Search in sources :

Example 1 with SamlCallbackHandler

use of org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler in project cxf by apache.

the class AuthorizationGrantNegativeTest method testSAMLHolderOfKey.

@org.junit.Test
public void testSAMLHolderOfKey() throws Exception {
    URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
    String address = "https://localhost:" + port + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Create the SAML Assertion
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
    samlCallbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
    samlCallbackHandler.setAudience(address + "token");
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
    String assertion = samlAssertion.assertionToString();
    // Get Access Token
    client.type("application/x-www-form-urlencoded").accept("application/json");
    client.path("token");
    Form form = new Form();
    form.param("grant_type", "urn:ietf:params:oauth:grant-type:saml2-bearer");
    form.param("assertion", Base64UrlUtility.encode(assertion));
    form.param("client_id", "consumer-id");
    try {
        Response response = client.post(form);
        response.readEntity(ClientAccessToken.class);
        fail("Failure expected on an incorrect subject confirmation method");
    } catch (Exception ex) {
    // expected
    }
}
Also used : Response(javax.ws.rs.core.Response) SamlCallbackHandler(org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler) Form(javax.ws.rs.core.Form) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL) ResponseProcessingException(javax.ws.rs.client.ResponseProcessingException)

Example 2 with SamlCallbackHandler

use of org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler in project cxf by apache.

the class AuthorizationGrantNegativeTest method testSAMLUnauthenticatedSignature.

@org.junit.Test
public void testSAMLUnauthenticatedSignature() throws Exception {
    URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
    String address = "https://localhost:" + port + "/services/";
    WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
    // Create the SAML Assertion
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
    samlCallbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
    samlCallbackHandler.setAudience(address + "token");
    samlCallbackHandler.setIssuerKeyName("smallkey");
    samlCallbackHandler.setIssuerKeyPassword("security");
    samlCallbackHandler.setCryptoPropertiesFile("org/apache/cxf/systest/jaxrs/security/smallkey.properties");
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
    String assertion = samlAssertion.assertionToString();
    // Get Access Token
    client.type("application/x-www-form-urlencoded").accept("application/json");
    client.path("token");
    Form form = new Form();
    form.param("grant_type", "urn:ietf:params:oauth:grant-type:saml2-bearer");
    form.param("assertion", Base64UrlUtility.encode(assertion));
    form.param("client_id", "consumer-id");
    try {
        Response response = client.post(form);
        response.readEntity(ClientAccessToken.class);
        fail("Failure expected on an incorrect subject confirmation method");
    } catch (Exception ex) {
    // expected
    }
}
Also used : Response(javax.ws.rs.core.Response) SamlCallbackHandler(org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler) Form(javax.ws.rs.core.Form) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL) ResponseProcessingException(javax.ws.rs.client.ResponseProcessingException)

Example 3 with SamlCallbackHandler

use of org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler in project cxf by apache.

the class JAXRSOAuth2Test method testSAMLBadSubjectName.

@Test
public void testSAMLBadSubjectName() throws Exception {
    String address = "https://localhost:" + port + "/oauth2-auth/token";
    WebClient wc = createWebClient(address);
    String audienceURI = "https://localhost:" + port + "/oauth2-auth/token";
    // Create the SAML Assertion
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
    samlCallbackHandler.setSubjectName("bob");
    samlCallbackHandler.setAudience(audienceURI);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    if (samlCallback.isSignAssertion()) {
        samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
    }
    String assertion = samlAssertion.assertionToString();
    String encodedAssertion = Base64UrlUtility.encode(assertion);
    Map<String, String> extraParams = new HashMap<>();
    extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE, Constants.CLIENT_AUTH_SAML2_BEARER);
    extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, encodedAssertion);
    try {
        OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
        fail("Failure expected on a bad subject name");
    } catch (OAuthServiceException ex) {
    // expected
    }
}
Also used : SamlCallbackHandler(org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler) HashMap(java.util.HashMap) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WebClient(org.apache.cxf.jaxrs.client.WebClient) Test(org.junit.Test)

Example 4 with SamlCallbackHandler

use of org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler in project cxf by apache.

the class JAXRSOAuth2Test method testSAML2BearerGrant.

@Test
public void testSAML2BearerGrant() throws Exception {
    String address = "https://localhost:" + port + "/oauth2/token";
    WebClient wc = createWebClient(address);
    Crypto crypto = new CryptoLoader().loadCrypto(CRYPTO_RESOURCE_PROPERTIES);
    SelfSignInfo signInfo = new SelfSignInfo(crypto, "alice", "password");
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(false);
    String audienceURI = "https://localhost:" + port + "/oauth2/token";
    samlCallbackHandler.setAudience(audienceURI);
    SamlAssertionWrapper assertionWrapper = SAMLUtils.createAssertion(samlCallbackHandler, signInfo);
    Document doc = DOMUtils.newDocument();
    Element assertionElement = assertionWrapper.toDOM(doc);
    String assertion = DOM2Writer.nodeToString(assertionElement);
    Saml2BearerGrant grant = new Saml2BearerGrant(assertion);
    ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new Consumer("alice", "alice"), grant, false);
    assertNotNull(at.getTokenKey());
}
Also used : SelfSignInfo(org.apache.cxf.rs.security.saml.SAMLUtils.SelfSignInfo) SamlCallbackHandler(org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler) Crypto(org.apache.wss4j.common.crypto.Crypto) Saml2BearerGrant(org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrant) Consumer(org.apache.cxf.rs.security.oauth2.client.Consumer) CryptoLoader(org.apache.cxf.rs.security.common.CryptoLoader) Element(org.w3c.dom.Element) ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Document(org.w3c.dom.Document) WebClient(org.apache.cxf.jaxrs.client.WebClient) Test(org.junit.Test)

Example 5 with SamlCallbackHandler

use of org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler in project cxf by apache.

the class JAXRSOAuth2Test method createWebClientWithProps.

private WebClient createWebClientWithProps(String address) {
    JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
    bean.setAddress(address);
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = JAXRSOAuth2Test.class.getResource("client.xml");
    Bus springBus = bf.createBus(busFile.toString());
    bean.setBus(springBus);
    Map<String, Object> properties = new HashMap<>();
    properties.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
    samlCallbackHandler.setIssuer("alice");
    String audienceURI = "https://localhost:" + port + "/oauth2-auth/token";
    samlCallbackHandler.setAudience(audienceURI);
    properties.put(SecurityConstants.SAML_CALLBACK_HANDLER, samlCallbackHandler);
    properties.put(SecurityConstants.SIGNATURE_USERNAME, "alice");
    properties.put(SecurityConstants.SIGNATURE_PROPERTIES, CRYPTO_RESOURCE_PROPERTIES);
    bean.setProperties(properties);
    bean.getOutInterceptors().add(new Saml2BearerAuthOutInterceptor());
    WebClient wc = bean.createWebClient();
    wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
    return wc;
}
Also used : Bus(org.apache.cxf.Bus) SamlCallbackHandler(org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) JAXRSClientFactoryBean(org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean) HashMap(java.util.HashMap) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL) Saml2BearerAuthOutInterceptor(org.apache.cxf.rs.security.oauth2.auth.saml.Saml2BearerAuthOutInterceptor)

Aggregations

WebClient (org.apache.cxf.jaxrs.client.WebClient)7 SamlCallbackHandler (org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler)7 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)6 HashMap (java.util.HashMap)4 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)4 Test (org.junit.Test)4 URL (java.net.URL)3 ResponseProcessingException (javax.ws.rs.client.ResponseProcessingException)2 Form (javax.ws.rs.core.Form)2 Response (javax.ws.rs.core.Response)2 CryptoLoader (org.apache.cxf.rs.security.common.CryptoLoader)2 ClientAccessToken (org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)2 OAuthServiceException (org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)2 SelfSignInfo (org.apache.cxf.rs.security.saml.SAMLUtils.SelfSignInfo)2 Crypto (org.apache.wss4j.common.crypto.Crypto)2 Document (org.w3c.dom.Document)2 Element (org.w3c.dom.Element)2 Bus (org.apache.cxf.Bus)1 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)1 JAXRSClientFactoryBean (org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean)1