Examples with DefaultConditionsProvider org.apache.cxf.sts.token.provider.DefaultConditionsProvider used on opensource projects

Search in sources :

Example 6 with DefaultConditionsProvider

use of org.apache.cxf.sts.token.provider.DefaultConditionsProvider in project cas by apereo.

the class CoreWsSecuritySecurityTokenServiceConfiguration method transportSamlTokenProvider.

@RefreshScope
@Bean
public SAMLTokenProvider transportSamlTokenProvider() {
    final WsFederationProperties.SecurityTokenService wsfed = casProperties.getAuthn().getWsfedIdp().getSts();
    final DefaultSubjectProvider s = new DefaultSubjectProvider();
    switch(wsfed.getSubjectNameIdFormat().trim().toLowerCase()) {
        case "email":
            s.setSubjectNameIDFormat(NameID.EMAIL);
            break;
        case "entity":
            s.setSubjectNameIDFormat(NameID.ENTITY);
            break;
        case "transient":
            s.setSubjectNameIDFormat(NameID.TRANSIENT);
            break;
        case "unspecified":
        default:
            s.setSubjectNameIDFormat(NameID.UNSPECIFIED);
            break;
    }
    final DefaultConditionsProvider c = new DefaultConditionsProvider();
    c.setAcceptClientLifetime(true);
    final SAMLTokenProvider provider = new SAMLTokenProvider();
    provider.setAttributeStatementProviders(CollectionUtils.wrap(new ClaimsAttributeStatementProvider()));
    provider.setRealmMap(realms());
    provider.setConditionsProvider(c);
    provider.setSubjectProvider(s);
    return provider;
}
Also used : WsFederationProperties(org.apereo.cas.configuration.model.support.wsfed.WsFederationProperties) ClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider) SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) DefaultConditionsProvider(org.apache.cxf.sts.token.provider.DefaultConditionsProvider) DefaultSubjectProvider(org.apache.cxf.sts.token.provider.DefaultSubjectProvider) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) ServletRegistrationBean(org.springframework.boot.web.servlet.ServletRegistrationBean) Bean(org.springframework.context.annotation.Bean)

Example 7 with DefaultConditionsProvider

use of org.apache.cxf.sts.token.provider.DefaultConditionsProvider in project cxf by apache.

the class SAMLTokenRenewerLifetimeTest method testSaml2ProviderLifetime.

/**
 * Renew SAML 2 token with a lifetime configured in SAMLTokenProvider
 * No specific lifetime requested
 */
@org.junit.Test
public void testSaml2ProviderLifetime() throws Exception {
    SAMLTokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
    samlTokenRenewer.setVerifyProofOfPossession(false);
    samlTokenRenewer.setAllowRenewalAfterExpiry(true);
    long providerLifetime = 10 * 600L;
    DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
    conditionsProvider.setLifetime(providerLifetime);
    samlTokenRenewer.setConditionsProvider(conditionsProvider);
    TokenRenewerParameters renewerParameters = createRenewerParameters();
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    // Create token.
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50, true, true);
    // Sleep to expire the token
    Thread.sleep(100);
    ReceivedToken renewTarget = new ReceivedToken(samlToken);
    renewTarget.setState(STATE.VALID);
    renewerParameters.getTokenRequirements().setRenewTarget(renewTarget);
    renewerParameters.setToken(renewTarget);
    assertTrue(samlTokenRenewer.canHandleToken(renewTarget));
    TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
    assertNotNull(renewerResponse);
    assertNotNull(renewerResponse.getToken());
    long duration = Duration.between(renewerResponse.getCreated(), renewerResponse.getExpires()).getSeconds();
    assertEquals(providerLifetime, duration);
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) Crypto(org.apache.wss4j.common.crypto.Crypto) Element(org.w3c.dom.Element) DefaultConditionsProvider(org.apache.cxf.sts.token.provider.DefaultConditionsProvider) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)

Example 8 with DefaultConditionsProvider

use of org.apache.cxf.sts.token.provider.DefaultConditionsProvider in project cxf by apache.

the class SAMLTokenRenewerLifetimeTest method testSaml2ValidLifetime.

/**
 * Renew SAML 2 token with a valid requested lifetime
 */
@org.junit.Test
public void testSaml2ValidLifetime() throws Exception {
    int requestedLifetime = 60;
    SAMLTokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
    samlTokenRenewer.setVerifyProofOfPossession(false);
    samlTokenRenewer.setAllowRenewalAfterExpiry(true);
    DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
    conditionsProvider.setAcceptClientLifetime(true);
    samlTokenRenewer.setConditionsProvider(conditionsProvider);
    TokenRenewerParameters renewerParameters = createRenewerParameters();
    // Set expected lifetime to 1 minute
    Instant creationTime = Instant.now();
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    renewerParameters.getTokenRequirements().setLifetime(lifetime);
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    // Create token.
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50, true, true);
    // Sleep to expire the token
    Thread.sleep(100);
    ReceivedToken renewTarget = new ReceivedToken(samlToken);
    renewTarget.setState(STATE.VALID);
    renewerParameters.getTokenRequirements().setRenewTarget(renewTarget);
    renewerParameters.setToken(renewTarget);
    assertTrue(samlTokenRenewer.canHandleToken(renewTarget));
    TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
    assertNotNull(renewerResponse);
    assertNotNull(renewerResponse.getToken());
    long duration = Duration.between(renewerResponse.getCreated(), renewerResponse.getExpires()).getSeconds();
    assertEquals(requestedLifetime, duration);
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) Instant(java.time.Instant) Element(org.w3c.dom.Element) DefaultConditionsProvider(org.apache.cxf.sts.token.provider.DefaultConditionsProvider) Lifetime(org.apache.cxf.sts.request.Lifetime) Crypto(org.apache.wss4j.common.crypto.Crypto) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)

Example 9 with DefaultConditionsProvider

use of org.apache.cxf.sts.token.provider.DefaultConditionsProvider in project cxf by apache.

the class SAMLTokenRenewerLifetimeTest method testSaml2ExceededConfiguredMaxLifetime.

/**
 * Renew SAML 2 token with a with a lifetime
 * which exceeds configured maximum lifetime
 */
@org.junit.Test
public void testSaml2ExceededConfiguredMaxLifetime() throws Exception {
    // 30 minutes
    long maxLifetime = 30 * 60L;
    SAMLTokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
    samlTokenRenewer.setVerifyProofOfPossession(false);
    samlTokenRenewer.setAllowRenewalAfterExpiry(true);
    DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
    conditionsProvider.setMaxLifetime(maxLifetime);
    conditionsProvider.setAcceptClientLifetime(true);
    samlTokenRenewer.setConditionsProvider(conditionsProvider);
    TokenRenewerParameters renewerParameters = createRenewerParameters();
    // Set expected lifetime to 35 minutes
    Instant creationTime = Instant.now();
    long requestedLifetime = 35 * 60L;
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    renewerParameters.getTokenRequirements().setLifetime(lifetime);
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    // Create token.
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50, true, true);
    // Sleep to expire the token
    Thread.sleep(100);
    ReceivedToken renewTarget = new ReceivedToken(samlToken);
    renewTarget.setState(STATE.VALID);
    renewerParameters.getTokenRequirements().setRenewTarget(renewTarget);
    renewerParameters.setToken(renewTarget);
    assertTrue(samlTokenRenewer.canHandleToken(renewTarget));
    try {
        samlTokenRenewer.renewToken(renewerParameters);
        fail("Failure expected due to exceeded lifetime");
    } catch (STSException ex) {
    // expected
    }
}
Also used : Lifetime(org.apache.cxf.sts.request.Lifetime) CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) Crypto(org.apache.wss4j.common.crypto.Crypto) Instant(java.time.Instant) Element(org.w3c.dom.Element) DefaultConditionsProvider(org.apache.cxf.sts.token.provider.DefaultConditionsProvider) STSException(org.apache.cxf.ws.security.sts.provider.STSException) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)

Example 10 with DefaultConditionsProvider

use of org.apache.cxf.sts.token.provider.DefaultConditionsProvider in project cxf by apache.

the class SAMLTokenRenewerLifetimeTest method testSaml2ExceededDefaultMaxLifetime.

/**
 * Renew SAML 2 token with a with a lifetime
 * which exceeds default maximum lifetime
 */
@org.junit.Test
public void testSaml2ExceededDefaultMaxLifetime() throws Exception {
    SAMLTokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
    samlTokenRenewer.setVerifyProofOfPossession(false);
    samlTokenRenewer.setAllowRenewalAfterExpiry(true);
    DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
    conditionsProvider.setAcceptClientLifetime(true);
    samlTokenRenewer.setConditionsProvider(conditionsProvider);
    TokenRenewerParameters renewerParameters = createRenewerParameters();
    // Set expected lifetime to Default max lifetime plus 1
    Instant creationTime = Instant.now();
    long requestedLifetime = DefaultConditionsProvider.DEFAULT_MAX_LIFETIME + 1;
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    renewerParameters.getTokenRequirements().setLifetime(lifetime);
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    // Create token.
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50, true, true);
    // Sleep to expire the token
    Thread.sleep(100);
    ReceivedToken renewTarget = new ReceivedToken(samlToken);
    renewTarget.setState(STATE.VALID);
    renewerParameters.getTokenRequirements().setRenewTarget(renewTarget);
    renewerParameters.setToken(renewTarget);
    assertTrue(samlTokenRenewer.canHandleToken(renewTarget));
    try {
        samlTokenRenewer.renewToken(renewerParameters);
        fail("Failure expected due to exceeded lifetime");
    } catch (STSException ex) {
    // expected
    }
}
Also used : Lifetime(org.apache.cxf.sts.request.Lifetime) CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) Crypto(org.apache.wss4j.common.crypto.Crypto) Instant(java.time.Instant) Element(org.w3c.dom.Element) DefaultConditionsProvider(org.apache.cxf.sts.token.provider.DefaultConditionsProvider) STSException(org.apache.cxf.ws.security.sts.provider.STSException) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)

Aggregations

DefaultConditionsProvider (org.apache.cxf.sts.token.provider.DefaultConditionsProvider)12 Element (org.w3c.dom.Element)11 Instant (java.time.Instant)10 Lifetime (org.apache.cxf.sts.request.Lifetime)10 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)7 TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)6 CallbackHandler (javax.security.auth.callback.CallbackHandler)5 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)5 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)5 Renewing (org.apache.cxf.sts.request.Renewing)5 TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)5 Crypto (org.apache.wss4j.common.crypto.Crypto)5 STSException (org.apache.cxf.ws.security.sts.provider.STSException)2 JAXBElement (javax.xml.bind.JAXBElement)1 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)1 ClaimsAttributeStatementProvider (org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider)1 DefaultSubjectProvider (org.apache.cxf.sts.token.provider.DefaultSubjectProvider)1 TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)1 RealmProperties (org.apache.cxf.sts.token.realm.RealmProperties)1 WsFederationProperties (org.apereo.cas.configuration.model.support.wsfed.WsFederationProperties)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial