コード例 #1
0
  private boolean isAllowNoPassword(AssertionInfoMap aim) throws WSSecurityException {
    Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);

    if (!ais.isEmpty()) {
      for (AssertionInfo ai : ais) {
        UsernameToken policy = (UsernameToken) ai.getAssertion();
        if (policy.getPasswordType() == UsernameToken.PasswordType.NoPassword) {
          return true;
        }
      }
    }

    return false;
  }
コード例 #2
0
  private UsernameToken assertTokens(
      SoapMessage message, UsernameTokenPrincipal princ, boolean signed) {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
    UsernameToken tok = null;
    for (AssertionInfo ai : ais) {
      tok = (UsernameToken) ai.getAssertion();
      ai.setAsserted(true);
      if ((tok.getPasswordType() == UsernameToken.PasswordType.HashPassword)
          && (princ == null || !princ.isPasswordDigest())) {
        ai.setNotAsserted("Password hashing policy not enforced");
      } else {
        assertPolicy(aim, SPConstants.HASH_PASSWORD);
      }

      if ((tok.getPasswordType() != UsernameToken.PasswordType.NoPassword)
          && isNonEndorsingSupportingToken(tok)
          && (princ == null || princ.getPassword() == null)) {
        ai.setNotAsserted("Username Token No Password supplied");
      } else {
        assertPolicy(aim, SPConstants.NO_PASSWORD);
      }

      if (tok.isCreated() && princ.getCreatedTime() == null) {
        ai.setNotAsserted("No Created Time");
      } else {
        assertPolicy(aim, SP13Constants.CREATED);
      }

      if (tok.isNonce() && princ.getNonce() == null) {
        ai.setNotAsserted("No Nonce");
      } else {
        assertPolicy(aim, SP13Constants.NONCE);
      }
    }

    assertPolicy(aim, SPConstants.USERNAME_TOKEN10);
    assertPolicy(aim, SPConstants.USERNAME_TOKEN11);
    assertPolicy(aim, SPConstants.SUPPORTING_TOKENS);

    if (signed || isTLSInUse(message)) {
      assertPolicy(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
    }
    return tok;
  }
コード例 #3
0
 /**
  * Return true if this UsernameToken policy is a (non-endorsing)SupportingToken. If this is true
  * then the corresponding UsernameToken must have a password element.
  */
 private boolean isNonEndorsingSupportingToken(
     org.apache.wss4j.policy.model.UsernameToken usernameTokenPolicy) {
   AbstractSecurityAssertion supportingToken = usernameTokenPolicy.getParentAssertion();
   if (supportingToken instanceof SupportingTokens
       && ((SupportingTokens) supportingToken).isEndorsing()) {
     return false;
   }
   return true;
 }
コード例 #4
0
  protected WSSecUsernameToken addUsernameToken(SoapMessage message, UsernameToken token) {
    String userName = (String) message.getContextualProperty(SecurityConstants.USERNAME);
    WSSConfig wssConfig = (WSSConfig) message.getContextualProperty(WSSConfig.class.getName());
    if (wssConfig == null) {
      wssConfig = WSSConfig.getNewInstance();
    }

    if (!StringUtils.isEmpty(userName)) {
      // If NoPassword property is set we don't need to set the password
      if (token.getPasswordType() == UsernameToken.PasswordType.NoPassword) {
        WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
        utBuilder.setUserInfo(userName, null);
        utBuilder.setPasswordType(null);
        return utBuilder;
      }

      String password = (String) message.getContextualProperty(SecurityConstants.PASSWORD);
      if (StringUtils.isEmpty(password)) {
        password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN, message);
      }

      if (!StringUtils.isEmpty(password)) {
        // If the password is available then build the token
        WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
        if (token.getPasswordType() == UsernameToken.PasswordType.HashPassword) {
          utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
        } else {
          utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
        }

        utBuilder.setUserInfo(userName, password);
        return utBuilder;
      } else {
        policyNotAsserted(token, "No username available", message);
      }
    } else {
      policyNotAsserted(token, "No username available", message);
    }
    return null;
  }