Package com.sun.xml.wss.impl.policy.mls

Examples of com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy


    }

   
    public void validateSAMLAssertion(Map context, Element assertion) throws XWSSecurityException {

        AuthenticationTokenPolicy authPolicy = new AuthenticationTokenPolicy();
        AuthenticationTokenPolicy.SAMLAssertionBinding samlPolicy =
                (AuthenticationTokenPolicy.SAMLAssertionBinding) authPolicy.newSAMLAssertionFeatureBinding();
        samlPolicy.setAssertion(assertion);

        DynamicPolicyCallback dynamicCallback =
                new DynamicPolicyCallback(samlPolicy, null);
        //let runtime properties be visible here
View Full Code Here


    }

    public Element locateSAMLAssertion(Map context, Element binding, String assertionId, Document ownerDoc)
            throws XWSSecurityException {

        AuthenticationTokenPolicy authPolicy = new AuthenticationTokenPolicy();
        AuthenticationTokenPolicy.SAMLAssertionBinding samlPolicy =
                (AuthenticationTokenPolicy.SAMLAssertionBinding) authPolicy.newSAMLAssertionFeatureBinding();
        samlPolicy.setAuthorityBinding(binding);
        samlPolicy.setAssertionId(assertionId);

        DynamicPolicyCallback dynamicCallback =
                new DynamicPolicyCallback(samlPolicy, null);
View Full Code Here

    }

    @SuppressWarnings("unchecked")
    public void validateSAMLAssertion(Map context, XMLStreamReader assertion) throws XWSSecurityException {

        AuthenticationTokenPolicy authPolicy = new AuthenticationTokenPolicy();
        AuthenticationTokenPolicy.SAMLAssertionBinding samlPolicy =
                (AuthenticationTokenPolicy.SAMLAssertionBinding) authPolicy.newSAMLAssertionFeatureBinding();
        samlPolicy.setAssertion(assertion);

        DynamicPolicyCallback dynamicCallback =
                new DynamicPolicyCallback(samlPolicy, null);
//        if (!isDefaultHandler) {
View Full Code Here

            } else if (
                    USERNAME_PASSWORD_AUTHENTICATION_ELEMENT_QNAME.
                    equals(definitionType)) {
               
                try {
                    AuthenticationTokenPolicy utBinding =
                            new AuthenticationTokenPolicy();
                    AuthenticationTokenPolicy.UsernameTokenBinding
                            featureBinding =
                            (AuthenticationTokenPolicy.UsernameTokenBinding)
                            utBinding.newUsernameTokenFeatureBinding();
                    featureBinding.newTimestampFeatureBinding();
                    readUsernamePasswordSettings(featureBinding, eachDefinitionElement);
                    applyDefaults(featureBinding, senderEnableDynamicPolicy);
                    declarations.senderSettings().append(utBinding);
                } catch (PolicyGenerationException pge) {
                    // log
                    throw new IllegalStateException(pge.getMessage());
                }
               
            } else if (SAML_ELEMENT_QNAME.equals(definitionType)) {
               
                try {
                    AuthenticationTokenPolicy samlBinding =
                            new AuthenticationTokenPolicy();
                    AuthenticationTokenPolicy.SAMLAssertionBinding
                            featureBinding =
                            (AuthenticationTokenPolicy.SAMLAssertionBinding)
                            samlBinding.newSAMLAssertionFeatureBinding();
                    readSAMLTokenSettings(
                            featureBinding, eachDefinitionElement);
                    applyDefaults(featureBinding, senderEnableDynamicPolicy);
                    declarations.senderSettings().append(samlBinding);
                } catch (PolicyGenerationException pge) {
                    // log
                    throw new IllegalStateException(pge.getMessage());
                }
            } else if (SIGNATURE_REQUIREMENT_ELEMENT_QNAME.equals(
                    definitionType)) {
                SignaturePolicy signaturePolicy = new SignaturePolicy();
                readVerifySettings(signaturePolicy, eachDefinitionElement,receiverBSPFlag, receiverEnableDynamicPolicy);
                declarations.receiverSettings().append(signaturePolicy);
               
                String requireTimeStamp =
                        eachDefinitionElement.getAttribute(TIMESTAMP_REQUIRED_ATTRIBUTE_NAME);
                boolean timeStamp = getBooleanValue(requireTimeStamp);
               
                if (timeStamp && !hasTimestampSiblingPolicy(eachDefinitionElement)) {
                    //System.out.println("Adding from RequireSignature");
                    TimestampPolicy t = new TimestampPolicy();
                    //t.setMaxClockSkew(Timestamp.MAX_CLOCK_SKEW);
                    //t.setTimestampFreshness(Timestamp.TIMESTAMP_FRESHNESS_LIMIT);
                    applyReceiverDefaults(t, receiverBSPFlag, securityHandlerClass, receiverEnableDynamicPolicy);
                    declarations.receiverSettings().append(t);
                }
               
            } else if (ENCRYPTION_REQUIREMENT_ELEMENT_QNAME.equals(
                    definitionType)) {
                EncryptionPolicy encryptionPolicy = new EncryptionPolicy();
                readDecryptionSettings(encryptionPolicy, eachDefinitionElement);
                applyReceiverDefaults(encryptionPolicy, receiverBSPFlag, receiverEnableDynamicPolicy);
                declarations.receiverSettings().append(encryptionPolicy);
               
            } else if (USERNAMETOKEN_REQUIREMENT_ELEMENT_QNAME.equals(
                    definitionType)) {
                try {
                    AuthenticationTokenPolicy utBinding =
                            new AuthenticationTokenPolicy();
                    AuthenticationTokenPolicy.UsernameTokenBinding
                            featureBinding =
                            (AuthenticationTokenPolicy.UsernameTokenBinding)
                            utBinding.newUsernameTokenFeatureBinding();
                    featureBinding.newTimestampFeatureBinding();
                    readUsernamePasswordRequirementSettings(
                            featureBinding, eachDefinitionElement);
                    applyReceiverDefaults(featureBinding, receiverBSPFlag, securityHandlerClass, receiverEnableDynamicPolicy);
                    declarations.receiverSettings().append(utBinding);
                    if (MessageConstants.debug) {
                        log.log(Level.FINEST, "Added usernameToken Requirement ...." + featureBinding);
                    }
                } catch (PolicyGenerationException pge) {
                    // log
                    throw new IllegalStateException(pge.getMessage());
                }
            } else if (TIMESTAMP_REQUIREMENT_ELEMENT_QNAME.equals(
                    definitionType)) {
               
                TimestampPolicy timestampPolicy = new TimestampPolicy();
                readTimestampRequirementSettings(
                        timestampPolicy, eachDefinitionElement);
                applyReceiverDefaults(timestampPolicy, receiverBSPFlag, securityHandlerClass, receiverEnableDynamicPolicy);
                declarations.receiverSettings().append(timestampPolicy);
               
            } else if (SAML_REQUIREMENT_ELEMENT_QNAME.equals(
                    definitionType)) {
               
                // read SAML requirement element
                try {
                    AuthenticationTokenPolicy samlBinding =
                            new AuthenticationTokenPolicy();
                    AuthenticationTokenPolicy.SAMLAssertionBinding
                            featureBinding =
                            (AuthenticationTokenPolicy.SAMLAssertionBinding)
                            samlBinding.newSAMLAssertionFeatureBinding();
                    readRequireSAMLTokenSettings(
                            featureBinding, eachDefinitionElement);
                    applyReceiverDefaults(featureBinding, receiverBSPFlag, receiverEnableDynamicPolicy);
                    declarations.receiverSettings().append(samlBinding);
                } catch (PolicyGenerationException pge) {
View Full Code Here

                } catch (Exception e) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0270_FAILEDTO_GET_SECURITY_POLICY_MESSAGE_POLICY());
                    throw new XWSSecurityException(e);
                }
                if(PolicyTypeUtil.authenticationTokenPolicy(wssPolicy)){
                    AuthenticationTokenPolicy atp =(AuthenticationTokenPolicy)wssPolicy;
                    WSSPolicy fb = (WSSPolicy)atp.getFeatureBinding();
                    if(PolicyTypeUtil.usernameTokenPolicy(fb)){
                        if(uList.getLength() == 0){
                            log.log(Level.SEVERE, LogStringsMessages.WSS_0275_INVALID_POLICY_NO_USERNAME_SEC_HEADER());
                            throw new XWSSecurityException(
                                    "Message does not conform to configured policy: " +
View Full Code Here

        } else{
            secureMessage = context.getSecurableSoapMessage();
            securityHeader = secureMessage.findOrCreateSecurityHeader();
        }
       
        AuthenticationTokenPolicy policy =
                (AuthenticationTokenPolicy)context.getSecurityPolicy();
        AuthenticationTokenPolicy.SAMLAssertionBinding samlPolicy =
                (AuthenticationTokenPolicy.SAMLAssertionBinding)policy.getFeatureBinding();
       
        if (samlPolicy.getIncludeToken() == samlPolicy.INCLUDE_ONCE) {
            throw new XWSSecurityException("Include Token ONCE not supported for SAMLToken Assertions");
        }
       
        if (samlPolicy.getAssertionType() !=
                AuthenticationTokenPolicy.SAMLAssertionBinding.SV_ASSERTION) {
            // should never be called this way
            throw new XWSSecurityException(
                    "Internal Error: ExportSamlAssertionFilter called for HOK assertion");
        }
       
        //AuthenticationTokenPolicy policyClone = (AuthenticationTokenPolicy)policy.clone();
        samlPolicy =
                (AuthenticationTokenPolicy.SAMLAssertionBinding)policy.getFeatureBinding();
        samlPolicy.isReadOnly(true);
       
        DynamicApplicationContext dynamicContext =
                new DynamicApplicationContext(context.getPolicyContext());
        dynamicContext.setMessageIdentifier(context.getMessageIdentifier());
View Full Code Here

            }

           //TODO:: Add token to MessagePolicy;
            if (!(this instanceof EndorsingSupportingTokensProcessor) ||
                    (this instanceof EndorsingSupportingTokensProcessor && token instanceof X509Token && token.getIncludeToken().endsWith("Never"))) {
                AuthenticationTokenPolicy atp = new AuthenticationTokenPolicy();
                atp.setFeatureBinding(policy);
                policyContainer.insert(atp);
            }
            //TODO: Take care of targets.
            addTargets();
        }
View Full Code Here

        if(context.getMode() == FilterProcessingContext.ADHOC) {
            //AuthenticationTokenPolicy policy = (AuthenticationTokenPolicy)context.getSecurityPolicy();
            if ( context.makeDynamicPolicyCallback() ) {
                try {
                   
                    AuthenticationTokenPolicy policy =
                            ((AuthenticationTokenPolicy)context.getSecurityPolicy());
                   
                   
                    AuthenticationTokenPolicy.UsernameTokenBinding userNamePolicy =
                            (AuthenticationTokenPolicy.UsernameTokenBinding)policy.getFeatureBinding();
                    userNamePolicy.isReadOnly(true);
                   
                    DynamicApplicationContext dynamicContext =
                            new DynamicApplicationContext(context.getPolicyContext());
                   
                    dynamicContext.setMessageIdentifier(context.getMessageIdentifier());
                    dynamicContext.inBoundMessage(true);
                    DynamicPolicyCallback dynamicCallback =
                            new DynamicPolicyCallback(userNamePolicy, dynamicContext);
                    ProcessingContext.copy(dynamicContext.getRuntimeProperties(), context.getExtraneousProperties());
                    HarnessUtil.makeDynamicPolicyCallback(dynamicCallback,
                            context.getSecurityEnvironment().getCallbackHandler());
                   
                    policy.setFeatureBinding((AuthenticationTokenPolicy.UsernameTokenBinding)dynamicCallback.getSecurityPolicy());
                    //context.setSecurityPolicy(policy);
                } catch (Exception e) {
                   log.log(Level.SEVERE, LogStringsMessages.WSS_1427_ERROR_ADHOC(),e);
                    throw new XWSSecurityException(e);
                }
            }
            AuthenticationTokenPolicy policy = (AuthenticationTokenPolicy)context.getSecurityPolicy();
           
            NodeList nodeList = wsseSecurity.getElementsByTagNameNS(MessageConstants.WSSE_NS,
                    MessageConstants.USERNAME_TOKEN_LNAME);
            if(nodeList.getLength() <= 0){
                log.log(Level.SEVERE, LogStringsMessages.WSS_1400_NOUSERNAME_FOUND());
                throw new XWSSecurityException("No Username token found ,Receiver requirement not met");
            } else if (nodeList.getLength() > 1) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_1401_MORETHANONE_USERNAME_FOUND());
                throw new XWSSecurityException(
                        "More than one Username token found, Receiver requirement not met");
            }else{
                SOAPElement userNameTokenElement = (SOAPElement)nodeList.item(0);
                token = new UsernameToken(userNameTokenElement, policy.isBSP());
                token.isBSP(policy.isBSP());
            }
        }else{
           
            if (context.getMode() == FilterProcessingContext.POSTHOC) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_1402_ERROR_POSTHOC());
                throw new XWSSecurityException(
                        "Internal Error: Called UsernameTokenFilter in POSTHOC Mode");
            }
           
            try{
                token = new UsernameToken(wsseSecurity.getCurrentHeaderElement());
            } catch(XWSSecurityException ex) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_1403_IMPORT_USERNAME_TOKEN(),ex);
                throw SecurableSoapMessage.newSOAPFaultException(
                        MessageConstants.WSSE_INVALID_SECURITY_TOKEN,
                        "Exception while importing Username Password Token",
                        ex);
            }
        }
       
        String username = token.getUsername();
        String password = token.getPassword();
        String passwordDigest = token.getPasswordDigest();
        String passwordType = token.getPasswordType();
        String nonce = token.getNonce();
        String created = token.getCreated();
        boolean authenticated = false;
       
        if (context.getMode() == FilterProcessingContext.ADHOC) {
           
            AuthenticationTokenPolicy policy = (AuthenticationTokenPolicy)context.getSecurityPolicy();
            AuthenticationTokenPolicy.UsernameTokenBinding utBinding =
                    (AuthenticationTokenPolicy.UsernameTokenBinding)policy.getFeatureBinding();
           
            // do policy checks
            if (utBinding.getDigestOn() && (passwordDigest == null)) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_1404_NOTMET_DIGESTED());
                throw new XWSSecurityException(
                        "Receiver Requirement for Digested " +
                        "Password has not been met");
            }
           
            if (!utBinding.getDigestOn() && (passwordDigest != null)) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_1405_NOTMET_PLAINTEXT());
                throw new XWSSecurityException(
                        "Receiver Requirement for Plain-Text " +
                        "Password has not been met, Received token has Password-Digest");
            }
           
            if (utBinding.getUseNonce() && (nonce == null)) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_1406_NOTMET_NONCE());
                throw new XWSSecurityException(
                        "Receiver Requirement for nonce " +
                        "has not been met");
            }
           
            if (!utBinding.getUseNonce() && (nonce != null)) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_1407_NOTMET_NONONCE());
                throw new XWSSecurityException(
                        "Receiver Requirement for no nonce " +
                        "has not been met, Received token has a nonce specified");
            }
        } else if (context.getMode() == FilterProcessingContext.WSDL_POLICY) {
            //try to infer a Policy here
            AuthenticationTokenPolicy.UsernameTokenBinding sp = new AuthenticationTokenPolicy.UsernameTokenBinding();
            if (passwordDigest != null) {
                sp.setDigestOn(true);
            }
            if (nonce != null) {
                sp.setUseNonce(true);
            }
            ((MessagePolicy)context.getInferredSecurityPolicy()).append(sp);
        }
       
        try {
            if (MessageConstants.PASSWORD_TEXT_NS == passwordType) {
                authenticated = context.getSecurityEnvironment().authenticateUser(context.getExtraneousProperties(), username, password);
            } else{
                authenticated = context.getSecurityEnvironment().authenticateUser(
                        context.getExtraneousProperties(), username, passwordDigest, nonce, created);
            }
           
            if (!authenticated) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_1408_FAILED_SENDER_AUTHENTICATION());
                XWSSecurityException xwse =
                        new XWSSecurityException("Invalid Username Password Pair");
                throw SecurableSoapMessage.newSOAPFaultException(
                        MessageConstants.WSSE_FAILED_AUTHENTICATION,
                        "Authentication of Username Password Token Failed",
                        xwse);
            }
           
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "Password Validated.....");
            }
           
            long maxClockSkew = Timestamp.MAX_CLOCK_SKEW;
            long freshnessLmt = Timestamp.TIMESTAMP_FRESHNESS_LIMIT;
            long maxNonceAge =  UsernameToken.MAX_NONCE_AGE;
           
            if (context.getMode() == FilterProcessingContext.ADHOC) {
               
                AuthenticationTokenPolicy authPolicy =
                        (AuthenticationTokenPolicy)context.getSecurityPolicy();
               
                AuthenticationTokenPolicy.UsernameTokenBinding policy =
                        (AuthenticationTokenPolicy.UsernameTokenBinding)
                        authPolicy.getFeatureBinding();
               
                if (created != null) {
                    TimestampPolicy tPolicy = (TimestampPolicy) policy.getFeatureBinding();
                    maxClockSkew = tPolicy.getMaxClockSkew();
                    freshnessLmt = tPolicy.getTimestampFreshness();
View Full Code Here

    throws XWSSecurityException{
        if(context instanceof JAXBFilterProcessingContext){
            JAXBFilterProcessingContext opContext = (JAXBFilterProcessingContext)context;
            com.sun.xml.ws.security.opt.impl.outgoing.SecurityHeader secHeader =
                    opContext.getSecurityHeader();
            AuthenticationTokenPolicy authPolicy = (AuthenticationTokenPolicy)context.getSecurityPolicy();
            com.sun.xml.ws.security.opt.impl.tokens.UsernameToken unToken =
                    new com.sun.xml.ws.security.opt.impl.tokens.UsernameToken(opContext.getSOAPVersion());
           
            AuthenticationTokenPolicy.UsernameTokenBinding policy =
                    resolveUserNameTokenData(opContext, null, unToken, authPolicy);
           
            if(policy.getUseNonce()){
                unToken.setNonce(policy.getNonce());
            }
            if(policy.getDigestOn()){
                unToken.setDigestOn();
            }
           
            if ( policy.getUseNonce() || policy.getDigestOn() || policy.getUseCreated()) {
                String creationTime = "";
                TimestampPolicy tPolicy = (TimestampPolicy) policy.getFeatureBinding();
                creationTime = tPolicy.getCreationTime();
                unToken.setCreationTime(creationTime);
            }
           
           
            if(policy.hasNoPassword()){
                String creationTime = "";
                TimestampPolicy tPolicy = (TimestampPolicy) policy.getFeatureBinding();
                creationTime = tPolicy.getCreationTime();
                unToken.setCreationTime(creationTime);
            }
           
            String wsuId = policy.getUUID();
            if (wsuId != null && !wsuId.equals("")){
                unToken.setId(wsuId);
            }
            secHeader.add(unToken);
        } else {
            SecurableSoapMessage secureMessage = context.getSecurableSoapMessage();
            SOAPPart soapPart = secureMessage.getSOAPPart();
           
            AuthenticationTokenPolicy authPolicy = (AuthenticationTokenPolicy)context.getSecurityPolicy();
            UsernameToken token = new UsernameToken(soapPart, "");
           
            AuthenticationTokenPolicy.UsernameTokenBinding policy =
                    resolveUserNameTokenData(context, token, null,authPolicy);
           
View Full Code Here

     * @throws XWSSecurityException
     */
    @SuppressWarnings({"unchecked", "static-access" })
    public static void addIssuedTokenToMessage(FilterProcessingContext context)
    throws XWSSecurityException{
        AuthenticationTokenPolicy authPolicy = (AuthenticationTokenPolicy)context.getSecurityPolicy();
        IssuedTokenKeyBinding itkb = (IssuedTokenKeyBinding)authPolicy.getFeatureBinding();
        String itType = itkb.getIncludeToken();
        boolean includeToken  = (itkb.INCLUDE_ALWAYS_TO_RECIPIENT.equals(itType) ||
                          itkb.INCLUDE_ALWAYS.equals(itType) ||
                          itkb.INCLUDE_ALWAYS_VER2.equals(itType) ||
                          itkb.INCLUDE_ALWAYS_TO_RECIPIENT_VER2.equals(itType)
View Full Code Here

TOP

Related Classes of com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.