Example 1 with JWTTokenValidator
use of org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator in project cxf by apache.
the class JWTTokenValidatorTest method testInvalidConditionJWT.
@org.junit.Test
public void testInvalidConditionJWT() throws Exception {
// Create
TokenProvider jwtTokenProvider = new JWTTokenProvider();
((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
DefaultJWTClaimsProvider jwtClaimsProvider = new DefaultJWTClaimsProvider();
jwtClaimsProvider.setLifetime(1L);
((JWTTokenProvider) jwtTokenProvider).setJwtClaimsProvider(jwtClaimsProvider);
TokenProviderParameters providerParameters = createProviderParameters();
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
assertTrue(token.split("\\.").length == 3);
Thread.sleep(1500L);
// Validate the token
TokenValidator jwtTokenValidator = new JWTTokenValidator();
TokenValidatorParameters validatorParameters = createValidatorParameters();
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
// Create a ValidateTarget consisting of a JWT Token
ReceivedToken validateTarget = new ReceivedToken(createTokenWrapper(token));
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
assertTrue(jwtTokenValidator.canHandleToken(validateTarget));
TokenValidatorResponse validatorResponse = jwtTokenValidator.validateToken(validatorParameters);
assertNotNull(validatorResponse);
assertNotNull(validatorResponse.getToken());
assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
}
Also used :
TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider)
JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)
JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator)
DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider)
TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)
TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)
Example 2 with JWTTokenValidator
use of org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator in project cxf by apache.
the class JWTTokenValidatorTest method testCreateAndValidateSignedJWT.
@org.junit.Test
public void testCreateAndValidateSignedJWT() throws Exception {
// Create
TokenProvider jwtTokenProvider = new JWTTokenProvider();
((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
TokenProviderParameters providerParameters = createProviderParameters();
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
assertTrue(token.split("\\.").length == 3);
// Validate the token
TokenValidator jwtTokenValidator = new JWTTokenValidator();
TokenValidatorParameters validatorParameters = createValidatorParameters();
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
// Create a ValidateTarget consisting of a JWT Token
ReceivedToken validateTarget = new ReceivedToken(createTokenWrapper(token));
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
assertTrue(jwtTokenValidator.canHandleToken(validateTarget));
TokenValidatorResponse validatorResponse = jwtTokenValidator.validateToken(validatorParameters);
assertNotNull(validatorResponse);
assertNotNull(validatorResponse.getToken());
assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
Principal principal = validatorResponse.getPrincipal();
assertTrue(principal != null && principal.getName() != null);
}
Also used :
TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider)
JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)
JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator)
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator)
TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Principal(java.security.Principal)
JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)
TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)
Example 3 with JWTTokenValidator
use of org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator in project cxf by apache.
the class ValidateJWTUnitTest method testValidateJWT.
@org.junit.Test
public void testValidateJWT() throws Exception {
TokenValidateOperation validateOperation = new TokenValidateOperation();
// Add Token Validator
validateOperation.setTokenValidators(Collections.singletonList(new JWTTokenValidator()));
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
validateOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS);
request.getAny().add(tokenType);
// Get a JWTToken via the JWTTokenProvider
TokenProviderResponse providerResponse = createJWT();
Element wrapper = createTokenWrapper((String) providerResponse.getToken());
ValidateTargetType validateTarget = new ValidateTargetType();
validateTarget.setAny(wrapper);
JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
request.getAny().add(validateTargetType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
// Validate a token
RequestSecurityTokenResponseType response = validateOperation.validate(request, principal, msgCtx);
assertTrue(validateResponse(response));
}
Also used :
RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)
StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties)
JAXBElement(javax.xml.bind.JAXBElement)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Crypto(org.apache.wss4j.common.crypto.Crypto)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator)
WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse)
ValidateTargetType(org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType)
MessageImpl(org.apache.cxf.message.MessageImpl)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Principal(java.security.Principal)
Example 4 with JWTTokenValidator
use of org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator in project cxf by apache.
the class ValidateJWTTransformationTest method testJWTToSAMLTransformationRealm.
@org.junit.Test
public void testJWTToSAMLTransformationRealm() throws Exception {
TokenValidateOperation validateOperation = new TokenValidateOperation();
// Add Token Validator
JWTTokenValidator validator = new JWTTokenValidator();
validator.setRealmCodec(new CustomJWTRealmCodec());
validateOperation.setTokenValidators(Collections.singletonList(validator));
// Add Token Provider
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
validateOperation.setTokenProviders(Collections.singletonList(samlTokenProvider));
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
stsProperties.setRealmParser(new CustomRealmParser());
stsProperties.setIdentityMapper(new CustomIdentityMapper());
validateOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
request.getAny().add(tokenType);
// Create a JWTToken
TokenProviderResponse providerResponse = createJWT();
Element wrapper = createTokenWrapper((String) providerResponse.getToken());
Document doc = wrapper.getOwnerDocument();
wrapper = (Element) doc.appendChild(wrapper);
ValidateTargetType validateTarget = new ValidateTargetType();
validateTarget.setAny(wrapper);
JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
request.getAny().add(validateTargetType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
msgCtx.put("url", "https");
// realm "B"
try {
validateOperation.validate(request, principal, msgCtx);
} catch (STSException ex) {
// expected
}
samlTokenProvider.setRealmMap(createSamlRealms());
RequestSecurityTokenResponseType response = validateOperation.validate(request, principal, msgCtx);
assertTrue(validateResponse(response));
// Test the generated token.
Element assertion = null;
for (Object tokenObject : response.getAny()) {
if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
assertion = (Element) rstType.getAny();
break;
}
}
assertNotNull(assertion);
String tokenString = DOM2Writer.nodeToString(assertion);
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains("ALICE"));
assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
}
Also used :
RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)
StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties)
RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType)
Document(org.w3c.dom.Document)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
JAXBElement(javax.xml.bind.JAXBElement)
Crypto(org.apache.wss4j.common.crypto.Crypto)
SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator)
WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse)
ValidateTargetType(org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType)
MessageImpl(org.apache.cxf.message.MessageImpl)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Principal(java.security.Principal)
Example 5 with JWTTokenValidator
use of org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator in project cxf by apache.
the class ValidateJWTTransformationTest method testJWTToSAMLTransformation.
@org.junit.Test
public void testJWTToSAMLTransformation() throws Exception {
TokenValidateOperation validateOperation = new TokenValidateOperation();
// Add Token Validator
validateOperation.setTokenValidators(Collections.singletonList(new JWTTokenValidator()));
// Add Token Provider
validateOperation.setTokenProviders(Collections.singletonList(new SAMLTokenProvider()));
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
validateOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
request.getAny().add(tokenType);
// Create a JWTToken
TokenProviderResponse providerResponse = createJWT();
Element wrapper = createTokenWrapper((String) providerResponse.getToken());
ValidateTargetType validateTarget = new ValidateTargetType();
validateTarget.setAny(wrapper);
JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
request.getAny().add(validateTargetType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
// Validate a token
RequestSecurityTokenResponseType response = validateOperation.validate(request, principal, msgCtx);
assertTrue(validateResponse(response));
// Test the generated token.
Element assertion = null;
for (Object tokenObject : response.getAny()) {
if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
assertion = (Element) rstType.getAny();
break;
}
}
assertNotNull(assertion);
String tokenString = DOM2Writer.nodeToString(assertion);
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
}
Also used :
RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)
StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties)
JAXBElement(javax.xml.bind.JAXBElement)
RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Crypto(org.apache.wss4j.common.crypto.Crypto)
SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
JWTTokenValidator(org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator)
WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse)
ValidateTargetType(org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType)
MessageImpl(org.apache.cxf.message.MessageImpl)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Principal(java.security.Principal)
Aggregations
TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)11
JWTTokenValidator (org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator)11
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)8
TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)8
TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)8
TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)8
JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)8
Principal (java.security.Principal)7
CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)7
PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)5
Crypto (org.apache.wss4j.common.crypto.Crypto)5
JAXBElement (javax.xml.bind.JAXBElement)3
WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)3
MessageImpl (org.apache.cxf.message.MessageImpl)3
SecurityContext (org.apache.cxf.security.SecurityContext)3
STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)3
StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)3
DefaultJWTClaimsProvider (org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider)3
RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)3
RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)3
