Package org.apache.wss4j.policy.model

Examples of org.apache.wss4j.policy.model.KerberosToken

52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
                               AbstractToken abstractToken) throws WSSPolicyException {
        if (!(tokenSecurityEvent instanceof KerberosTokenSecurityEvent)) {
            throw new WSSPolicyException("Expected a KerberosTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
        }

        KerberosToken kerberosToken = (KerberosToken) abstractToken;
        KerberosTokenSecurityEvent kerberosTokenSecurityEvent = (KerberosTokenSecurityEvent) tokenSecurityEvent;
        KerberosServiceSecurityToken kerberosServiceSecurityToken = kerberosTokenSecurityEvent.getSecurityToken();

        if (kerberosToken.getIssuerName() != null &&
            !kerberosToken.getIssuerName().equals(kerberosTokenSecurityEvent.getIssuerName())) {
            setErrorMessage("IssuerName in Policy (" + kerberosToken.getIssuerName() + ") didn't match with the one in the IssuedToken (" + kerberosTokenSecurityEvent.getIssuerName() + ")");
            return false;
        }
        if (kerberosToken.isRequireKeyIdentifierReference() &&
                !WSSecurityTokenConstants.KeyIdentifier_EmbeddedKeyIdentifierRef.equals(kerberosServiceSecurityToken.getKeyIdentifier())) {
            setErrorMessage("Policy enforces KeyIdentifierReference but we got " + kerberosServiceSecurityToken.getKeyIdentifier());
            return false;
        }
        if (kerberosToken.getApReqTokenType() != null) {
            switch (kerberosToken.getApReqTokenType()) {
                case WssKerberosV5ApReqToken11:
                    if (!kerberosTokenSecurityEvent.isKerberosV5ApReqToken11()) {
                        setErrorMessage("Policy enforces " + kerberosToken.getApReqTokenType());
                        return false;
                    }
                    break;
                case WssGssKerberosV5ApReqToken11:
                    if (!kerberosTokenSecurityEvent.isGssKerberosV5ApReqToken11()) {
                        setErrorMessage("Policy enforces " + kerberosToken.getApReqTokenType());
                        return false;
                    }
                    break;
            }
        }
View Full Code Here
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
    public KerberosTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted,
                                       PolicyAsserter policyAsserter, boolean initiator) {
        super(assertion, asserted, policyAsserter, initiator);
       
        if (asserted) {
            KerberosToken token = (KerberosToken) getAssertion();
            String namespace = token.getName().getNamespaceURI();
            if (token.isRequireKeyIdentifierReference()) {
                getPolicyAsserter().assertPolicy(new QName(namespace, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE));
            }
            if (token.getApReqTokenType() != null) {
                getPolicyAsserter().assertPolicy(new QName(namespace, token.getApReqTokenType().name()));
            }
        }
    }
View Full Code Here
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
                               AbstractToken abstractToken) throws WSSPolicyException {
        if (!(tokenSecurityEvent instanceof KerberosTokenSecurityEvent)) {
            throw new WSSPolicyException("Expected a KerberosTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
        }

        KerberosToken kerberosToken = (KerberosToken) abstractToken;
        KerberosTokenSecurityEvent kerberosTokenSecurityEvent = (KerberosTokenSecurityEvent) tokenSecurityEvent;
        KerberosServiceSecurityToken kerberosServiceSecurityToken = kerberosTokenSecurityEvent.getSecurityToken();

        if (kerberosToken.getIssuerName() != null &&
            !kerberosToken.getIssuerName().equals(kerberosTokenSecurityEvent.getIssuerName())) {
            setErrorMessage("IssuerName in Policy (" + kerberosToken.getIssuerName() + ") didn't match with the one in the IssuedToken (" + kerberosTokenSecurityEvent.getIssuerName() + ")");
            getPolicyAsserter().unassertPolicy(getAssertion(), getErrorMessage());
            return false;
        }
       
        String namespace = getAssertion().getName().getNamespaceURI();
        if (kerberosToken.isRequireKeyIdentifierReference()) {
            if (!WSSecurityTokenConstants.KeyIdentifier_EmbeddedKeyIdentifierRef.equals(kerberosServiceSecurityToken.getKeyIdentifier())) {
                setErrorMessage("Policy enforces KeyIdentifierReference but we got " + kerberosServiceSecurityToken.getKeyIdentifier());
                getPolicyAsserter().unassertPolicy(new QName(namespace, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE),
                                                 getErrorMessage());
                return false;
            } else {
                getPolicyAsserter().assertPolicy(new QName(namespace, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE));
            }
        }
        if (kerberosToken.getApReqTokenType() != null) {
            switch (kerberosToken.getApReqTokenType()) {
                case WssKerberosV5ApReqToken11:
                    if (!kerberosTokenSecurityEvent.isKerberosV5ApReqToken11()) {
                        setErrorMessage("Policy enforces " + kerberosToken.getApReqTokenType());
                        getPolicyAsserter().unassertPolicy(new QName(namespace, "WssKerberosV5ApReqToken11"),
                                                           getErrorMessage());
                        return false;
                    }
                    getPolicyAsserter().assertPolicy(new QName(namespace, "WssKerberosV5ApReqToken11"));
                    break;
                case WssGssKerberosV5ApReqToken11:
                    if (!kerberosTokenSecurityEvent.isGssKerberosV5ApReqToken11()) {
                        setErrorMessage("Policy enforces " + kerberosToken.getApReqTokenType());
                        getPolicyAsserter().unassertPolicy(new QName(namespace, "WssGssKerberosV5ApReqToken11"),
                                                           getErrorMessage());
                        return false;
                    }
                    getPolicyAsserter().assertPolicy(new QName(namespace, "WssGssKerberosV5ApReqToken11"));
View Full Code Here
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
        final Element nestedPolicyElement = SPUtils.getFirstPolicyChildElement(element);
        if (nestedPolicyElement == null) {
            throw new IllegalArgumentException("sp:KerberosToken must have an inner wsp:Policy element");
        }
        final Policy nestedPolicy = factory.getPolicyEngine().getPolicy(nestedPolicyElement);
        KerberosToken kerberosToken = new KerberosToken(
                spVersion,
                spVersion.getSPConstants().getInclusionFromAttributeValue(includeTokenValue),
                issuer,
                issuerName,
                claims,
                nestedPolicy
        );
        kerberosToken.setOptional(SPUtils.isOptional(element));
        kerberosToken.setIgnorable(SPUtils.isIgnorable(element));
        return kerberosToken;
    }
View Full Code Here
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
        int count = 0;
        while (alternativeIterator.hasNext()) {
            List<Assertion> alternative = alternativeIterator.next();
            assertEquals(1, alternative.size());
            assertTrue(alternative.get(0) instanceof KerberosToken);
            KerberosToken kerberosToken = (KerberosToken) alternative.get(0);
            assertFalse(kerberosToken.isNormalized());
            assertTrue(kerberosToken.isIgnorable());
            assertTrue(kerberosToken.isOptional());
            assertEquals(Constants.TYPE_ASSERTION, kerberosToken.getType());
            assertEquals(SP12Constants.KERBEROS_TOKEN, kerberosToken.getName());
            assertEquals(KerberosToken.ApReqTokenType.WssKerberosV5ApReqToken11, kerberosToken.getApReqTokenType());
            count++;
        }
        assertEquals(1, count);

        policy = policy.normalize(true);
        serializedPolicy = serializePolicy(policy);
        assertXMLisEqual(serializedPolicy, normalizedPolicyReferenceFile);

        alternativeIterator = policy.getAlternatives();
        List<Assertion> alternative = alternativeIterator.next();
        assertEquals(0, alternative.size());

        List<PolicyComponent> policyComponents = policy.getPolicyComponents();
        assertEquals(1, policyComponents.size());
        PolicyOperator policyOperator = (PolicyOperator) policyComponents.get(0);
        policyComponents = policyOperator.getPolicyComponents();
        assertEquals(2, policyComponents.size());
        All all = (All) policyComponents.get(0);
        List<PolicyComponent> policyComponentsAll = all.getAssertions();
        assertEquals(0, policyComponentsAll.size());

        all = (All) policyComponents.get(1);
        policyComponentsAll = all.getAssertions();
        assertEquals(1, policyComponentsAll.size());

        Iterator<PolicyComponent> policyComponentIterator = policyComponentsAll.iterator();
        KerberosToken kerberosToken = (KerberosToken) policyComponentIterator.next();
        assertTrue(kerberosToken.isNormalized());
        assertTrue(kerberosToken.isIgnorable());
        assertFalse(kerberosToken.isOptional());
        assertEquals(Constants.TYPE_ASSERTION, kerberosToken.getType());
        assertEquals(SP12Constants.KERBEROS_TOKEN, kerberosToken.getName());
        assertEquals(KerberosToken.ApReqTokenType.WssKerberosV5ApReqToken11, kerberosToken.getApReqTokenType());
    }
View Full Code Here
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
                               AbstractToken abstractToken) throws WSSPolicyException {
        if (!(tokenSecurityEvent instanceof KerberosTokenSecurityEvent)) {
            throw new WSSPolicyException("Expected a KerberosTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
        }

        KerberosToken kerberosToken = (KerberosToken) abstractToken;
        KerberosTokenSecurityEvent kerberosTokenSecurityEvent = (KerberosTokenSecurityEvent) tokenSecurityEvent;
        KerberosServiceSecurityToken kerberosServiceSecurityToken = kerberosTokenSecurityEvent.getSecurityToken();

        if (kerberosToken.getIssuerName() != null &&
            !kerberosToken.getIssuerName().equals(kerberosTokenSecurityEvent.getIssuerName())) {
            setErrorMessage("IssuerName in Policy (" + kerberosToken.getIssuerName() + ") didn't match with the one in the IssuedToken (" + kerberosTokenSecurityEvent.getIssuerName() + ")");
            return false;
        }
        if (kerberosToken.isRequireKeyIdentifierReference() &&
                !WSSecurityTokenConstants.KeyIdentifier_EmbeddedKeyIdentifierRef.equals(kerberosServiceSecurityToken.getKeyIdentifier())) {
            setErrorMessage("Policy enforces KeyIdentifierReference but we got " + kerberosServiceSecurityToken.getKeyIdentifier());
            return false;
        }
        if (kerberosToken.getApReqTokenType() != null) {
            switch (kerberosToken.getApReqTokenType()) {
                case WssKerberosV5ApReqToken11:
                    if (!kerberosTokenSecurityEvent.isKerberosV5ApReqToken11()) {
                        setErrorMessage("Policy enforces " + kerberosToken.getApReqTokenType());
                        return false;
                    }
                    break;
                case WssGssKerberosV5ApReqToken11:
                    if (!kerberosTokenSecurityEvent.isGssKerberosV5ApReqToken11()) {
                        setErrorMessage("Policy enforces " + kerberosToken.getApReqTokenType());
                        return false;
                    }
                    break;
            }
        }
View Full Code Here
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
        AssertionInfoMap aim,
        Collection<AssertionInfo> ais,
        KerberosSecurity kerberosToken
    ) {
        for (AssertionInfo ai : ais) {
            KerberosToken kerberosTokenPolicy = (KerberosToken)ai.getAssertion();
            ai.setAsserted(true);
           
            if (!isTokenRequired(kerberosTokenPolicy, message)) {
                assertPolicy(
                    aim,
                    new QName(kerberosTokenPolicy.getVersion().getNamespace(),
                              "WssKerberosV5ApReqToken11")
                );
                assertPolicy(
                    aim,
                    new QName(kerberosTokenPolicy.getVersion().getNamespace(),
                              "WssGssKerberosV5ApReqToken11")
                );
                continue;
            }
           
View Full Code Here
161
162
163
164
165
166
167
168
169
170
171
            assertSpnegoContextToken(scToken);
        } else if (token instanceof IssuedToken) {
            IssuedToken issuedToken = (IssuedToken)token;
            assertIssuedToken(issuedToken);
        } else if (token instanceof KerberosToken) {
            KerberosToken kerberosToken = (KerberosToken)token;
            assertKerberosToken(kerberosToken);
        } else if (token instanceof SamlToken) {
            SamlToken samlToken = (SamlToken)token;
            assertSamlToken(samlToken);
        }
View Full Code Here
163
164
165
166
167
168
169
170
171
172
173
            assertSpnegoContextToken(scToken);
        } else if (token instanceof IssuedToken) {
            IssuedToken issuedToken = (IssuedToken)token;
            assertIssuedToken(issuedToken);
        } else if (token instanceof KerberosToken) {
            KerberosToken kerberosToken = (KerberosToken)token;
            assertKerberosToken(kerberosToken);
        } else if (token instanceof SamlToken) {
            SamlToken samlToken = (SamlToken)token;
            assertSamlToken(samlToken);
        }
View Full Code Here
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
        AssertionInfoMap aim,
        Collection<AssertionInfo> ais,
        KerberosSecurity kerberosToken
    ) {
        for (AssertionInfo ai : ais) {
            KerberosToken kerberosTokenPolicy = (KerberosToken)ai.getAssertion();
            ai.setAsserted(true);
           
            if (!isTokenRequired(kerberosTokenPolicy, message)) {
                assertPolicy(
                    aim,
                    new QName(kerberosTokenPolicy.getVersion().getNamespace(),
                              "WssKerberosV5ApReqToken11")
                );
                assertPolicy(
                    aim,
                    new QName(kerberosTokenPolicy.getVersion().getNamespace(),
                              "WssGssKerberosV5ApReqToken11")
                );
                continue;
            }
           
View Full Code Here
TOP

Related Classes of org.apache.wss4j.policy.model.KerberosToken

  • org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler
  • org.apache.cxf.ws.security.wss4j.policyvalidators.KerberosTokenPolicyValidator
  • org.apache.neethi.Assertion
  • org.apache.wss4j.policy.builders.KerberosTokenBuilder
  • org.apache.wss4j.policy.stax.assertionStates.KerberosTokenAssertionState
  • org.apache.wss4j.policy.tests.KerberosTokenTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.