Example 6 with TokenDelegationResponse
use of org.apache.cxf.sts.token.delegation.TokenDelegationResponse in project cxf by apache.
the class AbstractOperation method performDelegationHandling.
protected void performDelegationHandling(RequestRequirements requestRequirements, Principal principal, Map<String, Object> messageContext, ReceivedToken token, Principal tokenPrincipal, Set<Principal> tokenRoles) {
TokenDelegationParameters delegationParameters = new TokenDelegationParameters();
delegationParameters.setStsProperties(stsProperties);
delegationParameters.setPrincipal(principal);
delegationParameters.setMessageContext(messageContext);
delegationParameters.setTokenStore(getTokenStore());
delegationParameters.setTokenPrincipal(tokenPrincipal);
delegationParameters.setTokenRoles(tokenRoles);
KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
delegationParameters.setKeyRequirements(keyRequirements);
delegationParameters.setTokenRequirements(tokenRequirements);
// Extract AppliesTo
String address = extractAddressFromAppliesTo(tokenRequirements.getAppliesTo());
delegationParameters.setAppliesToAddress(address);
delegationParameters.setToken(token);
TokenDelegationResponse tokenResponse = null;
for (TokenDelegationHandler delegationHandler : delegationHandlers) {
if (delegationHandler.canHandleToken(token)) {
try {
tokenResponse = delegationHandler.isDelegationAllowed(delegationParameters);
} catch (RuntimeException ex) {
LOG.log(Level.WARNING, "", ex);
throw new STSException("Error in delegation handling", ex, STSException.REQUEST_FAILED);
}
break;
}
}
if (tokenResponse == null || !tokenResponse.isDelegationAllowed()) {
LOG.log(Level.WARNING, "No matching token delegation handler found");
throw new STSException("No matching token delegation handler found", STSException.REQUEST_FAILED);
}
}
Also used :
TokenDelegationParameters(org.apache.cxf.sts.token.delegation.TokenDelegationParameters)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
KeyRequirements(org.apache.cxf.sts.request.KeyRequirements)
TokenDelegationResponse(org.apache.cxf.sts.token.delegation.TokenDelegationResponse)
TokenDelegationHandler(org.apache.cxf.sts.token.delegation.TokenDelegationHandler)
Example 7 with TokenDelegationResponse
use of org.apache.cxf.sts.token.delegation.TokenDelegationResponse in project ddf by codice.
the class TestBSTDelegationHandler method testDelegationAllowed.
@Test
public void testDelegationAllowed() {
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
binarySecurityTokenType.setValueType(BSTAuthenticationToken.BST_NS + "#" + BSTAuthenticationToken.BST_LN);
ReceivedToken receivedToken = mock(ReceivedToken.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
TokenDelegationParameters tokenDelegationParameters = mock(TokenDelegationParameters.class);
when(tokenDelegationParameters.getToken()).thenReturn(receivedToken);
BSTDelegationHandler bstDelegationHandler = new BSTDelegationHandler();
TokenDelegationResponse response = bstDelegationHandler.isDelegationAllowed(tokenDelegationParameters);
assertEquals(true, response.isDelegationAllowed());
}
Also used :
TokenDelegationParameters(org.apache.cxf.sts.token.delegation.TokenDelegationParameters)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
TokenDelegationResponse(org.apache.cxf.sts.token.delegation.TokenDelegationResponse)
Test(org.junit.Test)
Example 8 with TokenDelegationResponse
use of org.apache.cxf.sts.token.delegation.TokenDelegationResponse in project cas by apereo.
the class X509TokenDelegationHandler method isDelegationAllowed.
@Override
public TokenDelegationResponse isDelegationAllowed(final TokenDelegationParameters tokenParameters) {
val response = new TokenDelegationResponse();
val delegateTarget = tokenParameters.getToken();
response.setToken(delegateTarget);
if (!delegateTarget.isDOMElement()) {
return response;
}
if (delegateTarget.getState() == ReceivedToken.STATE.VALID && delegateTarget.getPrincipal() != null) {
response.setDelegationAllowed(true);
LOGGER.debug("Delegation is allowed for [{}]", delegateTarget.getPrincipal());
} else {
LOGGER.debug("Delegation is not allowed; token is invalid or the principal is undefined");
}
return response;
}
Also used :
lombok.val(lombok.val)
TokenDelegationResponse(org.apache.cxf.sts.token.delegation.TokenDelegationResponse)
Aggregations
TokenDelegationResponse (org.apache.cxf.sts.token.delegation.TokenDelegationResponse)8
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)4
TokenDelegationParameters (org.apache.cxf.sts.token.delegation.TokenDelegationParameters)3
BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)3
Test (org.junit.Test)2
lombok.val (lombok.val)1
KeyRequirements (org.apache.cxf.sts.request.KeyRequirements)1
TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)1
TokenDelegationHandler (org.apache.cxf.sts.token.delegation.TokenDelegationHandler)1
STSException (org.apache.cxf.ws.security.sts.provider.STSException)1
UsernameTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType)1
AMSTSRuntimeException (org.forgerock.openam.sts.AMSTSRuntimeException)1
TokenValidationException (org.forgerock.openam.sts.TokenValidationException)1
