1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.action;
21
22 import org.apache.wss4j.common.SecurityActionToken;
23 import org.apache.wss4j.common.ext.WSPasswordCallback;
24 import org.apache.wss4j.common.ext.WSSecurityException;
25 import org.apache.wss4j.dom.handler.RequestData;
26 import org.apache.wss4j.dom.handler.WSHandler;
27 import org.w3c.dom.Element;
28
29 import javax.security.auth.callback.Callback;
30 import javax.security.auth.callback.CallbackHandler;
31
32 public class CustomTokenAction implements Action {
33
34 public void execute(WSHandler handler, SecurityActionToken actionToken, RequestData reqData)
35 throws WSSecurityException {
36 CallbackHandler callbackHandler = reqData.getCallbackHandler();
37 if (callbackHandler == null) {
38 callbackHandler = handler.getPasswordCallbackHandler(reqData);
39 }
40
41 if (callbackHandler == null) {
42 throw new WSSecurityException(
43 WSSecurityException.ErrorCode.FAILURE, "noCallback"
44 );
45 }
46
47 WSPasswordCallback wsPasswordCallback =
48 new WSPasswordCallback(reqData.getUsername(), WSPasswordCallback.CUSTOM_TOKEN);
49
50 try {
51 callbackHandler.handle(new Callback[]{wsPasswordCallback});
52 } catch (Exception e) {
53 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e,
54 "empty", new Object[]{"WSHandler: password callback failed"});
55 }
56
57 Element customToken = wsPasswordCallback.getCustomToken();
58 if (customToken == null) {
59 throw new WSSecurityException(
60 WSSecurityException.ErrorCode.FAILURE, "resourceNotFound", new Object[]{"CustomToken"}
61 );
62 }
63
64 try {
65 Element securityHeader = reqData.getSecHeader().getSecurityHeaderElement();
66
67 customToken = (Element) securityHeader.getOwnerDocument().importNode(customToken, true);
68
69 securityHeader.appendChild(customToken);
70 } catch (Exception e) {
71 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e,
72 "empty", new Object[] {"Error appending custom token"});
73 }
74 }
75 }