Example 6 with TokenRequirements
use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.
the class DefaultAttributeStatementProvider method getStatement.
/**
* Get an AttributeStatementBean using the given parameters.
*/
public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
AttributeStatementBean attrBean = new AttributeStatementBean();
List<AttributeBean> attributeList = new ArrayList<>();
TokenRequirements tokenRequirements = providerParameters.getTokenRequirements();
String tokenType = tokenRequirements.getTokenType();
AttributeBean attributeBean = createDefaultAttribute(tokenType);
attributeList.add(attributeBean);
attrBean.setSamlAttributes(attributeList);
return attrBean;
}
Also used :
AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
ArrayList(java.util.ArrayList)
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
Example 7 with TokenRequirements
use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.
the class SAMLTokenProvider method createToken.
/**
* Create a token given a TokenProviderParameters
*/
public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
testKeyType(tokenParameters);
KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
}
byte[] secret = null;
byte[] entropyBytes = null;
long keySize = 0;
boolean computedKey = false;
if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyRequirements.getKeyType())) {
SymmetricKeyHandler keyHandler = new SymmetricKeyHandler(tokenParameters);
keyHandler.createSymmetricKey();
secret = keyHandler.getSecret();
entropyBytes = keyHandler.getEntropyBytes();
keySize = keyHandler.getKeySize();
computedKey = keyHandler.isComputedKey();
}
try {
Document doc = DOMUtils.createDocument();
SamlAssertionWrapper assertion = createSamlToken(tokenParameters, secret, doc);
Element token = assertion.toDOM(doc);
// set the token in cache (only if the token is signed)
byte[] signatureValue = assertion.getSignatureValue();
if (tokenParameters.getTokenStore() != null && signatureValue != null && signatureValue.length > 0) {
SecurityToken securityToken = CacheUtils.createSecurityTokenForStorage(token, assertion.getId(), assertion.getNotOnOrAfter(), tokenParameters.getPrincipal(), tokenParameters.getRealm(), tokenParameters.getTokenRequirements().getRenewing());
CacheUtils.storeTokenInCache(securityToken, tokenParameters.getTokenStore(), signatureValue);
}
TokenProviderResponse response = new TokenProviderResponse();
String tokenType = tokenRequirements.getTokenType();
if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
response.setTokenId(token.getAttributeNS(null, "ID"));
} else {
response.setTokenId(token.getAttributeNS(null, "AssertionID"));
}
if (tokenParameters.isEncryptToken()) {
token = TokenProviderUtils.encryptToken(token, response.getTokenId(), tokenParameters.getStsProperties(), tokenParameters.getEncryptionProperties(), keyRequirements, tokenParameters.getMessageContext());
}
response.setToken(token);
DateTime validFrom = null;
DateTime validTill = null;
if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
validFrom = assertion.getSaml2().getConditions().getNotBefore();
validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
} else {
validFrom = assertion.getSaml1().getConditions().getNotBefore();
validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
}
response.setCreated(validFrom.toDate().toInstant());
response.setExpires(validTill.toDate().toInstant());
response.setEntropy(entropyBytes);
if (keySize > 0) {
response.setKeySize(keySize);
}
response.setComputedKey(computedKey);
LOG.fine("SAML Token successfully created");
return response;
} catch (Exception e) {
LOG.log(Level.WARNING, "", e);
throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
}
}
Also used :
Element(org.w3c.dom.Element)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
Document(org.w3c.dom.Document)
DateTime(org.joda.time.DateTime)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
KeyRequirements(org.apache.cxf.sts.request.KeyRequirements)
Example 8 with TokenRequirements
use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.
the class SamlCallbackHandler method handle.
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof SAMLCallback) {
SAMLCallback samlCallback = (SAMLCallback) callback;
// Set the Subject
if (subjectBean != null) {
samlCallback.setSubject(subjectBean);
}
// Set the token Type.
TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
String tokenType = tokenRequirements.getTokenType();
boolean saml1 = false;
if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML_NS.equals(tokenType)) {
samlCallback.setSamlVersion(Version.SAML_11);
saml1 = true;
setSubjectOnBeans();
} else {
samlCallback.setSamlVersion(Version.SAML_20);
}
// Set the issuer
if (issuer == null) {
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
samlCallback.setIssuer(stsProperties.getIssuer());
} else {
samlCallback.setIssuer(issuer);
}
// Set the statements
boolean statementAdded = false;
if (attributeBeans != null && !attributeBeans.isEmpty()) {
samlCallback.setAttributeStatementData(attributeBeans);
statementAdded = true;
}
if (authBeans != null && !authBeans.isEmpty()) {
samlCallback.setAuthenticationStatementData(authBeans);
statementAdded = true;
}
if (authDecisionBeans != null && !authDecisionBeans.isEmpty()) {
samlCallback.setAuthDecisionStatementData(authDecisionBeans);
statementAdded = true;
}
// If SAML 1.1 we *must* add a Statement
if (saml1 && !statementAdded) {
AttributeStatementBean defaultStatement = new DefaultAttributeStatementProvider().getStatement(tokenParameters);
defaultStatement.setSubject(subjectBean);
samlCallback.setAttributeStatementData(Collections.singletonList(defaultStatement));
}
// Set the conditions
samlCallback.setConditions(conditionsBean);
}
}
}
Also used :
AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
Callback(javax.security.auth.callback.Callback)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
Example 9 with TokenRequirements
use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.
the class CustomAttributeProvider method getStatement.
/**
* Get an AttributeStatementBean using the given parameters.
*/
public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
List<AttributeBean> attributeList = new ArrayList<>();
TokenRequirements tokenRequirements = providerParameters.getTokenRequirements();
String tokenType = tokenRequirements.getTokenType();
// Handle Claims
ProcessedClaimCollection retrievedClaims = ClaimsUtils.processClaims(providerParameters);
AttributeStatementBean attrBean = new AttributeStatementBean();
Iterator<ProcessedClaim> claimIterator = retrievedClaims.iterator();
if (!claimIterator.hasNext()) {
// If no Claims have been processed then create a default attribute
AttributeBean attributeBean = createDefaultAttribute(tokenType);
attributeList.add(attributeBean);
}
while (claimIterator.hasNext()) {
ProcessedClaim claim = claimIterator.next();
AttributeBean attributeBean = createAttributeFromClaim(claim, tokenType);
attributeList.add(attributeBean);
}
ReceivedToken onBehalfOf = tokenRequirements.getOnBehalfOf();
ReceivedToken actAs = tokenRequirements.getActAs();
try {
if (onBehalfOf != null) {
AttributeBean parameterBean = handleAdditionalParameters(false, onBehalfOf.getToken(), tokenType);
if (!parameterBean.getAttributeValues().isEmpty()) {
attributeList.add(parameterBean);
}
}
if (actAs != null) {
AttributeBean parameterBean = handleAdditionalParameters(true, actAs.getToken(), tokenType);
if (!parameterBean.getAttributeValues().isEmpty()) {
attributeList.add(parameterBean);
}
}
} catch (WSSecurityException ex) {
throw new STSException(ex.getMessage(), ex);
}
attrBean.setSamlAttributes(attributeList);
return attrBean;
}
Also used :
AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean)
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
ArrayList(java.util.ArrayList)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Example 10 with TokenRequirements
use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.
the class CancelSCTUnitTest method createProviderParameters.
private TokenProviderParameters createProviderParameters(String tokenType) throws WSSecurityException {
TokenProviderParameters parameters = new TokenProviderParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(tokenType);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
parameters.setKeyRequirements(keyRequirements);
parameters.setTokenStore(tokenStore);
parameters.setPrincipal(new CustomTokenPrincipal("alice"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
parameters.setAppliesToAddress("http://dummy-service.com/dummy");
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setSignatureCrypto(crypto);
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
parameters.setStsProperties(stsProperties);
parameters.setEncryptionProperties(new EncryptionProperties());
return parameters;
}
Also used :
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Crypto(org.apache.wss4j.common.crypto.Crypto)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties)
KeyRequirements(org.apache.cxf.sts.request.KeyRequirements)
StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties)
MessageImpl(org.apache.cxf.message.MessageImpl)
TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)
Aggregations
TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)116
CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)79
Crypto (org.apache.wss4j.common.crypto.Crypto)67
PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)65
KeyRequirements (org.apache.cxf.sts.request.KeyRequirements)63
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)55
WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)54
MessageImpl (org.apache.cxf.message.MessageImpl)54
StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)54
EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)45
TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)39
Document (org.w3c.dom.Document)33
Element (org.w3c.dom.Element)31
CallbackHandler (javax.security.auth.callback.CallbackHandler)29
STSException (org.apache.cxf.ws.security.sts.provider.STSException)18
Principal (java.security.Principal)16
TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)16
TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)15
TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)14
TokenValidator (org.apache.cxf.sts.token.validator.TokenValidator)12
