Examples of org.apache.ws.security.WSUsernameTokenPrincipal

• org.apache.ws.security.WSUsernameTokenPrincipal
  This class implements the Principal interface and represents a UsernameToken user.

  In addition to the principal's name this principal object also contains the nonce and created time of the UsernameToken (refer to the OASIS WS Security specification, UsernameToken profile). These values are set only if the password of UsernameToken was of type PasswordDigest.

  Furthermore the password type is provided to the application. The password type is the string of the type attribute of the password element inside the username token. Refer to the OASIS WSS specification for predefined password types.

  The equals() method use the prinicipal's name only and does not compare nonce or created time.

  Modelled according to the example provided by JAAS documentation

  @author Davanum Srinivas (dims@yahoo.com). @author Werner Dittmann (Werner.Dittmann@siemens.com). @see java.security.Principal @see javax.security.auth.Subject

                    }
                    return certs[0].getSubjectX500Principal();
                } else if (publicKey != null) {
                    return new PublicKeyPrincipal(publicKey);
                } else if (ut != null) {
                    WSUsernameTokenPrincipal principal =
                        new WSUsernameTokenPrincipal(ut.getName(), ut.isHashed());
                    principal.setNonce(ut.getNonce());
                    principal.setPassword(ut.getPassword());
                    principal.setCreatedTime(ut.getCreated());
                    return principal;
                } else if (dkt != null) {
                    WSDerivedKeyTokenPrincipal principal = new WSDerivedKeyTokenPrincipal(dkt.getID());
                    principal.setNonce(dkt.getNonce());
                    principal.setLabel(dkt.getLabel());
                    principal.setLength(dkt.getLength());
                    principal.setOffset(dkt.getOffset());
                    String basetokenId = null;
                    SecurityTokenReference securityTokenReference = dkt.getSecurityTokenReference();
                    if (securityTokenReference.containsReference()) {
                        basetokenId = securityTokenReference.getReference().getURI();
                        if (basetokenId.charAt(0) == '#') {
                            basetokenId = basetokenId.substring(1);
                        }
                    } else {
                        // KeyIdentifier
                        basetokenId = securityTokenReference.getKeyIdentifierValue();
                    }
                    principal.setBasetokenId(basetokenId);
                    return principal;
                } else if (samlKi != null) {
                    final SAMLAssertion assertion = samlKi.getAssertion();
                    CustomTokenPrincipal principal = new CustomTokenPrincipal(assertion.getId());
                    principal.setTokenObject(assertion);
                    return principal;
                } else if (secretKey != null) {
                    // This is the custom key scenario
                    CustomTokenPrincipal principal = new CustomTokenPrincipal(customTokenId);
                    return principal;

                    }

                }
            } else if (WSConstants.UT == actInt.intValue()) {

                WSUsernameTokenPrincipal userNameTokenPrincipal = (WSUsernameTokenPrincipal) wser
                        .get(WSSecurityEngineResult.TAG_PRINCIPAL);

                String username = userNameTokenPrincipal.getName();
                msgCtx.setProperty(RampartMessageData.USERNAME, username);

                if (userNameTokenPrincipal.getNonce() != null) {
                    // Check whether this is a replay attack. To verify that we need to check
                    // whether nonce value
                    // is a repeating one
                    int nonceLifeTimeInSeconds = 0;

                    if (rpd.getRampartConfig() != null) {

                        String stringLifeTime = rpd.getRampartConfig().getNonceLifeTime();

                        try {
                            nonceLifeTimeInSeconds = Integer.parseInt(stringLifeTime);

                        } catch (NumberFormatException e) {
                            log.error(
                                    "Invalid value for nonceLifeTime in rampart configuration file.",
                                    e);
                            throw new RampartException("invalidNonceLifeTime", e);

                        }
                    }

                    String serviceEndpointName = msgCtx.getAxisService().getEndpointName();

                    boolean valueRepeating = serviceNonceCache.isNonceRepeatingForService(
                            serviceEndpointName, username, userNameTokenPrincipal.getNonce());

                    if (valueRepeating) {
                        throw new RampartException("repeatingNonceValue", new Object[] {
                                userNameTokenPrincipal.getNonce(), username });
                    }

                    serviceNonceCache.addNonceForService(serviceEndpointName, username,
                            userNameTokenPrincipal.getNonce(), nonceLifeTimeInSeconds);
                }
            } else if (WSConstants.SIGN == actInt.intValue()) {
                X509Certificate cert = (X509Certificate) wser
                        .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
                msgCtx.setProperty(RampartMessageData.X509_CERT, cert);

        MessageContext context = MessageContext.getCurrentMessageContext();
        SAMLPassiveTokenIssuer issuer = null;
        WSHandlerResult handlerResults = null;
        WSSecurityEngineResult engineResult = null;
        WSUsernameTokenPrincipal principal = null;
        Vector<WSSecurityEngineResult> wsResults = null;
        ResponseToken reponseToken = null;
        Vector<WSHandlerResult> handlerResultsVector = null;
        OMElement rstr = null;

        try {

            if (request.getAttributes() == null || request.getAttributes().trim().length() == 0) {
                throw new TrustException("attributesMissing");
            }

            principal = new WSUsernameTokenPrincipal(request.getUserName(), false);

            engineResult = new WSSecurityEngineResult(WSConstants.UT, principal, null, null, null);

            wsResults = new Vector<WSSecurityEngineResult>();
            wsResults.add(engineResult);

        MessageContext context = MessageContext.getCurrentMessageContext();
        SAMLPassiveTokenIssuer issuer = null;
        WSHandlerResult handlerResults = null;
        WSSecurityEngineResult engineResult = null;
        WSUsernameTokenPrincipal principal = null;
        Vector<WSSecurityEngineResult> wsResults = null;
        ResponseToken reponseToken = null;
        Vector<WSHandlerResult> handlerResultsVector = null;
        OMElement rstr = null;

        try {

            principal = new WSUsernameTokenPrincipal(request.getUserName(), false);

            engineResult = new WSSecurityEngineResult(WSConstants.UT, principal, null, null, null);

            wsResults = new Vector<WSSecurityEngineResult>();
            wsResults.add(engineResult);

             * of this token to set the alias for the encryption user
             */
            for (WSSecurityEngineResult wser : wsSecEngineResults) {
                Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
                if (actInt.intValue() == WSConstants.UT) {
                    WSUsernameTokenPrincipal principal
                        = (WSUsernameTokenPrincipal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
                    return principal.getName();
                }
            }
        }

        return null;

            Principal lastPrincipalFound = null;
            try {
                lastPrincipalFound = verifyXMLSignature((Element) elem,
                        crypto, returnCert, returnElements, signatureValue);
                if (lastPrincipalFound instanceof WSUsernameTokenPrincipal) {
                    WSUsernameTokenPrincipal p = (WSUsernameTokenPrincipal) lastPrincipalFound;
                    checkUser(p.getName(), p.getPassword());
                } else {
                    checkUser(returnCert[0].getSubjectX500Principal().getName(), returnCert[0]);
                }
            } catch (GeneralSecurityException e) {
                throw new WSSecurityException("Unable to authenticate user", e);

                if (certs != null) {
                    returnCert[0] = certs[0];
                    return certs[0].getSubjectDN();
                } else if(ut != null){
                    WSUsernameTokenPrincipal principal = new WSUsernameTokenPrincipal(
                            ut.getName(), ut.isHashed());
                    principal.setNonce(ut.getNonce());
                    principal.setPassword(ut.getPassword());
                    principal.setCreatedTime(ut.getCreated());
                    return principal;
                } else if (dkt != null) {
                    WSDerivedKeyTokenPrincipal principal = new WSDerivedKeyTokenPrincipal(dkt.getID());
                    principal.setNonce(dkt.getNonce());
                    principal.setLabel(dkt.getLabel());
                    principal.setLength(dkt.getLength());
                    principal.setOffset(dkt.getOffset());
                    String basetokenId = dkt.getSecuityTokenReference().getReference().getURI().substring(1);
                    principal.setBasetokenId(basetokenId);
                    return principal;
                } else {
                    throw new WSSecurityException("Cannot determine principal");
                }
            } else {

             * of this token to set the alias for the encryption user
             */
            for (WSSecurityEngineResult wser : wsSecEngineResults) {
                Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
                if (actInt.intValue() == WSConstants.UT) {
                    WSUsernameTokenPrincipal principal
                        = (WSUsernameTokenPrincipal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
                    return principal.getName();
                }
            }
        }

        return null;

    ) {
        boolean hashed = false;
        if (WSConstants.PASSWORD_DIGEST.equals(passwordType)) {
            hashed = true;
        }
        WSUsernameTokenPrincipal principal = new WSUsernameTokenPrincipal(username, hashed);
        principal.setNonce(nonce);
        principal.setPassword(passwordValue);
        principal.setCreatedTime(createdTime);
        principal.setPasswordType(passwordType);
        return principal;
    }

            for (int j = 0; j < wsSecEngineResults.size(); j++) {
                WSSecurityEngineResult wser =
                         (WSSecurityEngineResult) wsSecEngineResults.get(j);
                Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
                if (actInt.intValue() == WSConstants.UT) {
                    WSUsernameTokenPrincipal principal
                        = (WSUsernameTokenPrincipal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
                    return principal.getName();
                }
            }
        }

        return null;