• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

Java WSSecUsernameToken类代码示例

原作者: [db:作者] 来自: [db:来源] 收藏 邀请

本文整理汇总了Java中org.apache.ws.security.message.WSSecUsernameToken的典型用法代码示例。如果您正苦于以下问题:Java WSSecUsernameToken类的具体用法?Java WSSecUsernameToken怎么用?Java WSSecUsernameToken使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。



WSSecUsernameToken类属于org.apache.ws.security.message包,在下文中一共展示了WSSecUsernameToken类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。

示例1: createUserNameToken

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
private SOAPMessage createUserNameToken(Document soapEnvelopeRequest) throws IOException, SOAPException, TransformerException {
	WSSecHeader wsSecHeader = new WSSecHeader(null, false);
	wsSecHeader.insertSecurityHeader(soapEnvelopeRequest);
	
	WSSecUsernameToken wsSecUsernameToken = new WSSecUsernameToken();
	wsSecUsernameToken.setUserInfo(this.username, this.password);
	wsSecUsernameToken.prepare(soapEnvelopeRequest);
	wsSecUsernameToken.addCreated();
	wsSecUsernameToken.addNonce();

	Document secSOAPReqDoc = wsSecUsernameToken.build(soapEnvelopeRequest, wsSecHeader);
	Element element = secSOAPReqDoc.getDocumentElement();

	DOMSource source = new DOMSource(element);
	ByteArrayOutputStream baos = new ByteArrayOutputStream();
	StreamResult streamResult = new StreamResult(baos);
	TransformerFactory.newInstance().newTransformer().transform(source, streamResult);

	String secSOAPReq = new String(baos.toByteArray());
	SOAPMessage res = new org.apache.axis.soap.MessageFactoryImpl().createMessage(null, new ByteArrayInputStream(secSOAPReq.getBytes()));

	return res;
}
 
开发者ID:GovernIB,项目名称:helium,代码行数:24,代码来源:AfirmaSecurityHandler.java


示例2: testFailedAuthentication

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test for the wsse:FailedAuthentication faultcode. This will fail due to a bad password in
 * the callback handler.
 */
public void testFailedAuthentication() throws Exception {
    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.addCreated();
    builder.addNonce();
    builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
    
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);        
    Document timestampedDoc = builder.build(doc, secHeader);
    
    try {
        verify(timestampedDoc);
    } catch (WSSecurityException ex) {
        assertTrue(ex.getErrorCode() == 5);
        assertTrue(ex.getMessage().startsWith(
            "The security token could not be authenticated or authorized"));
        QName faultCode = new QName(WSConstants.WSSE_NS, "FailedAuthentication");
        assertTrue(ex.getFaultCode().equals(faultCode));
    }
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:26,代码来源:TestWSSecurityFaultCodes.java


示例3: testInvalidSecurityToken

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test for the wsse:InvalidSecurityToken faultcode. This will fail due to the fact
 * that a null username is used.
 */
public void testInvalidSecurityToken() throws Exception {
    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.addCreated();
    builder.addNonce();
    builder.setUserInfo(null, "security");
    
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);        
    builder.build(doc, secHeader);
    
    try {
        new UsernameToken(doc.getDocumentElement());
    } catch (WSSecurityException ex) {
        assertTrue(ex.getErrorCode() == 4);
        assertTrue(ex.getMessage().startsWith(
            "An invalid security token was provided"));
        QName faultCode = new QName(WSConstants.WSSE_NS, "InvalidSecurityToken");
        assertTrue(ex.getFaultCode().equals(faultCode));
    }
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:26,代码来源:TestWSSecurityFaultCodes.java


示例4: testUsernameTokenDigest

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test that adds a UserNameToken with password Digest to a WS-Security envelope
 */
public void testUsernameTokenDigest() throws Exception {
    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setUserInfo("wernerd", "verySecret");
    LOG.info("Before adding UsernameToken PW Digest....");
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document signedDoc = builder.build(doc, secHeader);

    if (LOG.isDebugEnabled()) {
        LOG.debug("Message with UserNameToken PW Digest:");
        String outputString = 
            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
        LOG.debug(outputString);
    }
    LOG.info("After adding UsernameToken PW Digest....");
    verify(signedDoc);
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:22,代码来源:TestWSSecurityNew5.java


示例5: testUsernameTokenBadDigest

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test that adds a UserNameToken with a bad password Digest to a WS-Security envelope
 */
public void testUsernameTokenBadDigest() throws Exception {
    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setUserInfo("wernerd", "verySecre");
    LOG.info("Before adding UsernameToken PW Digest....");
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document signedDoc = builder.build(doc, secHeader);

    if (LOG.isDebugEnabled()) {
        LOG.debug("Message with UserNameToken PW Digest:");
        String outputString = 
            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
        LOG.debug(outputString);
    }
    LOG.info("After adding UsernameToken PW Digest....");
    try {
        verify(signedDoc);
        throw new Exception("Failure expected on a bad password digest");
    } catch (WSSecurityException ex) {
        assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
        // expected
    }
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:28,代码来源:TestWSSecurityNew5.java


示例6: testUsernameTokenText

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test that adds a UserNameToken with password text to a WS-Security envelope
 */
public void testUsernameTokenText() throws Exception {
    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setPasswordType(WSConstants.PASSWORD_TEXT);
    builder.setUserInfo("wernerd", "verySecret");
    LOG.info("Before adding UsernameToken PW Text....");
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document signedDoc = builder.build(doc, secHeader);
    if (LOG.isDebugEnabled()) {
        LOG.debug("Message with UserNameToken PW Text:");
        String outputString = 
            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
        LOG.debug(outputString);
    }
    LOG.info("After adding UsernameToken PW Text....");
    verify(signedDoc);
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:22,代码来源:TestWSSecurityNew5.java


示例7: testUsernameTokenDigestText

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test that adds a UserNameToken with a digested password but with type of
 * password test.
 */
public void testUsernameTokenDigestText() throws Exception {
    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setPasswordType(WSConstants.PASSWORD_TEXT);
    byte[] password = "verySecret".getBytes();
    MessageDigest sha = MessageDigest.getInstance("MD5");
    sha.reset();
    sha.update(password);
    String passwdDigest = Base64.encode(sha.digest());
    
    builder.setUserInfo("wernerd", passwdDigest);
    LOG.info("Before adding UsernameToken PW Text....");
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document signedDoc = builder.build(doc, secHeader);
    if (LOG.isDebugEnabled()) {
        LOG.debug("Message with UserNameToken PW Text:");
        String outputString = 
            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
        LOG.debug(outputString);
    }
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:27,代码来源:TestWSSecurityNew5.java


示例8: testUsernameTokenBadText

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test that adds a UserNameToken with (bad) password text to a WS-Security envelope
 */
public void testUsernameTokenBadText() throws Exception {
    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setPasswordType(WSConstants.PASSWORD_TEXT);
    builder.setUserInfo("wernerd", "verySecre");
    LOG.info("Before adding UsernameToken PW Text....");
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document signedDoc = builder.build(doc, secHeader);
    if (LOG.isDebugEnabled()) {
        LOG.debug("Message with UserNameToken PW Text:");
        String outputString = 
            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
        LOG.debug(outputString);
    }
    LOG.info("After adding UsernameToken PW Text....");
    
    try {
        verify(signedDoc);
        throw new Exception("Failure expected on a bad password text");
    } catch (WSSecurityException ex) {
        assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
        // expected
    }
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:29,代码来源:TestWSSecurityNew5.java


示例9: testUsernameTokenNoPassword

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test that adds a UserNameToken with no password
 */
public void testUsernameTokenNoPassword() throws Exception {
    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setPasswordType(null);
    builder.setUserInfo("wernerd", null);
    LOG.info("Before adding UsernameToken with no password....");
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document signedDoc = builder.build(doc, secHeader);
    if (LOG.isDebugEnabled()) {
        String outputString = 
            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
        LOG.debug(outputString);
    }
    try {
        verify(signedDoc);
        throw new Exception("Failure expected on no password");
    } catch (WSSecurityException ex) {
        assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
        // expected
    }
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:26,代码来源:TestWSSecurityNew5.java


示例10: testUsernameTokenEmptyPassword

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test that adds a UserNameToken with an empty password
 */
public void testUsernameTokenEmptyPassword() throws Exception {
    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setPasswordType(WSConstants.PASSWORD_TEXT);
    builder.setUserInfo("wernerd", "");
    LOG.info("Before adding UsernameToken with an empty password....");
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document signedDoc = builder.build(doc, secHeader);
    if (LOG.isDebugEnabled()) {
        String outputString = 
            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
        LOG.debug(outputString);
    }
    verify(signedDoc);
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:20,代码来源:TestWSSecurityNew5.java


示例11: testUsernameTokenCustomFail

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test with a null token type. This will fail as the default is to reject custom
 * token types.
 */
public void testUsernameTokenCustomFail() throws Exception {
    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setPasswordType(null);
    builder.setUserInfo("wernerd", null);
    
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document signedDoc = builder.build(doc, secHeader);
    
    if (LOG.isDebugEnabled()) {
        LOG.debug("Message with UserNameToken PW Text:");
        String outputString = 
            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
        LOG.debug(outputString);
    }
    try {
        verify(signedDoc);
        throw new Exception("Custom token types are not permitted");
    } catch (WSSecurityException ex) {
        assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
        // expected
    }
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:29,代码来源:TestWSSecurityNew5.java


示例12: handleOutboundMessage

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
private void handleOutboundMessage(SOAPMessageContext context)
		throws SOAPException, WSSecurityException {
	LOG.debug("adding WS-Security header");
	SOAPMessage soapMessage = context.getMessage();
	SOAPPart soapPart = soapMessage.getSOAPPart();

	WSSecHeader wsSecHeader = new WSSecHeader();
	wsSecHeader.insertSecurityHeader(soapPart);

	WSSecUsernameToken usernameToken = new WSSecUsernameToken();
	usernameToken.setUserInfo(this.packageLicenseKey.getUsername(),
			this.packageLicenseKey.getPassword());
	usernameToken.setPasswordType(WSConstants.PASSWORD_TEXT);
	usernameToken.prepare(soapPart);
	usernameToken.prependToHeader(wsSecHeader);

	WSSecTimestamp wsSecTimeStamp = new WSSecTimestamp();
	wsSecTimeStamp.build(soapPart, wsSecHeader);

	WSSecurityCrypto crypto = new WSSecurityCrypto(this.sessionKey);
	WSSConfig wssConfig = new WSSConfig();
	wssConfig.setWsiBSPCompliant(false);
	WSSecSignature sign = new WSSecSignature(wssConfig);
	sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
	sign.prepare(soapPart, crypto, wsSecHeader);
	sign.appendBSTElementToHeader(wsSecHeader);
	Vector<WSEncryptionPart> signParts = new Vector<>();
	signParts.add(new WSEncryptionPart(wsSecTimeStamp.getId()));
	signParts.add(new WSEncryptionPart(usernameToken.getId()));
	SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(soapPart
			.getDocumentElement());
	signParts.add(new WSEncryptionPart(soapConstants.getBodyQName()
			.getLocalPart(), soapConstants.getEnvelopeURI(), "Content"));
	sign.addReferencesToSign(signParts, wsSecHeader);
	List<Reference> referenceList = sign.addReferencesToSign(signParts,
			wsSecHeader);
	sign.computeSignature(referenceList, false, null);
}
 
开发者ID:e-Contract,项目名称:mycarenet,代码行数:39,代码来源:SecuritySOAPHandler.java


示例13: execute

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
public void execute(WSHandler handler, int actionToDo, Document doc, RequestData reqData)
        throws WSSecurityException {
    
    // Always call the callback for the username. We mis-use the configured password callback class and callback methods for this.
    String providedUsername = reqData.getUsername();
    WSPasswordCallback callbackData = handler.getPassword(reqData.getUsername(),
                    actionToDo,
                    WSHandlerConstants.PW_CALLBACK_CLASS,
                    WSHandlerConstants.PW_CALLBACK_REF, reqData);
    providedUsername = callbackData.getIdentifier();
    String password = callbackData.getPassword();

    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setWsConfig(reqData.getWssConfig());
    builder.setPasswordType(reqData.getPwType());
    builder.setPasswordsAreEncoded(reqData.getWssConfig().getPasswordsAreEncoded());
    builder.setUserInfo(providedUsername, password);

    if (reqData.getUtElements() != null && reqData.getUtElements().length > 0) {
        for (int j = 0; j < reqData.getUtElements().length; j++) {
            reqData.getUtElements()[j].trim();
            if (reqData.getUtElements()[j].equals("Nonce")) {
                builder.addNonce();
            }
            if (reqData.getUtElements()[j].equals("Created")) {
                builder.addCreated();
            }
            reqData.getUtElements()[j] = null;
        }
    }
    builder.build(doc, reqData.getSecHeader());        
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:33,代码来源:UsernameTokenAction.java


示例14: testUsernameTokenSigning

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test the specific signing method that use UsernameToken values
 * <p/>
 * 
 * @throws java.lang.Exception Thrown when there is any problem in signing or verification
 */
public void testUsernameTokenSigning() throws Exception {
    Document doc = unsignedEnvelope.getAsDocument();

    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);

    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setPasswordType(WSConstants.PASSWORD_TEXT);
    builder.setUserInfo("wernerd", "verySecret");
    builder.addCreated();
    builder.addNonce();
    builder.prepare(doc);
    
    WSSecSignature sign = new WSSecSignature();
    sign.setUsernameToken(builder);
    sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
    sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
    LOG.info("Before signing with UT text....");
    sign.build(doc, null, secHeader);
    LOG.info("Before adding UsernameToken PW Text....");
    builder.prependToHeader(secHeader);
    Document signedDoc = doc;
    if (LOG.isDebugEnabled()) {
        LOG.debug("Message with UserNameToken PW Text:");
        String outputString = 
            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
        LOG.debug(outputString);
    }
    LOG.info("After adding UsernameToken PW Text....");
    verify(signedDoc);
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:38,代码来源:TestWSSecurityNew13.java


示例15: testUsernameTokenSigningDigest

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test the specific signing method that use UsernameToken values
 * <p/>
 * 
 * @throws java.lang.Exception Thrown when there is any problem in signing or verification
 */
public void testUsernameTokenSigningDigest() throws Exception {
    Document doc = unsignedEnvelope.getAsDocument();

    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);

    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setPasswordType(WSConstants.PASSWORD_DIGEST);
    builder.setUserInfo("wernerd", "verySecret");
    builder.addCreated();
    builder.addNonce();
    builder.prepare(doc);
    
    WSSecSignature sign = new WSSecSignature();
    sign.setUsernameToken(builder);
    sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
    sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
    LOG.info("Before signing with UT digest....");
    sign.build(doc, null, secHeader);
    LOG.info("Before adding UsernameToken PW Digest....");
    builder.prependToHeader(secHeader);
    Document signedDoc = doc;
    if (LOG.isDebugEnabled()) {
        LOG.debug("Message with UserNameToken PW Digest:");
        String outputString = 
            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
        LOG.debug(outputString);
    }
    LOG.info("After adding UsernameToken PW Digest....");
    verify(signedDoc);
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:38,代码来源:TestWSSecurityNew13.java


示例16: testDerivedKeyEncryption

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test using a UsernameToken derived key for encrypting a SOAP body
 */
public void testDerivedKeyEncryption() throws Exception {
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    
    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setUserInfo("bob", "security");
    builder.addDerivedKey(false, null, 1000);
    builder.prepare(doc);
    
    byte[] derivedKey = builder.getDerivedKey();
    assertTrue(derivedKey.length == 20);
    
    String tokenIdentifier = builder.getId();
    
    //
    // Derived key encryption
    //
    WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
    encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
    encrBuilder.setExternalKey(derivedKey, tokenIdentifier);
    Document encryptedDoc = encrBuilder.build(doc, secHeader);
    
    builder.prependToHeader(secHeader);
    
    String outputString = 
        org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
    assertTrue(outputString.indexOf("wsse:Username") != -1);
    assertTrue(outputString.indexOf("wsse:Password") == -1);
    assertTrue(outputString.indexOf("wsse11:Salt") != -1);
    assertTrue(outputString.indexOf("wsse11:Iteration") != -1);
    assertTrue(outputString.indexOf("testMethod") == -1);
    if (LOG.isDebugEnabled()) {
        LOG.debug(outputString);
    }
    
    verify(encryptedDoc);
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:42,代码来源:TestWSSecurityUTDK.java


示例17: testDerivedKeyBadUserSignature

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test using a UsernameToken derived key for signing a SOAP body. In this test the
 * user is "alice" rather than "bob", and so signature verification should fail.
 */
public void testDerivedKeyBadUserSignature() throws Exception {
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    
    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setUserInfo("alice", "security");
    builder.addDerivedKey(true, null, 1000);
    builder.prepare(doc);
    
    byte[] derivedKey = builder.getDerivedKey();
    assertTrue(derivedKey.length == 20);
    
    String tokenIdentifier = builder.getId();
    
    //
    // Derived key signature
    //
    WSSecDKSign sigBuilder = new WSSecDKSign();
    sigBuilder.setExternalKey(derivedKey, tokenIdentifier);
    sigBuilder.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
    Document signedDoc = sigBuilder.build(doc, secHeader);
    
    builder.prependToHeader(secHeader);
    
    String outputString = 
        org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
    if (LOG.isDebugEnabled()) {
        LOG.debug(outputString);
    }

    try {
        verify(signedDoc);
        throw new Exception("Failure expected on a bad derived signature");
    } catch (WSSecurityException ex) {
        assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
        // expected
    }
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:44,代码来源:TestWSSecurityUTDK.java


示例18: testUsernameTokenWithEncodedPassword

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test that adds a UserNameToken with password Digest to a WS-Security envelope
 */
public void testUsernameTokenWithEncodedPassword() throws Exception {
    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setPasswordsAreEncoded(true);
    builder.setUserInfo("wernerd", Base64.encode(MessageDigest.getInstance("SHA-1").digest("verySecret".getBytes("UTF-8"))));
    LOG.info("Before adding UsernameToken PW Digest....");
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document signedDoc = builder.build(doc, secHeader);

    if (LOG.isDebugEnabled()) {
        LOG.debug("Message with UserNameToken PW Digest:");
        String outputString = 
            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
        LOG.debug(outputString);
    }
    LOG.info("After adding UsernameToken PW Digest....");

    boolean passwordsAreEnabledOrig = WSSecurityEngine.getInstance().getWssConfig().getPasswordsAreEncoded();
    try {
        WSSecurityEngine.getInstance().getWssConfig().setPasswordsAreEncoded(true);
        verify(signedDoc);
    } finally {
        WSSecurityEngine.getInstance().getWssConfig().setPasswordsAreEncoded(passwordsAreEnabledOrig);
    }
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:30,代码来源:TestWSSecurityNew5.java


示例19: testUsernameTokenBadUsername

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test that a bad username with password digest does not leak whether the username
 * is valid or not - see WSS-141.
 */
public void testUsernameTokenBadUsername() throws Exception {
    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setUserInfo("badusername", "verySecret");
    LOG.info("Before adding UsernameToken PW Digest....");
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document signedDoc = builder.build(doc, secHeader);

    if (LOG.isDebugEnabled()) {
        LOG.debug("Message with UserNameToken PW Digest:");
        String outputString = 
            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
        LOG.debug(outputString);
    }
    LOG.info("After adding UsernameToken PW Digest....");
    try {
        verify(signedDoc);
        throw new Exception("Failure expected on a bad username");
    } catch (WSSecurityException ex) {
        String message = ex.getMessage();
        assertTrue(message.indexOf("badusername") == -1);
        assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
        // expected
    }
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:31,代码来源:TestWSSecurityNew5.java


示例20: testUsernameTokenCustomPass

import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
 * Test with a null password type. This will pass as the WSSConfig is configured to 
 * handle custom token types.
 */
public void testUsernameTokenCustomPass() throws Exception {
    WSSecUsernameToken builder = new WSSecUsernameToken();
    builder.setPasswordType(null);
    builder.setUserInfo("customUser", null);
    
    Document doc = unsignedEnvelope.getAsDocument();
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document signedDoc = builder.build(doc, secHeader);
    
    if (LOG.isDebugEnabled()) {
        LOG.debug("Message with UserNameToken PW Text:");
        String outputString = 
            org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
        LOG.debug(outputString);
    }
    
    //
    // Configure so that custom token types are accepted
    //
    WSSConfig cfg = WSSConfig.getNewInstance();
    cfg.setHandleCustomPasswordTypes(true);
    secEngine.setWssConfig(cfg);
    verify(signedDoc);
    
    //
    // Go back to default for other tests
    //
    cfg.setHandleCustomPasswordTypes(false);
    secEngine.setWssConfig(cfg);
}
 
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:36,代码来源:TestWSSecurityNew5.java



注:本文中的org.apache.ws.security.message.WSSecUsernameToken类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。


鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
Java FilePickerFragment类代码示例发布时间:2022-05-23
下一篇:
Java Dataset类代码示例发布时间:2022-05-23
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap