticated(name);
return subject;
}
Also used :
UsernameTokenCallbackHandler(org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallbackHandler)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
DelegateClassLoader(org.jboss.ws.common.utils.DelegateClassLoader)
UsernameTokenCallbackHandler(org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallbackHandler)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Subject(javax.security.auth.Subject)
Aggregations
Principal (java.security.Principal)2
Subject (javax.security.auth.Subject)2
CallbackHandler (javax.security.auth.callback.CallbackHandler)2
SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)2
DelegateClassLoader (org.jboss.ws.common.utils.DelegateClassLoader)2
UsernameTokenCallbackHandler (org.jboss.wsf.stack.cxf.security.authentication.callback.UsernameTokenCallbackHandler)2
