本文整理汇总了Java中org.apache.ws.security.message.WSSecUsernameToken类的典型用法代码示例。如果您正苦于以下问题:Java WSSecUsernameToken类的具体用法?Java WSSecUsernameToken怎么用?Java WSSecUsernameToken使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
WSSecUsernameToken类属于org.apache.ws.security.message包,在下文中一共展示了WSSecUsernameToken类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: createUserNameToken
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
private SOAPMessage createUserNameToken(Document soapEnvelopeRequest) throws IOException, SOAPException, TransformerException {
WSSecHeader wsSecHeader = new WSSecHeader(null, false);
wsSecHeader.insertSecurityHeader(soapEnvelopeRequest);
WSSecUsernameToken wsSecUsernameToken = new WSSecUsernameToken();
wsSecUsernameToken.setUserInfo(this.username, this.password);
wsSecUsernameToken.prepare(soapEnvelopeRequest);
wsSecUsernameToken.addCreated();
wsSecUsernameToken.addNonce();
Document secSOAPReqDoc = wsSecUsernameToken.build(soapEnvelopeRequest, wsSecHeader);
Element element = secSOAPReqDoc.getDocumentElement();
DOMSource source = new DOMSource(element);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
StreamResult streamResult = new StreamResult(baos);
TransformerFactory.newInstance().newTransformer().transform(source, streamResult);
String secSOAPReq = new String(baos.toByteArray());
SOAPMessage res = new org.apache.axis.soap.MessageFactoryImpl().createMessage(null, new ByteArrayInputStream(secSOAPReq.getBytes()));
return res;
}
开发者ID:GovernIB,项目名称:helium,代码行数:24,代码来源:AfirmaSecurityHandler.java
示例2: testFailedAuthentication
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test for the wsse:FailedAuthentication faultcode. This will fail due to a bad password in
* the callback handler.
*/
public void testFailedAuthentication() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.addCreated();
builder.addNonce();
builder.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document timestampedDoc = builder.build(doc, secHeader);
try {
verify(timestampedDoc);
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == 5);
assertTrue(ex.getMessage().startsWith(
"The security token could not be authenticated or authorized"));
QName faultCode = new QName(WSConstants.WSSE_NS, "FailedAuthentication");
assertTrue(ex.getFaultCode().equals(faultCode));
}
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:26,代码来源:TestWSSecurityFaultCodes.java
示例3: testInvalidSecurityToken
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test for the wsse:InvalidSecurityToken faultcode. This will fail due to the fact
* that a null username is used.
*/
public void testInvalidSecurityToken() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.addCreated();
builder.addNonce();
builder.setUserInfo(null, "security");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
builder.build(doc, secHeader);
try {
new UsernameToken(doc.getDocumentElement());
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == 4);
assertTrue(ex.getMessage().startsWith(
"An invalid security token was provided"));
QName faultCode = new QName(WSConstants.WSSE_NS, "InvalidSecurityToken");
assertTrue(ex.getFaultCode().equals(faultCode));
}
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:26,代码来源:TestWSSecurityFaultCodes.java
示例4: testUsernameTokenDigest
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test that adds a UserNameToken with password Digest to a WS-Security envelope
*/
public void testUsernameTokenDigest() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setUserInfo("wernerd", "verySecret");
LOG.info("Before adding UsernameToken PW Digest....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Digest:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
LOG.info("After adding UsernameToken PW Digest....");
verify(signedDoc);
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:22,代码来源:TestWSSecurityNew5.java
示例5: testUsernameTokenBadDigest
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test that adds a UserNameToken with a bad password Digest to a WS-Security envelope
*/
public void testUsernameTokenBadDigest() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setUserInfo("wernerd", "verySecre");
LOG.info("Before adding UsernameToken PW Digest....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Digest:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
LOG.info("After adding UsernameToken PW Digest....");
try {
verify(signedDoc);
throw new Exception("Failure expected on a bad password digest");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
// expected
}
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:28,代码来源:TestWSSecurityNew5.java
示例6: testUsernameTokenText
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test that adds a UserNameToken with password text to a WS-Security envelope
*/
public void testUsernameTokenText() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
builder.setUserInfo("wernerd", "verySecret");
LOG.info("Before adding UsernameToken PW Text....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Text:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
LOG.info("After adding UsernameToken PW Text....");
verify(signedDoc);
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:22,代码来源:TestWSSecurityNew5.java
示例7: testUsernameTokenDigestText
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test that adds a UserNameToken with a digested password but with type of
* password test.
*/
public void testUsernameTokenDigestText() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
byte[] password = "verySecret".getBytes();
MessageDigest sha = MessageDigest.getInstance("MD5");
sha.reset();
sha.update(password);
String passwdDigest = Base64.encode(sha.digest());
builder.setUserInfo("wernerd", passwdDigest);
LOG.info("Before adding UsernameToken PW Text....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Text:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:27,代码来源:TestWSSecurityNew5.java
示例8: testUsernameTokenBadText
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test that adds a UserNameToken with (bad) password text to a WS-Security envelope
*/
public void testUsernameTokenBadText() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
builder.setUserInfo("wernerd", "verySecre");
LOG.info("Before adding UsernameToken PW Text....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Text:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
LOG.info("After adding UsernameToken PW Text....");
try {
verify(signedDoc);
throw new Exception("Failure expected on a bad password text");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
// expected
}
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:29,代码来源:TestWSSecurityNew5.java
示例9: testUsernameTokenNoPassword
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test that adds a UserNameToken with no password
*/
public void testUsernameTokenNoPassword() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(null);
builder.setUserInfo("wernerd", null);
LOG.info("Before adding UsernameToken with no password....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
try {
verify(signedDoc);
throw new Exception("Failure expected on no password");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
// expected
}
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:26,代码来源:TestWSSecurityNew5.java
示例10: testUsernameTokenEmptyPassword
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test that adds a UserNameToken with an empty password
*/
public void testUsernameTokenEmptyPassword() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
builder.setUserInfo("wernerd", "");
LOG.info("Before adding UsernameToken with an empty password....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
verify(signedDoc);
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:20,代码来源:TestWSSecurityNew5.java
示例11: testUsernameTokenCustomFail
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test with a null token type. This will fail as the default is to reject custom
* token types.
*/
public void testUsernameTokenCustomFail() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(null);
builder.setUserInfo("wernerd", null);
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Text:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
try {
verify(signedDoc);
throw new Exception("Custom token types are not permitted");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
// expected
}
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:29,代码来源:TestWSSecurityNew5.java
示例12: handleOutboundMessage
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
private void handleOutboundMessage(SOAPMessageContext context)
throws SOAPException, WSSecurityException {
LOG.debug("adding WS-Security header");
SOAPMessage soapMessage = context.getMessage();
SOAPPart soapPart = soapMessage.getSOAPPart();
WSSecHeader wsSecHeader = new WSSecHeader();
wsSecHeader.insertSecurityHeader(soapPart);
WSSecUsernameToken usernameToken = new WSSecUsernameToken();
usernameToken.setUserInfo(this.packageLicenseKey.getUsername(),
this.packageLicenseKey.getPassword());
usernameToken.setPasswordType(WSConstants.PASSWORD_TEXT);
usernameToken.prepare(soapPart);
usernameToken.prependToHeader(wsSecHeader);
WSSecTimestamp wsSecTimeStamp = new WSSecTimestamp();
wsSecTimeStamp.build(soapPart, wsSecHeader);
WSSecurityCrypto crypto = new WSSecurityCrypto(this.sessionKey);
WSSConfig wssConfig = new WSSConfig();
wssConfig.setWsiBSPCompliant(false);
WSSecSignature sign = new WSSecSignature(wssConfig);
sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
sign.prepare(soapPart, crypto, wsSecHeader);
sign.appendBSTElementToHeader(wsSecHeader);
Vector<WSEncryptionPart> signParts = new Vector<>();
signParts.add(new WSEncryptionPart(wsSecTimeStamp.getId()));
signParts.add(new WSEncryptionPart(usernameToken.getId()));
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(soapPart
.getDocumentElement());
signParts.add(new WSEncryptionPart(soapConstants.getBodyQName()
.getLocalPart(), soapConstants.getEnvelopeURI(), "Content"));
sign.addReferencesToSign(signParts, wsSecHeader);
List<Reference> referenceList = sign.addReferencesToSign(signParts,
wsSecHeader);
sign.computeSignature(referenceList, false, null);
}
开发者ID:e-Contract,项目名称:mycarenet,代码行数:39,代码来源:SecuritySOAPHandler.java
示例13: execute
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
public void execute(WSHandler handler, int actionToDo, Document doc, RequestData reqData)
throws WSSecurityException {
// Always call the callback for the username. We mis-use the configured password callback class and callback methods for this.
String providedUsername = reqData.getUsername();
WSPasswordCallback callbackData = handler.getPassword(reqData.getUsername(),
actionToDo,
WSHandlerConstants.PW_CALLBACK_CLASS,
WSHandlerConstants.PW_CALLBACK_REF, reqData);
providedUsername = callbackData.getIdentifier();
String password = callbackData.getPassword();
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setWsConfig(reqData.getWssConfig());
builder.setPasswordType(reqData.getPwType());
builder.setPasswordsAreEncoded(reqData.getWssConfig().getPasswordsAreEncoded());
builder.setUserInfo(providedUsername, password);
if (reqData.getUtElements() != null && reqData.getUtElements().length > 0) {
for (int j = 0; j < reqData.getUtElements().length; j++) {
reqData.getUtElements()[j].trim();
if (reqData.getUtElements()[j].equals("Nonce")) {
builder.addNonce();
}
if (reqData.getUtElements()[j].equals("Created")) {
builder.addCreated();
}
reqData.getUtElements()[j] = null;
}
}
builder.build(doc, reqData.getSecHeader());
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:33,代码来源:UsernameTokenAction.java
示例14: testUsernameTokenSigning
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test the specific signing method that use UsernameToken values
* <p/>
*
* @throws java.lang.Exception Thrown when there is any problem in signing or verification
*/
public void testUsernameTokenSigning() throws Exception {
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
builder.setUserInfo("wernerd", "verySecret");
builder.addCreated();
builder.addNonce();
builder.prepare(doc);
WSSecSignature sign = new WSSecSignature();
sign.setUsernameToken(builder);
sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
LOG.info("Before signing with UT text....");
sign.build(doc, null, secHeader);
LOG.info("Before adding UsernameToken PW Text....");
builder.prependToHeader(secHeader);
Document signedDoc = doc;
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Text:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
LOG.info("After adding UsernameToken PW Text....");
verify(signedDoc);
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:38,代码来源:TestWSSecurityNew13.java
示例15: testUsernameTokenSigningDigest
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test the specific signing method that use UsernameToken values
* <p/>
*
* @throws java.lang.Exception Thrown when there is any problem in signing or verification
*/
public void testUsernameTokenSigningDigest() throws Exception {
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(WSConstants.PASSWORD_DIGEST);
builder.setUserInfo("wernerd", "verySecret");
builder.addCreated();
builder.addNonce();
builder.prepare(doc);
WSSecSignature sign = new WSSecSignature();
sign.setUsernameToken(builder);
sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
LOG.info("Before signing with UT digest....");
sign.build(doc, null, secHeader);
LOG.info("Before adding UsernameToken PW Digest....");
builder.prependToHeader(secHeader);
Document signedDoc = doc;
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Digest:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
LOG.info("After adding UsernameToken PW Digest....");
verify(signedDoc);
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:38,代码来源:TestWSSecurityNew13.java
示例16: testDerivedKeyEncryption
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test using a UsernameToken derived key for encrypting a SOAP body
*/
public void testDerivedKeyEncryption() throws Exception {
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setUserInfo("bob", "security");
builder.addDerivedKey(false, null, 1000);
builder.prepare(doc);
byte[] derivedKey = builder.getDerivedKey();
assertTrue(derivedKey.length == 20);
String tokenIdentifier = builder.getId();
//
// Derived key encryption
//
WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
encrBuilder.setExternalKey(derivedKey, tokenIdentifier);
Document encryptedDoc = encrBuilder.build(doc, secHeader);
builder.prependToHeader(secHeader);
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(encryptedDoc);
assertTrue(outputString.indexOf("wsse:Username") != -1);
assertTrue(outputString.indexOf("wsse:Password") == -1);
assertTrue(outputString.indexOf("wsse11:Salt") != -1);
assertTrue(outputString.indexOf("wsse11:Iteration") != -1);
assertTrue(outputString.indexOf("testMethod") == -1);
if (LOG.isDebugEnabled()) {
LOG.debug(outputString);
}
verify(encryptedDoc);
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:42,代码来源:TestWSSecurityUTDK.java
示例17: testDerivedKeyBadUserSignature
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test using a UsernameToken derived key for signing a SOAP body. In this test the
* user is "alice" rather than "bob", and so signature verification should fail.
*/
public void testDerivedKeyBadUserSignature() throws Exception {
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setUserInfo("alice", "security");
builder.addDerivedKey(true, null, 1000);
builder.prepare(doc);
byte[] derivedKey = builder.getDerivedKey();
assertTrue(derivedKey.length == 20);
String tokenIdentifier = builder.getId();
//
// Derived key signature
//
WSSecDKSign sigBuilder = new WSSecDKSign();
sigBuilder.setExternalKey(derivedKey, tokenIdentifier);
sigBuilder.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
Document signedDoc = sigBuilder.build(doc, secHeader);
builder.prependToHeader(secHeader);
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
if (LOG.isDebugEnabled()) {
LOG.debug(outputString);
}
try {
verify(signedDoc);
throw new Exception("Failure expected on a bad derived signature");
} catch (WSSecurityException ex) {
assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
// expected
}
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:44,代码来源:TestWSSecurityUTDK.java
示例18: testUsernameTokenWithEncodedPassword
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test that adds a UserNameToken with password Digest to a WS-Security envelope
*/
public void testUsernameTokenWithEncodedPassword() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordsAreEncoded(true);
builder.setUserInfo("wernerd", Base64.encode(MessageDigest.getInstance("SHA-1").digest("verySecret".getBytes("UTF-8"))));
LOG.info("Before adding UsernameToken PW Digest....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Digest:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
LOG.info("After adding UsernameToken PW Digest....");
boolean passwordsAreEnabledOrig = WSSecurityEngine.getInstance().getWssConfig().getPasswordsAreEncoded();
try {
WSSecurityEngine.getInstance().getWssConfig().setPasswordsAreEncoded(true);
verify(signedDoc);
} finally {
WSSecurityEngine.getInstance().getWssConfig().setPasswordsAreEncoded(passwordsAreEnabledOrig);
}
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:30,代码来源:TestWSSecurityNew5.java
示例19: testUsernameTokenBadUsername
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test that a bad username with password digest does not leak whether the username
* is valid or not - see WSS-141.
*/
public void testUsernameTokenBadUsername() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setUserInfo("badusername", "verySecret");
LOG.info("Before adding UsernameToken PW Digest....");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Digest:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
LOG.info("After adding UsernameToken PW Digest....");
try {
verify(signedDoc);
throw new Exception("Failure expected on a bad username");
} catch (WSSecurityException ex) {
String message = ex.getMessage();
assertTrue(message.indexOf("badusername") == -1);
assertTrue(ex.getErrorCode() == WSSecurityException.FAILED_AUTHENTICATION);
// expected
}
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:31,代码来源:TestWSSecurityNew5.java
示例20: testUsernameTokenCustomPass
import org.apache.ws.security.message.WSSecUsernameToken; //导入依赖的package包/类
/**
* Test with a null password type. This will pass as the WSSConfig is configured to
* handle custom token types.
*/
public void testUsernameTokenCustomPass() throws Exception {
WSSecUsernameToken builder = new WSSecUsernameToken();
builder.setPasswordType(null);
builder.setUserInfo("customUser", null);
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, secHeader);
if (LOG.isDebugEnabled()) {
LOG.debug("Message with UserNameToken PW Text:");
String outputString =
org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
LOG.debug(outputString);
}
//
// Configure so that custom token types are accepted
//
WSSConfig cfg = WSSConfig.getNewInstance();
cfg.setHandleCustomPasswordTypes(true);
secEngine.setWssConfig(cfg);
verify(signedDoc);
//
// Go back to default for other tests
//
cfg.setHandleCustomPasswordTypes(false);
secEngine.setWssConfig(cfg);
}
开发者ID:wso2,项目名称:wso2-wss4j,代码行数:36,代码来源:TestWSSecurityNew5.java
注:本文中的org.apache.ws.security.message.WSSecUsernameToken类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论