Examples with TokenIssueOperation org.apache.cxf.sts.operation.TokenIssueOperation used on opensource projects

Search in sources :

Example 1 with TokenIssueOperation

use of org.apache.cxf.sts.operation.TokenIssueOperation in project OpenAM by OpenRock.

the class TokenIssueOperationProvider method get.

public IssueOperation get() {
    //TODO: migrate to throwing providers
    try {
        TokenIssueOperation tokenIssueOperation = new TokenIssueOperation();
        /*
            The STS will not encrypt the issued tokens - the TokenGenerationService already offers functionality to
            encrypt issued SAML assertions.
             */
        tokenIssueOperation.setEncryptIssuedToken(false);
        tokenIssueOperation.setStsProperties(stsPropertiesMBean);
        tokenIssueOperation.setTokenStore(tokenStore);
        /*
            Set the tokenValidators which will be called to validate the tokens presented as ActAs or OnBehalfOf
            elements
             */
        tokenIssueOperation.setTokenValidators(getDelegationTokenValidators());
        /*
            Set the TokenDelegationHandlers (either empty if this sts instance will not process ActAs or OnBehalfOf elements,
            or with the DefaultTokenDelegationHandler, or with user-specified custom handlers.
             */
        tokenIssueOperation.setDelegationHandlers(tokenDelegationHandlers);
        List<TokenProvider> tokenProviders = new ArrayList<TokenProvider>();
        for (TokenType tokenType : issueTokenTypes) {
            tokenProviders.add(operationFactory.getTokenProvider(tokenType));
        }
        tokenIssueOperation.setTokenProviders(tokenProviders);
        return new TokenIssueOperationWrapper(tokenIssueOperation, threadLocalAMTokenCache);
    } catch (STSInitializationException e) {
        logger.error("Exception caught initializing a IssueOperation: " + e, e);
        throw new RuntimeException(e);
    }
}
Also used : TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider) TokenType(org.forgerock.openam.sts.TokenType) RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) TokenIssueOperation(org.apache.cxf.sts.operation.TokenIssueOperation) ArrayList(java.util.ArrayList) STSInitializationException(org.forgerock.openam.sts.STSInitializationException)

Example 2 with TokenIssueOperation

use of org.apache.cxf.sts.operation.TokenIssueOperation in project cxf by apache.

the class DefaultSecurityTokenServiceProvider method createTokenIssueOperation.

private TokenIssueOperation createTokenIssueOperation() {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    populateAbstractOperation(issueOperation);
    return issueOperation;
}
Also used : TokenIssueOperation(org.apache.cxf.sts.operation.TokenIssueOperation)

Example 3 with TokenIssueOperation

use of org.apache.cxf.sts.operation.TokenIssueOperation in project cxf by apache.

the class JexlIssueSamlClaimsTest method testIssueSaml2TokenOnBehalfOfSaml2DifferentRealmFederateClaims.

/**
 * Test to successfully issue a SAML 2 token (realm "B") on-behalf-of a SAML 2 token which was issued by
 * realm "A". The relationship type between realm A and B is: FederateClaims
 */
@org.junit.Test
public void testIssueSaml2TokenOnBehalfOfSaml2DifferentRealmFederateClaims() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    Map<String, RealmProperties> realms = createSamlRealms();
    // Add Token Provider
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    samlTokenProvider.setRealmMap(realms);
    samlTokenProvider.setAttributeStatementProviders(Collections.singletonList(new ClaimsAttributeStatementProvider()));
    issueOperation.setTokenProviders(Collections.singletonList(samlTokenProvider));
    TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
    issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
    // Add Token Validator
    SAMLTokenValidator samlTokenValidator = new SAMLTokenValidator();
    samlTokenValidator.setSamlRealmCodec(new IssuerSAMLRealmCodec());
    issueOperation.setTokenValidators(Collections.singletonList(samlTokenValidator));
    addService(issueOperation);
    // Add Relationship list
    Relationship rs = createRelationship();
    // Add STSProperties object
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    STSPropertiesMBean stsProperties = createSTSPropertiesMBean(crypto);
    stsProperties.setRealmParser(new CustomRealmParser());
    stsProperties.setRelationships(Collections.singletonList(rs));
    issueOperation.setStsProperties(stsProperties);
    // Set the ClaimsManager
    ClaimsManager claimsManager = new ClaimsManager();
    ClaimsHandler claimsHandler = new CustomClaimsHandler();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    issueOperation.setClaimsManager(claimsManager);
    // Mock up a request
    RequestSecurityTokenType request = createRequest(realms, crypto);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    msgCtx.put("url", "https");
    List<RequestSecurityTokenResponseType> securityTokenResponseList = issueToken(issueOperation, request, null, msgCtx);
    RequestSecurityTokenResponseType securityTokenResponse = securityTokenResponseList.get(0);
    // Test the generated token.
    Element assertion = null;
    for (Object tokenObject : securityTokenResponse.getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    // subject unchanged
    assertTrue(tokenString.contains("alice"));
    // transformed claim (to uppercase)
    assertTrue(tokenString.contains("DOE"));
    assertTrue(tokenString.contains(ROLE_CLAIM.toString()));
    // mapped role from admin to administrator
    assertTrue(tokenString.contains("administrator"));
    assertTrue(tokenString.contains("manager"));
    assertFalse(tokenString.contains("user"));
    assertFalse(tokenString.contains(ClaimTypes.EMAILADDRESS.toString()));
    assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
}
Also used : RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) IssuerSAMLRealmCodec(org.apache.cxf.sts.token.validator.IssuerSAMLRealmCodec) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) TokenDelegationHandler(org.apache.cxf.sts.token.delegation.TokenDelegationHandler) RealmProperties(org.apache.cxf.sts.token.realm.RealmProperties) CustomRealmParser(org.apache.cxf.sts.operation.CustomRealmParser) ClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider) ClaimsHandler(org.apache.cxf.sts.claims.ClaimsHandler) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) SAMLDelegationHandler(org.apache.cxf.sts.token.delegation.SAMLDelegationHandler) JAXBElement(javax.xml.bind.JAXBElement) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) TokenIssueOperation(org.apache.cxf.sts.operation.TokenIssueOperation) Relationship(org.apache.cxf.sts.token.realm.Relationship) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) MessageImpl(org.apache.cxf.message.MessageImpl)

Example 4 with TokenIssueOperation

use of org.apache.cxf.sts.operation.TokenIssueOperation in project cas by apereo.

the class CoreWsSecuritySecurityTokenServiceConfiguration method transportIssueDelegate.

@RefreshScope
@Bean
public IssueOperation transportIssueDelegate() {
    final WsFederationProperties.SecurityTokenService wsfed = casProperties.getAuthn().getWsfedIdp().getSts();
    final WsFederationProperties.IdentityProvider idp = casProperties.getAuthn().getWsfedIdp().getIdp();
    final ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(CollectionUtils.wrap(new WrappingSecurityTokenServiceClaimsHandler(idp.getRealmName(), wsfed.getRealm().getIssuer())));
    final TokenIssueOperation op = new TokenIssueOperation();
    op.setTokenProviders(transportTokenProviders());
    op.setServices(CollectionUtils.wrap(transportService()));
    op.setStsProperties(transportSTSProperties());
    op.setClaimsManager(claimsManager);
    op.setTokenValidators(transportTokenValidators());
    op.setEventListener(loggerListener());
    op.setDelegationHandlers(delegationHandlers());
    op.setEncryptIssuedToken(wsfed.isEncryptTokens());
    return op;
}
Also used : WsFederationProperties(org.apereo.cas.configuration.model.support.wsfed.WsFederationProperties) WrappingSecurityTokenServiceClaimsHandler(org.apereo.cas.support.claims.WrappingSecurityTokenServiceClaimsHandler) TokenIssueOperation(org.apache.cxf.sts.operation.TokenIssueOperation) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) ServletRegistrationBean(org.springframework.boot.web.servlet.ServletRegistrationBean) Bean(org.springframework.context.annotation.Bean)

Aggregations

TokenIssueOperation (org.apache.cxf.sts.operation.TokenIssueOperation)4 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)2 ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)2 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)2 ArrayList (java.util.ArrayList)1 JAXBElement (javax.xml.bind.JAXBElement)1 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)1 MessageImpl (org.apache.cxf.message.MessageImpl)1 ClaimsAttributeStatementProvider (org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider)1 ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)1 CustomClaimsHandler (org.apache.cxf.sts.common.CustomClaimsHandler)1 CustomRealmParser (org.apache.cxf.sts.operation.CustomRealmParser)1 SAMLDelegationHandler (org.apache.cxf.sts.token.delegation.SAMLDelegationHandler)1 TokenDelegationHandler (org.apache.cxf.sts.token.delegation.TokenDelegationHandler)1 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)1 TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)1 RealmProperties (org.apache.cxf.sts.token.realm.RealmProperties)1 Relationship (org.apache.cxf.sts.token.realm.Relationship)1 IssuerSAMLRealmCodec (org.apache.cxf.sts.token.validator.IssuerSAMLRealmCodec)1 SAMLTokenValidator (org.apache.cxf.sts.token.validator.SAMLTokenValidator)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial