Examples with TokenProviderResponse org.apache.cxf.sts.token.provider.TokenProviderResponse used on opensource projects

Search in sources :

Example 31 with TokenProviderResponse

use of org.apache.cxf.sts.token.provider.TokenProviderResponse in project cxf by apache.

the class ValidateJWTUnitTest method testValidateJWT.

@org.junit.Test
public void testValidateJWT() throws Exception {
    TokenValidateOperation validateOperation = new TokenValidateOperation();
    // Add Token Validator
    List<TokenValidator> validatorList = new ArrayList<>();
    validatorList.add(new JWTTokenValidator());
    validateOperation.setTokenValidators(validatorList);
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    validateOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS);
    request.getAny().add(tokenType);
    // Get a JWTToken via the JWTTokenProvider
    TokenProviderResponse providerResponse = createJWT();
    Element wrapper = createTokenWrapper((String) providerResponse.getToken());
    ValidateTargetType validateTarget = new ValidateTargetType();
    validateTarget.setAny(wrapper);
    JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
    request.getAny().add(validateTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Validate a token
    RequestSecurityTokenResponseType response = validateOperation.validate(request, principal, msgCtx);
    assertTrue(validateResponse(response));
}
Also used : RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) JAXBElement(javax.xml.bind.JAXBElement) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) TokenValidator(org.apache.cxf.sts.token.validator.TokenValidator) JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) SecurityContext(org.apache.cxf.security.SecurityContext) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) ValidateTargetType(org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType) MessageImpl(org.apache.cxf.message.MessageImpl) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Principal(java.security.Principal)

Example 32 with TokenProviderResponse

use of org.apache.cxf.sts.token.provider.TokenProviderResponse in project cxf by apache.

the class ValidateJWTUnitTest method createJWT.

private TokenProviderResponse createJWT() throws WSSecurityException {
    TokenProvider tokenProvider = new JWTTokenProvider();
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
    assertTrue(tokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
    TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    return providerResponse;
}
Also used : TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 33 with TokenProviderResponse

use of org.apache.cxf.sts.token.provider.TokenProviderResponse in project cxf by apache.

the class ValidateSCTUnitTest method testValidateSCT.

/**
 * Test to successfully validate a SecurityContextToken
 */
@org.junit.Test
public void testValidateSCT() throws Exception {
    TokenValidateOperation validateOperation = new TokenValidateOperation();
    validateOperation.setTokenStore(tokenStore);
    // Add Token Validator
    List<TokenValidator> validatorList = new ArrayList<>();
    validatorList.add(new SCTValidator());
    validateOperation.setTokenValidators(validatorList);
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    validateOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS);
    request.getAny().add(tokenType);
    // Get a SecurityContextToken via the SCTProvider
    TokenProviderResponse providerResponse = createSCT();
    Element sct = (Element) providerResponse.getToken();
    ValidateTargetType validateTarget = new ValidateTargetType();
    validateTarget.setAny(sct);
    JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
    request.getAny().add(validateTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Validate a token
    RequestSecurityTokenResponseType response = validateOperation.validate(request, principal, msgCtx);
    assertTrue(validateResponse(response));
    // Now remove the token from the cache before validating again
    tokenStore.remove(tokenStore.getToken(providerResponse.getTokenId()).getId());
    assertNull(tokenStore.getToken(providerResponse.getTokenId()));
    response = validateOperation.validate(request, principal, msgCtx);
    assertFalse(validateResponse(response));
}
Also used : RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) JAXBElement(javax.xml.bind.JAXBElement) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) TokenValidator(org.apache.cxf.sts.token.validator.TokenValidator) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) SCTValidator(org.apache.cxf.sts.token.validator.SCTValidator) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) SecurityContext(org.apache.cxf.security.SecurityContext) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) ValidateTargetType(org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType) MessageImpl(org.apache.cxf.message.MessageImpl) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Principal(java.security.Principal)

Example 34 with TokenProviderResponse

use of org.apache.cxf.sts.token.provider.TokenProviderResponse in project cxf by apache.

the class ValidateSCTUnitTest method createSCT.

private TokenProviderResponse createSCT() throws WSSecurityException {
    TokenProvider sctTokenProvider = new SCTProvider();
    TokenProviderParameters providerParameters = createProviderParameters(STSUtils.TOKEN_TYPE_SCT_05_12);
    assertTrue(sctTokenProvider.canHandleToken(STSUtils.TOKEN_TYPE_SCT_05_12));
    TokenProviderResponse providerResponse = sctTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    return providerResponse;
}
Also used : TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider) SCTProvider(org.apache.cxf.sts.token.provider.SCTProvider) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 35 with TokenProviderResponse

use of org.apache.cxf.sts.token.provider.TokenProviderResponse in project cxf by apache.

the class SCTCancellerTest method testCancelToken.

/**
 * Get a (valid) SecurityContextToken and successfully cancel it.
 */
@org.junit.Test
public void testCancelToken() throws Exception {
    TokenCanceller sctCanceller = new SCTCanceller();
    sctCanceller.setVerifyProofOfPossession(false);
    TokenCancellerParameters cancellerParameters = createCancellerParameters();
    TokenRequirements tokenRequirements = cancellerParameters.getTokenRequirements();
    // Create a CancelTarget consisting of a SecurityContextToken
    TokenProviderResponse providerResponse = getSecurityContextToken();
    ReceivedToken cancelTarget = new ReceivedToken(providerResponse.getToken());
    tokenRequirements.setCancelTarget(cancelTarget);
    cancellerParameters.setToken(cancelTarget);
    assertTrue(sctCanceller.canHandleToken(cancelTarget));
    TokenCancellerResponse cancellerResponse = sctCanceller.cancelToken(cancellerParameters);
    assertTrue(cancellerResponse != null);
    assertTrue(cancellerResponse.getToken().getState() == STATE.CANCELLED);
    // Try to cancel the token again - this should fail
    cancellerResponse = sctCanceller.cancelToken(cancellerParameters);
    assertTrue(cancellerResponse != null);
    assertFalse(cancellerResponse.getToken().getState() == STATE.CANCELLED);
}
Also used : TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)

Aggregations

TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)51 TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)35 Element (org.w3c.dom.Element)31 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)25 TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)22 JAXBElement (javax.xml.bind.JAXBElement)14 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)14 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)13 JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)12 JWTTokenValidator (org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator)11 Principal (java.security.Principal)10 ArrayList (java.util.ArrayList)10 STSException (org.apache.cxf.ws.security.sts.provider.STSException)10 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)9 Instant (java.time.Instant)7 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)7 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)7 Document (org.w3c.dom.Document)7 Claim (org.apache.cxf.rt.security.claims.Claim)6 ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial