public UsernameTokenInterceptorProvider() { this(new UsernameTokenInterceptor()); }
protected void addToken(SoapMessage message) { UsernameToken tok = assertTokens(message); Header h = findSecurityHeader(message, true); Element el = (Element)h.getObject(); Document doc = el.getOwnerDocument(); WSSecUsernameToken utBuilder = addUsernameToken(message, doc, tok); if (utBuilder == null) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN); for (AssertionInfo ai : ais) { if (ai.isAsserted()) { ai.setAsserted(false); } } return; } utBuilder.prepare(); el.appendChild(utBuilder.getUsernameTokenElement()); }
protected void processToken(SoapMessage message) { Header h = findSecurityHeader(message, false); if (h == null) { return; && WSS4JConstants.WSSE_NS.equals(child.getNamespaceURI())) { try { boolean bspCompliant = isWsiBSPCompliant(message); Principal principal = null; Subject subject = null; final WSSecurityEngineResult result = validateToken(child, message); subject = (Subject)result.get(WSSecurityEngineResult.TAG_SUBJECT); transformedToken = result.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN); principal = (Principal)result.get(WSSecurityEngineResult.TAG_PRINCIPAL); if (principal == null) { principal = parseTokenAndCreatePrincipal(child, bspCompliant); principal = parseTokenAndCreatePrincipal(child, bspCompliant); WSS4JTokenConverter.convertToken(message, principal); if (transformedToken instanceof SamlAssertionWrapper) { message.put(SecurityContext.class, createSecurityContext(message, (SamlAssertionWrapper)transformedToken)); } else if (subject != null && principal != null) { message.put(SecurityContext.class, createSecurityContext(principal, subject)); } else { UsernameTokenPrincipal utPrincipal = (UsernameTokenPrincipal)principal;
protected WSSecurityEngineResult validateToken(Element tokenElement, final SoapMessage message) throws WSSecurityException, Base64DecodingException { boolean bspCompliant = isWsiBSPCompliant(message); boolean allowNoPassword = isAllowNoPassword(message.get(AssertionInfoMap.class)); UsernameTokenProcessor p = new UsernameTokenProcessor();
(String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message); if (StringUtils.isEmpty(password)) { password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN, message); return utBuilder; policyNotAsserted(token, "No username available", message); } else { policyNotAsserted(token, "No username available", message);
&& isNonEndorsingSupportingToken(tok) && (princ == null || princ.getPassword() == null)) { ai.setNotAsserted("Username Token No Password supplied"); PolicyUtils.assertPolicy(aim, SPConstants.SUPPORTING_TOKENS); if (signed || isTLSInUse(message)) { PolicyUtils.assertPolicy(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
private void storeResults(UsernameTokenPrincipal principal, Subject subject, SoapMessage message) { List<WSSecurityEngineResult> v = new ArrayList<>(); int action = WSConstants.UT; if (principal.getPassword() == null) { action = WSConstants.UT_NOPASSWORD; } WSSecurityEngineResult result = new WSSecurityEngineResult(action, principal, null, null, null); if (subject != null) { result.put(WSSecurityEngineResult.TAG_SUBJECT, subject); } v.add(0, result); List<WSHandlerResult> results = CastUtils.cast((List<?>)message .get(WSHandlerConstants.RECV_RESULTS)); if (results == null) { results = new ArrayList<>(); message.put(WSHandlerConstants.RECV_RESULTS, results); } WSHandlerResult rResult = new WSHandlerResult(null, v, Collections.singletonMap(action, v)); results.add(0, rResult); assertTokens(message, principal, false); }
public void handleMessage(SoapMessage message) throws Fault { message.put(SecurityConstants.VALIDATE_TOKEN, Boolean.FALSE); super.handleMessage(message); }
protected void processToken(SoapMessage message) { Header h = findSecurityHeader(message, false); if (h == null) { return; && WSS4JConstants.WSSE_NS.equals(child.getNamespaceURI())) { try { boolean bspCompliant = isWsiBSPCompliant(message); Principal principal = null; Subject subject = null; final WSSecurityEngineResult result = validateToken(child, message); subject = (Subject)result.get(WSSecurityEngineResult.TAG_SUBJECT); transformedToken = result.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN); principal = (Principal)result.get(WSSecurityEngineResult.TAG_PRINCIPAL); if (principal == null) { principal = parseTokenAndCreatePrincipal(child, bspCompliant); principal = parseTokenAndCreatePrincipal(child, bspCompliant); WSS4JTokenConverter.convertToken(message, principal); if (transformedToken instanceof SamlAssertionWrapper) { message.put(SecurityContext.class, createSecurityContext(message, (SamlAssertionWrapper)transformedToken)); } else if (subject != null && principal != null) { message.put(SecurityContext.class, createSecurityContext(principal, subject)); } else { UsernameTokenPrincipal utPrincipal = (UsernameTokenPrincipal)principal;
protected WSSecurityEngineResult validateToken(Element tokenElement, final SoapMessage message) throws WSSecurityException, Base64DecodingException { boolean bspCompliant = isWsiBSPCompliant(message); boolean allowNoPassword = isAllowNoPassword(message.get(AssertionInfoMap.class)); UsernameTokenProcessor p = new UsernameTokenProcessor();
(String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message); if (StringUtils.isEmpty(password)) { password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN, message); return utBuilder; policyNotAsserted(token, "No username available", message); } else { policyNotAsserted(token, "No username available", message);
&& isNonEndorsingSupportingToken(tok) && (princ == null || princ.getPassword() == null)) { ai.setNotAsserted("Username Token No Password supplied"); PolicyUtils.assertPolicy(aim, SPConstants.SUPPORTING_TOKENS); if (signed || isTLSInUse(message)) { PolicyUtils.assertPolicy(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
private void storeResults(UsernameTokenPrincipal principal, Subject subject, SoapMessage message) { List<WSSecurityEngineResult> v = new ArrayList<>(); int action = WSConstants.UT; if (principal.getPassword() == null) { action = WSConstants.UT_NOPASSWORD; } WSSecurityEngineResult result = new WSSecurityEngineResult(action, principal, null, null, null); if (subject != null) { result.put(WSSecurityEngineResult.TAG_SUBJECT, subject); } v.add(0, result); List<WSHandlerResult> results = CastUtils.cast((List<?>)message .get(WSHandlerConstants.RECV_RESULTS)); if (results == null) { results = new ArrayList<>(); message.put(WSHandlerConstants.RECV_RESULTS, results); } WSHandlerResult rResult = new WSHandlerResult(null, v, Collections.singletonMap(action, v)); results.add(0, rResult); assertTokens(message, principal, false); }
protected void addToken(SoapMessage message) { UsernameToken tok = assertTokens(message); Header h = findSecurityHeader(message, true); Element el = (Element)h.getObject(); Document doc = el.getOwnerDocument(); WSSecUsernameToken utBuilder = addUsernameToken(message, doc, tok); if (utBuilder == null) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN); for (AssertionInfo ai : ais) { if (ai.isAsserted()) { ai.setAsserted(false); } } return; } utBuilder.prepare(); el.appendChild(utBuilder.getUsernameTokenElement()); }
protected UsernameToken assertTokens(SoapMessage message) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); PolicyUtils.assertPolicy(aim, SPConstants.USERNAME_TOKEN10); PolicyUtils.assertPolicy(aim, SPConstants.USERNAME_TOKEN11); PolicyUtils.assertPolicy(aim, SPConstants.HASH_PASSWORD); PolicyUtils.assertPolicy(aim, SPConstants.NO_PASSWORD); PolicyUtils.assertPolicy(aim, SP13Constants.NONCE); PolicyUtils.assertPolicy(aim, SP13Constants.CREATED); return (UsernameToken)assertTokens(message, SPConstants.USERNAME_TOKEN, true); }
public UsernameTokenInterceptorProvider() { this(new UsernameTokenInterceptor()); }
protected UsernameToken assertTokens(SoapMessage message) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); PolicyUtils.assertPolicy(aim, SPConstants.USERNAME_TOKEN10); PolicyUtils.assertPolicy(aim, SPConstants.USERNAME_TOKEN11); PolicyUtils.assertPolicy(aim, SPConstants.HASH_PASSWORD); PolicyUtils.assertPolicy(aim, SPConstants.NO_PASSWORD); PolicyUtils.assertPolicy(aim, SP13Constants.NONCE); PolicyUtils.assertPolicy(aim, SP13Constants.CREATED); return (UsernameToken)assertTokens(message, SPConstants.USERNAME_TOKEN, true); }
public UsernameTokenInterceptorProvider(UsernameTokenInterceptor inInterceptor) { super(Arrays.asList(SP12Constants.USERNAME_TOKEN, SP11Constants.USERNAME_TOKEN)); this.getOutInterceptors().add(new UsernameTokenInterceptor()); this.getInInterceptors().add(inInterceptor == null ? new UsernameTokenInterceptor() : inInterceptor); //not needed on fault chains PolicyBasedWSS4JStaxOutInterceptor so = new PolicyBasedWSS4JStaxOutInterceptor(); PolicyBasedWSS4JStaxInInterceptor si = new PolicyBasedWSS4JStaxInInterceptor(); this.getOutInterceptors().add(so); this.getOutFaultInterceptors().add(so); this.getInInterceptors().add(si); this.getInFaultInterceptors().add(si); }
public UsernameTokenInterceptorProvider(UsernameTokenInterceptor inInterceptor) { super(Arrays.asList(SP12Constants.USERNAME_TOKEN, SP11Constants.USERNAME_TOKEN)); this.getOutInterceptors().add(new UsernameTokenInterceptor()); this.getInInterceptors().add(inInterceptor == null ? new UsernameTokenInterceptor() : inInterceptor); //not needed on fault chains PolicyBasedWSS4JStaxOutInterceptor so = new PolicyBasedWSS4JStaxOutInterceptor(); PolicyBasedWSS4JStaxInInterceptor si = new PolicyBasedWSS4JStaxInInterceptor(); this.getOutInterceptors().add(so); this.getOutFaultInterceptors().add(so); this.getInInterceptors().add(si); this.getInFaultInterceptors().add(si); }