Examples of org.apache.wss4j.common.ext.WSSecurityException

org.apache.wss4j.common.ext.WSSecurityException
Exception class for WS-Security.

     */
    private X509Certificate[] getDefaultCerts(
        Crypto crypto
    ) throws WSSecurityException {
        if (crypto == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile");
        }
        if (crypto.getDefaultX509Identifier() != null) {
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
            cryptoType.setAlias(crypto.getDefaultX509Identifier());
            return crypto.getX509Certificates(cryptoType);
        } else {
            throw new WSSecurityException(
                WSSecurityException.ErrorCode.INVALID_SECURITY, "unsupportedKeyInfo"
            );
        }
    }

View Full Code Here

            //
            // Look for a KeyValue object
            //
            keyValue = getKeyValue(keyInfoElement);
        } catch (MarshalException ex) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, ex);
        } 


        if (keyValue != null) {
            try {
                //
                // Look for a Public Key in Key Value
                //
                return keyValue.getPublicKey();
            } catch (java.security.KeyException ex) {
                LOG.error(ex.getMessage(), ex);
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, ex);
            }     
        } else {
            throw new WSSecurityException(
                    WSSecurityException.ErrorCode.INVALID_SECURITY, "unsupportedKeyInfo"
            );
        }
    }

View Full Code Here

                }
            }
        } catch (WSSecurityException ex) {
            throw ex;
        } catch (Exception ex) {
            throw new WSSecurityException(
                WSSecurityException.ErrorCode.FAILED_CHECK, ex
            );
        }
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
    }

View Full Code Here

                        se = doc.createElementNS("http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1", "attachment");
                        attachment = true;
                    }
                }
                if (se == null) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
                }
                
                WSDataRef ref = new WSDataRef();
                ref.setWsuId(uri);
                ref.setProtectedElement(se);

View Full Code Here

        Date created = timeStamp.getCreated();
        DateFormat zulu = new XmlSchemaDateFormat();
        String identifier = zulu.format(created) + "" + Arrays.hashCode(signatureValue);


        if (replayCache.contains(identifier)) {
            throw new WSSecurityException(
                WSSecurityException.ErrorCode.INVALID_SECURITY,
                "invalidTimestamp",
                "A replay attack has been detected");
        }

View Full Code Here

    @Override
    public void processEvent(XMLSecEvent xmlSecEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
        try {
            String tokenId = outputProcessorChain.getSecurityContext().get(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_CUSTOM_TOKEN);
            if (tokenId == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
            }
                
            WSPasswordCallback wsPasswordCallback = new WSPasswordCallback(tokenId, WSPasswordCallback.CUSTOM_TOKEN);
            WSSUtils.doPasswordCallback(
                    ((WSSSecurityProperties) getSecurityProperties()).getCallbackHandler(),
                    wsPasswordCallback);
            Element customToken = wsPasswordCallback.getCustomToken();
            if (customToken == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
            }
            
            FinalUnknownTokenOutputProcessor outputProcessor = 
                new FinalUnknownTokenOutputProcessor(customToken);
            outputProcessor.setXMLSecurityProperties(getSecurityProperties());

View Full Code Here

     * @param data the RequestData associated with the request
     * @throws WSSecurityException on a failed validation
     */
    public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
        if (credential == null || credential.getBinarySecurityToken() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
        }
        
        BinarySecurity binarySecurity = credential.getBinarySecurityToken();
        if (!(binarySecurity instanceof KerberosSecurity)) {
            return credential;
        }
        
        if (LOG.isDebugEnabled()) {
            try {
                String jaasAuth = System.getProperty("java.security.auth.login.config");
                String krbConf = System.getProperty("java.security.krb5.conf");
                LOG.debug("KerberosTokenValidator - Using JAAS auth login file: " + jaasAuth);
                LOG.debug("KerberosTokenValidator - Using KRB conf file: " + krbConf);
            } catch (SecurityException ex) {
                LOG.debug(ex.getMessage(), ex);
            }
        }
        
        // Get a TGT from the KDC using JAAS
        LoginContext loginContext = null;
        try {
            if (callbackHandler != null) {
                loginContext = new LoginContext(getContextName(), callbackHandler);
            } else if (data.getCallbackHandler() != null) {
                loginContext = new LoginContext(getContextName(), data.getCallbackHandler());
            } else {
                loginContext = new LoginContext(getContextName());
            }
            loginContext.login();
        } catch (LoginException ex) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(ex.getMessage(), ex);
            }
            throw new WSSecurityException(
                WSSecurityException.ErrorCode.FAILURE,
                "kerberosLoginError", 
                ex,
                ex.getMessage());
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Successfully authenticated to the TGT");
        }
        
        byte[] token = binarySecurity.getToken();
        
        // Get the service name to use - fall back on the principal
        Subject subject = loginContext.getSubject();
        String service = serviceName;
        if (service == null) {
            Set<Principal> principals = subject.getPrincipals();
            if (principals.isEmpty()) {
                throw new WSSecurityException(
                    WSSecurityException.ErrorCode.FAILURE, 
                    "kerberosLoginError",
                    "No Client principals found after login");
            }
            service = principals.iterator().next().getName();
        }
        
        // Validate the ticket
        KerberosServiceAction action = new KerberosServiceAction(token, service);
        Principal principal = Subject.doAs(subject, action);
        if (principal == null) {
            throw new WSSecurityException(
                WSSecurityException.ErrorCode.FAILURE, "kerberosTicketValidationError"
            );
        }
        credential.setPrincipal(principal);
        credential.setSubject(subject);
        
        KerberosTokenDecoder kerberosTokenDecoder = this.kerberosTokenDecoder;
        if (kerberosTokenDecoder == null) {
            kerberosTokenDecoder = new KerberosTokenDecoderImpl();
        }


        kerberosTokenDecoder.clear();
        kerberosTokenDecoder.setToken(token);
        kerberosTokenDecoder.setSubject(subject);
        try {
            byte[] sessionKey = kerberosTokenDecoder.getSessionKey();
            credential.setSecretKey(sessionKey);
        } catch (KerberosTokenDecoderException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
        }


        if (LOG.isDebugEnabled()) {
            LOG.debug("Successfully validated a ticket");
        }

View Full Code Here

    ) throws WSSecurityException {
        KerberosContextAndServiceNameCallback contextAndServiceNameCallback = new KerberosContextAndServiceNameCallback();
        try {
            callbackHandler.handle(new Callback[]{contextAndServiceNameCallback});
        } catch (IOException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
        } catch (UnsupportedCallbackException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
        } 


        String jaasLoginModuleName = contextAndServiceNameCallback.getContextName();
        if (jaasLoginModuleName == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "kerberosCallbackContextNameNotSupplied");
        }
        String serviceName = contextAndServiceNameCallback.getServiceName();
        if (serviceName == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "kerberosCallbackServiceNameNotSupplied");
        }
        
        retrieveServiceTicket(jaasLoginModuleName, callbackHandler, serviceName);
    }

View Full Code Here

            loginContext.login();
        } catch (LoginException ex) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(ex.getMessage(), ex);
            }
            throw new WSSecurityException(
                WSSecurityException.ErrorCode.FAILURE,
                "kerberosLoginError", 
                ex, ex.getMessage());
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Successfully authenticated to the TGT");
        }
        
        Subject clientSubject = loginContext.getSubject();
        Set<Principal> clientPrincipals = clientSubject.getPrincipals();
        if (clientPrincipals.isEmpty()) {
            throw new WSSecurityException(
                WSSecurityException.ErrorCode.FAILURE, 
                "kerberosLoginError",
                "No Client principals found after login");
        }
        // Store the TGT
        KerberosTicket tgt = getKerberosTicket(clientSubject, null);
        
        // Get the service ticket
        KerberosClientAction action =
            new KerberosClientAction(clientPrincipals.iterator().next(), serviceName);
        byte[] ticket = Subject.doAs(clientSubject, action);
        if (ticket == null) {
            throw new WSSecurityException(
                WSSecurityException.ErrorCode.FAILURE, "kerberosServiceTicketError"
            );
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Successfully retrieved a service ticket");

View Full Code Here

        
        if (operationSecurityEventOccured) {
            try {
                verifyPolicy(securityEvent);
            } catch (WSSPolicyException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
            } catch (XMLSecurityException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
            }
        }


        if (WSSecurityEventConstants.Operation.equals(securityEvent.getSecurityEventType())) {
            operationSecurityEventOccured = true;
            final OperationSecurityEvent operationSecurityEvent = (OperationSecurityEvent) securityEvent;
            if (SOAP11_FAULT.equals(operationSecurityEvent.getOperation())
                || SOAP12_FAULT.equals(operationSecurityEvent.getOperation())) {
                faultOccurred = true;
            }
            
            if (effectivePolicy == null) {
                effectivePolicy = findPolicyBySOAPOperationName(operationPolicies, operationSecurityEvent.getOperation());
                if (effectivePolicy == null) {
                    //no policy to the operation given
                    effectivePolicy = new OperationPolicy(new QName(null, "NoPolicyFoundForOperation"));
                    effectivePolicy.setPolicy(new Policy());
                }
                try {
                    buildAssertionStateMap(effectivePolicy.getPolicy(), assertionStateMap);
                } catch (WSSPolicyException e) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
                }
            }
            try {
                Iterator<SecurityEvent> securityEventIterator = securityEventQueue.descendingIterator();
                while (securityEventIterator.hasNext()) {
                    SecurityEvent prevSecurityEvent = securityEventIterator.next();
                    verifyPolicy(prevSecurityEvent);
                }


                verifyPolicy(securityEvent);


                verifyPolicyAfterOperationSecurityEvent();
            } catch (WSSPolicyException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
            } catch (XMLSecurityException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
            }
            securityEventQueue.clear();


            return;
        } else {

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.wss4j.common.ext.WSSecurityException

org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator

org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator

org.apache.cxf.rs.security.xml.EncryptionUtils

org.apache.cxf.rs.security.xml.XmlEncOutInterceptor

org.apache.cxf.rs.security.xml.XmlSecOutInterceptor

org.apache.cxf.sts.token.validator.SAMLTokenValidator

org.apache.cxf.systest.sts.claims.ClaimsValidator

org.apache.cxf.systest.sts.claims.StaxClaimsValidator

org.apache.cxf.systest.ws.saml.Saml2AudienceRestrictionValidator

org.apache.cxf.ws.security.trust.AbstractSTSClient

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.