Java Code Examples for org.apache.cxf.security.SecurityContext#getUserPrincipal()
The following examples show how to use
org.apache.cxf.security.SecurityContext#getUserPrincipal() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: AbstractSecurityContextInInterceptor.java From cxf with Apache License 2.0 | 6 votes |
|
public void handleMessage(Message message) {
SecurityToken token = message.get(SecurityToken.class);
if (token == null) {
reportSecurityException("Security Token is not available on the current message");
}
SecurityContext context = message.get(SecurityContext.class);
if (context == null || context.getUserPrincipal() == null) {
reportSecurityException("User Principal is not available on the current message");
}
Subject subject = null;
try {
subject = createSubject(token);
} catch (Exception ex) {
reportSecurityException("Failed Authentication : Subject has not been created, "
+ ex.getMessage());
}
if (subject == null || subject.getPrincipals().isEmpty()) {
reportSecurityException("Failed Authentication : Invalid Subject");
}
Principal principal = getPrincipal(context.getUserPrincipal(), subject);
SecurityContext sc = createSecurityContext(principal, subject);
message.put(SecurityContext.class, sc);
}
Example 2
| Source File: AbstractUsernameTokenAuthenticatingInterceptor.java From steady with Apache License 2.0 | 6 votes |
|
@Override
public void handleMessage(SoapMessage msg) throws Fault {
SecurityToken token = msg.get(SecurityToken.class);
SecurityContext context = msg.get(SecurityContext.class);
if (token == null || context == null || context.getUserPrincipal() == null) {
super.handleMessage(msg);
return;
}
UsernameToken ut = (UsernameToken)token;
Subject subject = createSubject(ut.getName(), ut.getPassword(), ut.isHashed(),
ut.getNonce(), ut.getCreatedTime());
SecurityContext sc = doCreateSecurityContext(context.getUserPrincipal(), subject);
msg.put(SecurityContext.class, sc);
}
Example 3
| Source File: WSS4JPrincipalInterceptor.java From cxf with Apache License 2.0 | 6 votes |
|
@Override
public void handleMessage(SoapMessage message) throws Fault {
SecurityContext context = message.get(SecurityContext.class);
if (context == null) {
throw new SoapFault("No Security Context", Fault.FAULT_CODE_SERVER);
}
Principal principal = context.getUserPrincipal();
if (principal == null) {
throw new SoapFault("No Security Principal", Fault.FAULT_CODE_SERVER);
}
if (principalName != null && !principalName.equals(principal.getName())) {
throw new SoapFault("Security Principal does not match", Fault.FAULT_CODE_SERVER);
}
}
Example 4
| Source File: RESTSecurityTokenServiceImpl.java From cxf with Apache License 2.0 | 6 votes |
|
@Override
protected Principal getPrincipal() {
// Try JAX-RS SecurityContext first
if (securityContext != null && securityContext.getUserPrincipal() != null) {
return securityContext.getUserPrincipal();
}
// Then try the CXF SecurityContext
SecurityContext sc = (SecurityContext)messageContext.get(SecurityContext.class);
if (sc != null && sc.getUserPrincipal() != null) {
return sc.getUserPrincipal();
}
// Get the TLS client principal if no security context is set up
X509Certificate clientCert = getTLSClientCertificate();
if (clientCert != null) {
return clientCert.getSubjectX500Principal();
}
return null;
}
Example 5
| Source File: AuthorizationHandler.java From geofence with GNU General Public License v2.0 | 6 votes |
|
protected boolean authorize(SecurityContext sc, Method method)
{
List<String> expectedRoles = getExpectedRoles(method);
if (expectedRoles.isEmpty())
{
List<String> denyRoles = getDenyRoles(method);
return denyRoles.isEmpty() ? true : isUserInRole(sc, denyRoles, true);
}
if (isUserInRole(sc, expectedRoles, false))
{
return true;
}
if (sc.getUserPrincipal() != null)
{
LOGGER.error(sc.getUserPrincipal().getName() + " is not authorized");
}
return false;
}
Example 6
| Source File: DefaultLogEventMapper.java From cxf with Apache License 2.0 | 6 votes |
|
private String getPrincipal(Message message) {
String principal = getJAASPrincipal();
if (principal != null) {
return principal;
}
SecurityContext sc = message.get(SecurityContext.class);
if (sc != null && sc.getUserPrincipal() != null) {
return sc.getUserPrincipal().getName();
}
AuthorizationPolicy authPolicy = message.get(AuthorizationPolicy.class);
if (authPolicy != null) {
return authPolicy.getUserName();
}
return null;
}
Example 7
| Source File: AbstractUsernameTokenAuthenticatingInterceptor.java From steady with Apache License 2.0 | 6 votes |
|
@Override
public void handleMessage(SoapMessage msg) throws Fault {
SecurityToken token = msg.get(SecurityToken.class);
SecurityContext context = msg.get(SecurityContext.class);
if (token == null || context == null || context.getUserPrincipal() == null) {
super.handleMessage(msg);
return;
}
UsernameToken ut = (UsernameToken)token;
Subject subject = createSubject(ut.getName(), ut.getPassword(), ut.isHashed(),
ut.getNonce(), ut.getCreatedTime());
SecurityContext sc = doCreateSecurityContext(context.getUserPrincipal(), subject);
msg.put(SecurityContext.class, sc);
}
Example 8
| Source File: AbstractUsernameTokenAuthenticatingInterceptor.java From steady with Apache License 2.0 | 6 votes |
|
@Override
public void handleMessage(SoapMessage msg) throws Fault {
SecurityToken token = msg.get(SecurityToken.class);
SecurityContext context = msg.get(SecurityContext.class);
if (token == null || context == null || context.getUserPrincipal() == null) {
super.handleMessage(msg);
return;
}
UsernameToken ut = (UsernameToken)token;
Subject subject = createSubject(ut.getName(), ut.getPassword(), ut.isHashed(),
ut.getNonce(), ut.getCreatedTime());
SecurityContext sc = doCreateSecurityContext(context.getUserPrincipal(), subject);
msg.put(SecurityContext.class, sc);
}
Example 9
| Source File: WebServiceContextImpl.java From cxf with Apache License 2.0 | 5 votes |
|
public final Principal getUserPrincipal() {
SecurityContext ctx = (SecurityContext)getMessageContext().get(SecurityContext.class.getName());
if (ctx == null) {
return null;
}
return ctx.getUserPrincipal();
}
Example 10
| Source File: AbstractAuthorizingInInterceptor.java From cxf with Apache License 2.0 | 5 votes |
|
public void handleMessage(Message message) {
Method method = MessageUtils.getTargetMethod(message).orElseThrow(() ->
new AccessDeniedException("Method is not available : Unauthorized"));
SecurityContext sc = message.get(SecurityContext.class);
if (sc != null && sc.getUserPrincipal() != null) {
if (authorize(sc, method)) {
return;
}
} else if (!isMethodProtected(method) && isAllowAnonymousUsers()) {
return;
}
throw new AccessDeniedException("Unauthorized");
}
Example 11
| Source File: SamlTokenInterceptor.java From steady with Apache License 2.0 | 5 votes |
|
private void processSamlToken(SoapMessage message) {
Header h = findSecurityHeader(message, false);
if (h == null) {
return;
}
Element el = (Element)h.getObject();
Element child = DOMUtils.getFirstElement(el);
while (child != null) {
if ("Assertion".equals(child.getLocalName())) {
try {
List<WSSecurityEngineResult> samlResults = processToken(child, message);
if (samlResults != null) {
List<WSHandlerResult> results = CastUtils.cast((List<?>)message
.get(WSHandlerConstants.RECV_RESULTS));
if (results == null) {
results = new ArrayList<WSHandlerResult>();
message.put(WSHandlerConstants.RECV_RESULTS, results);
}
WSHandlerResult rResult = new WSHandlerResult(null, samlResults);
results.add(0, rResult);
assertSamlTokens(message);
Principal principal =
(Principal)samlResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, principal);
SecurityContext sc = message.get(SecurityContext.class);
if (sc == null || sc.getUserPrincipal() == null) {
message.put(SecurityContext.class, new DefaultSecurityContext(principal, null));
}
}
} catch (WSSecurityException ex) {
throw new Fault(ex);
}
}
child = DOMUtils.getNextElement(child);
}
}
Example 12
| Source File: HttpsTokenInterceptorProvider.java From steady with Apache License 2.0 | 5 votes |
|
public void handleMessage(Message message) throws Fault {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
if (aim != null) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.HTTPS_TOKEN);
if (ais == null) {
return;
}
if (!isRequestor(message)) {
assertHttps(ais, message);
// Store the TLS principal on the message context
SecurityContext sc = message.get(SecurityContext.class);
if (sc == null || sc.getUserPrincipal() == null) {
TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
if (tlsInfo != null && tlsInfo.getPeerCertificates() != null
&& tlsInfo.getPeerCertificates().length > 0
&& (tlsInfo.getPeerCertificates()[0] instanceof X509Certificate)
) {
X509Certificate cert = (X509Certificate)tlsInfo.getPeerCertificates()[0];
message.put(
SecurityContext.class, createSecurityContext(cert.getSubjectX500Principal())
);
}
}
} else {
//client side should be checked on the way out
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
}
}
}
Example 13
| Source File: SamlTokenInterceptor.java From steady with Apache License 2.0 | 5 votes |
|
private void processSamlToken(SoapMessage message) {
Header h = findSecurityHeader(message, false);
if (h == null) {
return;
}
Element el = (Element)h.getObject();
Element child = DOMUtils.getFirstElement(el);
while (child != null) {
if ("Assertion".equals(child.getLocalName())) {
try {
List<WSSecurityEngineResult> samlResults = processToken(child, message);
if (samlResults != null) {
List<WSHandlerResult> results = CastUtils.cast((List<?>)message
.get(WSHandlerConstants.RECV_RESULTS));
if (results == null) {
results = new ArrayList<WSHandlerResult>();
message.put(WSHandlerConstants.RECV_RESULTS, results);
}
WSHandlerResult rResult = new WSHandlerResult(null, samlResults);
results.add(0, rResult);
assertSamlTokens(message);
Principal principal =
(Principal)samlResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, principal);
SecurityContext sc = message.get(SecurityContext.class);
if (sc == null || sc.getUserPrincipal() == null) {
message.put(SecurityContext.class, new DefaultSecurityContext(principal, null));
}
}
} catch (WSSecurityException ex) {
throw new Fault(ex);
}
}
child = DOMUtils.getNextElement(child);
}
}
Example 14
| Source File: LogoutService.java From cxf with Apache License 2.0 | 5 votes |
|
private void doLogout(Cookie context, SecurityContext sc) {
if (context == null || sc.getUserPrincipal() == null || sc.getUserPrincipal().getName() == null) {
reportError("MISSING_RESPONSE_STATE");
throw ExceptionUtils.toBadRequestException(null, null);
}
stateProvider.removeResponseState(context.getValue());
}
Example 15
| Source File: HttpsTokenInterceptorProvider.java From steady with Apache License 2.0 | 5 votes |
|
public void handleMessage(Message message) throws Fault {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
if (aim != null) {
Collection<AssertionInfo> ais = aim.get(SP12Constants.HTTPS_TOKEN);
if (ais == null) {
return;
}
if (!isRequestor(message)) {
assertHttps(ais, message);
// Store the TLS principal on the message context
SecurityContext sc = message.get(SecurityContext.class);
if (sc == null || sc.getUserPrincipal() == null) {
TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
if (tlsInfo != null && tlsInfo.getPeerCertificates() != null
&& tlsInfo.getPeerCertificates().length > 0
&& (tlsInfo.getPeerCertificates()[0] instanceof X509Certificate)
) {
X509Certificate cert = (X509Certificate)tlsInfo.getPeerCertificates()[0];
message.put(
SecurityContext.class, createSecurityContext(cert.getSubjectX500Principal())
);
}
}
} else {
//client side should be checked on the way out
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
}
}
}
Example 16
| Source File: RedirectionBasedGrantService.java From cxf with Apache License 2.0 | 5 votes |
|
protected SecurityContext getAndValidateSecurityContext(MultivaluedMap<String, String> params) {
SecurityContext securityContext =
(SecurityContext)getMessageContext().get(SecurityContext.class.getName());
if (securityContext == null || securityContext.getUserPrincipal() == null) {
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
checkTransportSecurity();
return securityContext;
}
Example 17
| Source File: AbstractXmlSigInHandler.java From cxf with Apache License 2.0 | 5 votes |
|
protected String getUserName(Crypto crypto, Message message) {
SecurityContext sc = message.get(SecurityContext.class);
if (sc != null && sc.getUserPrincipal() != null) {
return sc.getUserPrincipal().getName();
}
return RSSecurityUtils.getUserName(crypto, null);
}
Example 18
| Source File: UsernameTokenInterceptor.java From steady with Apache License 2.0 | 4 votes |
|
private void processUsernameToken(SoapMessage message) {
Header h = findSecurityHeader(message, false);
if (h == null) {
return;
}
Element el = (Element)h.getObject();
Element child = DOMUtils.getFirstElement(el);
while (child != null) {
if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName())) {
try {
final WSUsernameTokenPrincipal princ = getPrincipal(child, message);
if (princ != null) {
List<WSSecurityEngineResult>v = new ArrayList<WSSecurityEngineResult>();
int action = WSConstants.UT;
if (princ.getPassword() == null) {
action = WSConstants.UT_NOPASSWORD;
}
v.add(0, new WSSecurityEngineResult(action, princ, null, null, null));
List<WSHandlerResult> results = CastUtils.cast((List<?>)message
.get(WSHandlerConstants.RECV_RESULTS));
if (results == null) {
results = new ArrayList<WSHandlerResult>();
message.put(WSHandlerConstants.RECV_RESULTS, results);
}
WSHandlerResult rResult = new WSHandlerResult(null, v);
results.add(0, rResult);
assertUsernameTokens(message, princ);
message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, princ);
SecurityContext sc = message.get(SecurityContext.class);
if (sc == null || sc.getUserPrincipal() == null) {
Subject subject = createSubject(princ.getName(), princ.getPassword(),
princ.isPasswordDigest(), princ.getNonce(), princ.getCreatedTime());
message.put(SecurityContext.class,
createSecurityContext(princ, subject));
}
}
} catch (WSSecurityException ex) {
throw new Fault(ex);
}
}
child = DOMUtils.getNextElement(child);
}
}
Example 19
| Source File: BinarySecurityTokenInterceptor.java From cxf with Apache License 2.0 | 4 votes |
|
protected void processToken(SoapMessage message) {
Header h = findSecurityHeader(message, false);
if (h == null) {
return;
}
Element el = (Element)h.getObject();
Element child = DOMUtils.getFirstElement(el);
while (child != null) {
if (WSS4JConstants.BINARY_TOKEN_LN.equals(child.getLocalName())
&& WSS4JConstants.WSSE_NS.equals(child.getNamespaceURI())) {
try {
List<WSSecurityEngineResult> bstResults = processToken(child, message);
if (bstResults != null) {
List<WSHandlerResult> results = CastUtils.cast((List<?>)message
.get(WSHandlerConstants.RECV_RESULTS));
if (results == null) {
results = new ArrayList<>();
message.put(WSHandlerConstants.RECV_RESULTS, results);
}
WSHandlerResult rResult =
new WSHandlerResult(null, bstResults,
Collections.singletonMap(WSConstants.BST, bstResults));
results.add(0, rResult);
assertTokens(message);
Principal principal =
(Principal)bstResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
SecurityContext sc = message.get(SecurityContext.class);
if (sc == null || sc.getUserPrincipal() == null) {
message.put(SecurityContext.class, new DefaultSecurityContext(principal, null));
}
}
} catch (WSSecurityException ex) {
throw WSS4JUtils.createSoapFault(message, message.getVersion(), ex);
}
}
child = DOMUtils.getNextElement(child);
}
}
Example 20
| Source File: UsernameTokenInterceptor.java From steady with Apache License 2.0 | 4 votes |
|
private void processUsernameToken(SoapMessage message) {
Header h = findSecurityHeader(message, false);
if (h == null) {
return;
}
Element el = (Element)h.getObject();
Element child = DOMUtils.getFirstElement(el);
while (child != null) {
if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName())) {
try {
final WSUsernameTokenPrincipal princ = getPrincipal(child, message);
if (princ != null) {
List<WSSecurityEngineResult>v = new ArrayList<WSSecurityEngineResult>();
int action = WSConstants.UT;
if (princ.getPassword() == null) {
action = WSConstants.UT_NOPASSWORD;
}
v.add(0, new WSSecurityEngineResult(action, princ, null, null, null));
List<WSHandlerResult> results = CastUtils.cast((List<?>)message
.get(WSHandlerConstants.RECV_RESULTS));
if (results == null) {
results = new ArrayList<WSHandlerResult>();
message.put(WSHandlerConstants.RECV_RESULTS, results);
}
WSHandlerResult rResult = new WSHandlerResult(null, v);
results.add(0, rResult);
assertUsernameTokens(message, princ);
message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, princ);
SecurityContext sc = message.get(SecurityContext.class);
if (sc == null || sc.getUserPrincipal() == null) {
Subject subject = createSubject(princ.getName(), princ.getPassword(),
princ.isPasswordDigest(), princ.getNonce(), princ.getCreatedTime());
message.put(SecurityContext.class,
createSecurityContext(princ, subject));
}
}
} catch (WSSecurityException ex) {
throw new Fault(ex);
}
}
child = DOMUtils.getNextElement(child);
}
}
