Java Code Examples for org.apache.ws.security.message.WSSecUsernameToken#addNonce()
The following examples show how to use
org.apache.ws.security.message.WSSecUsernameToken#addNonce() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: AbstractBindingBuilder.java From steady with Apache License 2.0 | 4 votes |
|
protected WSSecUsernameToken addUsernameToken(UsernameToken token) {
AssertionInfo info = null;
Collection<AssertionInfo> ais = aim.getAssertionInfo(token.getName());
for (AssertionInfo ai : ais) {
if (ai.getAssertion() == token) {
info = ai;
if (!isRequestor()) {
info.setAsserted(true);
return null;
}
}
}
String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
if (!StringUtils.isEmpty(userName)) {
WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
// If NoPassword property is set we don't need to set the password
if (token.isNoPassword()) {
utBuilder.setUserInfo(userName, null);
utBuilder.setPasswordType(null);
} else {
String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
if (StringUtils.isEmpty(password)) {
password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN);
}
if (!StringUtils.isEmpty(password)) {
// If the password is available then build the token
if (token.isHashPassword()) {
utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
} else {
utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
}
utBuilder.setUserInfo(userName, password);
} else {
policyNotAsserted(token, "No password available");
return null;
}
}
if (token.isRequireCreated() && !token.isHashPassword()) {
utBuilder.addCreated();
}
if (token.isRequireNonce() && !token.isHashPassword()) {
utBuilder.addNonce();
}
info.setAsserted(true);
return utBuilder;
} else {
policyNotAsserted(token, "No username available");
return null;
}
}
Example 2
| Source File: AbstractBindingBuilder.java From steady with Apache License 2.0 | 4 votes |
|
protected WSSecUsernameToken addUsernameToken(UsernameToken token) {
AssertionInfo info = null;
Collection<AssertionInfo> ais = aim.getAssertionInfo(token.getName());
for (AssertionInfo ai : ais) {
if (ai.getAssertion() == token) {
info = ai;
if (!isRequestor()) {
info.setAsserted(true);
return null;
}
}
}
String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
if (!StringUtils.isEmpty(userName)) {
WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
// If NoPassword property is set we don't need to set the password
if (token.isNoPassword()) {
utBuilder.setUserInfo(userName, null);
utBuilder.setPasswordType(null);
} else {
String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
if (StringUtils.isEmpty(password)) {
password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN);
}
if (!StringUtils.isEmpty(password)) {
// If the password is available then build the token
if (token.isHashPassword()) {
utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
} else {
utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
}
utBuilder.setUserInfo(userName, password);
} else {
policyNotAsserted(token, "No password available");
return null;
}
}
if (token.isRequireCreated() && !token.isHashPassword()) {
utBuilder.addCreated();
}
if (token.isRequireNonce() && !token.isHashPassword()) {
utBuilder.addNonce();
}
info.setAsserted(true);
return utBuilder;
} else {
policyNotAsserted(token, "No username available");
return null;
}
}
Example 3
| Source File: AbstractBindingBuilder.java From steady with Apache License 2.0 | 4 votes |
|
protected WSSecUsernameToken addUsernameToken(UsernameToken token) {
AssertionInfo info = null;
Collection<AssertionInfo> ais = aim.getAssertionInfo(token.getName());
for (AssertionInfo ai : ais) {
if (ai.getAssertion() == token) {
info = ai;
if (!isRequestor()) {
info.setAsserted(true);
return null;
}
}
}
String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
if (!StringUtils.isEmpty(userName)) {
WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
// If NoPassword property is set we don't need to set the password
if (token.isNoPassword()) {
utBuilder.setUserInfo(userName, null);
utBuilder.setPasswordType(null);
} else {
String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
if (StringUtils.isEmpty(password)) {
password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN);
}
if (!StringUtils.isEmpty(password)) {
// If the password is available then build the token
if (token.isHashPassword()) {
utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
} else {
utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
}
utBuilder.setUserInfo(userName, password);
} else {
policyNotAsserted(token, "No password available");
return null;
}
}
if (token.isRequireCreated() && !token.isHashPassword()) {
utBuilder.addCreated();
}
if (token.isRequireNonce() && !token.isHashPassword()) {
utBuilder.addNonce();
}
info.setAsserted(true);
return utBuilder;
} else {
policyNotAsserted(token, "No username available");
return null;
}
}
Example 4
| Source File: AbstractBindingBuilder.java From steady with Apache License 2.0 | 4 votes |
|
protected WSSecUsernameToken addUsernameToken(UsernameToken token) {
AssertionInfo info = null;
Collection<AssertionInfo> ais = aim.getAssertionInfo(token.getName());
for (AssertionInfo ai : ais) {
if (ai.getAssertion() == token) {
info = ai;
if (!isRequestor()) {
info.setAsserted(true);
return null;
}
}
}
String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
if (!StringUtils.isEmpty(userName)) {
WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
// If NoPassword property is set we don't need to set the password
if (token.isNoPassword()) {
utBuilder.setUserInfo(userName, null);
utBuilder.setPasswordType(null);
} else {
String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
if (StringUtils.isEmpty(password)) {
password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN);
}
if (!StringUtils.isEmpty(password)) {
// If the password is available then build the token
if (token.isHashPassword()) {
utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
} else {
utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
}
utBuilder.setUserInfo(userName, password);
} else {
policyNotAsserted(token, "No password available");
return null;
}
}
if (token.isRequireCreated() && !token.isHashPassword()) {
utBuilder.addCreated();
}
if (token.isRequireNonce() && !token.isHashPassword()) {
utBuilder.addNonce();
}
info.setAsserted(true);
return utBuilder;
} else {
policyNotAsserted(token, "No username available");
return null;
}
}
Example 5
| Source File: SoapWrapper.java From iaf with Apache License 2.0 | 4 votes |
|
public String signMessage(String soapMessage, String user, String password, boolean passwordDigest) {
try {
WSSecurityEngine secEngine = WSSecurityEngine.getInstance();
WSSConfig config = secEngine.getWssConfig();
config.setPrecisionInMilliSeconds(false);
// create context
AxisClient tmpEngine = new AxisClient(new NullProvider());
MessageContext msgContext = new MessageContext(tmpEngine);
InputStream in = new ByteArrayInputStream(soapMessage.getBytes(StreamUtil.DEFAULT_INPUT_STREAM_ENCODING));
Message msg = new Message(in);
msg.setMessageContext(msgContext);
// create unsigned envelope
SOAPEnvelope unsignedEnvelope = msg.getSOAPEnvelope();
Document doc = unsignedEnvelope.getAsDocument();
// create security header and insert it into unsigned envelope
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
// add a UsernameToken
WSSecUsernameToken tokenBuilder = new WSSecUsernameToken();
if (passwordDigest) {
tokenBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
} else {
tokenBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
}
tokenBuilder.setUserInfo(user, password);
tokenBuilder.addNonce();
tokenBuilder.addCreated();
tokenBuilder.prepare(doc);
WSSecSignature sign = new WSSecSignature();
sign.setUsernameToken(tokenBuilder);
sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
sign.build(doc, null, secHeader);
tokenBuilder.prependToHeader(secHeader);
// add a Timestamp
WSSecTimestamp timestampBuilder = new WSSecTimestamp();
timestampBuilder.setTimeToLive(300);
timestampBuilder.prepare(doc);
timestampBuilder.prependToHeader(secHeader);
Document signedDoc = doc;
return DOM2Writer.nodeToString(signedDoc);
} catch (Exception e) {
throw new RuntimeException("Could not sign message", e);
}
}
