Search in sources :

Example 1 with PolicyInterceptorProviderRegistry

use of org.apache.cxf.ws.policy.PolicyInterceptorProviderRegistry in project OpenAM by OpenRock.

the class SoapSTSConsumer method addAMSessionTokenSupport.

/**
     * This method registers the AMSessionToken AssertionBuilder and InterceptorProvider required to consume a sts instance
     * protected by a SecurityPolicy binding specifying OpenAMToken Assertions.
     */
private void addAMSessionTokenSupport() {
    PolicyInterceptorProviderRegistry pipr = bus.getExtension(PolicyInterceptorProviderRegistry.class);
    pipr.register(new OpenAMSessionTokenClientInterceptorProvider());
    AssertionBuilderRegistry abr = bus.getExtension(AssertionBuilderRegistry.class);
    abr.setIgnoreUnknownAssertions(false);
    abr.registerBuilder(AMSTSConstants.AM_SESSION_TOKEN_ASSERTION_QNAME, new OpenAMSessionTokenClientAssertionBuilder(callbackHander));
}
Also used : AssertionBuilderRegistry(org.apache.cxf.ws.policy.AssertionBuilderRegistry) PolicyInterceptorProviderRegistry(org.apache.cxf.ws.policy.PolicyInterceptorProviderRegistry) OpenAMSessionTokenClientInterceptorProvider(org.forgerock.openam.sts.soap.policy.am.OpenAMSessionTokenClientInterceptorProvider) OpenAMSessionTokenClientAssertionBuilder(org.forgerock.openam.sts.soap.policy.am.OpenAMSessionTokenClientAssertionBuilder)

Example 2 with PolicyInterceptorProviderRegistry

use of org.apache.cxf.ws.policy.PolicyInterceptorProviderRegistry in project OpenAM by OpenRock.

the class SoapSTSLifecycleImpl method registerCustomPolicyInterceptors.

/*
    This method will register the OpenAMSessionToken AssertionBuilder and InterceptorProvider instances with the cxf
    Bus, so that any OpenAMSessionToken SecurityPolicy bindings in any of the published soap-sts instances can be
    supported. Note that this registration is global to all soap-sts instances published in this realm, as the AssertionBuilderRegistry
    and the PolicyInterceptorProviderRegistry are global to a cxf Bus, and thus to a cxf deployment. This does not cause
    problems however, as the OpenAM session validation which is consumed as part of realizing this interceptor context
    is specific only to a realm, and each soap-sts deployment is realm specific (as it corresponds to a soap-sts-agent,
    which is also realm-specific.) Note, however, if we wanted to support OpenID Connect ID tokens, then a global
    interceptor would have to be registered which would ultimately consult sts-instance-specific state corresponding to the
    authN context which would validate this OIDC id token, and the key used to look-up this instance-specific
    state from the global interceptor would be the last url constituent of the soap-sts invocation (including any realm
    elements), as this is the soap-sts-instance identifier.
     */
private void registerCustomPolicyInterceptors() {
    final boolean createIfNecessary = false;
    final Bus bus = BusFactory.getDefaultBus(createIfNecessary);
    final PolicyInterceptorProviderRegistry policyInterceptorProviderRegistry = bus.getExtension(PolicyInterceptorProviderRegistry.class);
    policyInterceptorProviderRegistry.register(openAMSessionTokenServerInterceptorProvider);
    AssertionBuilderRegistry assertionBuilderRegistry = bus.getExtension(AssertionBuilderRegistry.class);
    assertionBuilderRegistry.registerBuilder(AMSTSConstants.AM_SESSION_TOKEN_ASSERTION_QNAME, new OpenAMSessionTokenServerAssertionBuilder());
}
Also used : AssertionBuilderRegistry(org.apache.cxf.ws.policy.AssertionBuilderRegistry) Bus(org.apache.cxf.Bus) OpenAMSessionTokenServerAssertionBuilder(org.forgerock.openam.sts.soap.policy.am.OpenAMSessionTokenServerAssertionBuilder) PolicyInterceptorProviderRegistry(org.apache.cxf.ws.policy.PolicyInterceptorProviderRegistry)

Aggregations

AssertionBuilderRegistry (org.apache.cxf.ws.policy.AssertionBuilderRegistry)2 PolicyInterceptorProviderRegistry (org.apache.cxf.ws.policy.PolicyInterceptorProviderRegistry)2 Bus (org.apache.cxf.Bus)1 OpenAMSessionTokenClientAssertionBuilder (org.forgerock.openam.sts.soap.policy.am.OpenAMSessionTokenClientAssertionBuilder)1 OpenAMSessionTokenClientInterceptorProvider (org.forgerock.openam.sts.soap.policy.am.OpenAMSessionTokenClientInterceptorProvider)1 OpenAMSessionTokenServerAssertionBuilder (org.forgerock.openam.sts.soap.policy.am.OpenAMSessionTokenServerAssertionBuilder)1