Examples of org.apache.wss4j.dom.handler.RequestData

org.apache.wss4j.dom.handler.RequestData
This class holds per request data.

        while (enumeration.hasMoreElements()) {
            String s = (String) enumeration.nextElement();
            messageContext.put(s, properties.get(s));
        }


        RequestData requestData = new RequestData();
        requestData.setMsgContext(messageContext);
        if (messageContext.get(WSHandlerConstants.PW_CALLBACK_REF) == null) {
            requestData.setCallbackHandler(new WSS4JCallbackHandlerImpl());
        }
        requestData.setWssConfig(WSSConfig.getNewInstance());
  
        wss4JHandler.doSender(messageContext, requestData, true);


        return messageContext;
    }

View Full Code Here

        while (enumeration.hasMoreElements()) {
            String s = (String) enumeration.nextElement();
            messageContext.put(s, properties.get(s));
        }


        RequestData requestData = new RequestData();
        requestData.setMsgContext(messageContext);
        if (client) {
            final Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
            requestData.setDecCrypto(crypto);
            requestData.setSigVerCrypto(crypto);
        } else {
            final Crypto crypto = CryptoFactory.getInstance("receiver-crypto.properties");
            requestData.setDecCrypto(crypto);
            requestData.setSigVerCrypto(crypto);
        }
        
        if (properties.get(WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD) != null) {
            messageContext.put(WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD, 
                               properties.get(WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD));
        } else if (WSHandlerConstants.USERNAME_TOKEN_SIGNATURE.equals(action)) {
            messageContext.put(WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD, "true");
        }
        
        // Disable PrefixList checking as the stax code doesn't support this yet
        //todo
        List<BSPRule> ignoredRules = new ArrayList<BSPRule>();
        ignoredRules.add(BSPRule.R5404);
        ignoredRules.add(BSPRule.R5406);
        ignoredRules.add(BSPRule.R5407);
        ignoredRules.add(BSPRule.R5417);
        ignoredRules.add(BSPRule.R3063);
        ignoredRules.add(BSPRule.R5620);
        ignoredRules.add(BSPRule.R5621);
        //ignoredRules.add(BSPRule.R5215);
        requestData.setIgnoredBSPRules(ignoredRules);


        wss4JHandler.doReceiver(messageContext, requestData, false);


        return messageContext;
    }

View Full Code Here

                }
            } else if (entropyObject instanceof Element
                && "EncryptedKey".equals(((Element)entropyObject).getLocalName())) {
                EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
                Element entropyElement = (Element)entropyObject;
                RequestData requestData = new RequestData();
                requestData.setDecCrypto(stsProperties.getSignatureCrypto());
                requestData.setCallbackHandler(stsProperties.getCallbackHandler());
                requestData.setWssConfig(WSSConfig.getNewInstance());
                try {
                    List<WSSecurityEngineResult> results = 
                        processor.handleToken(
                            entropyElement, requestData, new WSDocInfo(entropyElement.getOwnerDocument())
                        );

View Full Code Here

            if (!assertion.isSigned()) {
                LOG.log(Level.WARNING, "The received assertion is not signed, and therefore not trusted");
                return response;
            }


            RequestData requestData = new RequestData();
            requestData.setSigVerCrypto(sigCrypto);
            WSSConfig wssConfig = WSSConfig.getNewInstance();
            requestData.setWssConfig(wssConfig);
            requestData.setCallbackHandler(callbackHandler);
            requestData.setMsgContext(tokenParameters.getWebServiceContext().getMessageContext());


            WSDocInfo docInfo = new WSDocInfo(validateTargetElement.getOwnerDocument());


            // Verify the signature
            Signature sig = assertion.getSignature();

View Full Code Here

            return cipherValue;
        } else {
            try {
                EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
                WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
                RequestData data = new RequestData();
                data.setWssConfig(WSSConfig.getNewInstance());
                data.setDecCrypto(createCrypto(true));
                data.setCallbackHandler(createHandler());
                List<WSSecurityEngineResult> result =
                    proc.handleToken(child, data, docInfo);
                return 
                    (byte[])result.get(0).get(
                        WSSecurityEngineResult.TAG_SECRET

View Full Code Here

        assertFalse(tokenString.contains(SAML2Constants.CONF_BEARER));
        assertTrue(tokenString.contains(SAML2Constants.CONF_HOLDER_KEY));
        
        // Test that the (encrypted) secret sent in Entropy was used in the SAML Subject KeyInfo
        SamlAssertionWrapper assertionWrapper = new SamlAssertionWrapper(assertion);
        RequestData data = new RequestData();
        
        Properties properties = new Properties();
        properties.put(
            "org.apache.wss4j.crypto.provider", "org.apache.wss4j.common.crypto.Merlin"
        );
        properties.put("org.apache.wss4j.crypto.merlin.keystore.password", "sspass");
        properties.put("org.apache.wss4j.crypto.merlin.keystore.file", "servicestore.jks");
        
        data.setDecCrypto(CryptoFactory.getInstance(properties));
        data.setCallbackHandler(new PasswordCallbackHandler());
        data.setWssConfig(WSSConfig.getNewInstance());
        
        assertionWrapper.parseSubject(
            new WSSSAMLKeyInfoProcessor(data, new WSDocInfo(assertion.getOwnerDocument())), 
                                        data.getSigVerCrypto(), data.getCallbackHandler()
        );
        
        SAMLKeyInfo samlKeyInfo = assertionWrapper.getSubjectKeyInfo();
        assertTrue(Arrays.equals(secret, samlKeyInfo.getSecret()));
    }

View Full Code Here

        LOG.fine("Validating X.509 Token");
        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
        Crypto sigCrypto = stsProperties.getSignatureCrypto();
        CallbackHandler callbackHandler = stsProperties.getCallbackHandler();


        RequestData requestData = new RequestData();
        requestData.setSigVerCrypto(sigCrypto);
        requestData.setWssConfig(WSSConfig.getNewInstance());
        requestData.setCallbackHandler(callbackHandler);
        requestData.setMsgContext(tokenParameters.getWebServiceContext().getMessageContext());


        TokenValidatorResponse response = new TokenValidatorResponse();
        ReceivedToken validateTarget = tokenParameters.getToken();
        validateTarget.setState(STATE.INVALID);
        response.setToken(validateTarget);

View Full Code Here

        LOG.fine("Validating UsernameToken");
        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
        Crypto sigCrypto = stsProperties.getSignatureCrypto();
        CallbackHandler callbackHandler = stsProperties.getCallbackHandler();


        RequestData requestData = new RequestData();
        requestData.setSigVerCrypto(sigCrypto);
        WSSConfig wssConfig = WSSConfig.getNewInstance();
        requestData.setWssConfig(wssConfig);
        requestData.setCallbackHandler(callbackHandler);
        requestData.setMsgContext(tokenParameters.getWebServiceContext().getMessageContext());
        
        TokenValidatorResponse response = new TokenValidatorResponse();
        ReceivedToken validateTarget = tokenParameters.getToken();
        validateTarget.setState(STATE.INVALID);
        response.setToken(validateTarget);

View Full Code Here


        return stsClient.requestSecurityToken(endpointAddress);
    }
    
    private List<WSSecurityEngineResult> processToken(SecurityToken token) throws Exception {
        RequestData requestData = new RequestData();
        requestData.setDisableBSPEnforcement(true);
        CallbackHandler callbackHandler = new org.apache.cxf.systest.sts.common.CommonCallbackHandler();
        requestData.setCallbackHandler(callbackHandler);
        Crypto crypto = CryptoFactory.getInstance("serviceKeystore.properties");
        requestData.setDecCrypto(crypto);
        requestData.setSigVerCrypto(crypto);
        
        Processor processor = new SAMLTokenProcessor();
        return processor.handleToken(
            token.getToken(), requestData, new WSDocInfo(token.getToken().getOwnerDocument())
        );

View Full Code Here

        Signature signature, 
        Document doc,
        Crypto sigCrypto,
        CallbackHandler callbackHandler
    ) throws WSSecurityException {
        RequestData requestData = new RequestData();
        requestData.setSigVerCrypto(sigCrypto);
        WSSConfig wssConfig = WSSConfig.getNewInstance();
        requestData.setWssConfig(wssConfig);
        requestData.setCallbackHandler(callbackHandler);
        
        SAMLKeyInfo samlKeyInfo = null;
        
        KeyInfo keyInfo = signature.getKeyInfo();
        if (keyInfo != null) {

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.wss4j.dom.handler.RequestData

org.apache.cxf.rs.security.common.TrustValidator

org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler

org.apache.cxf.rs.security.saml.AbstractSamlInHandler

org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator

org.apache.cxf.sts.operation.IssueSamlUnitTest

org.apache.cxf.sts.request.RequestParser

org.apache.cxf.sts.request.RequestParserUnitTest

org.apache.cxf.sts.token.renewer.SAMLTokenRenewer

org.apache.cxf.sts.token.validator.SAMLTokenValidator

org.apache.cxf.sts.token.validator.UsernameTokenValidator

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.