org.apache.cxf.ws.security.SecurityConstants Java Examples
The following examples show how to use
org.apache.cxf.ws.security.SecurityConstants.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: STSTokenValidator.java From steady with Apache License 2.0 | 6 votes |
|
static final TokenStore getTokenStore(Message message) {
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
TokenStore tokenStore =
(TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
if (tokenStore == null) {
tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
}
if (tokenStore == null) {
TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
if (info.getName() != null) {
cacheKey += "-" + info.getName().toString().hashCode();
}
tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
}
return tokenStore;
}
}
Example #2
| Source File: AbstractBindingBuilder.java From steady with Apache License 2.0 | 6 votes |
|
public Crypto getEncryptionCrypto(TokenWrapper wrapper) throws WSSecurityException {
Crypto crypto = getCrypto(wrapper, SecurityConstants.ENCRYPT_CRYPTO,
SecurityConstants.ENCRYPT_PROPERTIES);
boolean enableRevocation = MessageUtils.isTrue(
message.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
if (enableRevocation && crypto != null) {
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
String encrUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
if (encrUser == null) {
try {
encrUser = crypto.getDefaultX509Identifier();
} catch (WSSecurityException e1) {
throw new Fault(e1);
}
}
cryptoType.setAlias(encrUser);
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
if (certs != null && certs.length > 0) {
crypto.verifyTrust(certs, enableRevocation);
}
}
return crypto;
}
Example #3
| Source File: WSS4JUtils.java From cxf with Apache License 2.0 | 6 votes |
|
public static PasswordEncryptor getPasswordEncryptor(Message message) {
if (message == null) {
return null;
}
PasswordEncryptor passwordEncryptor =
(PasswordEncryptor)message.getContextualProperty(
SecurityConstants.PASSWORD_ENCRYPTOR_INSTANCE
);
if (passwordEncryptor != null) {
return passwordEncryptor;
}
Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
try {
CallbackHandler callbackHandler = SecurityUtils.getCallbackHandler(o);
if (callbackHandler != null) {
return new JasyptPasswordEncryptor(callbackHandler);
}
} catch (Exception ex) {
return null;
}
return null;
}
Example #4
| Source File: AbstractStaxBindingHandler.java From cxf with Apache License 2.0 | 6 votes |
|
protected void handleUsernameTokenSupportingToken(
UsernameToken token, boolean endorse, boolean encryptedToken, Map<AbstractToken, SecurePart> ret
) throws Exception {
if (endorse) {
throw new Exception("Endorsing UsernameTokens are not supported in the streaming code");
}
SecurePart securePart = addUsernameToken(token);
if (securePart != null) {
ret.put(token, securePart);
//WebLogic and WCF always encrypt these
//See: http://e-docs.bea.com/wls/docs103/webserv_intro/interop.html
//encryptedTokensIdList.add(utBuilder.getId());
if (encryptedToken
|| MessageUtils.getContextualBoolean(message,
SecurityConstants.ALWAYS_ENCRYPT_UT,
true)) {
encryptedTokensList.add(securePart);
}
}
}
Example #5
| Source File: KerberosTokenInterceptorProvider.java From cxf with Apache License 2.0 | 6 votes |
|
private void storeKerberosToken(Message message, KerberosServiceSecurityToken kerberosToken)
throws TokenStoreException {
SecurityToken token = new SecurityToken(kerberosToken.getId());
token.setTokenType(kerberosToken.getKerberosTokenValueType());
SecretKey secretKey = getSecretKeyFromToken(kerberosToken);
token.setKey(secretKey);
if (secretKey != null) {
token.setSecret(secretKey.getEncoded());
}
byte[] ticket = kerberosToken.getBinaryContent();
try {
token.setSHA1(XMLUtils.encodeToString(KeyUtils.generateDigest(ticket)));
} catch (WSSecurityException e) {
// Just consume this for now as it isn't critical...
}
TokenStoreUtils.getTokenStore(message).add(token);
message.getExchange().put(SecurityConstants.TOKEN_ID, token.getId());
}
Example #6
| Source File: AbstractBindingBuilder.java From steady with Apache License 2.0 | 6 votes |
|
protected final TokenStore getTokenStore() {
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
TokenStore tokenStore =
(TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
if (tokenStore == null) {
tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
}
if (tokenStore == null) {
TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
if (info.getName() != null) {
cacheKey += "-" + info.getName().toString().hashCode();
}
tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
}
return tokenStore;
}
}
Example #7
| Source File: STSLoginModule.java From cxf with Apache License 2.0 | 6 votes |
|
private Set<Principal> getRoles(Message msg, Credential credential) {
SamlAssertionWrapper samlAssertion = credential.getTransformedToken();
if (samlAssertion == null) {
samlAssertion = credential.getSamlAssertion();
}
if (samlAssertion != null) {
String roleAttributeName = null;
if (msg != null) {
roleAttributeName =
(String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME,
msg);
}
if (roleAttributeName == null || roleAttributeName.length() == 0) {
roleAttributeName = WSS4JInInterceptor.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
}
ClaimCollection claims =
SAMLUtils.getClaims(samlAssertion);
return SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
}
return Collections.emptySet();
}
Example #8
| Source File: PolicyBasedWSS4JInInterceptor.java From steady with Apache License 2.0 | 6 votes |
|
private Crypto getSignatureCrypto(Object s, SoapMessage message) throws WSSecurityException {
Crypto signCrypto = null;
if (s instanceof Crypto) {
signCrypto = (Crypto)s;
} else if (s != null) {
URL propsURL = getPropertiesFileURL(s, message);
String propsKey = s.toString();
if (propsURL != null) {
propsKey = propsURL.getPath();
}
Properties props = getProps(s, propsKey, propsURL, message);
signCrypto = CryptoFactory.getInstance(props);
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
info.setProperty(SecurityConstants.SIGNATURE_CRYPTO, signCrypto);
}
}
return signCrypto;
}
Example #9
| Source File: AbstractBindingBuilder.java From cxf with Apache License 2.0 | 6 votes |
|
private X509Certificate getEncryptCert(Crypto crypto, String encrUser) throws WSSecurityException {
// Check for prepared encryption certificate
X509Certificate encrCert =
(X509Certificate)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CERT, message);
if (encrCert != null) {
return encrCert;
}
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(encrUser);
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
if (certs != null && certs.length > 0) {
return certs[0];
}
return null;
}
Example #10
| Source File: AbstractBindingBuilder.java From steady with Apache License 2.0 | 6 votes |
|
protected final TokenStore getTokenStore() {
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
TokenStore tokenStore =
(TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
if (tokenStore == null) {
tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
}
if (tokenStore == null) {
TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
if (info.getName() != null) {
cacheKey += "-" + info.getName().toString().hashCode();
}
tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
}
return tokenStore;
}
}
Example #11
| Source File: AbstractBindingBuilder.java From steady with Apache License 2.0 | 6 votes |
|
protected WSSecTimestamp createTimestamp() {
Collection<AssertionInfo> ais;
ais = aim.get(SP12Constants.INCLUDE_TIMESTAMP);
if (ais != null) {
Object o = message.getContextualProperty(SecurityConstants.TIMESTAMP_TTL);
int ttl = 300; //default is 300 seconds
if (o instanceof Number) {
ttl = ((Number)o).intValue();
} else if (o instanceof String) {
ttl = Integer.parseInt((String)o);
}
if (ttl <= 0) {
ttl = 300;
}
timestampEl = new WSSecTimestamp(wssConfig);
timestampEl.setTimeToLive(ttl);
timestampEl.prepare(saaj.getSOAPPart());
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
}
return timestampEl;
}
Example #12
| Source File: CacheCleanupListener.java From cxf with Apache License 2.0 | 6 votes |
|
protected void shutdownResources(EndpointInfo info) {
TokenStore ts = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
if (ts instanceof Closeable) {
close((Closeable)ts);
}
ReplayCache rc = (ReplayCache)info.getProperty(SecurityConstants.NONCE_CACHE_INSTANCE);
if (rc != null) {
close(rc);
}
rc = (ReplayCache)info.getProperty(SecurityConstants.TIMESTAMP_CACHE_INSTANCE);
if (rc != null) {
close(rc);
}
rc = (ReplayCache)info.getProperty(SecurityConstants.SAML_ONE_TIME_USE_CACHE_INSTANCE);
if (rc != null) {
close(rc);
}
}
Example #13
| Source File: STSTokenValidator.java From steady with Apache License 2.0 | 6 votes |
|
static final TokenStore getTokenStore(Message message) {
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
TokenStore tokenStore =
(TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
if (tokenStore == null) {
tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
}
if (tokenStore == null) {
TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
if (info.getName() != null) {
cacheKey += "-" + info.getName().toString().hashCode();
}
tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
}
return tokenStore;
}
}
Example #14
| Source File: SAMLRenewUnitTest.java From cxf with Apache License 2.0 | 6 votes |
|
private List<SecurityToken> validateSecurityToken(
Bus bus, String wsdlLocation, SecurityToken securityToken
) throws Exception {
STSClient stsClient = new STSClient(bus);
stsClient.setWsdlLocation(wsdlLocation);
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
Map<String, Object> properties = new HashMap<>();
properties.put(SecurityConstants.USERNAME, "alice");
properties.put(
SecurityConstants.CALLBACK_HANDLER,
"org.apache.cxf.systest.sts.common.CommonCallbackHandler"
);
properties.put(SecurityConstants.STS_TOKEN_PROPERTIES, "serviceKeystore.properties");
stsClient.setProperties(properties);
stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
return stsClient.validateSecurityToken(securityToken);
}
Example #15
| Source File: TransportBindingTest.java From cxf with Apache License 2.0 | 6 votes |
|
private STSClient createDispatchSTSClient(Bus bus) {
STSClient stsClient = new STSClient(bus);
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
Map<String, Object> properties = new HashMap<>();
properties.put(SecurityConstants.USERNAME, "alice");
properties.put(SecurityConstants.CALLBACK_HANDLER,
"org.apache.cxf.systest.sts.common.CommonCallbackHandler");
properties.put("ws-security.sts.token.username", "myclientkey");
properties.put("ws-security.sts.token.properties", "clientKeystore.properties");
properties.put("ws-security.sts.token.usecert", "true");
stsClient.setProperties(properties);
return stsClient;
}
Example #16
| Source File: AbstractWSS4JInterceptor.java From steady with Apache License 2.0 | 6 votes |
|
protected void translateProperties(SoapMessage msg) {
String bspCompliant = (String)msg.getContextualProperty(SecurityConstants.IS_BSP_COMPLIANT);
if (bspCompliant != null) {
msg.setContextualProperty(WSHandlerConstants.IS_BSP_COMPLIANT, bspCompliant);
}
String futureTTL =
(String)msg.getContextualProperty(SecurityConstants.TIMESTAMP_FUTURE_TTL);
if (futureTTL != null) {
msg.setContextualProperty(WSHandlerConstants.TTL_FUTURE_TIMESTAMP, futureTTL);
}
String ttl =
(String)msg.getContextualProperty(SecurityConstants.TIMESTAMP_TTL);
if (ttl != null) {
msg.setContextualProperty(WSHandlerConstants.TTL_TIMESTAMP, ttl);
}
String certConstraints =
(String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS);
if (certConstraints != null) {
msg.setContextualProperty(WSHandlerConstants.SIG_SUBJECT_CERT_CONSTRAINTS, certConstraints);
}
}
Example #17
| Source File: AbstractWSS4JInterceptor.java From steady with Apache License 2.0 | 6 votes |
|
protected void translateProperties(SoapMessage msg) {
String bspCompliant = (String)msg.getContextualProperty(SecurityConstants.IS_BSP_COMPLIANT);
if (bspCompliant != null) {
msg.setContextualProperty(WSHandlerConstants.IS_BSP_COMPLIANT, bspCompliant);
}
String futureTTL =
(String)msg.getContextualProperty(SecurityConstants.TIMESTAMP_FUTURE_TTL);
if (futureTTL != null) {
msg.setContextualProperty(WSHandlerConstants.TTL_FUTURE_TIMESTAMP, futureTTL);
}
String ttl =
(String)msg.getContextualProperty(SecurityConstants.TIMESTAMP_TTL);
if (ttl != null) {
msg.setContextualProperty(WSHandlerConstants.TTL_TIMESTAMP, ttl);
}
String certConstraints =
(String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS);
if (certConstraints != null) {
msg.setContextualProperty(WSHandlerConstants.SIG_SUBJECT_CERT_CONSTRAINTS, certConstraints);
}
}
Example #18
| Source File: KerberosTokenInterceptorProvider.java From steady with Apache License 2.0 | 6 votes |
|
static final TokenStore getTokenStore(Message message) {
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
TokenStore tokenStore =
(TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
if (tokenStore == null) {
tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
}
if (tokenStore == null) {
TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
if (info.getName() != null) {
cacheKey += "-" + info.getName().toString().hashCode();
}
tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
}
return tokenStore;
}
}
Example #19
| Source File: STSTokenValidator.java From steady with Apache License 2.0 | 6 votes |
|
static final TokenStore getTokenStore(Message message) {
EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
synchronized (info) {
TokenStore tokenStore =
(TokenStore)message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
if (tokenStore == null) {
tokenStore = (TokenStore)info.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
}
if (tokenStore == null) {
TokenStoreFactory tokenStoreFactory = TokenStoreFactory.newInstance();
String cacheKey = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
if (info.getName() != null) {
cacheKey += "-" + info.getName().toString().hashCode();
}
tokenStore = tokenStoreFactory.newTokenStore(cacheKey, message);
info.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
}
return tokenStore;
}
}
Example #20
| Source File: AbstractPolicySecurityTest.java From steady with Apache License 2.0 | 6 votes |
|
/**
* Gets a SoapMessage, but with the needed SecurityConstants in the context properties
* so that it can be passed to PolicyBasedWSS4JOutInterceptor.
*
* @see #getSoapMessageForDom(Document, AssertionInfoMap)
*/
protected SoapMessage getOutSoapMessageForDom(Document doc, AssertionInfoMap aim)
throws SOAPException {
SoapMessage msg = this.getSoapMessageForDom(doc, aim);
msg.put(SecurityConstants.SIGNATURE_PROPERTIES, "outsecurity.properties");
msg.put(SecurityConstants.ENCRYPT_PROPERTIES, "outsecurity.properties");
msg.put(SecurityConstants.CALLBACK_HANDLER, TestPwdCallback.class.getName());
msg.put(SecurityConstants.SIGNATURE_USERNAME, "myalias");
msg.put(SecurityConstants.ENCRYPT_USERNAME, "myalias");
msg.getExchange().put(Endpoint.class, new MockEndpoint());
msg.getExchange().put(Bus.class, this.bus);
msg.put(Message.REQUESTOR_ROLE, true);
return msg;
}
Example #21
| Source File: AbstractBindingBuilder.java From steady with Apache License 2.0 | 6 votes |
|
public Crypto getEncryptionCrypto(TokenWrapper wrapper) throws WSSecurityException {
Crypto crypto = getCrypto(wrapper, SecurityConstants.ENCRYPT_CRYPTO,
SecurityConstants.ENCRYPT_PROPERTIES);
boolean enableRevocation = MessageUtils.isTrue(
message.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
if (enableRevocation && crypto != null) {
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
String encrUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
if (encrUser == null) {
try {
encrUser = crypto.getDefaultX509Identifier();
} catch (WSSecurityException e1) {
throw new Fault(e1);
}
}
cryptoType.setAlias(encrUser);
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
if (certs != null && certs.length > 0) {
crypto.verifyTrust(certs, enableRevocation);
}
}
return crypto;
}
Example #22
| Source File: SecurityContextTokenCancelTest.java From cxf with Apache License 2.0 | 6 votes |
|
private boolean cancelSecurityToken(
Bus bus, String wsdlLocation, String port, boolean enableEntropy, SecurityToken securityToken
) throws Exception {
STSClient stsClient = new STSClient(bus);
stsClient.setWsdlLocation(wsdlLocation);
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
stsClient.setEndpointName(port);
Map<String, Object> properties = new HashMap<>();
properties.put(SecurityConstants.USERNAME, "alice");
properties.put(SecurityConstants.SIGNATURE_USERNAME, "myservicekey");
properties.put(
SecurityConstants.CALLBACK_HANDLER,
"org.apache.cxf.systest.sts.common.CommonCallbackHandler"
);
properties.put(SecurityConstants.STS_TOKEN_PROPERTIES, "serviceKeystore.properties");
properties.put(SecurityConstants.SIGNATURE_PROPERTIES, "serviceKeystore.properties");
stsClient.setProperties(properties);
stsClient.setSecureConv(true);
stsClient.setRequiresEntropy(enableEntropy);
stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
return stsClient.cancelSecurityToken(securityToken);
}
Example #23
| Source File: StaxSecurityContextInInterceptor.java From cxf with Apache License 2.0 | 5 votes |
|
private boolean isSamlEventAllowed(SamlTokenSecurityEvent event, Message msg) {
if (event == null) {
return false;
}
boolean allowUnsignedSamlPrincipals =
SecurityUtils.getSecurityPropertyBoolean(
SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, msg, false
);
// The SAML Assertion must be signed by default
return event.getSecurityToken() != null
&& event.getSecurityToken().getSamlAssertionWrapper() != null
&& (allowUnsignedSamlPrincipals || event.getSecurityToken().getSamlAssertionWrapper().isSigned());
}
Example #24
| Source File: SecurityTestUtil.java From cxf with Apache License 2.0 | 5 votes |
|
public static void enableStreaming(DoubleItPortType port) {
((BindingProvider)port).getRequestContext().put(
SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
);
((BindingProvider)port).getResponseContext().put(
SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
);
}
Example #25
| Source File: SecureConversationInInterceptor.java From steady with Apache License 2.0 | 5 votes |
|
private void unmapSecurityProps(Message message) {
Exchange ex = message.getExchange();
for (String s : SecurityConstants.ALL_PROPERTIES) {
Object v = message.getContextualProperty(s + ".sct");
if (v != null) {
ex.put(s, v);
}
}
}
Example #26
| Source File: SamlTokenTest.java From cxf with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testSaml2EndorsingOverTransportSP11() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = SamlTokenTest.class.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportSP11Port");
DoubleItPortType saml2Port =
service.getPort(portQName, DoubleItPortType.class);
String portNumber = PORT2;
if (STAX_PORT.equals(test.getPort())) {
portNumber = STAX_PORT2;
}
updateAddressPort(saml2Port, portNumber);
if (test.isStreaming()) {
SecurityTestUtil.enableStreaming(saml2Port);
}
SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
((BindingProvider)saml2Port).getRequestContext().put(
SecurityConstants.SAML_CALLBACK_HANDLER, callbackHandler
);
int result = saml2Port.doubleIt(25);
assertTrue(result == 50);
((java.io.Closeable)saml2Port).close();
bus.shutdown(true);
}
Example #27
| Source File: SecureConversationInInterceptor.java From steady with Apache License 2.0 | 5 votes |
|
private void unmapSecurityProps(Message message) {
Exchange ex = message.getExchange();
for (String s : SecurityConstants.ALL_PROPERTIES) {
Object v = message.getContextualProperty(s + ".sct");
if (v != null) {
ex.put(s, v);
}
}
}
Example #28
| Source File: WSS4JFaultCodeTest.java From cxf with Apache License 2.0 | 5 votes |
|
/**
* Test for WSS4JInInterceptor when it receives a message with no security header.
*/
@Test
public void testNoSecurity() throws Exception {
Document doc = readDocument("wsse-request-clean.xml");
SoapMessage msg = getSoapMessageForDom(doc);
SOAPMessage saajMsg = msg.getContent(SOAPMessage.class);
doc = saajMsg.getSOAPPart();
byte[] docbytes = getMessageBytes(doc);
doc = StaxUtils.read(new ByteArrayInputStream(docbytes));
WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
SoapMessage inmsg = new SoapMessage(new MessageImpl());
Exchange ex = new ExchangeImpl();
ex.setInMessage(inmsg);
inmsg.setContent(SOAPMessage.class, saajMsg);
inHandler.setProperty(ConfigurationConstants.ACTION, ConfigurationConstants.ENCRYPTION);
inHandler.setProperty(ConfigurationConstants.DEC_PROP_FILE, "insecurity.properties");
inHandler.setProperty(ConfigurationConstants.PW_CALLBACK_CLASS, TestPwdCallback.class.getName());
inmsg.put(SecurityConstants.RETURN_SECURITY_ERROR, Boolean.TRUE);
try {
inHandler.handleMessage(inmsg);
fail("Expected failure on an message with no security header");
} catch (SoapFault fault) {
assertTrue(fault.getReason().startsWith(
"An error was discovered processing the <wsse:Security> header"));
QName faultCode = new QName(WSS4JConstants.WSSE_NS, "InvalidSecurity");
assertEquals(fault.getFaultCode(), faultCode);
}
}
Example #29
| Source File: AbstractSTSClient.java From steady with Apache License 2.0 | 5 votes |
|
protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer,
X509Certificate cert) throws Exception {
writer.writeStartElement("wst", "UseKey", namespace);
writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
boolean useCert = useCertificateForConfirmationKeyInfo;
String useCertStr = (String)getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
if (useCertStr != null) {
useCert = Boolean.parseBoolean(useCertStr);
}
if (useCert) {
X509Data certElem = new X509Data(writer.getDocument());
certElem.addCertificate(cert);
writer.getCurrentNode().appendChild(certElem.getElement());
} else {
writer.writeStartElement("ds", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
PublicKey key = cert.getPublicKey();
String pubKeyAlgo = key.getAlgorithm();
if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
} else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
}
writer.writeEndElement();
}
writer.writeEndElement();
writer.writeEndElement();
}
Example #30
| Source File: RMEndpoint.java From cxf with Apache License 2.0 | 5 votes |
|
void createEndpoint(org.apache.cxf.transport.Destination d, ProtocolVariation protocol) {
final QName bindingQName = new QName(protocol.getWSRMNamespace(), BINDING_NAME);
WrappedService service = services.get(protocol);
ServiceInfo si = service.getServiceInfo();
buildBindingInfo(si, protocol);
EndpointInfo aei = applicationEndpoint.getEndpointInfo();
String transportId = aei.getTransportId();
EndpointInfo ei = new EndpointInfo(si, transportId);
if (d != null) {
ei.setProperty(MAPAggregator.DECOUPLED_DESTINATION, d);
}
ei.setAddress(aei.getAddress());
ei.setName(RMUtils.getConstants(protocol.getWSRMNamespace()).getPortName());
ei.setBinding(si.getBinding(bindingQName));
// if addressing was enabled on the application endpoint by means
// of the UsingAddressing element extensor, use this for the
// RM endpoint also
Object ua = getUsingAddressing(aei);
if (null != ua) {
ei.addExtensor(ua);
}
si.addEndpoint(ei);
ei.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore);
Endpoint endpoint = new WrappedEndpoint(applicationEndpoint, ei, service);
if (applicationEndpoint.getEndpointInfo() != null
&& applicationEndpoint.getEndpointInfo().getProperties() != null) {
for (String key : applicationEndpoint.getEndpointInfo().getProperties().keySet()) {
endpoint.getEndpointInfo()
.setProperty(key, applicationEndpoint.getEndpointInfo().getProperty(key));
}
}
service.setEndpoint(endpoint);
endpoints.put(protocol, endpoint);
}
