use of org.apache.cxf.staxutils.W3CDOMStreamWriter in project cxf by apache.
the class STSRESTTest method testExplicitlyIssueSAML1TokenViaPOST.
@org.junit.Test
public void testExplicitlyIssueSAML1TokenViaPOST() throws Exception {
WebClient client = webClient().query("action", "issue").type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
// Create RequestSecurityToken
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
writer.writeCharacters(WST_NS_05_12 + "/Issue");
writer.writeEndElement();
writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
writer.writeCharacters(SAML1_TOKEN_TYPE);
writer.writeEndElement();
writer.writeEndElement();
RequestSecurityTokenResponseType securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
validateSAMLSecurityTokenResponse(securityResponse, false);
}
use of org.apache.cxf.staxutils.W3CDOMStreamWriter in project cxf by apache.
the class STSRESTTest method testValidateSAML2Token.
@org.junit.Test
public void testValidateSAML2Token() throws Exception {
WebClient client = webClient().path("saml2.0").accept(MediaType.APPLICATION_XML);
// 1. Get a token via GET
Document assertionDoc = client.get(Document.class);
assertNotNull(assertionDoc);
// 2. Now validate it in the STS using POST
client = webClient().query("action", "validate").type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
// Create RequestSecurityToken
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
writer.writeCharacters(WST_NS_05_12 + "/Validate");
writer.writeEndElement();
writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
String tokenType = WST_NS_05_12 + "/RSTR/Status";
writer.writeCharacters(tokenType);
writer.writeEndElement();
writer.writeStartElement("wst", "ValidateTarget", WST_NS_05_12);
StaxUtils.copy(assertionDoc.getDocumentElement(), writer);
writer.writeEndElement();
writer.writeEndElement();
RequestSecurityTokenResponseType securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
assertTrue(getValidationStatus(securityResponse));
}
use of org.apache.cxf.staxutils.W3CDOMStreamWriter in project cxf by apache.
the class STSRESTTest method testRenewSAML2Token.
@org.junit.Test
public void testRenewSAML2Token() throws Exception {
WebClient client = webClient().query("action", "issue").type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
// 1. Get a token via POST
// Create RequestSecurityToken
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
writer.writeCharacters(WST_NS_05_12 + "/Issue");
writer.writeEndElement();
writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
writer.writeCharacters(SAML2_TOKEN_TYPE);
writer.writeEndElement();
writer.writeEndElement();
RequestSecurityTokenResponseType securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
Element token = validateSAMLSecurityTokenResponse(securityResponse, true);
// 2. Now renew it using POST
client = webClient().query("action", "renew").type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
// Create RequestSecurityToken
writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
writer.writeCharacters(WST_NS_05_12 + "/Renew");
writer.writeEndElement();
writer.writeStartElement("wst", "RenewTarget", WST_NS_05_12);
StaxUtils.copy(token, writer);
writer.writeEndElement();
writer.writeEndElement();
securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
validateSAMLSecurityTokenResponse(securityResponse, true);
}
use of org.apache.cxf.staxutils.W3CDOMStreamWriter in project cxf by apache.
the class STSRESTTest method testIssueJWTTokenViaPOST.
@org.junit.Test
public void testIssueJWTTokenViaPOST() throws Exception {
WebClient client = webClient().type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
// Create RequestSecurityToken
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
writer.writeCharacters(WST_NS_05_12 + "/Issue");
writer.writeEndElement();
writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
writer.writeCharacters(JWT_TOKEN_TYPE);
writer.writeEndElement();
writer.writeEndElement();
RequestSecurityTokenResponseType securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
String token = ((Element) requestedSecurityToken.getAny()).getTextContent();
validateJWTToken(token);
}
use of org.apache.cxf.staxutils.W3CDOMStreamWriter in project cxf by apache.
the class STSRESTTest method testValidateSAMLAndIssueJWT.
@org.junit.Test
public void testValidateSAMLAndIssueJWT() throws Exception {
WebClient client = webClient().path("saml2.0").accept(MediaType.APPLICATION_XML);
// 1. Get a token via GET
Document assertionDoc = client.get(Document.class);
assertNotNull(assertionDoc);
// 2. Now validate it in the STS using POST
client = webClient().query("action", "validate").type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
// Create RequestSecurityToken
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
writer.writeCharacters(WST_NS_05_12 + "/Validate");
writer.writeEndElement();
writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
writer.writeCharacters(JWT_TOKEN_TYPE);
writer.writeEndElement();
writer.writeStartElement("wst", "ValidateTarget", WST_NS_05_12);
StaxUtils.copy(assertionDoc.getDocumentElement(), writer);
writer.writeEndElement();
writer.writeEndElement();
RequestSecurityTokenResponseType securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
assertTrue(getValidationStatus(securityResponse));
// Check the token
RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
String token = ((Element) requestedSecurityToken.getAny()).getTextContent();
validateJWTToken(token);
}
Aggregations