Package org.apache.cxf.ws.security.policy.model

Examples of org.apache.cxf.ws.security.policy.model.HttpsToken


    public PolicyAssertion build(Element element) {
        SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
            ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;

       
        HttpsToken httpsToken = new HttpsToken(consts);
        httpsToken.setOptional(PolicyConstants.isOptional(element));

        if (consts.getVersion() == SPConstants.Version.SP_V11) {
            String attr = DOMUtils.getAttribute(element,
                                                SPConstants.REQUIRE_CLIENT_CERTIFICATE);
            if (attr != null) {
                httpsToken.setRequireClientCertificate("true".equals(attr));
            }
        } else {
            Element polEl = PolicyConstants.findPolicyElement(element);
            
            if (polEl != null) {
                Element child = DOMUtils.getFirstElement(polEl);
                if (child != null) {
                    if (SP12Constants.HTTP_BASIC_AUTHENTICATION.equals(DOMUtils.getElementQName(child))) {
                        httpsToken.setHttpBasicAuthentication(true);
                    } else if (SP12Constants.HTTP_DIGEST_AUTHENTICATION
                            .equals(DOMUtils.getElementQName(child))) {
                        httpsToken.setHttpDigestAuthentication(true);
                    } else if (SP12Constants.REQUIRE_CLIENT_CERTIFICATE
                            .equals(DOMUtils.getElementQName(child))) {
                        httpsToken.setRequireClientCertificate(true);
                    }
                }
            }
        }
View Full Code Here


                }
            }
        }
        private void assertHttps(Collection<AssertionInfo> ais, Message message) {
            for (AssertionInfo ai : ais) {
                HttpsToken token = (HttpsToken)ai.getAssertion();
                String scheme = (String)message.get("http.scheme");
                ai.setAsserted(true);
                Map<String, List<String>> headers = getSetProtocolHeaders(message);
               
                if ("https".equals(scheme)) {
                    if (token.isRequireClientCertificate()) {
                        final MessageTrustDecider orig = message.get(MessageTrustDecider.class);
                        MessageTrustDecider trust = new MessageTrustDecider() {
                            public void establishTrust(String conduitName,
                                                       URLConnectionInfo connectionInfo,
                                                       Message message)
                                throws UntrustedURLConnectionIOException {
                                if (orig != null) {
                                    orig.establishTrust(conduitName, connectionInfo, message);
                                }
                                HttpsURLConnectionInfo info = (HttpsURLConnectionInfo)connectionInfo;
                                if (info.getLocalCertificates() == null
                                    || info.getLocalCertificates().length == 0) {
                                    throw new UntrustedURLConnectionIOException(
                                        "RequireClientCertificate is set, "
                                        + "but no local certificates were negotiated.  Is"
                                        + " the server set to ask for client authorization?");
                                }
                            }
                        };
                        message.put(MessageTrustDecider.class, trust);
                    }
                    if (token.isHttpBasicAuthentication()) {
                        List<String> auth = headers.get("Authorization");
                        if (auth == null || auth.size() == 0
                            || !auth.get(0).startsWith("Basic")) {
                            ai.setNotAsserted("HttpBasicAuthentication is set, but not being used");
                        }
                    }
                    if (token.isHttpDigestAuthentication()) {
                        List<String> auth = headers.get("Authorization");
                        if (auth == null || auth.size() == 0
                            || !auth.get(0).startsWith("Digest")) {
                            ai.setNotAsserted("HttpDigestAuthentication is set, but not being used");
                        }                       
View Full Code Here

        }
       
        private void assertHttps(Collection<AssertionInfo> ais, Message message) {
            for (AssertionInfo ai : ais) {
                boolean asserted = true;
                HttpsToken token = (HttpsToken)ai.getAssertion();
               
                Map<String, List<String>> headers = getSetProtocolHeaders(message);               
                if (token.isHttpBasicAuthentication()) {
                    List<String> auth = headers.get("Authorization");
                    if (auth == null || auth.size() == 0
                        || !auth.get(0).startsWith("Basic")) {
                        asserted = false;
                    }
                }
                if (token.isHttpDigestAuthentication()) {
                    List<String> auth = headers.get("Authorization");
                    if (auth == null || auth.size() == 0
                        || !auth.get(0).startsWith("Digest")) {
                        asserted = false;
                    }                       
                }

                TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);               
                if (tlsInfo != null) {
                    if (token.isRequireClientCertificate()
                        && (tlsInfo.getPeerCertificates() == null
                            || tlsInfo.getPeerCertificates().length == 0)) {
                        asserted = false;
                    }
                } else {
View Full Code Here

        }
       
        private void assertHttps(Collection<AssertionInfo> ais, Message message) {
            for (AssertionInfo ai : ais) {
                boolean asserted = true;
                HttpsToken token = (HttpsToken)ai.getAssertion();
               
                Map<String, List<String>> headers = getSetProtocolHeaders(message);               
                if (token.isHttpBasicAuthentication()) {
                    List<String> auth = headers.get("Authorization");
                    if (auth == null || auth.size() == 0
                        || !auth.get(0).startsWith("Basic")) {
                        asserted = false;
                    }
                }
                if (token.isHttpDigestAuthentication()) {
                    List<String> auth = headers.get("Authorization");
                    if (auth == null || auth.size() == 0
                        || !auth.get(0).startsWith("Digest")) {
                        asserted = false;
                    }                       
                }

                TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);               
                if (tlsInfo != null) {
                    if (token.isRequireClientCertificate()
                        && (tlsInfo.getPeerCertificates() == null
                            || tlsInfo.getPeerCertificates().length == 0)) {
                        asserted = false;
                    }
                } else {
View Full Code Here

    public Assertion build(Element element, AssertionBuilderFactory factory) {
        SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
            ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;

       
        HttpsToken httpsToken = new HttpsToken(consts);
        httpsToken.setOptional(PolicyConstants.isOptional(element));
        httpsToken.setIgnorable(PolicyConstants.isIgnorable(element));

        if (consts.getVersion() == SPConstants.Version.SP_V11) {
            String attr = DOMUtils.getAttribute(element,
                                                SPConstants.REQUIRE_CLIENT_CERTIFICATE);
            if (attr != null) {
                httpsToken.setRequireClientCertificate("true".equals(attr));
            }
        } else {
            Element polEl = PolicyConstants.findPolicyElement(element);
            
            if (polEl != null) {
                Element child = DOMUtils.getFirstElement(polEl);
                if (child != null) {
                    if (SP12Constants.HTTP_BASIC_AUTHENTICATION.equals(DOMUtils.getElementQName(child))) {
                        httpsToken.setHttpBasicAuthentication(true);
                    } else if (SP12Constants.HTTP_DIGEST_AUTHENTICATION
                            .equals(DOMUtils.getElementQName(child))) {
                        httpsToken.setHttpDigestAuthentication(true);
                    } else if (SP12Constants.REQUIRE_CLIENT_CERTIFICATE
                            .equals(DOMUtils.getElementQName(child))) {
                        httpsToken.setRequireClientCertificate(true);
                    }
                }
            }
        }
View Full Code Here

                }
            }
        }
        private void assertHttps(Collection<AssertionInfo> ais, Message message) {
            for (AssertionInfo ai : ais) {
                HttpsToken token = (HttpsToken)ai.getAssertion();
               
                HttpURLConnection connection =
                    (HttpURLConnection) message.get("http.connection");
               
                ai.setAsserted(true);
                Map<String, List<String>> headers = getSetProtocolHeaders(message);
               
                if (connection instanceof HttpsURLConnection) {
                    if (token.isRequireClientCertificate()) {
                        final MessageTrustDecider orig = message.get(MessageTrustDecider.class);
                        MessageTrustDecider trust = new MessageTrustDecider() {
                            public void establishTrust(String conduitName,
                                                       URLConnectionInfo connectionInfo,
                                                       Message message)
                                throws UntrustedURLConnectionIOException {
                                if (orig != null) {
                                    orig.establishTrust(conduitName, connectionInfo, message);
                                }
                                HttpsURLConnectionInfo info = (HttpsURLConnectionInfo)connectionInfo;
                                if (info.getLocalCertificates() == null
                                    || info.getLocalCertificates().length == 0) {
                                    throw new UntrustedURLConnectionIOException(
                                        "RequireClientCertificate is set, "
                                        + "but no local certificates were negotiated.  Is"
                                        + " the server set to ask for client authorization?");
                                }
                            }
                        };
                        message.put(MessageTrustDecider.class, trust);
                    }
                    if (token.isHttpBasicAuthentication()) {
                        List<String> auth = headers.get("Authorization");
                        if (auth == null || auth.size() == 0
                            || !auth.get(0).startsWith("Basic")) {
                            ai.setNotAsserted("HttpBasicAuthentication is set, but not being used");
                        }
                    }
                    if (token.isHttpDigestAuthentication()) {
                        List<String> auth = headers.get("Authorization");
                        if (auth == null || auth.size() == 0
                            || !auth.get(0).startsWith("Digest")) {
                            ai.setNotAsserted("HttpDigestAuthentication is set, but not being used");
                        }                       
View Full Code Here

                }
            }
        }
        private void assertHttps(Collection<AssertionInfo> ais, Message message) {
            for (AssertionInfo ai : ais) {
                HttpsToken token = (HttpsToken)ai.getAssertion();
               
                HttpURLConnection connection =
                    (HttpURLConnection) message.get("http.connection");
               
                ai.setAsserted(true);
                Map<String, List<String>> headers = getSetProtocolHeaders(message);
               
                if (connection instanceof HttpsURLConnection) {
                    if (token.isRequireClientCertificate()) {
                        final MessageTrustDecider orig = message.get(MessageTrustDecider.class);
                        MessageTrustDecider trust = new MessageTrustDecider() {
                            public void establishTrust(String conduitName,
                                                       URLConnectionInfo connectionInfo,
                                                       Message message)
                                throws UntrustedURLConnectionIOException {
                                if (orig != null) {
                                    orig.establishTrust(conduitName, connectionInfo, message);
                                }
                                HttpsURLConnectionInfo info = (HttpsURLConnectionInfo)connectionInfo;
                                if (info.getLocalCertificates() == null
                                    || info.getLocalCertificates().length == 0) {
                                    throw new UntrustedURLConnectionIOException(
                                        "RequireClientCertificate is set, "
                                        + "but no local certificates were negotiated.  Is"
                                        + " the server set to ask for client authorization?");
                                }
                            }
                        };
                        message.put(MessageTrustDecider.class, trust);
                    }
                    if (token.isHttpBasicAuthentication()) {
                        List<String> auth = headers.get("Authorization");
                        if (auth == null || auth.size() == 0
                            || !auth.get(0).startsWith("Basic")) {
                            ai.setNotAsserted("HttpBasicAuthentication is set, but not being used");
                        }
                    }
                    if (token.isHttpDigestAuthentication()) {
                        List<String> auth = headers.get("Authorization");
                        if (auth == null || auth.size() == 0
                            || !auth.get(0).startsWith("Digest")) {
                            ai.setNotAsserted("HttpDigestAuthentication is set, but not being used");
                        }                       
View Full Code Here

            }
        }
        private void assertHttps(Collection<AssertionInfo> ais, Message message) {
            for (AssertionInfo ai : ais) {
                boolean asserted = true;
                HttpsToken token = (HttpsToken)ai.getAssertion();
               
                Map<String, List<String>> headers = getSetProtocolHeaders(message);               
                if (token.isHttpBasicAuthentication()) {
                    List<String> auth = headers.get("Authorization");
                    if (auth == null || auth.size() == 0
                        || !auth.get(0).startsWith("Basic")) {
                        asserted = false;
                    }
                }
                if (token.isHttpDigestAuthentication()) {
                    List<String> auth = headers.get("Authorization");
                    if (auth == null || auth.size() == 0
                        || !auth.get(0).startsWith("Digest")) {
                        asserted = false;
                    }                       
                }

                TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);               
                if (tlsInfo != null) {
                    if (token.isRequireClientCertificate()
                        && (tlsInfo.getPeerCertificates() == null
                            || tlsInfo.getPeerCertificates().length == 0)) {
                        asserted = false;
                    }
                } else {
View Full Code Here

                }
            }
        }
        private void assertHttps(Collection<AssertionInfo> ais, Message message) {
            for (AssertionInfo ai : ais) {
                HttpsToken token = (HttpsToken)ai.getAssertion();
               
                HttpURLConnection connection =
                    (HttpURLConnection) message.get("http.connection");
               
                ai.setAsserted(true);
                Map<String, List<String>> headers = getSetProtocolHeaders(message);
               
                if (connection instanceof HttpsURLConnection) {
                    if (token.isRequireClientCertificate()) {
                        final MessageTrustDecider orig = message.get(MessageTrustDecider.class);
                        MessageTrustDecider trust = new MessageTrustDecider() {
                            public void establishTrust(String conduitName,
                                                       URLConnectionInfo connectionInfo,
                                                       Message message)
                                throws UntrustedURLConnectionIOException {
                                if (orig != null) {
                                    orig.establishTrust(conduitName, connectionInfo, message);
                                }
                                HttpsURLConnectionInfo info = (HttpsURLConnectionInfo)connectionInfo;
                                if (info.getLocalCertificates() == null
                                    || info.getLocalCertificates().length == 0) {
                                    throw new UntrustedURLConnectionIOException(
                                        "RequireClientCertificate is set, "
                                        + "but no local certificates were negotiated.  Is"
                                        + " the server set to ask for client authorization?");
                                }
                            }
                        };
                        message.put(MessageTrustDecider.class, trust);
                    }
                    if (token.isHttpBasicAuthentication()) {
                        List<String> auth = headers.get("Authorization");
                        if (auth == null || auth.size() == 0
                            || !auth.get(0).startsWith("Basic")) {
                            ai.setNotAsserted("HttpBasicAuthentication is set, but not being used");
                        }
                    }
                    if (token.isHttpDigestAuthentication()) {
                        List<String> auth = headers.get("Authorization");
                        if (auth == null || auth.size() == 0
                            || !auth.get(0).startsWith("Digest")) {
                            ai.setNotAsserted("HttpDigestAuthentication is set, but not being used");
                        }                       
View Full Code Here

            }
        }
        private void assertHttps(Collection<AssertionInfo> ais, Message message) {
            for (AssertionInfo ai : ais) {
                boolean asserted = true;
                HttpsToken token = (HttpsToken)ai.getAssertion();
               
                Map<String, List<String>> headers = getSetProtocolHeaders(message);               
                if (token.isHttpBasicAuthentication()) {
                    List<String> auth = headers.get("Authorization");
                    if (auth == null || auth.size() == 0
                        || !auth.get(0).startsWith("Basic")) {
                        asserted = false;
                    }
                }
                if (token.isHttpDigestAuthentication()) {
                    List<String> auth = headers.get("Authorization");
                    if (auth == null || auth.size() == 0
                        || !auth.get(0).startsWith("Digest")) {
                        asserted = false;
                    }                       
                }

                TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);               
                if (tlsInfo != null) {
                    if (token.isRequireClientCertificate()
                        && (tlsInfo.getPeerCertificates() == null
                            || tlsInfo.getPeerCertificates().length == 0)) {
                        asserted = false;
                    }
                } else {
View Full Code Here

TOP

Related Classes of org.apache.cxf.ws.security.policy.model.HttpsToken

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.