Package org.apache.ws.security.message.token

Examples of org.apache.ws.security.message.token.UsernameToken

90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
        org.apache.cxf.ws.security.policy.model.UsernameToken usernameTokenPolicy,
        AssertionInfo ai,
        List<WSSecurityEngineResult> utResults
    ) {
        for (WSSecurityEngineResult result : utResults) {
            UsernameToken usernameToken =
                (UsernameToken)result.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);
            if (usernameTokenPolicy.isHashPassword() != usernameToken.isHashed()) {
                ai.setNotAsserted("Password hashing policy not enforced");
                return false;
            }
            if (usernameTokenPolicy.isNoPassword() && (usernameToken.getPassword() != null)) {
                ai.setNotAsserted("Username Token NoPassword policy not enforced");
                return false;
            } else if (!usernameTokenPolicy.isNoPassword() && (usernameToken.getPassword() == null)
                && isNonEndorsingSupportingToken(usernameTokenPolicy)) {
                ai.setNotAsserted("Username Token No Password supplied");
                return false;
            }
           
            if (usernameTokenPolicy.isRequireCreated()
                && (usernameToken.getCreated() == null || usernameToken.isHashed())) {
                ai.setNotAsserted("Username Token Created policy not enforced");
                return false;
            }
            if (usernameTokenPolicy.isRequireNonce()
                && (usernameToken.getNonce() == null || usernameToken.isHashed())) {
                ai.setNotAsserted("Username Token Nonce policy not enforced");
                return false;
            }
        }
        return true;
View Full Code Here
330
331
332
333
334
335
336
337
338
339
340
341
            secretKey = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
        } else if (WSConstants.UT_NOPASSWORD == action || WSConstants.UT == action) {
            if (bspCompliant) {
                BSPEnforcer.checkUsernameTokenBSPCompliance(secRef);
            }
            UsernameToken usernameToken =
                (UsernameToken)result.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);

            usernameToken.setRawPassword(data);
            secretKey = usernameToken.getDerivedKey();
        }
    }
View Full Code Here
73
74
75
76
77
78
79
80
81
82
83
84
85
                        throw new AxisFault("Could not create X.509 Security Token: " + e.getMessage());
                    }
                } else if (TokenTypes.USERNAME.equals(tokenRequest.getTokenType())) {
                    // Create an arbitrary, fixed UsernameToken to return if the client requests one
                    // A real security token service would do something more intelligent
                    UsernameToken userToken = new UsernameToken(WSSConfig.getDefaultWSConfig().isPrecisionInMilliSeconds(),doc);
                    userToken.setName("bob");
                    userToken.setPassword("bobspass");
         
                    // Create a new SecurityTokenOrReference object to use for the <RequestedToken> element
                    // As the class name implies SecurityTokenOrReference objects can hold either a real security token element
                    // or a <SecurityTokenReference> element to a security token found elsewhere
                    requestedToken = new SecurityTokenOrReference(userToken);
View Full Code Here
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
        // Setting the context and the token type we want to be returned
        tokenRequest.setContext(new URI("http://context.context"));
        tokenRequest.setTokenType(TokenTypes.X509);
   
        // Construct a bunch of username tokens to be used as <Base> and <Supporting> elements
        UsernameToken userToken = new UsernameToken(wssConfig.isPrecisionInMilliSeconds(), doc);
        userToken.setName("bob");
        userToken.setPassword("bobspass");
        tokenRequest.setBase(new SecurityTokenOrReference(userToken));

        UsernameToken user2Token = new UsernameToken(wssConfig.isPrecisionInMilliSeconds(), doc);
        user2Token.setName("joe");
        user2Token.setPassword("bobspass");
        tokenRequest.addSupporting(new SecurityTokenOrReference(user2Token));

        UsernameToken user3Token = new UsernameToken(wssConfig.isPrecisionInMilliSeconds(), doc);
        user3Token.setName("mike");
        user3Token.setPassword("bobspass");
        tokenRequest.addSupporting(new SecurityTokenOrReference(user3Token));

        // Set the desired Lifetime of the token being requested in this case to 250 seconds
        Date start = new Date();
        Date end = new Date();
View Full Code Here
70
71
72
73
74
75
76
77
78
79
80
    private WSUsernameTokenPrincipal handleUsernameToken(
        Element token, CallbackHandler cb) throws WSSecurityException {
        //
        // Parse the UsernameToken element
        //
        ut = new UsernameToken(token, false);
        String user = ut.getName();
        String password = ut.getPassword();
        String nonce = ut.getNonce();
        String createdTime = ut.getCreated();
        String pwType = ut.getPasswordType();
View Full Code Here
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
        //
        try {
            boolean allowNamespaceQualifiedPasswordTypes =
                wssConfig.getAllowNamespaceQualifiedPasswordTypes();
            boolean bspCompliant = wssConfig.isWsiBSPCompliant();
            UsernameToken ut =
                new UsernameToken(usernameTokenElement, allowNamespaceQualifiedPasswordTypes, bspCompliant);
            if (ut.getPassword() == null) {
                return response;
            }
            if (secToken == null || (secToken.getAssociatedHash() != ut.hashCode())) {
                Credential credential = new Credential();
                credential.setUsernametoken(ut);
                validator.validate(credential, requestData);
            }
            Principal principal =
                createPrincipal(
                    ut.getName(), ut.getPassword(), ut.getPasswordType(), ut.getNonce(), ut.getCreated()
                );
           
            // Get the realm of the UsernameToken
            String tokenRealm = null;
            if (usernameTokenRealmCodec != null) {
View Full Code Here
239
240
241
242
243
244
245
246
247
248
249
        WSSecHeader secHeader = new WSSecHeader();
        secHeader.insertSecurityHeader(doc);       
        builder.build(doc, secHeader);
       
        try {
            new UsernameToken(doc.getDocumentElement());
        } catch (WSSecurityException ex) {
            assertTrue(ex.getErrorCode() == 4);
            assertTrue(ex.getMessage().startsWith(
                "An invalid security token was provided"));
            QName faultCode = new QName(WSConstants.WSSE_NS, "InvalidSecurityToken");
View Full Code Here
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
    public void testUsernameTokenUnit() throws Exception {
        Document doc = unsignedEnvelope.getAsDocument();
        WSSecHeader secHeader = new WSSecHeader();
        secHeader.insertSecurityHeader(doc);
       
        UsernameToken usernameToken = new UsernameToken(true, doc, null);
        usernameToken.setName("bob");
       
        byte[] salt = usernameToken.addSalt(doc, null, false);
        assertTrue(salt.length == 16);
        assertTrue(salt[15] == 0x02);
        byte[] utSalt = usernameToken.getSalt();
        assertTrue(salt.length == utSalt.length);
        for (int i = 0; i < salt.length; i++) {
            assertTrue(salt[i] == utSalt[i]);
        }
       
        usernameToken.addIteration(doc, 500);
        assertTrue(usernameToken.getIteration() == 500);
       
        WSSecurityUtil.prependChildElement(
            secHeader.getSecurityHeader(), usernameToken.getElement()
        );
       
        String outputString =
            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc);
        assertTrue(outputString.indexOf("wsse:Username") != -1);
View Full Code Here
257
258
259
260
261
262
263
264
265
266
267
        private WSUsernameTokenPrincipal handleUsernameToken(
            Element token, CallbackHandler cb) throws WSSecurityException {
            //
            // Parse the UsernameToken element
            //
            ut = new UsernameToken(token, false);
            String user = ut.getName();
            String password = ut.getPassword();
            String nonce = ut.getNonce();
            String createdTime = ut.getCreated();
            String pwType = ut.getPasswordType();
View Full Code Here
129
130
131
132
133
134
135
136
137
138
    public String getId() {
        return id;
    }

    public Document preSetUsernameToken(Document doc, String username, String password) {
        ut = new UsernameToken(wssConfig, doc, passwordType);
        ut.setName(username);
        ut.setPassword(password);
        return doc;
    }
View Full Code Here
TOP

Related Classes of org.apache.ws.security.message.token.UsernameToken

  • org.apache.cxf.sts.token.validator.UsernameTokenValidator
  • org.apache.cxf.sts.token.validator.UsernameTokenValidatorTest
  • org.apache.cxf.systest.sts.distributed_caching.CustomUsernameTokenProvider
  • org.apache.cxf.systest.ws.ut.server.CustomUTValidator
  • org.apache.cxf.ws.security.trust.AuthPolicyValidatingInterceptor
  • org.apache.cxf.ws.security.trust.AuthPolicyValidatingInterceptorTest$TestSTSTokenValidator
  • org.apache.cxf.ws.security.trust.delegation.ReceivedTokenCallbackHandler
  • org.apache.cxf.ws.security.trust.delegation.WSSUsernameCallbackHandler
  • org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor$CustomUsernameTokenProcessor
  • org.apache.cxf.ws.security.wss4j.policyvalidators.UsernameTokenPolicyValidator
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.