Examples with SCTCanceller org.apache.cxf.sts.token.canceller.SCTCanceller used on opensource projects

Search in sources :

Example 1 with SCTCanceller

use of org.apache.cxf.sts.token.canceller.SCTCanceller in project cxf by apache.

the class CancelSCTUnitTest method testCancelSCT.

/**
 * Test to successfully cancel a SecurityContextToken
 */
@org.junit.Test
public void testCancelSCT() throws Exception {
    TokenCancelOperation cancelOperation = new TokenCancelOperation();
    cancelOperation.setTokenStore(tokenStore);
    // Add Token Canceller
    List<TokenCanceller> cancellerList = new ArrayList<>();
    TokenCanceller sctCanceller = new SCTCanceller();
    sctCanceller.setVerifyProofOfPossession(false);
    cancellerList.add(sctCanceller);
    cancelOperation.setTokenCancellers(cancellerList);
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    cancelOperation.setStsProperties(stsProperties);
    // Get a SecurityContextToken via the SCTProvider
    TokenProviderResponse providerResponse = createSCT();
    Element sct = (Element) providerResponse.getToken();
    CancelTargetType cancelTarget = new CancelTargetType();
    cancelTarget.setAny(sct);
    // Mock up a request
    JAXBElement<CancelTargetType> cancelTargetType = new JAXBElement<CancelTargetType>(QNameConstants.CANCEL_TARGET, CancelTargetType.class, cancelTarget);
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    request.getAny().add(cancelTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Cancel a token
    RequestSecurityTokenResponseType response = cancelOperation.cancel(request, principal, msgCtx);
    assertTrue(validateResponse(response));
    // Now try to cancel again
    try {
        cancelOperation.cancel(request, principal, msgCtx);
    } catch (STSException ex) {
    // expected
    }
}
Also used : JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) ArrayList(java.util.ArrayList) CancelTargetType(org.apache.cxf.ws.security.sts.provider.model.CancelTargetType) STSException(org.apache.cxf.ws.security.sts.provider.STSException) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) JAXBElement(javax.xml.bind.JAXBElement) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) SecurityContext(org.apache.cxf.security.SecurityContext) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) SCTCanceller(org.apache.cxf.sts.token.canceller.SCTCanceller) MessageImpl(org.apache.cxf.message.MessageImpl) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Principal(java.security.Principal) TokenCanceller(org.apache.cxf.sts.token.canceller.TokenCanceller)

Example 2 with SCTCanceller

use of org.apache.cxf.sts.token.canceller.SCTCanceller in project cxf by apache.

the class RequestParserUnitTest method testCancelSCT.

/**
 * Test for fetching (and cancelling) a referenced SecurityContextToken.
 */
@org.junit.Test
public void testCancelSCT() throws Exception {
    Element secHeaderElement = (Element) parseStringToElement(SECURITY_HEADER).getFirstChild();
    RequestSecurityTokenType request = createJaxbObject(CANCEL_SCT_REFERENCE);
    RequestParser parser = new RequestParser();
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgContext = new WrappedMessageContext(msg);
    // Process the security header and store the results in the message context
    WSSecurityEngine securityEngine = new WSSecurityEngine();
    RequestData reqData = new RequestData();
    reqData.setCallbackHandler(new PasswordCallbackHandler());
    WSHandlerResult results = securityEngine.processSecurityHeader(secHeaderElement, reqData);
    List<WSHandlerResult> resultsList = new ArrayList<>();
    resultsList.add(results);
    msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList);
    RequestRequirements requestRequirements = parser.parseRequest(request, msgContext, null, null);
    SCTCanceller sctCanceller = new SCTCanceller();
    assertTrue(sctCanceller.canHandleToken(requestRequirements.getTokenRequirements().getCancelTarget()));
}
Also used : JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) ArrayList(java.util.ArrayList) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) RequestData(org.apache.wss4j.dom.handler.RequestData) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) WSSecurityEngine(org.apache.wss4j.dom.engine.WSSecurityEngine) MessageImpl(org.apache.cxf.message.MessageImpl) SCTCanceller(org.apache.cxf.sts.token.canceller.SCTCanceller)

Aggregations

ArrayList (java.util.ArrayList)2 JAXBElement (javax.xml.bind.JAXBElement)2 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)2 MessageImpl (org.apache.cxf.message.MessageImpl)2 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)2 SCTCanceller (org.apache.cxf.sts.token.canceller.SCTCanceller)2 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)2 Element (org.w3c.dom.Element)2 Principal (java.security.Principal)1 SecurityContext (org.apache.cxf.security.SecurityContext)1 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)1 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)1 TokenCanceller (org.apache.cxf.sts.token.canceller.TokenCanceller)1 TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)1 STSException (org.apache.cxf.ws.security.sts.provider.STSException)1 CancelTargetType (org.apache.cxf.ws.security.sts.provider.model.CancelTargetType)1 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)1 Crypto (org.apache.wss4j.common.crypto.Crypto)1 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)1 WSSecurityEngine (org.apache.wss4j.dom.engine.WSSecurityEngine)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial