1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.validate;
21
22 import javax.security.auth.Subject;
23 import javax.security.auth.callback.CallbackHandler;
24 import javax.security.auth.login.LoginContext;
25 import javax.security.auth.login.LoginException;
26
27 import org.apache.wss4j.dom.WSConstants;
28 import org.apache.wss4j.common.NamePasswordCallbackHandler;
29 import org.apache.wss4j.common.ext.WSSecurityException;
30 import org.apache.wss4j.dom.handler.RequestData;
31 import org.apache.wss4j.dom.message.token.UsernameToken;
32
33
34
35
36
37
38
39 public class JAASUsernameTokenValidator implements Validator {
40
41 private static final org.slf4j.Logger LOG =
42 org.slf4j.LoggerFactory.getLogger(JAASUsernameTokenValidator.class);
43
44 private String contextName;
45
46 public void setContextName(String name) {
47 contextName = name;
48 }
49
50 public String getContextName() {
51 return contextName;
52 }
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68 public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
69 if (credential == null || credential.getUsernametoken() == null) {
70 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
71 }
72
73 String user = null;
74 String password = null;
75
76 UsernameToken usernameToken = credential.getUsernametoken();
77
78 user = usernameToken.getName();
79 String pwType = usernameToken.getPasswordType();
80 LOG.debug("UsernameToken user {}", usernameToken.getName());
81 LOG.debug("UsernameToken password type {}", pwType);
82
83 if (usernameToken.isHashed()) {
84 LOG.warn("Authentication failed as hashed username token not supported");
85 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
86 }
87
88 password = usernameToken.getPassword();
89
90 if (!WSConstants.PASSWORD_TEXT.equals(pwType)) {
91 LOG.warn("Password type " + pwType + " not supported");
92 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
93 }
94
95 if (!(user != null && user.length() > 0 && password != null && password.length() > 0)) {
96 LOG.warn("User or password empty");
97 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
98 }
99
100 try {
101 CallbackHandler handler = getCallbackHandler(user, password);
102 LoginContext ctx = new LoginContext(getContextName(), handler);
103 ctx.login();
104 Subject subject = ctx.getSubject();
105 credential.setSubject(subject);
106
107 } catch (LoginException ex) {
108 LOG.info("Authentication failed", ex);
109 throw new WSSecurityException(
110 WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, ex
111 );
112 }
113
114 return credential;
115
116 }
117
118 protected CallbackHandler getCallbackHandler(String name, String password) {
119 return new NamePasswordCallbackHandler(name, password);
120 }
121
122 }