Example 91 with TokenRequirements
use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.
the class JWTTokenValidatorTest method testJWTWithRoles.
@org.junit.Test
public void testJWTWithRoles() throws Exception {
// Create
TokenProvider jwtTokenProvider = new JWTTokenProvider();
((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
JWTClaimsProvider claimsProvider = new RoleJWTClaimsProvider("manager");
((JWTTokenProvider) jwtTokenProvider).setJwtClaimsProvider(claimsProvider);
TokenProviderParameters providerParameters = createProviderParameters();
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
assertTrue(token.split("\\.").length == 3);
// Validate the token
TokenValidator jwtTokenValidator = new JWTTokenValidator();
// Set the role
DefaultJWTRoleParser roleParser = new DefaultJWTRoleParser();
roleParser.setRoleClaim("role");
((JWTTokenValidator) jwtTokenValidator).setRoleParser(roleParser);
TokenValidatorParameters validatorParameters = createValidatorParameters();
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
// Create a ValidateTarget consisting of a JWT Token
ReceivedToken validateTarget = new ReceivedToken(createTokenWrapper(token));
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
assertTrue(jwtTokenValidator.canHandleToken(validateTarget));
TokenValidatorResponse validatorResponse = jwtTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
Principal principal = validatorResponse.getPrincipal();
assertTrue(principal != null && principal.getName() != null);
Set<Principal> roles = validatorResponse.getRoles();
assertTrue(roles != null && !roles.isEmpty());
assertTrue(roles.iterator().next().getName().equals("manager"));
}
Also used :
TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)
TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider)
JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)
JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator)
JWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.JWTClaimsProvider)
DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator)
DefaultJWTRoleParser(org.apache.cxf.sts.token.validator.jwt.DefaultJWTRoleParser)
TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Principal(java.security.Principal)
JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)
Example 92 with TokenRequirements
use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.
the class JWTTokenValidatorTest method createValidatorParameters.
private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
TokenValidatorParameters parameters = new TokenValidatorParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(STSConstants.STATUS);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
parameters.setKeyRequirements(keyRequirements);
parameters.setPrincipal(new CustomTokenPrincipal("alice"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
parameters.setStsProperties(stsProperties);
parameters.setTokenStore(tokenStore);
return parameters;
}
Also used :
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Crypto(org.apache.wss4j.common.crypto.Crypto)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
KeyRequirements(org.apache.cxf.sts.request.KeyRequirements)
StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties)
MessageImpl(org.apache.cxf.message.MessageImpl)
Example 93 with TokenRequirements
use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.
the class SAMLTokenValidatorCachedRealmTest method createProviderParameters.
private TokenProviderParameters createProviderParameters(String tokenType, String keyType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler) throws WSSecurityException {
TokenProviderParameters parameters = new TokenProviderParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(tokenType);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
keyRequirements.setKeyType(keyType);
parameters.setKeyRequirements(keyRequirements);
parameters.setPrincipal(new CustomTokenPrincipal("alice"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
parameters.setAppliesToAddress("http://dummy-service.com/dummy");
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
stsProperties.setSignatureCrypto(crypto);
stsProperties.setSignatureUsername(signatureUsername);
stsProperties.setCallbackHandler(callbackHandler);
stsProperties.setIssuer("STS");
parameters.setStsProperties(stsProperties);
parameters.setEncryptionProperties(new EncryptionProperties());
parameters.setTokenStore(tokenStore);
return parameters;
}
Also used :
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext)
EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties)
KeyRequirements(org.apache.cxf.sts.request.KeyRequirements)
StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties)
MessageImpl(org.apache.cxf.message.MessageImpl)
TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)
Example 94 with TokenRequirements
use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.
the class SAMLTokenValidatorCachedRealmTest method testValidCachedRealm.
/**
* Test a SAML Assertion with valid cached realm.
*/
@org.junit.Test
public void testValidCachedRealm() throws Exception {
TokenValidator samlTokenValidator = new SAMLTokenValidator();
TokenValidatorParameters validatorParameters = createValidatorParameters();
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
// Create a ValidateTarget consisting of a SAML Assertion
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
CallbackHandler callbackHandler = new PasswordCallbackHandler();
Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, "A");
Document doc = samlToken.getOwnerDocument();
samlToken = (Element) doc.appendChild(samlToken);
ReceivedToken validateTarget = new ReceivedToken(samlToken);
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
// Now set the SAMLRealmCodec implementation on the Validator
SAMLRealmCodec samlRealmCodec = new IssuerSAMLRealmCodec();
((SAMLTokenValidator) samlTokenValidator).setSamlRealmCodec(samlRealmCodec);
TokenValidatorResponse validatorResponse = samlTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
assertTrue(validatorResponse.getTokenRealm().equals("A"));
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
Element(org.w3c.dom.Element)
SAMLRealmCodec(org.apache.cxf.sts.token.realm.SAMLRealmCodec)
Document(org.w3c.dom.Document)
Crypto(org.apache.wss4j.common.crypto.Crypto)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Example 95 with TokenRequirements
use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.
the class SAMLTokenValidatorCachedRealmTest method testInValidCachedRealm.
/**
* Test a SAML Assertion with invalid cached realm.
*/
@org.junit.Test
public void testInValidCachedRealm() throws Exception {
TokenValidator samlTokenValidator = new SAMLTokenValidator();
TokenValidatorParameters validatorParameters = createValidatorParameters();
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
// Create a ValidateTarget consisting of a SAML Assertion
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
CallbackHandler callbackHandler = new PasswordCallbackHandler();
Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, "A");
Document doc = samlToken.getOwnerDocument();
samlToken = (Element) doc.appendChild(samlToken);
ReceivedToken validateTarget = new ReceivedToken(samlToken);
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
// Now set the SAMLRealmCodec implementation on the Validator
SAMLRealmCodec samlRealmCodec = new CacheSAMLRealmCodec();
((SAMLTokenValidator) samlTokenValidator).setSamlRealmCodec(samlRealmCodec);
TokenValidatorResponse validatorResponse = samlTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
assertNull(validatorResponse.getTokenRealm());
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
Element(org.w3c.dom.Element)
SAMLRealmCodec(org.apache.cxf.sts.token.realm.SAMLRealmCodec)
Document(org.w3c.dom.Document)
Crypto(org.apache.wss4j.common.crypto.Crypto)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Aggregations
TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)116
CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)79
Crypto (org.apache.wss4j.common.crypto.Crypto)67
PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)65
KeyRequirements (org.apache.cxf.sts.request.KeyRequirements)63
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)55
WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)54
MessageImpl (org.apache.cxf.message.MessageImpl)54
StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)54
EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)45
TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)39
Document (org.w3c.dom.Document)33
Element (org.w3c.dom.Element)31
CallbackHandler (javax.security.auth.callback.CallbackHandler)29
STSException (org.apache.cxf.ws.security.sts.provider.STSException)18
Principal (java.security.Principal)16
TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)16
TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)15
TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)14
TokenValidator (org.apache.cxf.sts.token.validator.TokenValidator)12
