Examples with TokenProviderParameters org.apache.cxf.sts.token.provider.TokenProviderParameters used on opensource projects

Search in sources :

Example 31 with TokenProviderParameters

use of org.apache.cxf.sts.token.provider.TokenProviderParameters in project cxf by apache.

the class SAMLTokenValidatorTest method createSAMLAssertion.

private Element createSAMLAssertion(String subjectName, String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler) throws WSSecurityException {
    TokenProvider samlTokenProvider = new SAMLTokenProvider();
    TokenProviderParameters providerParameters = createProviderParameters(subjectName, tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler);
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    return (Element) providerResponse.getToken();
}
Also used : TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider) SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) Element(org.w3c.dom.Element) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 32 with TokenProviderParameters

use of org.apache.cxf.sts.token.provider.TokenProviderParameters in project cxf by apache.

the class IssueUnitTest method createProviderParameters.

private TokenProviderParameters createProviderParameters(String tokenType, String keyType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, String username, String issuer) throws WSSecurityException {
    TokenProviderParameters parameters = new TokenProviderParameters();
    TokenRequirements tokenRequirements = new TokenRequirements();
    tokenRequirements.setTokenType(tokenType);
    parameters.setTokenRequirements(tokenRequirements);
    KeyRequirements keyRequirements = new KeyRequirements();
    keyRequirements.setKeyType(keyType);
    parameters.setKeyRequirements(keyRequirements);
    parameters.setPrincipal(new CustomTokenPrincipal(username));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    parameters.setMessageContext(msgCtx);
    parameters.setAppliesToAddress("https://localhost:" + STSPORT + "/SecurityTokenService/b-issuer/Transport");
    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setSignatureUsername(signatureUsername);
    stsProperties.setCallbackHandler(callbackHandler);
    stsProperties.setIssuer(issuer);
    parameters.setStsProperties(stsProperties);
    parameters.setEncryptionProperties(new EncryptionProperties());
    return parameters;
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) MessageImpl(org.apache.cxf.message.MessageImpl) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 33 with TokenProviderParameters

use of org.apache.cxf.sts.token.provider.TokenProviderParameters in project cxf by apache.

the class TokenIssueOperation method issueSingle.

public RequestSecurityTokenResponseType issueSingle(RequestSecurityTokenType request, Principal principal, Map<String, Object> messageContext) {
    long start = System.currentTimeMillis();
    TokenProviderParameters providerParameters = new TokenProviderParameters();
    try {
        RequestRequirements requestRequirements = parseRequest(request, messageContext);
        providerParameters = createTokenProviderParameters(requestRequirements, principal, messageContext);
        providerParameters.setClaimsManager(claimsManager);
        String realm = providerParameters.getRealm();
        TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
        String tokenType = tokenRequirements.getTokenType();
        if (stsProperties.getSamlRealmCodec() != null) {
            SamlAssertionWrapper assertion = fetchSAMLAssertionFromWSSecuritySAMLToken(messageContext);
            if (assertion != null) {
                String wssecRealm = stsProperties.getSamlRealmCodec().getRealmFromToken(assertion);
                SAMLTokenPrincipal samlPrincipal = new SAMLTokenPrincipalImpl(assertion);
                if (LOG.isLoggable(Level.FINE)) {
                    LOG.fine("SAML token realm of user '" + samlPrincipal.getName() + "' is " + wssecRealm);
                }
                ReceivedToken wssecToken = new ReceivedToken(assertion.getElement());
                wssecToken.setState(STATE.VALID);
                TokenValidatorResponse tokenResponse = new TokenValidatorResponse();
                tokenResponse.setPrincipal(samlPrincipal);
                tokenResponse.setToken(wssecToken);
                tokenResponse.setTokenRealm(wssecRealm);
                tokenResponse.setAdditionalProperties(new HashMap<String, Object>());
                processValidToken(providerParameters, wssecToken, tokenResponse);
                providerParameters.setPrincipal(wssecToken.getPrincipal());
            }
        }
        // Validate OnBehalfOf token if present
        if (providerParameters.getTokenRequirements().getOnBehalfOf() != null) {
            ReceivedToken validateTarget = providerParameters.getTokenRequirements().getOnBehalfOf();
            handleDelegationToken(validateTarget, providerParameters, principal, messageContext, realm, requestRequirements);
        }
        // See whether ActAs is allowed or not
        if (providerParameters.getTokenRequirements().getActAs() != null) {
            ReceivedToken validateTarget = providerParameters.getTokenRequirements().getActAs();
            handleDelegationToken(validateTarget, providerParameters, principal, messageContext, realm, requestRequirements);
        }
        // create token
        TokenProviderResponse tokenResponse = null;
        for (TokenProvider tokenProvider : tokenProviders) {
            boolean canHandle = false;
            if (realm == null) {
                canHandle = tokenProvider.canHandleToken(tokenType);
            } else {
                canHandle = tokenProvider.canHandleToken(tokenType, realm);
            }
            if (canHandle) {
                try {
                    tokenResponse = tokenProvider.createToken(providerParameters);
                } catch (STSException ex) {
                    LOG.log(Level.WARNING, "", ex);
                    throw ex;
                } catch (RuntimeException ex) {
                    LOG.log(Level.WARNING, "", ex);
                    throw new STSException("Error in providing a token", ex, STSException.REQUEST_FAILED);
                }
                break;
            }
        }
        if (tokenResponse == null || tokenResponse.getToken() == null) {
            LOG.log(Level.WARNING, "No token provider found for requested token type: " + tokenType);
            throw new STSException("No token provider found for requested token type: " + tokenType, STSException.REQUEST_FAILED);
        }
        // prepare response
        try {
            KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
            EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
            RequestSecurityTokenResponseType response = createResponse(encryptionProperties, tokenResponse, tokenRequirements, keyRequirements);
            STSIssueSuccessEvent event = new STSIssueSuccessEvent(providerParameters, System.currentTimeMillis() - start);
            publishEvent(event);
            return response;
        } catch (Throwable ex) {
            LOG.log(Level.WARNING, "", ex);
            throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED);
        }
    } catch (RuntimeException ex) {
        LOG.log(Level.SEVERE, "Cannot issue token: " + ex.getMessage(), ex);
        STSIssueFailureEvent event = new STSIssueFailureEvent(providerParameters, System.currentTimeMillis() - start, ex);
        publishEvent(event);
        throw ex;
    }
}
Also used : SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal) RequestRequirements(org.apache.cxf.sts.request.RequestRequirements) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) STSException(org.apache.cxf.ws.security.sts.provider.STSException) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters) TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) SAMLTokenPrincipalImpl(org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl) STSIssueSuccessEvent(org.apache.cxf.sts.event.STSIssueSuccessEvent) STSIssueFailureEvent(org.apache.cxf.sts.event.STSIssueFailureEvent)

Example 34 with TokenProviderParameters

use of org.apache.cxf.sts.token.provider.TokenProviderParameters in project cxf by apache.

the class TokenRenewOperation method createTokenRenewerParameters.

private TokenRenewerParameters createTokenRenewerParameters(RequestRequirements requestRequirements, Principal principal, Map<String, Object> messageContext) {
    TokenProviderParameters providerParameters = createTokenProviderParameters(requestRequirements, principal, messageContext);
    TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
    renewerParameters.setAppliesToAddress(providerParameters.getAppliesToAddress());
    renewerParameters.setEncryptionProperties(providerParameters.getEncryptionProperties());
    renewerParameters.setKeyRequirements(providerParameters.getKeyRequirements());
    renewerParameters.setPrincipal(providerParameters.getPrincipal());
    renewerParameters.setStsProperties(providerParameters.getStsProperties());
    renewerParameters.setTokenRequirements(providerParameters.getTokenRequirements());
    renewerParameters.setTokenStore(providerParameters.getTokenStore());
    renewerParameters.setMessageContext(providerParameters.getMessageContext());
    return renewerParameters;
}
Also used : TokenRenewerParameters(org.apache.cxf.sts.token.renewer.TokenRenewerParameters) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 35 with TokenProviderParameters

use of org.apache.cxf.sts.token.provider.TokenProviderParameters in project cxf by apache.

the class DefaultJWTClaimsProvider method handleConditions.

protected void handleConditions(JWTClaimsProviderParameters jwtClaimsProviderParameters, JwtClaims claims) {
    TokenProviderParameters providerParameters = jwtClaimsProviderParameters.getProviderParameters();
    Instant currentDate = Instant.now();
    long currentTime = currentDate.getEpochSecond();
    // Set the defaults first
    claims.setIssuedAt(currentTime);
    claims.setNotBefore(currentTime);
    claims.setExpiryTime(currentTime + lifetime);
    Lifetime tokenLifetime = providerParameters.getTokenRequirements().getLifetime();
    if (lifetime > 0 && acceptClientLifetime && tokenLifetime != null && tokenLifetime.getCreated() != null && tokenLifetime.getExpires() != null) {
        Instant creationTime = null;
        Instant expirationTime = null;
        try {
            creationTime = ZonedDateTime.parse(tokenLifetime.getCreated()).toInstant();
            expirationTime = ZonedDateTime.parse(tokenLifetime.getExpires()).toInstant();
        } catch (DateTimeParseException ex) {
            LOG.fine("Error in parsing Timestamp Created or Expiration Strings");
            throw new STSException("Error in parsing Timestamp Created or Expiration Strings", STSException.INVALID_TIME);
        }
        // Check to see if the created time is in the future
        Instant validCreation = Instant.now();
        if (futureTimeToLive > 0) {
            validCreation = validCreation.plusSeconds(futureTimeToLive);
        }
        if (creationTime.isAfter(validCreation)) {
            LOG.fine("The Created Time is too far in the future");
            throw new STSException("The Created Time is too far in the future", STSException.INVALID_TIME);
        }
        long requestedLifetime = Duration.between(creationTime, expirationTime).getSeconds();
        if (requestedLifetime > getMaxLifetime()) {
            StringBuilder sb = new StringBuilder();
            sb.append("Requested lifetime [").append(requestedLifetime);
            sb.append(" sec] exceed configured maximum lifetime [").append(getMaxLifetime());
            sb.append(" sec]");
            LOG.warning(sb.toString());
            if (isFailLifetimeExceedance()) {
                throw new STSException("Requested lifetime exceeds maximum lifetime", STSException.INVALID_TIME);
            }
            expirationTime = creationTime.plusSeconds(getMaxLifetime());
        }
        long creationTimeInSeconds = creationTime.getEpochSecond();
        claims.setIssuedAt(creationTimeInSeconds);
        claims.setNotBefore(creationTimeInSeconds);
        claims.setExpiryTime(expirationTime.getEpochSecond());
    }
}
Also used : DateTimeParseException(java.time.format.DateTimeParseException) Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) STSException(org.apache.cxf.ws.security.sts.provider.STSException) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Aggregations

TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)73 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)39 TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)35 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)32 KeyRequirements (org.apache.cxf.sts.request.KeyRequirements)28 EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)28 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)26 MessageImpl (org.apache.cxf.message.MessageImpl)26 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)26 Element (org.w3c.dom.Element)23 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)22 TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)21 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)14 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)12 Crypto (org.apache.wss4j.common.crypto.Crypto)12 JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)10 JAXBElement (javax.xml.bind.JAXBElement)9 ArrayList (java.util.ArrayList)7 Claim (org.apache.cxf.rt.security.claims.Claim)7 ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial