本文整理汇总了Java中org.apache.ws.security.message.WSSecUsernameToken.setUserInfo方法的典型用法代码示例。如果您正苦于以下问题:Java WSSecUsernameToken.setUserInfo方法的具体用法?Java WSSecUsernameToken.setUserInfo怎么用?Java WSSecUsernameToken.setUserInfo使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.apache.ws.security.message.WSSecUsernameToken的用法示例。
在下文中一共展示了WSSecUsernameToken.setUserInfo方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: createUserNameToken
import org.apache.ws.security.message.WSSecUsernameToken; //导入方法依赖的package包/类
private SOAPMessage createUserNameToken(Document soapEnvelopeRequest) throws IOException, SOAPException, TransformerException {
WSSecHeader wsSecHeader = new WSSecHeader(null, false);
wsSecHeader.insertSecurityHeader(soapEnvelopeRequest);
WSSecUsernameToken wsSecUsernameToken = new WSSecUsernameToken();
wsSecUsernameToken.setUserInfo(this.username, this.password);
wsSecUsernameToken.prepare(soapEnvelopeRequest);
wsSecUsernameToken.addCreated();
wsSecUsernameToken.addNonce();
Document secSOAPReqDoc = wsSecUsernameToken.build(soapEnvelopeRequest, wsSecHeader);
Element element = secSOAPReqDoc.getDocumentElement();
DOMSource source = new DOMSource(element);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
StreamResult streamResult = new StreamResult(baos);
TransformerFactory.newInstance().newTransformer().transform(source, streamResult);
String secSOAPReq = new String(baos.toByteArray());
SOAPMessage res = new org.apache.axis.soap.MessageFactoryImpl().createMessage(null, new ByteArrayInputStream(secSOAPReq.getBytes()));
return res;
}
示例2: testUsernameTokenCustomFail
import org.apache.ws.security.message.WSSecUsernameToken; //导入方法依赖的package包/类
/**
* Test with a null token type. This will fail as the default is to reject custom
* token types.
*/
public void testUsernameTokenCustomFail() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(null);
builder.setUserInfo("wernerd", null);
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Text:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
try {
verify(signedDoc);
throw new Exception("Custom token types are not permitted");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
// expected
}
}
示例3: testUsernameTokenBadText
import org.apache.ws.security.message.WSSecUsernameToken; //导入方法依赖的package包/类
/**
* Test that adds a UserNameToken with (bad) password text to a WS-Security envelope
*/
public void testUsernameTokenBadText() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
builder.setUserInfo("wernerd", "verySecre");
LOG.info("Before adding UsernameToken PW Text....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Text:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
LOG.info("After adding UsernameToken PW Text....");
try {
verify(signedDoc);
throw new Exception("Failure expected on a bad password text");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
// expected
}
}
示例4: testUsernameTokenDigestText
import org.apache.ws.security.message.WSSecUsernameToken; //导入方法依赖的package包/类
/**
* Test that adds a UserNameToken with a digested password but with type of
* password test.
*/
public void testUsernameTokenDigestText() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
byte[] password = "verySecret".getBytes();
MessageDigest sha = MessageDigest.getInstance("MD5");
sha.reset();
sha.update(password);
String passwdDigest = Base64.encode(sha.digest());
builder.setUserInfo("wernerd", passwdDigest);
LOG.info("Before adding UsernameToken PW Text....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Text:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
}
示例5: testUsernameTokenCustomPass
import org.apache.ws.security.message.WSSecUsernameToken; //导入方法依赖的package包/类
/**
* Test with a null password type. This will pass as the WSSConfig is configured to
* handle custom token types.
*/
public void testUsernameTokenCustomPass() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(null);
builder.setUserInfo("customUser", null);
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Text:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
//
// Configure so that custom token types are accepted
//
WSSConfig cfg = WSSConfig.getNewInstance();
cfg.setHandleCustomPasswordTypes(true);
secEngine.setWssConfig(cfg);
verify(signedDoc);
//
// Go back to default for other tests
//
cfg.setHandleCustomPasswordTypes(false);
secEngine.setWssConfig(cfg);
}
示例6: handleOutboundMessage
import org.apache.ws.security.message.WSSecUsernameToken; //导入方法依赖的package包/类
private void handleOutboundMessage(SOAPMessageContext context)
throws SOAPException, WSSecurityException {
LOG.debug("adding WS-Security header");
SOAPMessage soapMessage = context.getMessage();
SOAPPart soapPart = soapMessage.getSOAPPart();
WSSecHeader wsSecHeader = new WSSecHeader();
wsSecHeader.insertSecurityHeader(soapPart);
WSSecUsernameToken usernameToken = new WSSecUsernameToken();
usernameToken.setUserInfo(this.packageLicenseKey.getUsername(),
this.packageLicenseKey.getPassword());
usernameToken.setPasswordType(WSConstants.PASSWORD_TEXT);
usernameToken.prepare(soapPart);
usernameToken.prependToHeader(wsSecHeader);
WSSecTimestamp wsSecTimeStamp = new WSSecTimestamp();
wsSecTimeStamp.build(soapPart, wsSecHeader);
WSSecurityCrypto crypto = new WSSecurityCrypto(this.sessionKey);
WSSConfig wssConfig = new WSSConfig();
wssConfig.setWsiBSPCompliant(false);
WSSecSignature sign = new WSSecSignature(wssConfig);
sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
sign.prepare(soapPart, crypto, wsSecHeader);
sign.appendBSTElementToHeader(wsSecHeader);
Vector<WSEncryptionPart> signParts = new Vector<>();
signParts.add(new WSEncryptionPart(wsSecTimeStamp.getId()));
signParts.add(new WSEncryptionPart(usernameToken.getId()));
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(soapPart
.getDocumentElement());
signParts.add(new WSEncryptionPart(soapConstants.getBodyQName()
.getLocalPart(), soapConstants.getEnvelopeURI(), "Content"));
sign.addReferencesToSign(signParts, wsSecHeader);
List<Reference> referenceList = sign.addReferencesToSign(signParts,
wsSecHeader);
sign.computeSignature(referenceList, false, null);
}
示例7: execute
import org.apache.ws.security.message.WSSecUsernameToken; //导入方法依赖的package包/类
public void execute(WSHandler handler, int actionToDo, Document doc, RequestData reqData)
throws WSSecurityException {
// Always call the callback for the username. We mis-use the configured password callback class and callback methods for this.
String providedUsername = reqData.getUsername();
WSPasswordCallback callbackData = handler.getPassword(reqData.getUsername(),
actionToDo,
WSHandlerConstants.PW_CALLBACK_CLASS,
WSHandlerConstants.PW_CALLBACK_REF, reqData);
providedUsername = callbackData.getIdentifier();
String password = callbackData.getPassword();
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setWsConfig(reqData.getWssConfig());
builder.setPasswordType(reqData.getPwType());
builder.setPasswordsAreEncoded(reqData.getWssConfig().getPasswordsAreEncoded());
builder.setUserInfo(providedUsername, password);
if (reqData.getUtElements() != null && reqData.getUtElements().length > 0) {
for (int j = 0; j < reqData.getUtElements().length; j++) {
reqData.getUtElements()[j].trim();
if (reqData.getUtElements()[j].equals("Nonce")) {
builder.addNonce();
}
if (reqData.getUtElements()[j].equals("Created")) {
builder.addCreated();
}
reqData.getUtElements()[j] = null;
}
}
builder.build(doc, reqData.getSecHeader());
}
示例8: testUsernameTokenSigning
import org.apache.ws.security.message.WSSecUsernameToken; //导入方法依赖的package包/类
/**
* Test the specific signing method that use UsernameToken values
* <p/>
*
* @throws java.lang.Exception Thrown when there is any problem in signing or verification
*/
public void testUsernameTokenSigning() throws Exception {
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
builder.setUserInfo("wernerd", "verySecret");
builder.addCreated();
builder.addNonce();
builder.prepare(doc);
WSSecSignature sign = new WSSecSignature();
sign.setUsernameToken(builder);
sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
LOG.info("Before signing with UT text....");
sign.build(doc, null, secHeader);
LOG.info("Before adding UsernameToken PW Text....");
builder.prependToHeader(secHeader);
Document signedDoc = doc;
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Text:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
LOG.info("After adding UsernameToken PW Text....");
verify(signedDoc);
}
示例9: testUsernameTokenSigningDigest
import org.apache.ws.security.message.WSSecUsernameToken; //导入方法依赖的package包/类
/**
* Test the specific signing method that use UsernameToken values
* <p/>
*
* @throws java.lang.Exception Thrown when there is any problem in signing or verification
*/
public void testUsernameTokenSigningDigest() throws Exception {
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(WSConstants.PASSWORD_DIGEST);
builder.setUserInfo("wernerd", "verySecret");
builder.addCreated();
builder.addNonce();
builder.prepare(doc);
WSSecSignature sign = new WSSecSignature();
sign.setUsernameToken(builder);
sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
LOG.info("Before signing with UT digest....");
sign.build(doc, null, secHeader);
LOG.info("Before adding UsernameToken PW Digest....");
builder.prependToHeader(secHeader);
Document signedDoc = doc;
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Digest:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
LOG.info("After adding UsernameToken PW Digest....");
verify(signedDoc);
}
示例10: testBadUserSignature
import org.apache.ws.security.message.WSSecUsernameToken; //导入方法依赖的package包/类
/**
* Test using a UsernameToken derived key for signing a SOAP body. In this test the
* user is "alice" rather than "bob", and so signature verification should fail.
*/
public void testBadUserSignature() throws Exception {
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setUserInfo("alice", "security");
builder.addDerivedKey(true, null, 1000);
builder.prepare(doc);
WSSecSignature sign = new WSSecSignature();
sign.setUsernameToken(builder);
sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
Document signedDoc = sign.build(doc, null, secHeader);
builder.prependToHeader(secHeader);
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
if (LOG.isDebugEnabled()) {
LOG.debug(outputString);
}
try {
verify(signedDoc);
throw new Exception("Failure expected on a bad derived signature");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
// expected
}
}
示例11: testDerivedKeyEncryption
import org.apache.ws.security.message.WSSecUsernameToken; //导入方法依赖的package包/类
/**
* Test using a UsernameToken derived key for encrypting a SOAP body
*/
public void testDerivedKeyEncryption() throws Exception {
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setUserInfo("bob", "security");
builder.addDerivedKey(false, null, 1000);
builder.prepare(doc);
byte[] derivedKey = builder.getDerivedKey();
assertTrue(derivedKey.length == 20);
String tokenIdentifier = builder.getId();
//
// Derived key encryption
//
WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
encrBuilder.setExternalKey(derivedKey, tokenIdentifier);
Document encryptedDoc = encrBuilder.build(doc, secHeader);
builder.prependToHeader(secHeader);
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
assertTrue(outputString.indexOf("wsse:Username") != -1);
assertTrue(outputString.indexOf("wsse:Password") == -1);
assertTrue(outputString.indexOf("wsse11:Salt") != -1);
assertTrue(outputString.indexOf("wsse11:Iteration") != -1);
assertTrue(outputString.indexOf("testMethod") == -1);
if (LOG.isDebugEnabled()) {
LOG.debug(outputString);
}
verify(encryptedDoc);
}
示例12: testDerivedKeyBadUserSignature
import org.apache.ws.security.message.WSSecUsernameToken; //导入方法依赖的package包/类
/**
* Test using a UsernameToken derived key for signing a SOAP body. In this test the
* user is "alice" rather than "bob", and so signature verification should fail.
*/
public void testDerivedKeyBadUserSignature() throws Exception {
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setUserInfo("alice", "security");
builder.addDerivedKey(true, null, 1000);
builder.prepare(doc);
byte[] derivedKey = builder.getDerivedKey();
assertTrue(derivedKey.length == 20);
String tokenIdentifier = builder.getId();
//
// Derived key signature
//
WSSecDKSign sigBuilder = new WSSecDKSign();
sigBuilder.setExternalKey(derivedKey, tokenIdentifier);
sigBuilder.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
Document signedDoc = sigBuilder.build(doc, secHeader);
builder.prependToHeader(secHeader);
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
if (LOG.isDebugEnabled()) {
LOG.debug(outputString);
}
try {
verify(signedDoc);
throw new Exception("Failure expected on a bad derived signature");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
// expected
}
}
示例13: testUsernameTokenWithEncodedPassword
import org.apache.ws.security.message.WSSecUsernameToken; //导入方法依赖的package包/类
/**
* Test that adds a UserNameToken with password Digest to a WS-Security envelope
*/
public void testUsernameTokenWithEncodedPassword() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordsAreEncoded(true);
builder.setUserInfo("wernerd", Base64.encode(MessageDigest.getInstance("SHA-1").digest("verySecret".getBytes("UTF-8"))));
LOG.info("Before adding UsernameToken PW Digest....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Digest:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
LOG.info("After adding UsernameToken PW Digest....");
boolean passwordsAreEnabledOrig = WSSecurityEngine.getInstance().getWssConfig().getPasswordsAreEncoded();
try {
WSSecurityEngine.getInstance().getWssConfig().setPasswordsAreEncoded(true);
verify(signedDoc);
} finally {
WSSecurityEngine.getInstance().getWssConfig().setPasswordsAreEncoded(passwordsAreEnabledOrig);
}
}
示例14: testUsernameTokenBadUsername
import org.apache.ws.security.message.WSSecUsernameToken; //导入方法依赖的package包/类
/**
* Test that a bad username with password digest does not leak whether the username
* is valid or not - see WSS-141.
*/
public void testUsernameTokenBadUsername() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setUserInfo("badusername", "verySecret");
LOG.info("Before adding UsernameToken PW Digest....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Digest:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
LOG.info("After adding UsernameToken PW Digest....");
try {
verify(signedDoc);
throw new Exception("Failure expected on a bad username");
} catch (WSSecurityException ex) {
String message = ex.getMessage();
assertTrue(message.indexOf("badusername") == -1);
assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
// expected
}
}
示例15: testNullNonce
import org.apache.ws.security.message.WSSecUsernameToken; //导入方法依赖的package包/类
/**
* A test for WSS-66 - the nonce string is null
* http://issues.apache.org/jira/browse/WSS-66
* "Possible security hole when PasswordDigest is used by client."
*/
public void testNullNonce() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(WSConstants.PASSWORD_DIGEST);
builder.setUserInfo("wernerd", "BAD_PASSWORD");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document utDoc = builder.build(doc, secHeader);
//
// Manually find the Nonce node and set the content to null
//
org.w3c.dom.Element elem = builder.getUsernameTokenElement();
org.w3c.dom.NodeList list = elem.getElementsByTagName("wsse:Nonce");
org.w3c.dom.Node nonceNode = list.item(0);
org.w3c.dom.Node childNode = nonceNode.getFirstChild();
childNode.setNodeValue("");
if (LOG.isDebugEnabled()) {
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(utDoc);
LOG.debug(outputString);
}
try {
//
// Verification should fail as the password is bad
//
verify(utDoc);
throw new Exception("Expected failure due to a bad password");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
// expected
}
}