|
Apache CXF example source code file (CustomUsernameTokenInterceptor.java)
The Apache CXF CustomUsernameTokenInterceptor.java source code/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.cxf.systest.ws.wssec10.server; import javax.security.auth.Subject; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.common.security.SimpleGroup; import org.apache.cxf.common.security.SimplePrincipal; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor; import org.apache.ws.security.message.token.UsernameToken; public class CustomUsernameTokenInterceptor extends UsernameTokenInterceptor { protected Subject createSubject(String name, String password, boolean isDigest, String nonce, String created) throws SecurityException { Subject subject = new Subject(); // delegate to the external security system if possible // authenticate the user somehow subject.getPrincipals().add(new SimplePrincipal(name)); // add roles this user is in String roleName = "Alice".equals(name) ? "developers" : "pms"; String expectedPassword = "Alice".equals(name) ? "ecilA" : UsernameToken.doPasswordDigest(nonce, created, "knarF"); if (!password.equals(expectedPassword)) { throw new SecurityException("Wrong Password"); } subject.getPrincipals().add(new SimpleGroup(roleName, name)); subject.setReadOnly(); return subject; } public void handleMessage(SoapMessage message) throws Fault { message.put(SecurityConstants.VALIDATE_PASSWORD, Boolean.FALSE); super.handleMessage(message); } // or, if needed // protected WSUsernameTokenPrincipal getPrincipal(Element tokenElement, SoapMessage message) // throws WSSecurityException { // return super.parseTokenAndCreatePrincipal(tokenElement); //} } Other Apache CXF examples (source code examples)Here is a short list of links related to this Apache CXF CustomUsernameTokenInterceptor.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.