Examples with STSPropertiesMBean org.apache.cxf.sts.STSPropertiesMBean used on opensource projects

Example 56 with STSPropertiesMBean

use of org.apache.cxf.sts.STSPropertiesMBean in project cxf by apache.

the class ValidateTokenTransformationUnitTest method runValidateSaml2TokenOnBehalfOfSaml2DifferentRealmFederateIdentity.

private void runValidateSaml2TokenOnBehalfOfSaml2DifferentRealmFederateIdentity(boolean useGlobalIdentityMapper) throws WSSecurityException {
    TokenValidateOperation validateOperation = new TokenValidateOperation();
    Map<String, RealmProperties> realms = createSamlRealms();
    // Add Token Provider
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    samlTokenProvider.setRealmMap(realms);
    samlTokenProvider.setAttributeStatementProviders(Collections.singletonList(new ClaimsAttributeStatementProvider()));
    validateOperation.setTokenProviders(Collections.singletonList(samlTokenProvider));
    // Add Token Validator
    SAMLTokenValidator samlTokenValidator = new SAMLTokenValidator();
    samlTokenValidator.setSamlRealmCodec(new IssuerSAMLRealmCodec());
    validateOperation.setTokenValidators(Collections.singletonList(samlTokenValidator));
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    validateOperation.setServices(Collections.singletonList(service));
    // Add Relationship list
    Relationship rs = createRelationship();
    rs.setType(Relationship.FED_TYPE_IDENTITY);
    rs.setIdentityMapper(new CustomIdentityMapper());
    // Add STSProperties object
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    STSPropertiesMBean stsProperties = createSTSPropertiesMBean(crypto);
    stsProperties.setRealmParser(new CustomRealmParser());
    if (useGlobalIdentityMapper) {
        stsProperties.setIdentityMapper(new CustomIdentityMapper());
    } else {
        stsProperties.setRelationships(Collections.singletonList(rs));
    }
    validateOperation.setStsProperties(stsProperties);
    // Set the ClaimsManager
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler) new CustomClaimsHandler()));
    validateOperation.setClaimsManager(claimsManager);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
    request.getAny().add(tokenType);
    // Add a ClaimsType
    ClaimsType claimsType = new ClaimsType();
    claimsType.setDialect(STSConstants.IDT_NS_05_05);
    Document doc = DOMUtils.createDocument();
    Element claimType = createClaimsType(doc);
    claimsType.getAny().add(claimType);
    JAXBElement<ClaimsType> claimsTypeJaxb = new JAXBElement<ClaimsType>(QNameConstants.CLAIMS, ClaimsType.class, claimsType);
    request.getAny().add(claimsTypeJaxb);
    // request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    // create a SAML Token via the SAMLTokenProvider which contains claims
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey", callbackHandler, realms);
    Document docToken = samlToken.getOwnerDocument();
    samlToken = (Element) docToken.appendChild(samlToken);
    String samlString = DOM2Writer.nodeToString(samlToken);
    assertTrue(samlString.contains("AttributeStatement"));
    assertTrue(samlString.contains("alice"));
    assertTrue(samlString.contains("doe"));
    assertTrue(samlString.contains(SAML2Constants.CONF_BEARER));
    // Add SAML token as ValidateTarget element
    ValidateTargetType validateTarget = new ValidateTargetType();
    validateTarget.setAny(samlToken);
    JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
    request.getAny().add(validateTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    msgCtx.put("url", "https");
    // Validate a token
    RequestSecurityTokenResponseType response = validateOperation.validate(request, null, msgCtx);
    assertTrue(validateResponse(response));
    // Test the generated token.
    Element assertion = null;
    for (Object tokenObject : response.getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    // subject changed (to uppercase)
    assertTrue(tokenString.contains("ALICE"));
    // claim unchanged but requested
    assertTrue(tokenString.contains("doe"));
    assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
}

Example 57 with STSPropertiesMBean

use of org.apache.cxf.sts.STSPropertiesMBean in project cxf by apache.

the class ValidateUsernameTokenUnitTest method testValidateUsernameToken.

/**
 * Test to successfully validate a UsernameToken.
 */
@org.junit.Test
public void testValidateUsernameToken() throws Exception {
    TokenValidateOperation validateOperation = new TokenValidateOperation();
    // Add Token Validator
    validateOperation.setTokenValidators(Collections.singletonList(new UsernameTokenValidator()));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    validateOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS);
    request.getAny().add(tokenType);
    // Create a UsernameToken
    JAXBElement<UsernameTokenType> usernameTokenType = createUsernameToken("alice", "clarinet");
    ValidateTargetType validateTarget = new ValidateTargetType();
    validateTarget.setAny(usernameTokenType);
    JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
    request.getAny().add(validateTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Validate a token
    RequestSecurityTokenResponseType response = validateOperation.validate(request, principal, msgCtx);
    assertTrue(validateResponse(response));
}

Example 58 with STSPropertiesMBean

use of org.apache.cxf.sts.STSPropertiesMBean in project cxf by apache.

the class ValidateUsernameTokenUnitTest method testValidateInvalidUsernameToken.

/**
 * Test to validate an invalid UsernameToken.
 */
@org.junit.Test
public void testValidateInvalidUsernameToken() throws Exception {
    TokenValidateOperation validateOperation = new TokenValidateOperation();
    // Add Token Validator
    validateOperation.setTokenValidators(Collections.singletonList(new UsernameTokenValidator()));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    validateOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS);
    request.getAny().add(tokenType);
    // Create a UsernameToken
    JAXBElement<UsernameTokenType> usernameTokenType = createUsernameToken("alice", "badpassword");
    ValidateTargetType validateTarget = new ValidateTargetType();
    validateTarget.setAny(usernameTokenType);
    JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
    request.getAny().add(validateTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Validate a token
    RequestSecurityTokenResponseType response = validateOperation.validate(request, principal, msgCtx);
    assertFalse(validateResponse(response));
}

Example 59 with STSPropertiesMBean

use of org.apache.cxf.sts.STSPropertiesMBean in project cxf by apache.

the class SamlCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof SAMLCallback) {
            SAMLCallback samlCallback = (SAMLCallback) callback;
            // Set the Subject
            if (subjectBean != null) {
                samlCallback.setSubject(subjectBean);
            }
            // Set the token Type.
            TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
            String tokenType = tokenRequirements.getTokenType();
            boolean saml1 = false;
            if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
                samlCallback.setSamlVersion(Version.SAML_11);
                saml1 = true;
                setSubjectOnBeans();
            } else {
                samlCallback.setSamlVersion(Version.SAML_20);
            }
            // Set the issuer
            if (issuer == null) {
                STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
                samlCallback.setIssuer(stsProperties.getIssuer());
            } else {
                samlCallback.setIssuer(issuer);
            }
            // Set the statements
            boolean statementAdded = false;
            if (attributeBeans != null && !attributeBeans.isEmpty()) {
                samlCallback.setAttributeStatementData(attributeBeans);
                statementAdded = true;
            }
            if (authBeans != null && !authBeans.isEmpty()) {
                samlCallback.setAuthenticationStatementData(authBeans);
                statementAdded = true;
            }
            if (authDecisionBeans != null && !authDecisionBeans.isEmpty()) {
                samlCallback.setAuthDecisionStatementData(authDecisionBeans);
                statementAdded = true;
            }
            // If SAML 1.1 we *must* add a Statement
            if (saml1 && !statementAdded) {
                AttributeStatementBean defaultStatement = new DefaultAttributeStatementProvider().getStatement(tokenParameters);
                defaultStatement.setSubject(subjectBean);
                samlCallback.setAttributeStatementData(Collections.singletonList(defaultStatement));
            }
            // Set the conditions
            samlCallback.setConditions(conditionsBean);
        }
    }
}

Example 60 with STSPropertiesMBean

use of org.apache.cxf.sts.STSPropertiesMBean in project cxf by apache.

the class DefaultJWTClaimsProvider method getJwtClaims.

/**
 * Get a JwtClaims object.
 */
public JwtClaims getJwtClaims(JWTClaimsProviderParameters jwtClaimsProviderParameters) {
    JwtClaims claims = new JwtClaims();
    claims.setSubject(getSubjectName(jwtClaimsProviderParameters));
    claims.setTokenId(UUID.randomUUID().toString());
    // Set the Issuer
    String issuer = jwtClaimsProviderParameters.getIssuer();
    if (issuer == null) {
        STSPropertiesMBean stsProperties = jwtClaimsProviderParameters.getProviderParameters().getStsProperties();
        claims.setIssuer(stsProperties.getIssuer());
    } else {
        claims.setIssuer(issuer);
    }
    handleWSTrustClaims(jwtClaimsProviderParameters, claims);
    handleConditions(jwtClaimsProviderParameters, claims);
    handleAudienceRestriction(jwtClaimsProviderParameters, claims);
    handleActAs(jwtClaimsProviderParameters, claims);
    return claims;
}