Examples of org.jboss.soa.esb.services.security.auth.AuthenticationRequest

• org.jboss.soa.esb.services.security.auth.AuthenticationRequest
  An AuthenticationRequest is intended to carry sensitive security information between gateways and ESB services. The information will be extracted from the specific transport that the gateway uses. @author Daniel Bevenius @since 4.4

      //No auth request, maybe it was a SAML v2 Assertion in the security header. Let's try to add it
      try
      {
        Set<SecurityInfoExtractor<String>> extractors = new HashSet<SecurityInfoExtractor<String>>();
        extractors.add( new SamlAssertionExtractor() );
        AuthenticationRequest authRequest = ExtractorUtil.extract(message.getBody().get().toString(), extractors);
        ExtractorUtil.addAuthRequestToMessage(authRequest, message);
      }
      catch( ExtractionException e )
      {
        throw new MessageDeliverException( e.getMessage(), e );

  @Test
  public void extractSecurityInfoBinarySecurityToken() throws Exception
  {
    WSSecuritySoapExtractor extractor = new WSSecuritySoapExtractor();
    SOAPMessage soap = WSTestUtil.createWithBinarySecurityToken("wsse:Base64Binary", "wsse:X509v3", WSTestUtil.getStringFromFile("cert-example.xml", getClass()));
    AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);

    assertNotNull(authRequest);
    assertTrue(authRequest.getCredentials().size() == 1 );
    assertTrue(authRequest.getCredentials().iterator().next() instanceof X509Certificate );
  }

  public void extractSecurityInfoBinarySecurityTokenNoNSPrifix() throws Exception
  {
    WSSecuritySoapExtractor extractor = new WSSecuritySoapExtractor();
    //  create the SAOPMessage with out namespace prefixes for ValueType and EncodingType
    SOAPMessage soap = WSTestUtil.createWithBinarySecurityToken("Base64Binary", "X509v3", WSTestUtil.getStringFromFile("cert-example.xml", getClass()));
    AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);

    assertNotNull(authRequest);
    assertTrue(authRequest.getCredentials().size() == 1 );
    assertTrue(authRequest.getCredentials().iterator().next() instanceof X509Certificate );
  }

  @Test
  public void extractSecurityInfoBinarySecurityTokenFromFile() throws Exception
  {
    WSSecuritySoapExtractor extractor = new WSSecuritySoapExtractor();
    SOAPMessage soap = WSTestUtil.createMessage("soap-keys-example.xml", getClass());
    AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);

    assertNotNull(authRequest);
    assertTrue(authRequest.getCredentials().size() == 1 );
    assertTrue(authRequest.getCredentials().iterator().next() instanceof X509Certificate );
  }

  {
    final String username = "Bubbles";
    final String password = "228833dkd0";
    WSSecuritySoapExtractor extractor = new WSSecuritySoapExtractor();
    SOAPMessage soap = WSTestUtil.createWithUsernameToken(username, password);
    AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);

    assertNotNull(authRequest);
    assertEquals(username, authRequest.getPrincipal().getName());
    assertTrue(authRequest.getCredentials().size() == 1 );
    assertTrue(authRequest.getCredentials().iterator().next() instanceof char[] );
  }

  public void extractSecurityInfoUsernameTokenNoUsername() throws Exception
  {
    final String password = "228833dkd0";
    WSSecuritySoapExtractor extractor = new WSSecuritySoapExtractor();
    SOAPMessage soap = WSTestUtil.createWithUsernameToken(null, password);
    AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);

    assertNotNull(authRequest);
    assertEquals(null, authRequest.getPrincipal() );
    assertTrue(authRequest.getCredentials().size() == 1 );
    assertTrue(authRequest.getCredentials().iterator().next() instanceof char[] );
  }

  public void extractSecurityInfoUsernameTokenNoPassword() throws Exception
  {
    final String username = "Bubbles";
    WSSecuritySoapExtractor extractor = new WSSecuritySoapExtractor();
    SOAPMessage soap = WSTestUtil.createWithUsernameToken(username, null);
    AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);

    assertNotNull(authRequest);
    assertEquals(username, authRequest.getPrincipal().getName());
    assertTrue(authRequest.getCredentials().size() == 0 );
  }

    public void extractAssertionFromSOAPMessage() throws Exception
    {
        final SamlSoapAssertionExtractor extractor = new SamlSoapAssertionExtractor();
        final SOAPMessage soap = WSTestUtil.createMessage("soap-saml-example.xml", getClass());

        final AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);

        assertNotNull(authRequest);
        final Set<?> credentials = authRequest.getCredentials();
        assertFalse(credentials.isEmpty());
        assertEquals(1, credentials.size());
        final Object credential = credentials.iterator().next();
        assertTrue(credential instanceof SamlCredential);

  @Test
    public void performanceExtractSecurityInfo() throws Exception
    {
        final UsernameTokenExtractor  extractor = new UsernameTokenExtractor("http://schemas.xmlsoap.org/ws/2002/04/secext");
        final String soap = createUserPassSoapString("soap-userpass-example.xml");
        AuthenticationRequest authRequest = null;

        // warm up
        for (int i = 0; i < 5000; i++)
        {
            authRequest = extractor.extractSecurityInfo(soap);
        }

        int iterations = 1000000;
        long start = System.nanoTime();
        for (int i = 0; i < iterations; i++)
        {
            authRequest = extractor.extractSecurityInfo(soap);
        }
        long duration = System.nanoTime() - start;
        System.out.println(iterations + " took : " + NANOSECONDS.toSeconds(duration) + " s");

        assertNotNull(authRequest);
        assertEquals( "Clark", authRequest.getPrincipal().getName());
    }

  @Test
  public void extractSecurityInfo() throws Exception
  {
    UsernameTokenExtractor  extractor = new UsernameTokenExtractor("http://schemas.xmlsoap.org/ws/2002/04/secext");
    String soap = createUserPassSoapString("soap-userpass-example.xml");
    AuthenticationRequest authRequest = extractor.extractSecurityInfo(soap);

    assertNotNull(authRequest);
    assertEquals( "Clark", authRequest.getPrincipal().getName());
  }