Examples with Lifetime org.apache.cxf.sts.request.Lifetime used on opensource projects

Search in sources :

Example 1 with Lifetime

use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.

the class DefaultConditionsProvider method getConditions.

/**
 * Get a ConditionsBean object.
 */
public ConditionsBean getConditions(TokenProviderParameters providerParameters) {
    ConditionsBean conditions = new ConditionsBean();
    Lifetime tokenLifetime = providerParameters.getTokenRequirements().getLifetime();
    if (lifetime > 0) {
        if (acceptClientLifetime && tokenLifetime != null && tokenLifetime.getCreated() != null && tokenLifetime.getExpires() != null) {
            Instant creationTime = null;
            Instant expirationTime = null;
            try {
                creationTime = ZonedDateTime.parse(tokenLifetime.getCreated()).toInstant();
                expirationTime = ZonedDateTime.parse(tokenLifetime.getExpires()).toInstant();
            } catch (DateTimeParseException ex) {
                LOG.fine("Error in parsing Timestamp Created or Expiration Strings");
                throw new STSException("Error in parsing Timestamp Created or Expiration Strings", STSException.INVALID_TIME);
            }
            // Check to see if the created time is in the future
            Instant validCreation = Instant.now();
            if (futureTimeToLive > 0) {
                validCreation = validCreation.plusSeconds(futureTimeToLive);
            }
            if (creationTime.isAfter(validCreation)) {
                LOG.fine("The Created Time is too far in the future");
                throw new STSException("The Created Time is too far in the future", STSException.INVALID_TIME);
            }
            long requestedLifetime = Duration.between(creationTime, expirationTime).getSeconds();
            if (requestedLifetime > getMaxLifetime()) {
                StringBuilder sb = new StringBuilder();
                sb.append("Requested lifetime [").append(requestedLifetime);
                sb.append(" sec] exceed configured maximum lifetime [").append(getMaxLifetime());
                sb.append(" sec]");
                LOG.warning(sb.toString());
                if (isFailLifetimeExceedance()) {
                    throw new STSException("Requested lifetime exceeds maximum lifetime", STSException.INVALID_TIME);
                }
                expirationTime = creationTime.plusSeconds(getMaxLifetime());
            }
            conditions.setNotAfter(expirationTime);
            conditions.setNotBefore(creationTime);
        } else {
            conditions.setTokenPeriodSeconds(lifetime);
        }
    } else {
        conditions.setTokenPeriodMinutes(5);
    }
    List<AudienceRestrictionBean> audienceRestrictions = createAudienceRestrictions(providerParameters);
    if (audienceRestrictions != null && !audienceRestrictions.isEmpty()) {
        conditions.setAudienceRestrictions(audienceRestrictions);
    }
    return conditions;
}
Also used : DateTimeParseException(java.time.format.DateTimeParseException) Lifetime(org.apache.cxf.sts.request.Lifetime) AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean) Instant(java.time.Instant) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) STSException(org.apache.cxf.ws.security.sts.provider.STSException)

Example 2 with Lifetime

use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.

the class JWTProviderLifetimeTest method testJWTFarFutureCreatedLifetime.

/**
 * Issue JWT token with a future Created Lifetime. This should fail as we only allow a future
 * dated Lifetime up to 60 seconds to avoid clock skew problems.
 */
@org.junit.Test
public void testJWTFarFutureCreatedLifetime() throws Exception {
    int requestedLifetime = 60;
    JWTTokenProvider tokenProvider = new JWTTokenProvider();
    DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
    claimsProvider.setAcceptClientLifetime(true);
    tokenProvider.setJwtClaimsProvider(claimsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
    // Set expected lifetime to 1 minute
    Instant creationTime = Instant.now().plusSeconds(120L);
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    providerParameters.getTokenRequirements().setLifetime(lifetime);
    try {
        tokenProvider.createToken(providerParameters);
        fail("Failure expected on a Created Element too far in the future");
    } catch (STSException ex) {
    // expected
    }
    // Now allow this sort of Created Element
    claimsProvider.setFutureTimeToLive(60L * 60L);
    TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
    JwtToken jwt = jwtConsumer.getJwtToken();
    assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getEpochSecond());
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider) STSException(org.apache.cxf.ws.security.sts.provider.STSException) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 3 with Lifetime

use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.

the class JWTProviderLifetimeTest method testJWTNearFutureCreatedLifetime.

/**
 * Issue JWT token with a near future Created Lifetime. This should pass as we allow a future
 * dated Lifetime up to 60 seconds to avoid clock skew problems.
 */
@org.junit.Test
public void testJWTNearFutureCreatedLifetime() throws Exception {
    int requestedLifetime = 60;
    JWTTokenProvider tokenProvider = new JWTTokenProvider();
    DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
    claimsProvider.setAcceptClientLifetime(true);
    tokenProvider.setJwtClaimsProvider(claimsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
    // Set expected lifetime to 1 minute
    Instant creationTime = Instant.now();
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    creationTime = creationTime.plusSeconds(10);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    providerParameters.getTokenRequirements().setLifetime(lifetime);
    TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
    assertEquals(50, duration);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
    JwtToken jwt = jwtConsumer.getJwtToken();
    assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getEpochSecond());
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 4 with Lifetime

use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.

the class JWTProviderLifetimeTest method testJWTExceededConfiguredMaxLifetime.

/**
 * Issue JWT token with a with a lifetime
 * which exceeds configured maximum lifetime
 */
@org.junit.Test
public void testJWTExceededConfiguredMaxLifetime() throws Exception {
    // 30 minutes
    long maxLifetime = 30 * 60L;
    JWTTokenProvider tokenProvider = new JWTTokenProvider();
    DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
    claimsProvider.setMaxLifetime(maxLifetime);
    claimsProvider.setAcceptClientLifetime(true);
    tokenProvider.setJwtClaimsProvider(claimsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
    // Set expected lifetime to 35 minutes
    Instant creationTime = Instant.now();
    long requestedLifetime = 35 * 60L;
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    providerParameters.getTokenRequirements().setLifetime(lifetime);
    try {
        tokenProvider.createToken(providerParameters);
        fail("Failure expected due to exceeded lifetime");
    } catch (STSException ex) {
    // expected
    }
}
Also used : Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider) STSException(org.apache.cxf.ws.security.sts.provider.STSException) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 5 with Lifetime

use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.

the class JWTProviderLifetimeTest method testJWTExceededDefaultMaxLifetime.

/**
 * Issue JWT token with a with a lifetime
 * which exceeds default maximum lifetime
 */
@org.junit.Test
public void testJWTExceededDefaultMaxLifetime() throws Exception {
    JWTTokenProvider tokenProvider = new JWTTokenProvider();
    DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
    claimsProvider.setAcceptClientLifetime(true);
    tokenProvider.setJwtClaimsProvider(claimsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
    // Set expected lifetime to Default max lifetime plus 1
    Instant creationTime = Instant.now();
    long requestedLifetime = DefaultConditionsProvider.DEFAULT_MAX_LIFETIME + 1;
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    providerParameters.getTokenRequirements().setLifetime(lifetime);
    try {
        tokenProvider.createToken(providerParameters);
        fail("Failure expected due to exceeded lifetime");
    } catch (STSException ex) {
    // expected
    }
}
Also used : Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider) STSException(org.apache.cxf.ws.security.sts.provider.STSException) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Aggregations

Instant (java.time.Instant)26 Lifetime (org.apache.cxf.sts.request.Lifetime)26 Element (org.w3c.dom.Element)15 DefaultConditionsProvider (org.apache.cxf.sts.token.provider.DefaultConditionsProvider)10 STSException (org.apache.cxf.ws.security.sts.provider.STSException)10 DefaultJWTClaimsProvider (org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider)7 JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)7 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)6 TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)6 TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)6 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)5 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)5 Renewing (org.apache.cxf.sts.request.Renewing)5 CallbackHandler (javax.security.auth.callback.CallbackHandler)4 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)4 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)4 Crypto (org.apache.wss4j.common.crypto.Crypto)4 DateTimeParseException (java.time.format.DateTimeParseException)2 JAXBElement (javax.xml.bind.JAXBElement)1 TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial