Exemplo n.º 1
0
 @Override
 protected void verifyPlaintextPassword(UsernameToken usernameToken, RequestData data)
     throws WSSecurityException {
   System.out.println("nom=" + usernameToken.getName());
   if (!usernameToken.getName().equalsIgnoreCase("remi")
       || !usernameToken.getPassword().equalsIgnoreCase("mdp")) {
     throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
   }
 }
  @Override
  public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
    UsernameToken usernameToken = credential.getUsernametoken();

    if (!"secret".equals(usernameToken.getPassword())) {
      throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
    }

    return credential;
  }
  /** Test a valid UsernameToken with password digest */
  @org.junit.Test
  public void testValidUsernameTokenDigest() throws Exception {
    TokenValidator usernameTokenValidator = new UsernameTokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();

    // Create a ValidateTarget consisting of a UsernameToken
    UsernameTokenType usernameToken = new UsernameTokenType();
    AttributedString username = new AttributedString();
    username.setValue("alice");
    usernameToken.setUsername(username);
    JAXBElement<UsernameTokenType> tokenType =
        new JAXBElement<UsernameTokenType>(
            QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken);

    // Create a WSS4J UsernameToken
    Document doc = DOMUtils.createDocument();
    UsernameToken ut = new UsernameToken(true, doc, WSConstants.PASSWORD_DIGEST);
    ut.setName("alice");
    ut.setPassword("clarinet");
    ut.addNonce(doc);
    ut.addCreated(true, doc);

    // Add a password
    PasswordString password = new PasswordString();
    password.setValue(ut.getPassword());
    password.setType(WSConstants.PASSWORD_DIGEST);
    JAXBElement<PasswordString> passwordType =
        new JAXBElement<PasswordString>(QNameConstants.PASSWORD, PasswordString.class, password);
    usernameToken.getAny().add(passwordType);

    // Add a nonce
    EncodedString nonce = new EncodedString();
    nonce.setValue(ut.getNonce());
    nonce.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
    JAXBElement<EncodedString> nonceType =
        new JAXBElement<EncodedString>(QNameConstants.NONCE, EncodedString.class, nonce);
    usernameToken.getAny().add(nonceType);

    // Add Created value
    String created = ut.getCreated();
    Element createdElement = doc.createElementNS(WSConstants.WSU_NS, "Created");
    createdElement.setAttributeNS(WSConstants.XMLNS_NS, "xmlns", WSConstants.WSU_NS);
    createdElement.setTextContent(created);
    usernameToken.getAny().add(createdElement);

    ReceivedToken validateTarget = new ReceivedToken(tokenType);
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);

    assertTrue(usernameTokenValidator.canHandleToken(validateTarget));

    TokenValidatorResponse validatorResponse =
        usernameTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.VALID);

    Principal principal = validatorResponse.getPrincipal();
    assertTrue(principal != null && principal.getName() != null);

    // Expected failure on a bad password
    password.setValue("badpassword");
    validatorResponse = usernameTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
  }