Examples with Lifetime org.apache.cxf.sts.request.Lifetime used on opensource projects

Search in sources :

Example 16 with Lifetime

use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.

the class SAMLTokenRenewerTest method createSAMLAssertion.

private Element createSAMLAssertion(String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, long ttlMs, boolean allowRenewing, boolean allowRenewingAfterExpiry) throws WSSecurityException {
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
    conditionsProvider.setAcceptClientLifetime(true);
    samlTokenProvider.setConditionsProvider(conditionsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler);
    Renewing renewing = new Renewing();
    renewing.setAllowRenewing(allowRenewing);
    renewing.setAllowRenewingAfterExpiry(allowRenewingAfterExpiry);
    providerParameters.getTokenRequirements().setRenewing(renewing);
    if (ttlMs != 0) {
        Lifetime lifetime = new Lifetime();
        Instant creationTime = Instant.now();
        Instant expirationTime = creationTime.plusNanos(ttlMs * 1000000L);
        lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
        lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
        providerParameters.getTokenRequirements().setLifetime(lifetime);
    }
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    return (Element) providerResponse.getToken();
}
Also used : Lifetime(org.apache.cxf.sts.request.Lifetime) SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) Renewing(org.apache.cxf.sts.request.Renewing) Instant(java.time.Instant) Element(org.w3c.dom.Element) DefaultConditionsProvider(org.apache.cxf.sts.token.provider.DefaultConditionsProvider) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 17 with Lifetime

use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.

the class SAMLTokenValidatorTest method createSAMLAssertion.

private Element createSAMLAssertion(String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, long ttlMs) throws WSSecurityException {
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
    conditionsProvider.setAcceptClientLifetime(true);
    samlTokenProvider.setConditionsProvider(conditionsProvider);
    TokenProviderParameters providerParameters = createProviderParameters("alice", tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler);
    if (ttlMs != 0) {
        Lifetime lifetime = new Lifetime();
        Instant creationTime = Instant.now();
        Instant expirationTime = creationTime.plusNanos(ttlMs * 1000000L);
        lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
        lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
        providerParameters.getTokenRequirements().setLifetime(lifetime);
    }
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    return (Element) providerResponse.getToken();
}
Also used : Lifetime(org.apache.cxf.sts.request.Lifetime) SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) Instant(java.time.Instant) Element(org.w3c.dom.Element) DefaultConditionsProvider(org.apache.cxf.sts.token.provider.DefaultConditionsProvider) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 18 with Lifetime

use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.

the class DefaultJWTClaimsProvider method handleConditions.

protected void handleConditions(JWTClaimsProviderParameters jwtClaimsProviderParameters, JwtClaims claims) {
    TokenProviderParameters providerParameters = jwtClaimsProviderParameters.getProviderParameters();
    Instant currentDate = Instant.now();
    long currentTime = currentDate.getEpochSecond();
    // Set the defaults first
    claims.setIssuedAt(currentTime);
    claims.setNotBefore(currentTime);
    claims.setExpiryTime(currentTime + lifetime);
    Lifetime tokenLifetime = providerParameters.getTokenRequirements().getLifetime();
    if (lifetime > 0 && acceptClientLifetime && tokenLifetime != null && tokenLifetime.getCreated() != null && tokenLifetime.getExpires() != null) {
        Instant creationTime = null;
        Instant expirationTime = null;
        try {
            creationTime = ZonedDateTime.parse(tokenLifetime.getCreated()).toInstant();
            expirationTime = ZonedDateTime.parse(tokenLifetime.getExpires()).toInstant();
        } catch (DateTimeParseException ex) {
            LOG.fine("Error in parsing Timestamp Created or Expiration Strings");
            throw new STSException("Error in parsing Timestamp Created or Expiration Strings", STSException.INVALID_TIME);
        }
        // Check to see if the created time is in the future
        Instant validCreation = Instant.now();
        if (futureTimeToLive > 0) {
            validCreation = validCreation.plusSeconds(futureTimeToLive);
        }
        if (creationTime.isAfter(validCreation)) {
            LOG.fine("The Created Time is too far in the future");
            throw new STSException("The Created Time is too far in the future", STSException.INVALID_TIME);
        }
        long requestedLifetime = Duration.between(creationTime, expirationTime).getSeconds();
        if (requestedLifetime > getMaxLifetime()) {
            StringBuilder sb = new StringBuilder();
            sb.append("Requested lifetime [").append(requestedLifetime);
            sb.append(" sec] exceed configured maximum lifetime [").append(getMaxLifetime());
            sb.append(" sec]");
            LOG.warning(sb.toString());
            if (isFailLifetimeExceedance()) {
                throw new STSException("Requested lifetime exceeds maximum lifetime", STSException.INVALID_TIME);
            }
            expirationTime = creationTime.plusSeconds(getMaxLifetime());
        }
        long creationTimeInSeconds = creationTime.getEpochSecond();
        claims.setIssuedAt(creationTimeInSeconds);
        claims.setNotBefore(creationTimeInSeconds);
        claims.setExpiryTime(expirationTime.getEpochSecond());
    }
}
Also used : DateTimeParseException(java.time.format.DateTimeParseException) Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) STSException(org.apache.cxf.ws.security.sts.provider.STSException) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 19 with Lifetime

use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.

the class RenewSamlUnitTest method createSAMLAssertion.

private Element createSAMLAssertion(String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, long ttlMs, boolean allowRenewing, boolean allowRenewingAfterExpiry) throws WSSecurityException {
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
    conditionsProvider.setAcceptClientLifetime(true);
    samlTokenProvider.setConditionsProvider(conditionsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler);
    Renewing renewing = new Renewing();
    renewing.setAllowRenewing(allowRenewing);
    renewing.setAllowRenewingAfterExpiry(allowRenewingAfterExpiry);
    providerParameters.getTokenRequirements().setRenewing(renewing);
    if (ttlMs != 0) {
        Lifetime lifetime = new Lifetime();
        Instant creationTime = Instant.now();
        Instant expirationTime = creationTime.plusNanos(ttlMs * 1000000L);
        lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
        lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
        providerParameters.getTokenRequirements().setLifetime(lifetime);
    }
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    return (Element) providerResponse.getToken();
}
Also used : Lifetime(org.apache.cxf.sts.request.Lifetime) SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) Renewing(org.apache.cxf.sts.request.Renewing) Instant(java.time.Instant) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) DefaultConditionsProvider(org.apache.cxf.sts.token.provider.DefaultConditionsProvider) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 20 with Lifetime

use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.

the class JWTProviderLifetimeTest method testJWTExceededConfiguredMaxLifetimeButUpdated.

/**
 * Issue JWT token with a with a lifetime
 * which exceeds configured maximum lifetime
 * Lifetime reduced to maximum lifetime
 */
@org.junit.Test
public void testJWTExceededConfiguredMaxLifetimeButUpdated() throws Exception {
    // 30 minutes
    long maxLifetime = 30 * 60L;
    JWTTokenProvider tokenProvider = new JWTTokenProvider();
    DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
    claimsProvider.setMaxLifetime(maxLifetime);
    claimsProvider.setFailLifetimeExceedance(false);
    claimsProvider.setAcceptClientLifetime(true);
    tokenProvider.setJwtClaimsProvider(claimsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
    // Set expected lifetime to 35 minutes
    Instant creationTime = Instant.now();
    long requestedLifetime = 35 * 60L;
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    providerParameters.getTokenRequirements().setLifetime(lifetime);
    TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
    assertEquals(maxLifetime, duration);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
    JwtToken jwt = jwtConsumer.getJwtToken();
    assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getEpochSecond());
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Aggregations

Instant (java.time.Instant)26 Lifetime (org.apache.cxf.sts.request.Lifetime)26 Element (org.w3c.dom.Element)15 DefaultConditionsProvider (org.apache.cxf.sts.token.provider.DefaultConditionsProvider)10 STSException (org.apache.cxf.ws.security.sts.provider.STSException)10 DefaultJWTClaimsProvider (org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider)7 JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)7 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)6 TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)6 TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)6 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)5 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)5 Renewing (org.apache.cxf.sts.request.Renewing)5 CallbackHandler (javax.security.auth.callback.CallbackHandler)4 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)4 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)4 Crypto (org.apache.wss4j.common.crypto.Crypto)4 DateTimeParseException (java.time.format.DateTimeParseException)2 JAXBElement (javax.xml.bind.JAXBElement)1 TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial