Search in sources :

Example 56 with EncryptionProperties

use of org.apache.cxf.sts.service.EncryptionProperties in project cxf by apache.

the class TokenIssueOperation method issueSingle.

public RequestSecurityTokenResponseType issueSingle(RequestSecurityTokenType request, Principal principal, Map<String, Object> messageContext) {
    long start = System.currentTimeMillis();
    TokenProviderParameters providerParameters = new TokenProviderParameters();
    try {
        RequestRequirements requestRequirements = parseRequest(request, messageContext);
        providerParameters = createTokenProviderParameters(requestRequirements, principal, messageContext);
        providerParameters.setClaimsManager(claimsManager);
        String realm = providerParameters.getRealm();
        TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
        String tokenType = tokenRequirements.getTokenType();
        if (stsProperties.getSamlRealmCodec() != null) {
            SamlAssertionWrapper assertion = fetchSAMLAssertionFromWSSecuritySAMLToken(messageContext);
            if (assertion != null) {
                String wssecRealm = stsProperties.getSamlRealmCodec().getRealmFromToken(assertion);
                SAMLTokenPrincipal samlPrincipal = new SAMLTokenPrincipalImpl(assertion);
                if (LOG.isLoggable(Level.FINE)) {
                    LOG.fine("SAML token realm of user '" + samlPrincipal.getName() + "' is " + wssecRealm);
                }
                ReceivedToken wssecToken = new ReceivedToken(assertion.getElement());
                wssecToken.setState(STATE.VALID);
                TokenValidatorResponse tokenResponse = new TokenValidatorResponse();
                tokenResponse.setPrincipal(samlPrincipal);
                tokenResponse.setToken(wssecToken);
                tokenResponse.setTokenRealm(wssecRealm);
                tokenResponse.setAdditionalProperties(new HashMap<String, Object>());
                processValidToken(providerParameters, wssecToken, tokenResponse);
                providerParameters.setPrincipal(wssecToken.getPrincipal());
            }
        }
        // Validate OnBehalfOf token if present
        if (providerParameters.getTokenRequirements().getOnBehalfOf() != null) {
            ReceivedToken validateTarget = providerParameters.getTokenRequirements().getOnBehalfOf();
            handleDelegationToken(validateTarget, providerParameters, principal, messageContext, realm, requestRequirements);
        }
        // See whether ActAs is allowed or not
        if (providerParameters.getTokenRequirements().getActAs() != null) {
            ReceivedToken validateTarget = providerParameters.getTokenRequirements().getActAs();
            handleDelegationToken(validateTarget, providerParameters, principal, messageContext, realm, requestRequirements);
        }
        // create token
        TokenProviderResponse tokenResponse = null;
        for (TokenProvider tokenProvider : tokenProviders) {
            final boolean canHandle;
            if (realm == null) {
                canHandle = tokenProvider.canHandleToken(tokenType);
            } else {
                canHandle = tokenProvider.canHandleToken(tokenType, realm);
            }
            if (canHandle) {
                try {
                    tokenResponse = tokenProvider.createToken(providerParameters);
                } catch (STSException ex) {
                    LOG.log(Level.WARNING, "", ex);
                    throw ex;
                } catch (RuntimeException ex) {
                    LOG.log(Level.WARNING, "", ex);
                    throw new STSException("Error in providing a token", ex, STSException.REQUEST_FAILED);
                }
                break;
            }
        }
        if (tokenResponse == null || tokenResponse.getToken() == null) {
            LOG.log(Level.WARNING, "No token provider found for requested token type: " + tokenType);
            throw new STSException("No token provider found for requested token type: " + tokenType, STSException.REQUEST_FAILED);
        }
        // prepare response
        try {
            KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
            EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
            RequestSecurityTokenResponseType response = createResponse(encryptionProperties, tokenResponse, tokenRequirements, keyRequirements);
            STSIssueSuccessEvent event = new STSIssueSuccessEvent(providerParameters, System.currentTimeMillis() - start);
            publishEvent(event);
            cleanRequest(requestRequirements);
            return response;
        } catch (Throwable ex) {
            LOG.log(Level.WARNING, "", ex);
            throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED);
        }
    } catch (RuntimeException ex) {
        LOG.log(Level.SEVERE, "Cannot issue token: " + ex.getMessage(), ex);
        STSIssueFailureEvent event = new STSIssueFailureEvent(providerParameters, System.currentTimeMillis() - start, ex);
        publishEvent(event);
        throw ex;
    }
}
Also used : SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal) RequestRequirements(org.apache.cxf.sts.request.RequestRequirements) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) STSException(org.apache.cxf.ws.security.sts.provider.STSException) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters) TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) SAMLTokenPrincipalImpl(org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl) STSIssueSuccessEvent(org.apache.cxf.sts.event.STSIssueSuccessEvent) STSIssueFailureEvent(org.apache.cxf.sts.event.STSIssueFailureEvent)

Aggregations

EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)56 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)51 MessageImpl (org.apache.cxf.message.MessageImpl)51 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)51 KeyRequirements (org.apache.cxf.sts.request.KeyRequirements)46 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)45 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)44 Crypto (org.apache.wss4j.common.crypto.Crypto)35 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)33 TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)28 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)11 ServiceMBean (org.apache.cxf.sts.service.ServiceMBean)10 STSException (org.apache.cxf.ws.security.sts.provider.STSException)10 JAXBElement (javax.xml.bind.JAXBElement)9 StaticService (org.apache.cxf.sts.service.StaticService)9 RequestSecurityTokenResponseCollectionType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)9 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)9 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)6 ReceivedCredential (org.apache.cxf.sts.request.ReceivedCredential)4 CryptoType (org.apache.wss4j.common.crypto.CryptoType)4