Example 1 with TokenRenewerParameters
use of org.apache.cxf.sts.token.renewer.TokenRenewerParameters in project cxf by apache.
the class TokenRenewOperation method renew.
public RequestSecurityTokenResponseType renew(RequestSecurityTokenType request, Principal principal, Map<String, Object> messageContext) {
long start = System.currentTimeMillis();
TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
try {
RequestRequirements requestRequirements = parseRequest(request, messageContext);
KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
renewerParameters.setStsProperties(stsProperties);
renewerParameters.setPrincipal(principal);
renewerParameters.setMessageContext(messageContext);
renewerParameters.setTokenStore(getTokenStore());
renewerParameters.setKeyRequirements(keyRequirements);
renewerParameters.setTokenRequirements(tokenRequirements);
ReceivedToken renewTarget = tokenRequirements.getRenewTarget();
if (renewTarget == null || renewTarget.getToken() == null) {
throw new STSException("No element presented for renewal", STSException.INVALID_REQUEST);
}
renewerParameters.setToken(renewTarget);
if (tokenRequirements.getTokenType() == null) {
LOG.fine("Received TokenType is null");
}
// Get the realm of the request
String realm = null;
if (stsProperties.getRealmParser() != null) {
RealmParser realmParser = stsProperties.getRealmParser();
realm = realmParser.parseRealm(messageContext);
}
renewerParameters.setRealm(realm);
// Validate the request
TokenValidatorResponse tokenResponse = validateReceivedToken(principal, messageContext, realm, tokenRequirements, renewTarget);
if (tokenResponse == null) {
LOG.fine("No Token Validator has been found that can handle this token");
renewTarget.setState(STATE.INVALID);
throw new STSException("No Token Validator has been found that can handle this token" + tokenRequirements.getTokenType(), STSException.REQUEST_FAILED);
}
// Reject an invalid token
if (tokenResponse.getToken().getState() != STATE.EXPIRED && tokenResponse.getToken().getState() != STATE.VALID) {
LOG.fine("The token is not valid or expired, and so it cannot be renewed");
throw new STSException("No Token Validator has been found that can handle this token" + tokenRequirements.getTokenType(), STSException.REQUEST_FAILED);
}
//
// Renew the token
//
TokenRenewerResponse tokenRenewerResponse = null;
renewerParameters = createTokenRenewerParameters(requestRequirements, principal, messageContext);
Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
if (additionalProperties != null) {
renewerParameters.setAdditionalProperties(additionalProperties);
}
renewerParameters.setRealm(tokenResponse.getTokenRealm());
renewerParameters.setToken(tokenResponse.getToken());
realm = tokenResponse.getTokenRealm();
for (TokenRenewer tokenRenewer : tokenRenewers) {
final boolean canHandle;
if (realm == null) {
canHandle = tokenRenewer.canHandleToken(tokenResponse.getToken());
} else {
canHandle = tokenRenewer.canHandleToken(tokenResponse.getToken(), realm);
}
if (canHandle) {
try {
tokenRenewerResponse = tokenRenewer.renewToken(renewerParameters);
} catch (STSException ex) {
LOG.log(Level.WARNING, "", ex);
throw ex;
} catch (RuntimeException ex) {
LOG.log(Level.WARNING, "", ex);
throw new STSException("Error in providing a token", ex, STSException.REQUEST_FAILED);
}
break;
}
}
if (tokenRenewerResponse == null || tokenRenewerResponse.getToken() == null) {
LOG.fine("No Token Renewer has been found that can handle this token");
throw new STSException("No token renewer found for requested token type", STSException.REQUEST_FAILED);
}
// prepare response
try {
EncryptionProperties encryptionProperties = renewerParameters.getEncryptionProperties();
RequestSecurityTokenResponseType response = createResponse(encryptionProperties, tokenRenewerResponse, tokenRequirements, keyRequirements);
STSRenewSuccessEvent event = new STSRenewSuccessEvent(renewerParameters, System.currentTimeMillis() - start);
publishEvent(event);
cleanRequest(requestRequirements);
return response;
} catch (Throwable ex) {
LOG.log(Level.WARNING, "", ex);
throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED);
}
} catch (RuntimeException ex) {
STSRenewFailureEvent event = new STSRenewFailureEvent(renewerParameters, System.currentTimeMillis() - start, ex);
publishEvent(event);
throw ex;
}
}
Also used :
STSRenewSuccessEvent(org.apache.cxf.sts.event.STSRenewSuccessEvent)
TokenRenewerResponse(org.apache.cxf.sts.token.renewer.TokenRenewerResponse)
RequestRequirements(org.apache.cxf.sts.request.RequestRequirements)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties)
RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)
RealmParser(org.apache.cxf.sts.RealmParser)
STSRenewFailureEvent(org.apache.cxf.sts.event.STSRenewFailureEvent)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
TokenRenewerParameters(org.apache.cxf.sts.token.renewer.TokenRenewerParameters)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
KeyRequirements(org.apache.cxf.sts.request.KeyRequirements)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
TokenRenewer(org.apache.cxf.sts.token.renewer.TokenRenewer)
Example 2 with TokenRenewerParameters
use of org.apache.cxf.sts.token.renewer.TokenRenewerParameters in project cxf by apache.
the class EventMapper method handleEvent.
protected void handleEvent(TokenRenewerParametersSupport event, Map<String, Object> map) {
TokenRenewerParameters params = event.getTokenParameters();
HttpServletRequest req = (HttpServletRequest) params.getMessageContext().get(AbstractHTTPDestination.HTTP_REQUEST);
map.put(KEYS.REMOTE_HOST.name(), req.getRemoteHost());
map.put(KEYS.REMOTE_PORT.name(), String.valueOf(req.getRemotePort()));
map.put(KEYS.URL.name(), params.getMessageContext().get("org.apache.cxf.request.url"));
map.put(KEYS.TOKENTYPE.name(), params.getTokenRequirements().getTokenType());
if (params.getTokenRequirements().getRenewTarget() != null) {
map.put(KEYS.RENEW_PRINCIPAL.name(), params.getTokenRequirements().getRenewTarget().getPrincipal().getName());
}
if (params.getPrincipal() != null) {
map.put(KEYS.WS_SEC_PRINCIPAL.name(), params.getPrincipal().getName());
}
if (params.getKeyRequirements() != null) {
map.put(KEYS.KEYTYPE.name(), params.getKeyRequirements().getKeyType());
}
map.put(KEYS.REALM.name(), params.getRealm());
map.put(KEYS.APPLIESTO.name(), params.getAppliesToAddress());
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
TokenRenewerParameters(org.apache.cxf.sts.token.renewer.TokenRenewerParameters)
Example 3 with TokenRenewerParameters
use of org.apache.cxf.sts.token.renewer.TokenRenewerParameters in project cxf by apache.
the class TokenRenewOperation method createTokenRenewerParameters.
private TokenRenewerParameters createTokenRenewerParameters(RequestRequirements requestRequirements, Principal principal, Map<String, Object> messageContext) {
TokenProviderParameters providerParameters = createTokenProviderParameters(requestRequirements, principal, messageContext);
TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
renewerParameters.setAppliesToAddress(providerParameters.getAppliesToAddress());
renewerParameters.setEncryptionProperties(providerParameters.getEncryptionProperties());
renewerParameters.setKeyRequirements(providerParameters.getKeyRequirements());
renewerParameters.setPrincipal(providerParameters.getPrincipal());
renewerParameters.setStsProperties(providerParameters.getStsProperties());
renewerParameters.setTokenRequirements(providerParameters.getTokenRequirements());
renewerParameters.setTokenStore(providerParameters.getTokenStore());
renewerParameters.setMessageContext(providerParameters.getMessageContext());
return renewerParameters;
}
Also used :
TokenRenewerParameters(org.apache.cxf.sts.token.renewer.TokenRenewerParameters)
TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)
Aggregations
TokenRenewerParameters (org.apache.cxf.sts.token.renewer.TokenRenewerParameters)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
RealmParser (org.apache.cxf.sts.RealmParser)1
STSRenewFailureEvent (org.apache.cxf.sts.event.STSRenewFailureEvent)1
STSRenewSuccessEvent (org.apache.cxf.sts.event.STSRenewSuccessEvent)1
KeyRequirements (org.apache.cxf.sts.request.KeyRequirements)1
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)1
RequestRequirements (org.apache.cxf.sts.request.RequestRequirements)1
TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)1
EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)1
TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)1
TokenRenewer (org.apache.cxf.sts.token.renewer.TokenRenewer)1
TokenRenewerResponse (org.apache.cxf.sts.token.renewer.TokenRenewerResponse)1
TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)1
STSException (org.apache.cxf.ws.security.sts.provider.STSException)1
RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)1
