Search in sources :

Example 1 with STSRenewSuccessEvent

use of org.apache.cxf.sts.event.STSRenewSuccessEvent in project cxf by apache.

the class TokenRenewOperation method renew.

public RequestSecurityTokenResponseType renew(RequestSecurityTokenType request, Principal principal, Map<String, Object> messageContext) {
    long start = System.currentTimeMillis();
    TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
    try {
        RequestRequirements requestRequirements = parseRequest(request, messageContext);
        KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
        TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
        renewerParameters.setStsProperties(stsProperties);
        renewerParameters.setPrincipal(principal);
        renewerParameters.setMessageContext(messageContext);
        renewerParameters.setTokenStore(getTokenStore());
        renewerParameters.setKeyRequirements(keyRequirements);
        renewerParameters.setTokenRequirements(tokenRequirements);
        ReceivedToken renewTarget = tokenRequirements.getRenewTarget();
        if (renewTarget == null || renewTarget.getToken() == null) {
            throw new STSException("No element presented for renewal", STSException.INVALID_REQUEST);
        }
        renewerParameters.setToken(renewTarget);
        if (tokenRequirements.getTokenType() == null) {
            LOG.fine("Received TokenType is null");
        }
        // Get the realm of the request
        String realm = null;
        if (stsProperties.getRealmParser() != null) {
            RealmParser realmParser = stsProperties.getRealmParser();
            realm = realmParser.parseRealm(messageContext);
        }
        renewerParameters.setRealm(realm);
        // Validate the request
        TokenValidatorResponse tokenResponse = validateReceivedToken(principal, messageContext, realm, tokenRequirements, renewTarget);
        if (tokenResponse == null) {
            LOG.fine("No Token Validator has been found that can handle this token");
            renewTarget.setState(STATE.INVALID);
            throw new STSException("No Token Validator has been found that can handle this token" + tokenRequirements.getTokenType(), STSException.REQUEST_FAILED);
        }
        // Reject an invalid token
        if (tokenResponse.getToken().getState() != STATE.EXPIRED && tokenResponse.getToken().getState() != STATE.VALID) {
            LOG.fine("The token is not valid or expired, and so it cannot be renewed");
            throw new STSException("No Token Validator has been found that can handle this token" + tokenRequirements.getTokenType(), STSException.REQUEST_FAILED);
        }
        // 
        // Renew the token
        // 
        TokenRenewerResponse tokenRenewerResponse = null;
        renewerParameters = createTokenRenewerParameters(requestRequirements, principal, messageContext);
        Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
        if (additionalProperties != null) {
            renewerParameters.setAdditionalProperties(additionalProperties);
        }
        renewerParameters.setRealm(tokenResponse.getTokenRealm());
        renewerParameters.setToken(tokenResponse.getToken());
        realm = tokenResponse.getTokenRealm();
        for (TokenRenewer tokenRenewer : tokenRenewers) {
            final boolean canHandle;
            if (realm == null) {
                canHandle = tokenRenewer.canHandleToken(tokenResponse.getToken());
            } else {
                canHandle = tokenRenewer.canHandleToken(tokenResponse.getToken(), realm);
            }
            if (canHandle) {
                try {
                    tokenRenewerResponse = tokenRenewer.renewToken(renewerParameters);
                } catch (STSException ex) {
                    LOG.log(Level.WARNING, "", ex);
                    throw ex;
                } catch (RuntimeException ex) {
                    LOG.log(Level.WARNING, "", ex);
                    throw new STSException("Error in providing a token", ex, STSException.REQUEST_FAILED);
                }
                break;
            }
        }
        if (tokenRenewerResponse == null || tokenRenewerResponse.getToken() == null) {
            LOG.fine("No Token Renewer has been found that can handle this token");
            throw new STSException("No token renewer found for requested token type", STSException.REQUEST_FAILED);
        }
        // prepare response
        try {
            EncryptionProperties encryptionProperties = renewerParameters.getEncryptionProperties();
            RequestSecurityTokenResponseType response = createResponse(encryptionProperties, tokenRenewerResponse, tokenRequirements, keyRequirements);
            STSRenewSuccessEvent event = new STSRenewSuccessEvent(renewerParameters, System.currentTimeMillis() - start);
            publishEvent(event);
            cleanRequest(requestRequirements);
            return response;
        } catch (Throwable ex) {
            LOG.log(Level.WARNING, "", ex);
            throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED);
        }
    } catch (RuntimeException ex) {
        STSRenewFailureEvent event = new STSRenewFailureEvent(renewerParameters, System.currentTimeMillis() - start, ex);
        publishEvent(event);
        throw ex;
    }
}
Also used : STSRenewSuccessEvent(org.apache.cxf.sts.event.STSRenewSuccessEvent) TokenRenewerResponse(org.apache.cxf.sts.token.renewer.TokenRenewerResponse) RequestRequirements(org.apache.cxf.sts.request.RequestRequirements) STSException(org.apache.cxf.ws.security.sts.provider.STSException) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) RealmParser(org.apache.cxf.sts.RealmParser) STSRenewFailureEvent(org.apache.cxf.sts.event.STSRenewFailureEvent) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) TokenRenewerParameters(org.apache.cxf.sts.token.renewer.TokenRenewerParameters) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) TokenRenewer(org.apache.cxf.sts.token.renewer.TokenRenewer)

Aggregations

RealmParser (org.apache.cxf.sts.RealmParser)1 STSRenewFailureEvent (org.apache.cxf.sts.event.STSRenewFailureEvent)1 STSRenewSuccessEvent (org.apache.cxf.sts.event.STSRenewSuccessEvent)1 KeyRequirements (org.apache.cxf.sts.request.KeyRequirements)1 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)1 RequestRequirements (org.apache.cxf.sts.request.RequestRequirements)1 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)1 EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)1 TokenRenewer (org.apache.cxf.sts.token.renewer.TokenRenewer)1 TokenRenewerParameters (org.apache.cxf.sts.token.renewer.TokenRenewerParameters)1 TokenRenewerResponse (org.apache.cxf.sts.token.renewer.TokenRenewerResponse)1 TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)1 STSException (org.apache.cxf.ws.security.sts.provider.STSException)1 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)1