Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
KerberosSecurity bst = new KerberosSecurity(doc);
CallbackHandler callbackHandler = new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
if (callbacks[0] instanceof PasswordCallback) {
PasswordCallback passwordCallback = (PasswordCallback)callbacks[0];
if (passwordCallback.getPrompt().contains("alice")) {
passwordCallback.setPassword("alice".toCharArray());
} else if (passwordCallback.getPrompt().contains("bob")) {
passwordCallback.setPassword("bob".toCharArray());
}
}
}
};
bst.retrieveServiceTicket("alice", callbackHandler, "bob@service.ws.apache.org");
bst.setID("Id-" + bst.hashCode());
WSSecSignature sign = new WSSecSignature();
sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
sign.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
sign.setCustomTokenValueType(WSConstants.WSS_KRB_KI_VALUE_TYPE);
SecretKey secretKey = bst.getSecretKey();
byte[] keyData = secretKey.getEncoded();
sign.setSecretKey(keyData);
byte[] digestBytes = WSSecurityUtil.generateDigest(bst.getToken());
sign.setCustomTokenId(Base64.encode(digestBytes));
Document signedDoc = sign.build(doc, null, secHeader);
WSSecurityUtil.prependChildElement(secHeader.getSecurityHeader(), bst.getElement());
if (LOG.isDebugEnabled()) {
String outputString =
XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);