You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2013/02/14 15:51:34 UTC
svn commit: r1446218 -
/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/validate/UsernameTokenValidatorImpl.java
Author: coheigea
Date: Thu Feb 14 14:51:34 2013
New Revision: 1446218
URL: http://svn.apache.org/r1446218
Log:
Some refactoring of the stax UsernameTokenValidator
Modified:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/validate/UsernameTokenValidatorImpl.java
Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/validate/UsernameTokenValidatorImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/validate/UsernameTokenValidatorImpl.java?rev=1446218&r1=1446217&r2=1446218&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/validate/UsernameTokenValidatorImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/ws/security/stax/validate/UsernameTokenValidatorImpl.java Thu Feb 14 14:51:34 2013
@@ -79,7 +79,6 @@ public class UsernameTokenValidatorImpl
final AttributedDateTime attributedDateTimeCreated =
XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_wsu_Created);
- // TODO revisit this once we add in Validators
if (usernameTokenPasswordType == WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST) {
if (encodedNonce == null || attributedDateTimeCreated == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badTokenType01");
@@ -108,72 +107,22 @@ public class UsernameTokenValidatorImpl
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
- WSPasswordCallback pwCb = new WSPasswordCallback(username.getValue(),
- null,
- passwordType.getType(),
- WSPasswordCallback.Usage.USERNAME_TOKEN);
- try {
- WSSUtils.doPasswordCallback(tokenContext.getWssSecurityProperties().getCallbackHandler(), pwCb);
- } catch (WSSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
- }
-
- if (pwCb.getPassword() == null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
- }
-
- String passDigest = WSSUtils.doPasswordDigest(nonceVal, created, pwCb.getPassword());
- if (!passwordType.getValue().equals(passDigest)) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
- }
- passwordType.setValue(pwCb.getPassword());
+ verifyDigestPassword(username.getValue(), passwordType, nonceVal, created, tokenContext);
} else if ((usernameTokenPasswordType == WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT)
|| (passwordType != null && passwordType.getValue() != null
&& usernameTokenPasswordType == WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE)) {
nonceVal = null;
created = null;
- WSPasswordCallback pwCb = new WSPasswordCallback(username.getValue(),
- null,
- passwordType.getType(),
- WSPasswordCallback.Usage.USERNAME_TOKEN);
- try {
- WSSUtils.doPasswordCallback(tokenContext.getWssSecurityProperties().getCallbackHandler(), pwCb);
- } catch (WSSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
- }
-
- if (pwCb.getPassword() == null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
- }
-
- if (!passwordType.getValue().equals(pwCb.getPassword())) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
- }
- passwordType.setValue(pwCb.getPassword());
- } else if (passwordType != null && passwordType.getValue() != null && usernameTokenPasswordType == null) {
+
+ verifyPlaintextPassword(username.getValue(), passwordType, tokenContext);
+ } else if (passwordType != null && passwordType.getValue() != null) {
if (!handleCustomPasswordTypes) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
}
nonceVal = null;
created = null;
- WSPasswordCallback pwCb = new WSPasswordCallback(username.getValue(),
- null,
- passwordType.getType(),
- WSPasswordCallback.Usage.USERNAME_TOKEN);
- try {
- WSSUtils.doPasswordCallback(tokenContext.getWssSecurityProperties().getCallbackHandler(), pwCb);
- } catch (WSSecurityException e) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
- }
-
- if (pwCb.getPassword() == null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
- }
-
- if (!passwordType.getValue().equals(pwCb.getPassword())) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
- }
- passwordType.setValue(pwCb.getPassword());
+
+ verifyCustomPassword(username.getValue(), passwordType, tokenContext);
} else {
if (!allowUsernameTokenNoPassword) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
@@ -198,4 +147,75 @@ public class UsernameTokenValidatorImpl
return usernameSecurityToken;
}
+
+ /**
+ * Verify a UsernameToken containing a password digest.
+ */
+ protected void verifyDigestPassword(
+ String username,
+ PasswordString passwordType,
+ byte[] nonceVal,
+ String created,
+ TokenContext tokenContext
+ ) throws WSSecurityException {
+ WSPasswordCallback pwCb = new WSPasswordCallback(username,
+ null,
+ passwordType.getType(),
+ WSPasswordCallback.Usage.USERNAME_TOKEN);
+ try {
+ WSSUtils.doPasswordCallback(tokenContext.getWssSecurityProperties().getCallbackHandler(), pwCb);
+ } catch (WSSecurityException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
+ }
+
+ if (pwCb.getPassword() == null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
+ }
+
+ String passDigest = WSSUtils.doPasswordDigest(nonceVal, created, pwCb.getPassword());
+ if (!passwordType.getValue().equals(passDigest)) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
+ }
+ passwordType.setValue(pwCb.getPassword());
+ }
+
+ /**
+ * Verify a UsernameToken containing a plaintext password.
+ */
+ protected void verifyPlaintextPassword(
+ String username,
+ PasswordString passwordType,
+ TokenContext tokenContext
+ ) throws WSSecurityException {
+ WSPasswordCallback pwCb = new WSPasswordCallback(username,
+ null,
+ passwordType.getType(),
+ WSPasswordCallback.Usage.USERNAME_TOKEN);
+ try {
+ WSSUtils.doPasswordCallback(tokenContext.getWssSecurityProperties().getCallbackHandler(), pwCb);
+ } catch (WSSecurityException e) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
+ }
+
+ if (pwCb.getPassword() == null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
+ }
+
+ if (!passwordType.getValue().equals(pwCb.getPassword())) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
+ }
+ passwordType.setValue(pwCb.getPassword());
+ }
+
+ /**
+ * Verify a UsernameToken containing a password of some unknown (but specified) password
+ * type.
+ */
+ protected void verifyCustomPassword(
+ String username,
+ PasswordString passwordType,
+ TokenContext tokenContext
+ ) throws WSSecurityException {
+ verifyPlaintextPassword(username, passwordType, tokenContext);
+ }
}