com.ibm.websphere.security.WSSecurityException Java Examples

The following examples show how to use com.ibm.websphere.security.WSSecurityException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: FederationFilter.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up 
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
    ServletException {
    try {
        Subject subject = WSSubject.getCallerSubject();
        if (subject != null) {
            FedizResponse fedResponse = getCachedFederationResponse(subject);
            LOG.info("Security token found for user: {}", fedResponse.getUsername());
            Element el = fedResponse.getToken();
            if (el != null) {
                SecurityTokenThreadLocal.setToken(el);
                LOG.debug("Setting Security Token to SecurityTokenThreadLocal");
            }
        }
        chain.doFilter(request, response);
    } catch (WSSecurityException e) {
        LOG.warn("No caller Subject/Principal found in request.");
        chain.doFilter(request, response);
    } finally {
        SecurityTokenThreadLocal.setToken(null);
    }
}
Example #2
Source File: SsoUtil.java    From iaf with Apache License 2.0 6 votes vote down vote up 
public static String getSsoToken() throws WSSecurityException, CredentialDestroyedException, CredentialExpiredException {
	String result=null;

	Subject subj=WSSubject.getCallerSubject();

	if (subj==null) {
		throw new WSSecurityException("could not find Subject");
	}
	Set pubs=subj.getPublicCredentials();
	if (pubs==null) {
		throw new WSSecurityException("could not find PublicCredentials");
	}
	for (Iterator it=pubs.iterator();result==null && it.hasNext();) {
		Object pc = it.next();
		if (pc instanceof WSCredentialImpl) {
			WSCredentialImpl wsci = (WSCredentialImpl)pc;
			byte token[] = wsci.getCredentialToken();
			if (token!=null && token.length>0) {
				result=Base64.encodeBase64String(token);
			}
		}
	}
	return result;
}
Example #3
Source File: WebSphereLoginCommand.java    From flex-blazeds with Apache License 2.0 5 votes vote down vote up 
/** {@inheritDoc} */
public Principal convertPrincipal(Principal principal)
{
    if (principal instanceof WSLCPrincipal)
    {
        // We are good
        return principal;
    }
    else
    {
        // we need the converting

        ContextManager contextManager = ContextManagerFactory.getInstance();

        Subject subject = null;
        try
        {
            subject = contextManager.getCallerSubject();
        }
        catch (WSSecurityException e)
        {
            
        }
        
        if (subject != null)
        {
            return new WSLCPrincipal(principal.getName(), contextManager, subject);
        }
        else
            // Just return the old one
            return principal;
        
    }
}
Example #4
Source File: WebSphereLoginCommand.java    From flex-blazeds with Apache License 2.0 4 votes vote down vote up 
/** {@inheritDoc} */
public Principal doAuthentication(String username, Object credentials)
{
    Principal principal = null;
    try
    {
        String password = extractPassword(credentials);

        if (password != null)
        {
            ContextManager contextManager = ContextManagerFactory.getInstance();

            Subject subject =
                contextManager.login(contextManager.getDefaultRealm(),
                        username, password);

            if (subject != null)
            {
                //setting the caller subject really doesn't apply for long
                //it appears to be removed later as each call to
                //ContextManagerFactory.getInstance()
                //returns a new instance and we cannot get the real context
                //and assign values that will be re-used.
                //this also means that the HttpServletRequest will not have the
                //information that we've assigned, hence we store this contextManager
                //in the Principal for later use

                contextManager.setCallerSubject(subject);
                principal = new WSLCPrincipal(username, contextManager, subject);
            }
        }
    }
    catch (WSLoginFailedException wsLoginFailedException)
    {
        if (Log.isDebug())
        {
            Log.getLogger(LogCategories.SECURITY).debug("WebSphereLoginCommand#doAuthentication() failed: " + wsLoginFailedException.toString(), wsLoginFailedException); 
        }
    }
    catch (WSSecurityException wsSecurityException)
    {
        if (Log.isDebug())
        {
            Log.getLogger(LogCategories.SECURITY).debug("WebSphereLoginCommand#doAuthentication() failed: " + wsSecurityException.toString(), wsSecurityException); 
        }
    }

    if (Log.isDebug()  && principal != null)
    {
        Log.getLogger(LogCategories.SECURITY).debug("WebSphereLoginCommand#doAuthentication(). Principal: " + principal + ", Principal class: " + principal.getClass().getName()
                + ", Principal identity: " + System.identityHashCode(principal));
    }
    
    return principal;
}