Example 46 with TokenRequirements
use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.
the class SAMLTokenValidatorTest method testValidSAML2Assertion.
/**
* Test a valid SAML 2 Assertion
*/
@org.junit.Test
public void testValidSAML2Assertion() throws Exception {
TokenValidator samlTokenValidator = new SAMLTokenValidator();
TokenValidatorParameters validatorParameters = createValidatorParameters();
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
// Create a ValidateTarget consisting of a SAML Assertion
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
CallbackHandler callbackHandler = new PasswordCallbackHandler();
Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey", callbackHandler);
Document doc = samlToken.getOwnerDocument();
samlToken = (Element) doc.appendChild(samlToken);
ReceivedToken validateTarget = new ReceivedToken(samlToken);
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
assertTrue(samlTokenValidator.canHandleToken(validateTarget));
TokenValidatorResponse validatorResponse = samlTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
Principal principal = validatorResponse.getPrincipal();
assertTrue(principal != null && principal.getName() != null);
}
Also used :
Crypto(org.apache.wss4j.common.crypto.Crypto)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
Element(org.w3c.dom.Element)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Document(org.w3c.dom.Document)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Principal(java.security.Principal)
Example 47 with TokenRequirements
use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.
the class SAMLTokenValidatorTest method testInvalidSignatureSAML1Assertion.
/**
* Test a SAML 1.1 Assertion with an invalid signature
*/
@org.junit.Test
public void testInvalidSignatureSAML1Assertion() throws Exception {
TokenValidator samlTokenValidator = new SAMLTokenValidator();
TokenValidatorParameters validatorParameters = createValidatorParameters();
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
// Create a ValidateTarget consisting of a SAML Assertion
Crypto crypto = CryptoFactory.getInstance(getEveCryptoProperties());
CallbackHandler callbackHandler = new EveCallbackHandler();
Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "eve", callbackHandler);
Document doc = samlToken.getOwnerDocument();
samlToken = (Element) doc.appendChild(samlToken);
ReceivedToken validateTarget = new ReceivedToken(samlToken);
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
assertTrue(samlTokenValidator.canHandleToken(validateTarget));
// Set tokenstore to null so that issued token is not found in the cache
validatorParameters.setTokenStore(null);
TokenValidatorResponse validatorResponse = samlTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
}
Also used :
Crypto(org.apache.wss4j.common.crypto.Crypto)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
Element(org.w3c.dom.Element)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Document(org.w3c.dom.Document)
Example 48 with TokenRequirements
use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.
the class SAMLTokenValidatorTest method testValidSAML1Assertion.
/**
* Test a valid SAML 1.1 Assertion
*/
@org.junit.Test
public void testValidSAML1Assertion() throws Exception {
TokenValidator samlTokenValidator = new SAMLTokenValidator();
TokenValidatorParameters validatorParameters = createValidatorParameters();
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
// Create a ValidateTarget consisting of a SAML Assertion
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
CallbackHandler callbackHandler = new PasswordCallbackHandler();
Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler);
Document doc = samlToken.getOwnerDocument();
samlToken = (Element) doc.appendChild(samlToken);
ReceivedToken validateTarget = new ReceivedToken(samlToken);
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
assertTrue(samlTokenValidator.canHandleToken(validateTarget));
TokenValidatorResponse validatorResponse = samlTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
Principal principal = validatorResponse.getPrincipal();
assertTrue(principal != null && principal.getName() != null);
}
Also used :
Crypto(org.apache.wss4j.common.crypto.Crypto)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
Element(org.w3c.dom.Element)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Document(org.w3c.dom.Document)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Principal(java.security.Principal)
Example 49 with TokenRequirements
use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.
the class SCTValidatorTest method createValidatorParameters.
private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
TokenValidatorParameters parameters = new TokenValidatorParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(STSConstants.STATUS);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
parameters.setKeyRequirements(keyRequirements);
parameters.setTokenStore(tokenStore);
parameters.setPrincipal(new CustomTokenPrincipal("alice"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
parameters.setStsProperties(stsProperties);
return parameters;
}
Also used :
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Crypto(org.apache.wss4j.common.crypto.Crypto)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
KeyRequirements(org.apache.cxf.sts.request.KeyRequirements)
StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties)
MessageImpl(org.apache.cxf.message.MessageImpl)
Example 50 with TokenRequirements
use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.
the class UsernameTokenValidatorTest method testInvalidUsernameTokenText.
/**
* Test an invalid UsernameToken with password text
*/
@org.junit.Test
public void testInvalidUsernameTokenText() throws Exception {
TokenValidator usernameTokenValidator = new UsernameTokenValidator();
TokenValidatorParameters validatorParameters = createValidatorParameters();
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
// Create a ValidateTarget consisting of a UsernameToken
UsernameTokenType usernameToken = new UsernameTokenType();
AttributedString username = new AttributedString();
username.setValue("eve");
usernameToken.setUsername(username);
JAXBElement<UsernameTokenType> tokenType = new JAXBElement<UsernameTokenType>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken);
// Add a password
PasswordString password = new PasswordString();
password.setValue("clarinet");
password.setType(WSS4JConstants.PASSWORD_TEXT);
JAXBElement<PasswordString> passwordType = new JAXBElement<PasswordString>(QNameConstants.PASSWORD, PasswordString.class, password);
usernameToken.getAny().add(passwordType);
ReceivedToken validateTarget = new ReceivedToken(tokenType);
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
assertTrue(usernameTokenValidator.canHandleToken(validateTarget));
// This will fail as the username is bad
TokenValidatorResponse validatorResponse = usernameTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
// This will fail as the password is bad
username.setValue("alice");
password.setValue("badpassword");
validatorResponse = usernameTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
}
Also used :
PasswordString(org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString)
AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString)
UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
JAXBElement(javax.xml.bind.JAXBElement)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Aggregations
TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)116
CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)79
Crypto (org.apache.wss4j.common.crypto.Crypto)67
PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)65
KeyRequirements (org.apache.cxf.sts.request.KeyRequirements)63
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)55
WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)54
MessageImpl (org.apache.cxf.message.MessageImpl)54
StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)54
EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)45
TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)39
Document (org.w3c.dom.Document)33
Element (org.w3c.dom.Element)31
CallbackHandler (javax.security.auth.callback.CallbackHandler)29
STSException (org.apache.cxf.ws.security.sts.provider.STSException)18
Principal (java.security.Principal)16
TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)16
TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)15
TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)14
TokenValidator (org.apache.cxf.sts.token.validator.TokenValidator)12
