Search in sources :

Example 26 with W3CDOMStreamWriter

use of org.apache.cxf.staxutils.W3CDOMStreamWriter in project cxf by apache.

the class STSRESTTest method testExplicitlyIssueSAML1TokenViaPOST.

@org.junit.Test
public void testExplicitlyIssueSAML1TokenViaPOST() throws Exception {
    WebClient client = webClient().query("action", "issue").type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
    // Create RequestSecurityToken
    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
    writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
    writer.writeCharacters(WST_NS_05_12 + "/Issue");
    writer.writeEndElement();
    writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
    writer.writeCharacters(SAML1_TOKEN_TYPE);
    writer.writeEndElement();
    writer.writeEndElement();
    RequestSecurityTokenResponseType securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
    validateSAMLSecurityTokenResponse(securityResponse, false);
}
Also used : W3CDOMStreamWriter(org.apache.cxf.staxutils.W3CDOMStreamWriter) DOMSource(javax.xml.transform.dom.DOMSource) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) WebClient(org.apache.cxf.jaxrs.client.WebClient)

Example 27 with W3CDOMStreamWriter

use of org.apache.cxf.staxutils.W3CDOMStreamWriter in project cxf by apache.

the class STSRESTTest method testValidateSAML2Token.

@org.junit.Test
public void testValidateSAML2Token() throws Exception {
    WebClient client = webClient().path("saml2.0").accept(MediaType.APPLICATION_XML);
    // 1. Get a token via GET
    Document assertionDoc = client.get(Document.class);
    assertNotNull(assertionDoc);
    // 2. Now validate it in the STS using POST
    client = webClient().query("action", "validate").type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
    // Create RequestSecurityToken
    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
    writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
    writer.writeCharacters(WST_NS_05_12 + "/Validate");
    writer.writeEndElement();
    writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
    String tokenType = WST_NS_05_12 + "/RSTR/Status";
    writer.writeCharacters(tokenType);
    writer.writeEndElement();
    writer.writeStartElement("wst", "ValidateTarget", WST_NS_05_12);
    StaxUtils.copy(assertionDoc.getDocumentElement(), writer);
    writer.writeEndElement();
    writer.writeEndElement();
    RequestSecurityTokenResponseType securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
    assertTrue(getValidationStatus(securityResponse));
}
Also used : W3CDOMStreamWriter(org.apache.cxf.staxutils.W3CDOMStreamWriter) DOMSource(javax.xml.transform.dom.DOMSource) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) Document(org.w3c.dom.Document) WebClient(org.apache.cxf.jaxrs.client.WebClient)

Example 28 with W3CDOMStreamWriter

use of org.apache.cxf.staxutils.W3CDOMStreamWriter in project cxf by apache.

the class STSRESTTest method testRenewSAML2Token.

@org.junit.Test
public void testRenewSAML2Token() throws Exception {
    WebClient client = webClient().query("action", "issue").type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
    // 1. Get a token via POST
    // Create RequestSecurityToken
    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
    writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
    writer.writeCharacters(WST_NS_05_12 + "/Issue");
    writer.writeEndElement();
    writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
    writer.writeCharacters(SAML2_TOKEN_TYPE);
    writer.writeEndElement();
    writer.writeEndElement();
    RequestSecurityTokenResponseType securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
    Element token = validateSAMLSecurityTokenResponse(securityResponse, true);
    // 2. Now renew it using POST
    client = webClient().query("action", "renew").type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
    // Create RequestSecurityToken
    writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
    writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
    writer.writeCharacters(WST_NS_05_12 + "/Renew");
    writer.writeEndElement();
    writer.writeStartElement("wst", "RenewTarget", WST_NS_05_12);
    StaxUtils.copy(token, writer);
    writer.writeEndElement();
    writer.writeEndElement();
    securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
    validateSAMLSecurityTokenResponse(securityResponse, true);
}
Also used : W3CDOMStreamWriter(org.apache.cxf.staxutils.W3CDOMStreamWriter) DOMSource(javax.xml.transform.dom.DOMSource) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) WebClient(org.apache.cxf.jaxrs.client.WebClient)

Example 29 with W3CDOMStreamWriter

use of org.apache.cxf.staxutils.W3CDOMStreamWriter in project cxf by apache.

the class STSRESTTest method testIssueJWTTokenViaPOST.

@org.junit.Test
public void testIssueJWTTokenViaPOST() throws Exception {
    WebClient client = webClient().type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
    // Create RequestSecurityToken
    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
    writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
    writer.writeCharacters(WST_NS_05_12 + "/Issue");
    writer.writeEndElement();
    writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
    writer.writeCharacters(JWT_TOKEN_TYPE);
    writer.writeEndElement();
    writer.writeEndElement();
    RequestSecurityTokenResponseType securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
    RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
    String token = ((Element) requestedSecurityToken.getAny()).getTextContent();
    validateJWTToken(token);
}
Also used : W3CDOMStreamWriter(org.apache.cxf.staxutils.W3CDOMStreamWriter) DOMSource(javax.xml.transform.dom.DOMSource) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) WebClient(org.apache.cxf.jaxrs.client.WebClient)

Example 30 with W3CDOMStreamWriter

use of org.apache.cxf.staxutils.W3CDOMStreamWriter in project cxf by apache.

the class STSRESTTest method testValidateSAMLAndIssueJWT.

@org.junit.Test
public void testValidateSAMLAndIssueJWT() throws Exception {
    WebClient client = webClient().path("saml2.0").accept(MediaType.APPLICATION_XML);
    // 1. Get a token via GET
    Document assertionDoc = client.get(Document.class);
    assertNotNull(assertionDoc);
    // 2. Now validate it in the STS using POST
    client = webClient().query("action", "validate").type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
    // Create RequestSecurityToken
    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
    writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
    writer.writeCharacters(WST_NS_05_12 + "/Validate");
    writer.writeEndElement();
    writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
    writer.writeCharacters(JWT_TOKEN_TYPE);
    writer.writeEndElement();
    writer.writeStartElement("wst", "ValidateTarget", WST_NS_05_12);
    StaxUtils.copy(assertionDoc.getDocumentElement(), writer);
    writer.writeEndElement();
    writer.writeEndElement();
    RequestSecurityTokenResponseType securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
    assertTrue(getValidationStatus(securityResponse));
    // Check the token
    RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
    String token = ((Element) requestedSecurityToken.getAny()).getTextContent();
    validateJWTToken(token);
}
Also used : W3CDOMStreamWriter(org.apache.cxf.staxutils.W3CDOMStreamWriter) DOMSource(javax.xml.transform.dom.DOMSource) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) Document(org.w3c.dom.Document) WebClient(org.apache.cxf.jaxrs.client.WebClient)

Aggregations

W3CDOMStreamWriter (org.apache.cxf.staxutils.W3CDOMStreamWriter)60 Element (org.w3c.dom.Element)29 DOMSource (javax.xml.transform.dom.DOMSource)24 XMLStreamException (javax.xml.stream.XMLStreamException)15 Document (org.w3c.dom.Document)14 WebClient (org.apache.cxf.jaxrs.client.WebClient)9 Node (org.w3c.dom.Node)9 XMLStreamWriter (javax.xml.stream.XMLStreamWriter)8 Fault (org.apache.cxf.interceptor.Fault)8 XMLStreamReader (javax.xml.stream.XMLStreamReader)7 BindingOperationInfo (org.apache.cxf.service.model.BindingOperationInfo)7 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)7 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)7 JAXBElement (javax.xml.bind.JAXBElement)6 JAXBException (javax.xml.bind.JAXBException)5 SOAPMessage (javax.xml.soap.SOAPMessage)5 SoapFault (org.apache.cxf.binding.soap.SoapFault)5 SoapMessage (org.apache.cxf.binding.soap.SoapMessage)5 InputStream (java.io.InputStream)4 HashMap (java.util.HashMap)4