Examples of org.apache.wss4j.dom.validate.Credential

org.apache.wss4j.dom.validate.Credential
This class stores various Credential types that can be validated and/or returned by a Validator implementation. It also stores an optional Principal object which can provide context information to the validators.

        
        // Validate Signature against profiles
        validateSignatureAgainstProfiles(signature, samlKeyInfo);


        // Now verify trust on the signature
        Credential trustCredential = new Credential();
        trustCredential.setPublicKey(samlKeyInfo.getPublicKey());
        trustCredential.setCertificates(samlKeyInfo.getCerts());


        try {
            signatureValidator.validate(trustCredential, requestData);
        } catch (WSSecurityException e) {
            LOG.log(Level.FINE, "Error in validating signature on SAML Response: " + e.getMessage(), e);

View Full Code Here

        SamlAssertionWrapper assertion,
        Crypto sigCrypto,
        CallbackHandler callbackHandler,
        Document doc
    ) throws WSSecurityException {
        Credential credential = new Credential();
        credential.setSamlAssertion(assertion);
        
        RequestData requestData = new RequestData();
        requestData.setSigVerCrypto(sigCrypto);
        WSSConfig wssConfig = WSSConfig.getNewInstance();
        requestData.setWssConfig(wssConfig);

View Full Code Here

 * subject.
 */
public class DifferentRealmValidator extends STSTokenValidator {
    
    public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
        Credential validatedCredential = super.validate(credential, data);
        
        SamlAssertionWrapper transformedToken = validatedCredential.getTransformedToken();
        if (transformedToken == null || transformedToken.getSaml2() == null
            || !"B-Issuer".equals(transformedToken.getIssuerString())) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
        }

View Full Code Here

 * checks that we get back a SAML2 Assertion from the STS, and extracts the secret from it.
 */
public class SCTTokenValidator extends STSTokenValidator {
    
    public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
        Credential validatedCredential = super.validate(credential, data);
        
        SamlAssertionWrapper transformedToken = validatedCredential.getTransformedToken();
        if (transformedToken == null || transformedToken.getSaml2() == null
            || !"DoubleItSTSIssuer".equals(transformedToken.getIssuerString())) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
        }


        Document doc = transformedToken.getElement().getOwnerDocument();
        
        transformedToken.parseHOKSubject(
            new WSSSAMLKeyInfoProcessor(data, new WSDocInfo(doc)), data.getSigVerCrypto(), 
            data.getCallbackHandler()
        );
        SAMLKeyInfo keyInfo = transformedToken.getSubjectKeyInfo();
        byte[] secret = keyInfo.getSecret();
        validatedCredential.setSecretKey(secret);
        
        return validatedCredential;
    }

View Full Code Here

        } catch (InterruptedException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        
        Credential validatedCredential = super.validate(credential, data);
        
        // Hack to verify the IssuedToken assertion, as this is not done by default in CXF for a 
        // SecurityContextToken
        SoapMessage soapMessage = (SoapMessage)data.getMsgContext();
        AssertionInfoMap aim = soapMessage.get(AssertionInfoMap.class);

View Full Code Here

 * checks that we get back a SAML2 Assertion from the STS.
 */
public class CustomBSTTokenValidator extends STSTokenValidator {
    
    public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
        Credential validatedCredential = super.validate(credential, data);
        
        SamlAssertionWrapper transformedToken = validatedCredential.getTransformedToken();
        if (transformedToken == null || transformedToken.getSaml2() == null
            || !"DoubleItSTSIssuer".equals(transformedToken.getIssuerString())) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
        }

View Full Code Here

 */
public class ClaimsValidator extends SamlAssertionValidator {
    
    @Override
    public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
        Credential validatedCredential = super.validate(credential, data);
        SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
        
        boolean valid = false;
        if (assertion.getSaml1() != null) {
            valid = handleSAML1Assertion(assertion.getSaml1());
        } else if (assertion.getSaml2() != null) {

View Full Code Here

 * "worker". 
 */
public class CustomUTValidator extends UsernameTokenValidator {


    public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
        Credential cred = super.validate(credential, data);
        
        UsernameToken ut = credential.getUsernametoken();
        WSUsernameTokenPrincipalImpl principal = 
            new WSUsernameTokenPrincipalImpl(ut.getName(), ut.isHashed());
        principal.setCreatedTime(ut.getCreated());
        principal.setNonce(principal.getNonce());
        principal.setPassword(ut.getPassword());
        principal.setPasswordType(ut.getPasswordType());
        
        Subject subject = new Subject();
        subject.getPrincipals().add(principal);
        if ("Alice".equals(ut.getName())) {
            subject.getPrincipals().add(new SimpleGroup("manager", ut.getName()));
        }
        subject.getPrincipals().add(new SimpleGroup("worker", ut.getName()));
        cred.setSubject(subject);
        
        return cred;
    }

View Full Code Here

 */
public class CustomSaml2Validator extends SamlAssertionValidator {
    
    @Override
    public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
        Credential validatedCredential = super.validate(credential, data);
        SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
        
        if (!"sts".equals(assertion.getIssuerString())) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
        }

View Full Code Here


        WSSecurityEngineResult result =
            new WSSecurityEngineResult(WSConstants.SCT, sct);
        if (validator != null) {
            // Hook to allow the user to validate the SecurityContextToken
            Credential credential = new Credential();
            credential.setSecurityContextToken(sct);
            
            Credential returnedCredential = validator.validate(credential, data);
            result.put(WSSecurityEngineResult.TAG_VALIDATED_TOKEN, Boolean.TRUE);
            result.put(WSSecurityEngineResult.TAG_ID, sct.getID());
            result.put(WSSecurityEngineResult.TAG_SECRET, returnedCredential.getSecretKey());
        } else {
            String id = sct.getID();
            if (id.charAt(0) == '#') {
                id = id.substring(1);
            }

View Full Code Here

0 1 2 3 4 5 6

TOP

Related Classes of org.apache.wss4j.dom.validate.Credential

org.apache.cxf.rs.security.common.TrustValidator

org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler

org.apache.cxf.rs.security.saml.AbstractSamlInHandler

org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator

org.apache.cxf.sts.token.validator.SAMLTokenValidator

org.apache.cxf.sts.token.validator.UsernameTokenValidator

org.apache.cxf.sts.token.validator.X509TokenValidator

org.apache.cxf.systest.sts.claims.ClaimsValidator

org.apache.cxf.systest.sts.cross_domain.CrossDomainValidator

org.apache.cxf.systest.sts.custom_onbehalfof.CustomBSTTokenValidator

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.