use of org.apache.cxf.ws.policy.PolicyInterceptorProviderRegistry in project OpenAM by OpenRock.
the class SoapSTSConsumer method addAMSessionTokenSupport.
/**
* This method registers the AMSessionToken AssertionBuilder and InterceptorProvider required to consume a sts instance
* protected by a SecurityPolicy binding specifying OpenAMToken Assertions.
*/
private void addAMSessionTokenSupport() {
PolicyInterceptorProviderRegistry pipr = bus.getExtension(PolicyInterceptorProviderRegistry.class);
pipr.register(new OpenAMSessionTokenClientInterceptorProvider());
AssertionBuilderRegistry abr = bus.getExtension(AssertionBuilderRegistry.class);
abr.setIgnoreUnknownAssertions(false);
abr.registerBuilder(AMSTSConstants.AM_SESSION_TOKEN_ASSERTION_QNAME, new OpenAMSessionTokenClientAssertionBuilder(callbackHander));
}
use of org.apache.cxf.ws.policy.PolicyInterceptorProviderRegistry in project OpenAM by OpenRock.
the class SoapSTSLifecycleImpl method registerCustomPolicyInterceptors.
/*
This method will register the OpenAMSessionToken AssertionBuilder and InterceptorProvider instances with the cxf
Bus, so that any OpenAMSessionToken SecurityPolicy bindings in any of the published soap-sts instances can be
supported. Note that this registration is global to all soap-sts instances published in this realm, as the AssertionBuilderRegistry
and the PolicyInterceptorProviderRegistry are global to a cxf Bus, and thus to a cxf deployment. This does not cause
problems however, as the OpenAM session validation which is consumed as part of realizing this interceptor context
is specific only to a realm, and each soap-sts deployment is realm specific (as it corresponds to a soap-sts-agent,
which is also realm-specific.) Note, however, if we wanted to support OpenID Connect ID tokens, then a global
interceptor would have to be registered which would ultimately consult sts-instance-specific state corresponding to the
authN context which would validate this OIDC id token, and the key used to look-up this instance-specific
state from the global interceptor would be the last url constituent of the soap-sts invocation (including any realm
elements), as this is the soap-sts-instance identifier.
*/
private void registerCustomPolicyInterceptors() {
final boolean createIfNecessary = false;
final Bus bus = BusFactory.getDefaultBus(createIfNecessary);
final PolicyInterceptorProviderRegistry policyInterceptorProviderRegistry = bus.getExtension(PolicyInterceptorProviderRegistry.class);
policyInterceptorProviderRegistry.register(openAMSessionTokenServerInterceptorProvider);
AssertionBuilderRegistry assertionBuilderRegistry = bus.getExtension(AssertionBuilderRegistry.class);
assertionBuilderRegistry.registerBuilder(AMSTSConstants.AM_SESSION_TOKEN_ASSERTION_QNAME, new OpenAMSessionTokenServerAssertionBuilder());
}
Aggregations