1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.stax.assertionStates;
20
21 import org.apache.wss4j.common.WSSPolicyException;
22 import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
23 import org.apache.wss4j.policy.model.AbstractToken;
24 import org.apache.wss4j.policy.model.SpnegoContextToken;
25 import org.apache.wss4j.policy.stax.PolicyAsserter;
26 import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
27 import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
28 import org.apache.xml.security.stax.securityToken.SecurityToken;
29 import org.apache.wss4j.stax.securityEvent.SecurityContextTokenSecurityEvent;
30 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
31
32
33
34
35
36 public class SpnegoContextTokenAssertionState extends TokenAssertionState {
37
38 public SpnegoContextTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted,
39 PolicyAsserter policyAsserter, boolean initiator) {
40 super(assertion, asserted, policyAsserter, initiator);
41
42 if (asserted) {
43 getPolicyAsserter().assertPolicy(getAssertion());
44 }
45 }
46
47 @Override
48 public SecurityEventConstants.Event[] getSecurityEventType() {
49 return new SecurityEventConstants.Event[]{
50 WSSecurityEventConstants.SECURITY_CONTEXT_TOKEN
51 };
52 }
53
54 @Override
55 public boolean assertToken(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent,
56 AbstractToken abstractToken) throws WSSPolicyException {
57 if (!(tokenSecurityEvent instanceof SecurityContextTokenSecurityEvent)) {
58 throw new WSSPolicyException("Expected a SecurityContextTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
59 }
60
61 SpnegoContextToken spnegoContextToken = (SpnegoContextToken) abstractToken;
62 SecurityContextTokenSecurityEvent spnegoContextTokenSecurityEvent = (SecurityContextTokenSecurityEvent) tokenSecurityEvent;
63 if (spnegoContextToken.getIssuerName() != null
64 && !spnegoContextToken.getIssuerName().equals(spnegoContextTokenSecurityEvent.getIssuerName())) {
65 setErrorMessage("IssuerName in Policy (" + spnegoContextToken.getIssuerName()
66 + ") didn't match with the one in the IssuedToken ("
67 + spnegoContextTokenSecurityEvent.getIssuerName() + ")");
68 getPolicyAsserter().unassertPolicy(getAssertion(), getErrorMessage());
69 return false;
70 }
71
72
73
74
75 getPolicyAsserter().assertPolicy(getAssertion());
76 return true;
77 }
78 }