import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; ... Map<String,Object> inProps = new HashMap<String,Object>(); ... // how to configure the properties is outlined below; WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps); cxfEndpoint.getInInterceptors().add(wssIn); Map<String,Object> outProps = new HashMap<String,Object>(); outProps.put("action", "UsernameToken Timestamp"); outProps.put("passwordType", "PasswordDigest"); //remove this line if want to use plain text password outProps.put("user", "abcd"); outProps.put("passwordCallbackClass", "demo.wssec.client.UTPasswordCallback"); WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); cxfEndpoint.getOutInterceptors().add(wssOut);
@Bean(name = "wssforjInInterceptor") public WSS4JInInterceptor wssforjInInterceptor() { // Configure how we ask for username and password Map<String, Object> props = new HashMap<>(); props.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN); props.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); // Password callback props.put(WSHandlerConstants.PW_CALLBACK_REF, passwordCallbackHandler()); // Validator registration Map<QName, Object> validators = new HashMap<>(); String WSS_WSSECURITY_SECEXT_1_0_XSD = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; QName qName = new QName(WSS_WSSECURITY_SECEXT_1_0_XSD, WSHandlerConstants.USERNAME_TOKEN, ""); validators.put(qName, usernameTokenValidator()); props.put(WSS4JInInterceptor.VALIDATOR_MAP, validators); WSS4JInInterceptor wss4jInInterceptor = new WSS4JInInterceptor(props); return wss4jInInterceptor; }
public WSS4JInInterceptor create() { return new WSS4JInInterceptor(getAndDestroyMap()); } }
public WSS4JInInterceptor create() { return new WSS4JInInterceptor(getAndDestroyMap()); } }
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "dummy_value"); // Only necessary to avoid NPE WSS4JInInterceptor wssIn = new WSS4JInInterceptor(inProps) { @Override protected Crypto loadCryptoFromPropertiesFile(String propFilename, RequestData reqData)
@Override protected Interceptor buildInInterceptor() { final Map<String, Object> props = new HashMap<>(); props.put("action", "Timestamp"); return new WSS4JInInterceptor(props); }
@Override protected Interceptor buildInInterceptor() { final Map<String, Object> props = new HashMap<>(); props.put("action", "UsernameToken"); props.put("passwordCallbackClass", ServerPasswordCallback.class.getName()); return new WSS4JInInterceptor(props); }
private void addSecurityInterceptors(Client client, List<SecurityStrategyCxfAdapter> securityStrategies) { Map<String, Object> requestProps = buildSecurityProperties(securityStrategies, SecurityStrategyType.OUTGOING); if (!requestProps.isEmpty()) { client.getOutInterceptors().add(new WSS4JOutInterceptor(requestProps)); } Map<String, Object> responseProps = buildSecurityProperties(securityStrategies, SecurityStrategyType.INCOMING); if (!responseProps.isEmpty()) { client.getInInterceptors().add(new WSS4JInInterceptor(responseProps)); } }
@Override protected Interceptor buildInInterceptor() { final Map<String, Object> props = new HashMap<>(); props.put("action", "Signature"); final String signaturePropRefId = "serverInSecurityProperties"; props.put("signaturePropRefId", signaturePropRefId); final Properties securityProperties = new Properties(); securityProperties.put("org.apache.ws.security.crypto.merlin.truststore.type", "jks"); securityProperties.put("org.apache.ws.security.crypto.merlin.truststore.password", "mulepassword"); securityProperties.put("org.apache.ws.security.crypto.merlin.truststore.file", "security/trustStore"); props.put(signaturePropRefId, securityProperties); return new WSS4JInInterceptor(props); }
public static final void setupWSS4JChain(final InterceptorProvider endpoint, final Map<String, Object> inProps, final Map<String, Object> outProps) { if (null != inProps && !inProps.isEmpty()) { endpoint.getInInterceptors().add(new SAAJInInterceptor()); endpoint.getInInterceptors().add(new WSS4JInInterceptor(inProps)); // if WS Security is used with a JAX-WS handler (See EjbInterceptor), we have to deal with mustUnderstand flag // in WS Security headers. So, let's add an interceptor endpoint.getInInterceptors().add(new WSSPassThroughInterceptor()); } if (null != outProps && !outProps.isEmpty()) { endpoint.getOutInterceptors().add(new SAAJOutInterceptor()); endpoint.getOutInterceptors().add(new WSS4JOutInterceptor(outProps)); } }
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(wss4jInProps); cxfEndpoint.getInInterceptors().add(wssIn);
@Override protected Interceptor buildInInterceptor() { final Map<String, Object> props = new HashMap<>(); props.put("action", "Encrypt"); props.put("passwordCallbackClass", EncryptPasswordCallback.class.getName()); final String decryptionPropRefId = "securityProperties"; props.put("decryptionPropRefId", decryptionPropRefId); final Properties securityProperties = new Properties(); securityProperties.put("org.apache.ws.security.crypto.provider", Merlin.class.getName()); securityProperties.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks"); securityProperties.put("org.apache.ws.security.crypto.merlin.keystore.password", "changeit"); securityProperties.put("org.apache.ws.security.crypto.merlin.keystore.private.password", "changeit"); securityProperties.put("org.apache.ws.security.crypto.merlin.keystore.alias", "s1as"); securityProperties.put("org.apache.ws.security.crypto.merlin.keystore.file", "security/ssltest-keystore.jks"); props.put(decryptionPropRefId, securityProperties); return new WSS4JInInterceptor(props); }
public static final void setupWSS4JChain(InterceptorProvider endpoint, Map<String, Object> inProps, Map<String, Object> outProps) { if (null != inProps && !inProps.isEmpty()) { endpoint.getInInterceptors().add(new SAAJInInterceptor()); endpoint.getInInterceptors().add(new WSS4JInInterceptor(inProps)); // if WS Security is used with a JAX-WS handler (See EjbInterceptor), we have to deal with mustUnderstand flag // in WS Security headers. So, let's add an interceptor endpoint.getInInterceptors().add(new WSSPassThroughInterceptor()); } if (null != outProps && !outProps.isEmpty()) { endpoint.getOutInterceptors().add(new SAAJOutInterceptor()); endpoint.getOutInterceptors().add(new WSS4JOutInterceptor(outProps)); } }
private void setSecurityConfig(ServerFactoryBean sfb) { if(wsSecurity != null) { if(wsSecurity.getCustomValidator() != null && !wsSecurity.getCustomValidator().isEmpty()) { for(Map.Entry<String, Object> entry : wsSecurity.getCustomValidator().entrySet()) { properties.put(entry.getKey(), entry.getValue()); } } if(wsSecurity.getSecurityManager() != null) { properties.put(SecurityConstants.USERNAME_TOKEN_VALIDATOR, wsSecurity.getSecurityManager()); } if(wsSecurity.getConfigProperties() != null && !wsSecurity.getConfigProperties().isEmpty()) { sfb.getInInterceptors().add(new WSS4JInInterceptor(wsSecurity.getConfigProperties())); // CXF changed the way it validates SAML subject confirmation from 2.5.x to 2.7.x // see https://issues.apache.org/jira/browse/CXF-4655 // In order to keep backwards compatibility we use the previous approach String actionProperty = (String) wsSecurity.getConfigProperties().get(WSHandlerConstants.ACTION); if (!StringUtils.isEmpty(actionProperty) && actionProperty.contains(WSHandlerConstants.SAML_TOKEN_UNSIGNED)) { properties.put("ws-security.validate.saml.subject.conf", false); } } } }
protected void run() { Object implementor = new DoubleItImpl(); String address = "http://localhost:" + PORT + "/DoubleItUsernameToken3"; EndpointImpl jaxWsEndpoint = (EndpointImpl)Endpoint.publish(address, implementor); Map<String, Object> properties = new HashMap<>(); properties.put("action", "UsernameToken"); properties.put("passwordCallbackClass", "org.apache.cxf.systest.ws.common.UTPasswordCallback"); WSS4JInInterceptor wss4jInInterceptor = new WSS4JInInterceptor(properties); jaxWsEndpoint.getServer().getEndpoint().getInInterceptors().add(wss4jInInterceptor); } }
protected void run() { Bus bus = BusFactory.getDefaultBus(); setBus(bus); Map<String, Object> inProperties = new HashMap<>(); inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED); inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new KeystorePasswordCallback()); inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "bob.properties"); WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties); bus.getInInterceptors().add(inInterceptor); broker.updateWsdl(bus, "testutils/jms_test.wsdl"); Endpoint.publish(null, new SecurityGreeterImplTwoWayJMS()); }
cxfBuilder.getInInterceptors().add(new WSS4JInInterceptor(inConfigProperties));
soapServiceDefinition.getServiceNameSpaceURI(), serviceDefinition.getServiceName()); properties.put(WSHandlerConstants.PW_CALLBACK_REF, authenticationHandler); svrFactory.getInInterceptors().add(new WSS4JInInterceptor(properties)); svrFactory.getInInterceptors().add(new SAAJInInterceptor()); } else {
ep.getInInterceptors().add(new WSS4JInInterceptor(credential.getResponsePropterties()));