Examples with TokenRequirements org.apache.cxf.sts.request.TokenRequirements used on opensource projects

Search in sources :

Example 51 with TokenRequirements

use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.

the class UsernameTokenValidatorTest method createValidatorParameters.

private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
    TokenValidatorParameters parameters = new TokenValidatorParameters();
    TokenRequirements tokenRequirements = new TokenRequirements();
    tokenRequirements.setTokenType(STSConstants.STATUS);
    parameters.setTokenRequirements(tokenRequirements);
    KeyRequirements keyRequirements = new KeyRequirements();
    parameters.setKeyRequirements(keyRequirements);
    parameters.setPrincipal(new CustomTokenPrincipal("alice"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    parameters.setMessageContext(msgCtx);
    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    parameters.setStsProperties(stsProperties);
    return parameters;
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Crypto(org.apache.wss4j.common.crypto.Crypto) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) MessageImpl(org.apache.cxf.message.MessageImpl)

Example 52 with TokenRequirements

use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.

the class X509TokenValidatorTest method testInvalidCertificate.

/**
 * Test an invalid certificate
 */
@org.junit.Test
public void testInvalidCertificate() throws Exception {
    TokenValidator x509TokenValidator = new X509TokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    // Create a ValidateTarget consisting of an X509Certificate
    BinarySecurityTokenType binarySecurityToken = new BinarySecurityTokenType();
    JAXBElement<BinarySecurityTokenType> tokenType = new JAXBElement<BinarySecurityTokenType>(QNameConstants.BINARY_SECURITY_TOKEN, BinarySecurityTokenType.class, binarySecurityToken);
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias("eve");
    Crypto crypto = CryptoFactory.getInstance(getEveCryptoProperties());
    X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
    assertTrue(certs != null && certs.length > 0);
    binarySecurityToken.setValue(Base64.getMimeEncoder().encodeToString(certs[0].getEncoded()));
    binarySecurityToken.setValueType(X509TokenValidator.X509_V3_TYPE);
    binarySecurityToken.setEncodingType(WSS4JConstants.SOAPMESSAGE_NS + "#Base64Binary");
    ReceivedToken validateTarget = new ReceivedToken(tokenType);
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    assertTrue(x509TokenValidator.canHandleToken(validateTarget));
    TokenValidatorResponse validatorResponse = x509TokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
}
Also used : JAXBElement(javax.xml.bind.JAXBElement) CryptoType(org.apache.wss4j.common.crypto.CryptoType) X509Certificate(java.security.cert.X509Certificate) Crypto(org.apache.wss4j.common.crypto.Crypto) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)

Example 53 with TokenRequirements

use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.

the class X509TokenValidatorTest method testValidCertificate.

/**
 * Test a valid certificate
 */
@org.junit.Test
public void testValidCertificate() throws Exception {
    TokenValidator x509TokenValidator = new X509TokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    // Create a ValidateTarget consisting of an X509Certificate
    BinarySecurityTokenType binarySecurityToken = new BinarySecurityTokenType();
    JAXBElement<BinarySecurityTokenType> tokenType = new JAXBElement<BinarySecurityTokenType>(QNameConstants.BINARY_SECURITY_TOKEN, BinarySecurityTokenType.class, binarySecurityToken);
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias("myclientkey");
    Crypto crypto = validatorParameters.getStsProperties().getSignatureCrypto();
    X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
    assertTrue(certs != null && certs.length > 0);
    binarySecurityToken.setValue(Base64.getMimeEncoder().encodeToString(certs[0].getEncoded()));
    ReceivedToken validateTarget = new ReceivedToken(tokenType);
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    // It can't handle the token as the value type is not set
    assertFalse(x509TokenValidator.canHandleToken(validateTarget));
    binarySecurityToken.setValueType(X509TokenValidator.X509_V3_TYPE);
    assertTrue(x509TokenValidator.canHandleToken(validateTarget));
    // This will fail as the encoding type is not set
    TokenValidatorResponse validatorResponse = null;
    validatorResponse = x509TokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
    binarySecurityToken.setEncodingType(WSS4JConstants.SOAPMESSAGE_NS + "#Base64Binary");
    validatorResponse = x509TokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
    Principal principal = validatorResponse.getPrincipal();
    assertTrue(principal != null && principal.getName() != null);
}
Also used : JAXBElement(javax.xml.bind.JAXBElement) CryptoType(org.apache.wss4j.common.crypto.CryptoType) X509Certificate(java.security.cert.X509Certificate) Crypto(org.apache.wss4j.common.crypto.Crypto) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Principal(java.security.Principal)

Example 54 with TokenRequirements

use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.

the class IssueUnitTest method createProviderParameters.

private TokenProviderParameters createProviderParameters(String tokenType, String keyType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, String username, String issuer) throws WSSecurityException {
    TokenProviderParameters parameters = new TokenProviderParameters();
    TokenRequirements tokenRequirements = new TokenRequirements();
    tokenRequirements.setTokenType(tokenType);
    parameters.setTokenRequirements(tokenRequirements);
    KeyRequirements keyRequirements = new KeyRequirements();
    keyRequirements.setKeyType(keyType);
    parameters.setKeyRequirements(keyRequirements);
    parameters.setPrincipal(new CustomTokenPrincipal(username));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    parameters.setMessageContext(msgCtx);
    parameters.setAppliesToAddress("https://localhost:" + STSPORT + "/SecurityTokenService/b-issuer/Transport");
    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setSignatureUsername(signatureUsername);
    stsProperties.setCallbackHandler(callbackHandler);
    stsProperties.setIssuer(issuer);
    parameters.setStsProperties(stsProperties);
    parameters.setEncryptionProperties(new EncryptionProperties());
    return parameters;
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) MessageImpl(org.apache.cxf.message.MessageImpl) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 55 with TokenRequirements

use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.

the class AbstractOperation method validateReceivedToken.

protected TokenValidatorResponse validateReceivedToken(Principal principal, Map<String, Object> messageContext, String realm, TokenRequirements tokenRequirements, ReceivedToken token) {
    token.setState(STATE.NONE);
    TokenRequirements validateRequirements = new TokenRequirements();
    validateRequirements.setValidateTarget(token);
    TokenValidatorParameters validatorParameters = new TokenValidatorParameters();
    validatorParameters.setStsProperties(stsProperties);
    validatorParameters.setPrincipal(principal);
    validatorParameters.setMessageContext(messageContext);
    validatorParameters.setTokenStore(getTokenStore());
    validatorParameters.setKeyRequirements(null);
    validatorParameters.setTokenRequirements(validateRequirements);
    validatorParameters.setToken(token);
    if (tokenValidators.isEmpty()) {
        LOG.fine("No token validators have been configured to validate the received token");
    }
    TokenValidatorResponse tokenResponse = null;
    for (TokenValidator tokenValidator : tokenValidators) {
        boolean canHandle = false;
        if (realm == null) {
            canHandle = tokenValidator.canHandleToken(token);
        } else {
            canHandle = tokenValidator.canHandleToken(token, realm);
        }
        if (canHandle) {
            try {
                tokenResponse = tokenValidator.validateToken(validatorParameters);
                token = tokenResponse.getToken();
                // The parsed principal/roles is set if available. It's up to other
                // components to deal with the STATE of the validation
                token.setPrincipal(tokenResponse.getPrincipal());
                token.setRoles(tokenResponse.getRoles());
            } catch (RuntimeException ex) {
                LOG.log(Level.WARNING, "Failed to validate the token", ex);
                token.setState(STATE.INVALID);
            }
            break;
        }
    }
    if (tokenResponse == null) {
        LOG.fine("No token validator has been configured to validate the received token");
    }
    return tokenResponse;
}
Also used : TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) TokenValidator(org.apache.cxf.sts.token.validator.TokenValidator) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)

Aggregations

TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)116 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)79 Crypto (org.apache.wss4j.common.crypto.Crypto)67 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)65 KeyRequirements (org.apache.cxf.sts.request.KeyRequirements)63 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)55 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)54 MessageImpl (org.apache.cxf.message.MessageImpl)54 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)54 EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)45 TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)39 Document (org.w3c.dom.Document)33 Element (org.w3c.dom.Element)31 CallbackHandler (javax.security.auth.callback.CallbackHandler)29 STSException (org.apache.cxf.ws.security.sts.provider.STSException)18 Principal (java.security.Principal)16 TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)16 TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)15 TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)14 TokenValidator (org.apache.cxf.sts.token.validator.TokenValidator)12
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial