Examples with UsernameTokenValidator org.apache.cxf.sts.token.validator.UsernameTokenValidator used on opensource projects

Example 1 with UsernameTokenValidator

use of org.apache.cxf.sts.token.validator.UsernameTokenValidator in project cxf by apache.

the class DefaultSecurityTokenServiceProvider method populateAbstractOperation.

private void populateAbstractOperation(AbstractOperation abstractOperation) {
    if (stsProperties == null) {
        LOG.warning("No 'stsProperties' configured on the DefaultSecurityTokenServiceProvider");
        return;
    }
    List<TokenProvider> tokenProviders = new ArrayList<>();
    tokenProviders.add(new SAMLTokenProvider());
    List<TokenValidator> tokenValidators = new ArrayList<>();
    tokenValidators.add(new SAMLTokenValidator());
    tokenValidators.add(new UsernameTokenValidator());
    tokenValidators.add(new X509TokenValidator());
    abstractOperation.setTokenProviders(tokenProviders);
    abstractOperation.setTokenValidators(tokenValidators);
    abstractOperation.setStsProperties(stsProperties);
    abstractOperation.setEncryptIssuedToken(encryptIssuedToken);
    abstractOperation.setServices(services);
    abstractOperation.setReturnReferences(returnReferences);
    abstractOperation.setTokenStore(tokenStore);
    abstractOperation.setClaimsManager(claimsManager);
    abstractOperation.setEventListener(eventListener);
}

Example 2 with UsernameTokenValidator

use of org.apache.cxf.sts.token.validator.UsernameTokenValidator in project cxf by apache.

the class IssueOnbehalfofUnitTest method testIssueSaml2TokenOnBehalfOfUsernameToken.

/**
 * Test to successfully issue a SAML 2 token on-behalf-of a UsernameToken
 */
@org.junit.Test
public void testIssueSaml2TokenOnBehalfOfUsernameToken() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    // Add Token Provider
    issueOperation.setTokenProviders(Collections.singletonList(new SAMLTokenProvider()));
    // Add Token Validator
    issueOperation.setTokenValidators(Collections.singletonList(new UsernameTokenValidator()));
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    issueOperation.setServices(Collections.singletonList(service));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    issueOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
    request.getAny().add(tokenType);
    // Create a UsernameToken
    JAXBElement<UsernameTokenType> usernameTokenType = createUsernameToken("alice", "clarinet");
    OnBehalfOfType onbehalfof = new OnBehalfOfType();
    onbehalfof.setAny(usernameTokenType);
    JAXBElement<OnBehalfOfType> onbehalfofType = new JAXBElement<OnBehalfOfType>(QNameConstants.ON_BEHALF_OF, OnBehalfOfType.class, onbehalfof);
    request.getAny().add(onbehalfofType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    // This should fail as the default DelegationHandler does not allow UsernameTokens
    try {
        issueOperation.issue(request, null, msgCtx);
        fail("Failure expected as UsernameTokens are not accepted for OnBehalfOf by default");
    } catch (STSException ex) {
    // expected
    }
    TokenDelegationHandler delegationHandler = new UsernameTokenDelegationHandler();
    issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
    RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, null, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertFalse(securityTokenResponse.isEmpty());
}

Example 3 with UsernameTokenValidator

use of org.apache.cxf.sts.token.validator.UsernameTokenValidator in project cxf by apache.

the class ValidateTokenTransformationUnitTest method testUsernameTokenTransformation.

/**
 * Test to successfully validate a UsernameToken and transform it into a SAML Assertion.
 */
@org.junit.Test
public void testUsernameTokenTransformation() throws Exception {
    TokenValidateOperation validateOperation = new TokenValidateOperation();
    // Add Token Validator
    validateOperation.setTokenValidators(Collections.singletonList(new UsernameTokenValidator()));
    // Add Token Provider
    validateOperation.setTokenProviders(Collections.singletonList(new SAMLTokenProvider()));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    validateOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
    request.getAny().add(tokenType);
    // Create a UsernameToken
    JAXBElement<UsernameTokenType> usernameTokenType = createUsernameToken("alice", "clarinet");
    ValidateTargetType validateTarget = new ValidateTargetType();
    validateTarget.setAny(usernameTokenType);
    JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
    request.getAny().add(validateTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Validate a token
    RequestSecurityTokenResponseType response = validateOperation.validate(request, principal, msgCtx);
    assertTrue(validateResponse(response));
    // Test the generated token.
    Element assertion = null;
    for (Object tokenObject : response.getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
}

Example 4 with UsernameTokenValidator

use of org.apache.cxf.sts.token.validator.UsernameTokenValidator in project cxf by apache.

the class ValidateUsernameTokenUnitTest method testValidateUsernameToken.

/**
 * Test to successfully validate a UsernameToken.
 */
@org.junit.Test
public void testValidateUsernameToken() throws Exception {
    TokenValidateOperation validateOperation = new TokenValidateOperation();
    // Add Token Validator
    validateOperation.setTokenValidators(Collections.singletonList(new UsernameTokenValidator()));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    validateOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS);
    request.getAny().add(tokenType);
    // Create a UsernameToken
    JAXBElement<UsernameTokenType> usernameTokenType = createUsernameToken("alice", "clarinet");
    ValidateTargetType validateTarget = new ValidateTargetType();
    validateTarget.setAny(usernameTokenType);
    JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
    request.getAny().add(validateTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Validate a token
    RequestSecurityTokenResponseType response = validateOperation.validate(request, principal, msgCtx);
    assertTrue(validateResponse(response));
}

Example 5 with UsernameTokenValidator

use of org.apache.cxf.sts.token.validator.UsernameTokenValidator in project cxf by apache.

the class ValidateUsernameTokenUnitTest method testValidateInvalidUsernameToken.

/**
 * Test to validate an invalid UsernameToken.
 */
@org.junit.Test
public void testValidateInvalidUsernameToken() throws Exception {
    TokenValidateOperation validateOperation = new TokenValidateOperation();
    // Add Token Validator
    validateOperation.setTokenValidators(Collections.singletonList(new UsernameTokenValidator()));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    validateOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS);
    request.getAny().add(tokenType);
    // Create a UsernameToken
    JAXBElement<UsernameTokenType> usernameTokenType = createUsernameToken("alice", "badpassword");
    ValidateTargetType validateTarget = new ValidateTargetType();
    validateTarget.setAny(usernameTokenType);
    JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
    request.getAny().add(validateTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Validate a token
    RequestSecurityTokenResponseType response = validateOperation.validate(request, principal, msgCtx);
    assertFalse(validateResponse(response));
}