Search in sources :

Example 1 with SamlCallbackHandler

use of org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler in project cxf by apache.

the class SamlTokenTest method testAsymmetricSamlInitiatorProtectTokens.

@org.junit.Test
public void testAsymmetricSamlInitiatorProtectTokens() throws Exception {
    // We don't support ProtectTokens + streaming clients
    if (test.isStreaming()) {
        return;
    }
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = SamlTokenTest.class.getResource("client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSamlInitiatorProtectTokensPort");
    DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(saml2Port, test.getPort());
    if (test.isStreaming()) {
        SecurityTestUtil.enableStreaming(saml2Port);
    }
    SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
    ((BindingProvider) saml2Port).getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, callbackHandler);
    int result = saml2Port.doubleIt(25);
    assertTrue(result == 50);
    ((java.io.Closeable) saml2Port).close();
    bus.shutdown(true);
}
Also used : Bus(org.apache.cxf.Bus) SamlCallbackHandler(org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) QName(javax.xml.namespace.QName) Service(javax.xml.ws.Service) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) URL(java.net.URL)

Example 2 with SamlCallbackHandler

use of org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler in project cxf by apache.

the class SamlTokenTest method testDisableAudienceRestrictionValidation.

@org.junit.Test
public void testDisableAudienceRestrictionValidation() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = SamlTokenTest.class.getResource("client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort2");
    DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class);
    String portNumber = PORT2;
    if (STAX_PORT.equals(test.getPort())) {
        portNumber = STAX_PORT2;
    }
    updateAddressPort(saml2Port, portNumber);
    // Create a SAML Token with an AudienceRestrictionCondition
    ConditionsBean conditions = new ConditionsBean();
    List<AudienceRestrictionBean> audienceRestrictions = new ArrayList<>();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.setAudienceURIs(Collections.singletonList(service.getServiceName().toString() + ".xyz"));
    audienceRestrictions.add(audienceRestriction);
    conditions.setAudienceRestrictions(audienceRestrictions);
    SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
    callbackHandler.setConditions(conditions);
    ((BindingProvider) saml2Port).getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, callbackHandler);
    // It should fail with validation enabled
    try {
        saml2Port.doubleIt(25);
        fail("Failure expected on unknown AudienceRestriction");
    } catch (javax.xml.ws.soap.SOAPFaultException ex) {
    // expected
    }
    // It should pass with validation disabled
    portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort3");
    saml2Port = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(saml2Port, portNumber);
    ((BindingProvider) saml2Port).getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, callbackHandler);
    saml2Port.doubleIt(25);
    // It should pass because we explicitly allow the given audience restriction
    portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort4");
    saml2Port = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(saml2Port, portNumber);
    ((BindingProvider) saml2Port).getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, callbackHandler);
    saml2Port.doubleIt(25);
}
Also used : Bus(org.apache.cxf.Bus) AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean) QName(javax.xml.namespace.QName) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) ArrayList(java.util.ArrayList) Service(javax.xml.ws.Service) URL(java.net.URL) SamlCallbackHandler(org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType)

Example 3 with SamlCallbackHandler

use of org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler in project cxf by apache.

the class SamlTokenTest method testSaml1SupportingSelfSigned.

// Self-signing (see CXF-5248)
@org.junit.Test
public void testSaml1SupportingSelfSigned() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = SamlTokenTest.class.getResource("client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItSaml1SupportingPort");
    DoubleItPortType saml1Port = service.getPort(portQName, DoubleItPortType.class);
    String portNumber = PORT2;
    if (STAX_PORT.equals(test.getPort())) {
        portNumber = STAX_PORT2;
    }
    updateAddressPort(saml1Port, portNumber);
    if (test.isStreaming()) {
        SecurityTestUtil.enableStreaming(saml1Port);
    }
    SamlCallbackHandler callbackHandler = new SamlCallbackHandler(false, true);
    callbackHandler.setConfirmationMethod(SAML1Constants.CONF_BEARER);
    ((BindingProvider) saml1Port).getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, callbackHandler);
    ((BindingProvider) saml1Port).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME, "alice");
    ((BindingProvider) saml1Port).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES, "alice.properties");
    ((BindingProvider) saml1Port).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.ws.common.KeystorePasswordCallback");
    int result = saml1Port.doubleIt(25);
    assertTrue(result == 50);
    ((java.io.Closeable) saml1Port).close();
    bus.shutdown(true);
}
Also used : Bus(org.apache.cxf.Bus) SamlCallbackHandler(org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) QName(javax.xml.namespace.QName) Service(javax.xml.ws.Service) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) URL(java.net.URL)

Example 4 with SamlCallbackHandler

use of org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler in project cxf by apache.

the class SamlTokenTest method testSaml2EndorsingOverTransport.

@org.junit.Test
public void testSaml2EndorsingOverTransport() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = SamlTokenTest.class.getResource("client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort");
    DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class);
    String portNumber = PORT2;
    if (STAX_PORT.equals(test.getPort())) {
        portNumber = STAX_PORT2;
    }
    updateAddressPort(saml2Port, portNumber);
    if (test.isStreaming()) {
        SecurityTestUtil.enableStreaming(saml2Port);
    }
    SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
    ((BindingProvider) saml2Port).getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, callbackHandler);
    int result = saml2Port.doubleIt(25);
    assertTrue(result == 50);
    ((java.io.Closeable) saml2Port).close();
    bus.shutdown(true);
}
Also used : Bus(org.apache.cxf.Bus) SamlCallbackHandler(org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) QName(javax.xml.namespace.QName) Service(javax.xml.ws.Service) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) URL(java.net.URL)

Example 5 with SamlCallbackHandler

use of org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler in project cxf by apache.

the class SamlTokenTest method testSaml2DifferentAlgorithms.

@org.junit.Test
public void testSaml2DifferentAlgorithms() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = SamlTokenTest.class.getResource("client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort");
    DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class);
    String portNumber = PORT2;
    if (STAX_PORT.equals(test.getPort())) {
        portNumber = STAX_PORT2;
    }
    updateAddressPort(saml2Port, portNumber);
    if (test.isStreaming()) {
        SecurityTestUtil.enableStreaming(saml2Port);
    }
    SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
    callbackHandler.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
    callbackHandler.setDigestAlgorithm(WSS4JConstants.SHA256);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
    ((BindingProvider) saml2Port).getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, callbackHandler);
    int result = saml2Port.doubleIt(25);
    assertTrue(result == 50);
    ((java.io.Closeable) saml2Port).close();
    bus.shutdown(true);
}
Also used : Bus(org.apache.cxf.Bus) SamlCallbackHandler(org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) QName(javax.xml.namespace.QName) Service(javax.xml.ws.Service) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) URL(java.net.URL)

Aggregations

URL (java.net.URL)31 QName (javax.xml.namespace.QName)31 Service (javax.xml.ws.Service)31 Bus (org.apache.cxf.Bus)31 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)31 SamlCallbackHandler (org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler)31 DoubleItPortType (org.example.contract.doubleit.DoubleItPortType)31 ConditionsBean (org.apache.wss4j.common.saml.bean.ConditionsBean)4 ArrayList (java.util.ArrayList)3 AudienceRestrictionBean (org.apache.wss4j.common.saml.bean.AudienceRestrictionBean)3 Client (org.apache.cxf.endpoint.Client)1 SecurityHeaderCacheInterceptor (org.apache.cxf.systest.ws.ut.SecurityHeaderCacheInterceptor)1