Examples of org.apache.wss4j.common.ext.WSPasswordCallback

org.apache.wss4j.common.ext.WSPasswordCallback
Simple class to provide a password callback mechanism.
It uses the JAAS authentication mechanisms and callback methods. In addition to the identifier (user name) this class also provides information what type of information the callback handle method shall provide.
The WSPasswordCallback class defines the following usage codes:
- UNKNOWN - an unknown usage. Never used by the WSS4J implementation and shall be treated as an error by the handle method.
- DECRYPT - need a password to get the private key of this identifier (username) from the keystore. WSS4J uses this private key to decrypt the session (symmetric) key. Because the encryption method uses the public key to encrypt the session key it needs no password (a public key is usually not protected by a password).
- USERNAME_TOKEN - need the password to fill in or to verify a UsernameToken.
- SIGNATURE - need the password to get the private key of this identifier (username) from the keystore. WSS4J uses this private key to produce a signature. The signature verification uses the public key to verify the signature.
- SECURITY_CONTEXT_TOKEN - need the key to to be associated with a wsc:SecurityContextToken.
- PASSWORD_ENCRYPTOR_PASSWORD - return the password used with a PasswordEncryptor implementation to decrypt encrypted passwords stored in Crypto properties files

            if (password == null) {
                String err = "provided null or empty password";
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                        "empty", "WSHandler: application " + err);
            }
            WSPasswordCallback pwCb = constructPasswordCallback(username, doAction);
            pwCb.setPassword(password);
            return pwCb;
        }
    }

View Full Code Here

        CallbackHandler cbHandler,
        String username,
        int doAction
    ) throws WSSecurityException {


        WSPasswordCallback pwCb = constructPasswordCallback(username, doAction);
        Callback[] callbacks = new Callback[1];
        callbacks[0] = pwCb;
        //
        // Call back the application to get the password
        //

View Full Code Here

            break;
        case WSConstants.DKT_ENCR:
            reason = WSPasswordCallback.SECRET_KEY;
            break;
        }
        return new WSPasswordCallback(username, reason);
    }

View Full Code Here

            String tokenId = outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_CUSTOM_TOKEN);
            if (tokenId == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
            }
                
            WSPasswordCallback wsPasswordCallback = new WSPasswordCallback(tokenId, WSPasswordCallback.CUSTOM_TOKEN);
            WSSUtils.doPasswordCallback(
                    ((WSSSecurityProperties) getSecurityProperties()).getCallbackHandler(),
                    wsPasswordCallback);
            Element customToken = wsPasswordCallback.getCustomToken();
            if (customToken == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
            }
            
            FinalUnknownTokenOutputProcessor outputProcessor =

View Full Code Here

     */
    private String getPassword(
        String identifier,
        CallbackHandler cb
    ) throws WSSecurityException {
        WSPasswordCallback pwCb = 
            new WSPasswordCallback(identifier, WSPasswordCallback.DECRYPT);
        try {
            Callback[] callbacks = new Callback[]{pwCb};
            cb.handle(callbacks);
        } catch (IOException e) {
            throw new WSSecurityException(
                WSSecurityException.ErrorCode.FAILURE,
                "noPassword", e, identifier
            );
        } catch (UnsupportedCallbackException e) {
            throw new WSSecurityException(
                WSSecurityException.ErrorCode.FAILURE,
                "noPassword", e, identifier
            );
        }


        return pwCb.getPassword();
    }

View Full Code Here

            securityProperties.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
            securityProperties.setCallbackHandler(
                    new org.apache.wss4j.stax.test.CallbackHandlerImpl(key.getEncoded()){
                        @Override
                        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
                            WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
                            pc.setKey(key.getEncoded());
                        }
                    }
            );


            OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);

View Full Code Here

            if ((alias == null || "".equals(alias)) && (signatureCrypto != null)) {
                alias = signatureCrypto.getDefaultX509Identifier();
                LOG.fine("Signature alias is null so using default alias: " + alias);
            }
            // Get the password
            WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
            LOG.fine("Creating SAML Token");
            callbackHandler.handle(cb);
            String password = cb[0].getPassword();
    
            LOG.fine("Signing SAML Token");

View Full Code Here


        public void handle(Callback[] callbacks) throws IOException,
                UnsupportedCallbackException {
            for (int i = 0; i < callbacks.length; i++) {
                if (callbacks[i] instanceof WSPasswordCallback) { // CXF
                    WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
                    if ("eve".equals(pc.getIdentifier())) {
                        pc.setPassword("evekpass");
                        break;
                    }
                }
            }
        }

View Full Code Here

        if (signToken) {
            STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();


            // Get the password
            String alias = stsProperties.getSignatureUsername();
            WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
            LOG.fine("Creating SAML Token");
            stsProperties.getCallbackHandler().handle(cb);
            String password = cb[0].getPassword();


            LOG.fine("Signing SAML Token");

View Full Code Here

            sigAlgo = SSOConstants.DSA_SHA1;
        }
        LOG.fine("Using Signature algorithm " + sigAlgo);
        
        // Get the password
        WSPasswordCallback[] cb = {new WSPasswordCallback(signatureUser, WSPasswordCallback.SIGNATURE)};
        callbackHandler.handle(cb);
        String password = cb[0].getPassword();
        
        // Get the private key
        PrivateKey privateKey = crypto.getPrivateKey(signatureUser, password);

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.wss4j.common.ext.WSPasswordCallback

demo.wssec.client.ClientCallbackHandler

demo.wssec.client.UTPasswordCallback

demo.wssec.server.ServerCallbackHandler

demo.wssec.server.UTPasswordCallback

demo.wssec.sts.STSCallbackHandler

org.apache.cxf.rs.security.common.SecurityUtils

org.apache.cxf.rs.security.saml.sso.KeystorePasswordCallback

org.apache.cxf.rs.security.saml.sso.SamlPostBindingFilter

org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter

org.apache.cxf.rs.security.xml.XmlSecInInterceptor

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.