Examples with STSException org.apache.cxf.ws.security.sts.provider.STSException used on opensource projects

Search in sources :

Example 6 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class JWTProviderLifetimeTest method testJWTFarFutureCreatedLifetime.

/**
 * Issue JWT token with a future Created Lifetime. This should fail as we only allow a future
 * dated Lifetime up to 60 seconds to avoid clock skew problems.
 */
@org.junit.Test
public void testJWTFarFutureCreatedLifetime() throws Exception {
    int requestedLifetime = 60;
    JWTTokenProvider tokenProvider = new JWTTokenProvider();
    DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
    claimsProvider.setAcceptClientLifetime(true);
    tokenProvider.setJwtClaimsProvider(claimsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
    // Set expected lifetime to 1 minute
    Instant creationTime = Instant.now().plusSeconds(120L);
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    providerParameters.getTokenRequirements().setLifetime(lifetime);
    try {
        tokenProvider.createToken(providerParameters);
        fail("Failure expected on a Created Element too far in the future");
    } catch (STSException ex) {
    // expected
    }
    // Now allow this sort of Created Element
    claimsProvider.setFutureTimeToLive(60L * 60L);
    TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    String token = (String) providerResponse.getToken();
    assertNotNull(token);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
    JwtToken jwt = jwtConsumer.getJwtToken();
    assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getEpochSecond());
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider) STSException(org.apache.cxf.ws.security.sts.provider.STSException) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 7 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class JWTProviderLifetimeTest method testJWTExceededDefaultMaxLifetime.

/**
 * Issue JWT token with a with a lifetime
 * which exceeds default maximum lifetime
 */
@org.junit.Test
public void testJWTExceededDefaultMaxLifetime() throws Exception {
    JWTTokenProvider tokenProvider = new JWTTokenProvider();
    DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
    claimsProvider.setAcceptClientLifetime(true);
    tokenProvider.setJwtClaimsProvider(claimsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
    // Set expected lifetime to Default max lifetime plus 1
    Instant creationTime = Instant.now();
    long requestedLifetime = DefaultConditionsProvider.DEFAULT_MAX_LIFETIME + 1;
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    providerParameters.getTokenRequirements().setLifetime(lifetime);
    try {
        tokenProvider.createToken(providerParameters);
        fail("Failure expected due to exceeded lifetime");
    } catch (STSException ex) {
    // expected
    }
}
Also used : Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider) STSException(org.apache.cxf.ws.security.sts.provider.STSException) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 8 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class JWTProviderLifetimeTest method testJWTExceededConfiguredMaxLifetime.

/**
 * Issue JWT token with a with a lifetime
 * which exceeds configured maximum lifetime
 */
@org.junit.Test
public void testJWTExceededConfiguredMaxLifetime() throws Exception {
    // 30 minutes
    long maxLifetime = 30 * 60L;
    JWTTokenProvider tokenProvider = new JWTTokenProvider();
    DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
    claimsProvider.setMaxLifetime(maxLifetime);
    claimsProvider.setAcceptClientLifetime(true);
    tokenProvider.setJwtClaimsProvider(claimsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
    // Set expected lifetime to 35 minutes
    Instant creationTime = Instant.now();
    long requestedLifetime = 35 * 60L;
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    providerParameters.getTokenRequirements().setLifetime(lifetime);
    try {
        tokenProvider.createToken(providerParameters);
        fail("Failure expected due to exceeded lifetime");
    } catch (STSException ex) {
    // expected
    }
}
Also used : Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider) STSException(org.apache.cxf.ws.security.sts.provider.STSException) JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)

Example 9 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class ValidateUnitTest method testTokenType.

/**
 * Test to validate a token of an unknown or missing TokenType value.
 */
@org.junit.Test
public void testTokenType() throws Exception {
    TokenValidateOperation validateOperation = new TokenValidateOperation();
    // Add Token Validator
    validateOperation.setTokenValidators(Collections.singletonList(new DummyTokenValidator()));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    validateOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, "UnknownTokenType");
    request.getAny().add(tokenType);
    ValidateTargetType validateTarget = new ValidateTargetType();
    JAXBElement<BinarySecurityTokenType> token = createToken();
    validateTarget.setAny(token);
    JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
    request.getAny().add(validateTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    // Validate a token - failure expected on an unknown token type
    try {
        validateOperation.validate(request, null, msgCtx);
        fail("Failure expected on an unknown token type");
    } catch (STSException ex) {
    // expected
    }
    // Validate a token - no token type is sent, so it defaults to status
    request.getAny().remove(0);
    RequestSecurityTokenResponseType response = validateOperation.validate(request, null, msgCtx);
    assertTrue(validateResponse(response));
}
Also used : RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) STSException(org.apache.cxf.ws.security.sts.provider.STSException) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) JAXBElement(javax.xml.bind.JAXBElement) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) ValidateTargetType(org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType) MessageImpl(org.apache.cxf.message.MessageImpl)

Example 10 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class AbstractOperation method createTokenProviderParameters.

/**
 * Create a TokenProviderParameters object
 */
protected TokenProviderParameters createTokenProviderParameters(RequestRequirements requestRequirements, Principal principal, Map<String, Object> messageContext) {
    TokenProviderParameters providerParameters = new TokenProviderParameters();
    providerParameters.setStsProperties(stsProperties);
    providerParameters.setPrincipal(principal);
    providerParameters.setMessageContext(messageContext);
    providerParameters.setTokenStore(getTokenStore());
    providerParameters.setEncryptToken(encryptIssuedToken);
    KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
    TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
    providerParameters.setKeyRequirements(keyRequirements);
    providerParameters.setTokenRequirements(tokenRequirements);
    // Extract AppliesTo
    String address = extractAddressFromAppliesTo(tokenRequirements.getAppliesTo());
    if (LOG.isLoggable(Level.FINE)) {
        LOG.fine("The AppliesTo address that has been received is: " + address);
    }
    providerParameters.setAppliesToAddress(address);
    // Get the realm of the request
    if (stsProperties.getRealmParser() != null) {
        RealmParser realmParser = stsProperties.getRealmParser();
        String realm = realmParser.parseRealm(messageContext);
        providerParameters.setRealm(realm);
    }
    // Set the requested Claims
    ClaimCollection claims = tokenRequirements.getPrimaryClaims();
    providerParameters.setRequestedPrimaryClaims(claims);
    claims = tokenRequirements.getSecondaryClaims();
    providerParameters.setRequestedSecondaryClaims(claims);
    EncryptionProperties encryptionProperties = stsProperties.getEncryptionProperties();
    if (address != null) {
        boolean foundService = false;
        // Get the stored Service object corresponding to the Service endpoint
        if (services != null) {
            for (ServiceMBean service : services) {
                if (service.isAddressInEndpoints(address)) {
                    EncryptionProperties svcEncryptionProperties = service.getEncryptionProperties();
                    if (svcEncryptionProperties != null) {
                        encryptionProperties = svcEncryptionProperties;
                    }
                    if (tokenRequirements.getTokenType() == null) {
                        String tokenType = service.getTokenType();
                        tokenRequirements.setTokenType(tokenType);
                        LOG.fine("Using default token type of: " + tokenType);
                    }
                    if (keyRequirements.getKeyType() == null) {
                        String keyType = service.getKeyType();
                        keyRequirements.setKeyType(keyType);
                        LOG.fine("Using default key type of: " + keyType);
                    }
                    foundService = true;
                    break;
                }
            }
        }
        if (!foundService) {
            String msg = "No service corresponding to " + address + " is known. Check 'services' property configuration in SecurityTokenServiceProvider";
            LOG.log(Level.SEVERE, msg);
            throw new STSException(msg, STSException.REQUEST_FAILED);
        }
    }
    providerParameters.setEncryptionProperties(encryptionProperties);
    return providerParameters;
}
Also used : RealmParser(org.apache.cxf.sts.RealmParser) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) ServiceMBean(org.apache.cxf.sts.service.ServiceMBean) STSException(org.apache.cxf.ws.security.sts.provider.STSException) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Aggregations

STSException (org.apache.cxf.ws.security.sts.provider.STSException)87 Element (org.w3c.dom.Element)33 Crypto (org.apache.wss4j.common.crypto.Crypto)31 JAXBElement (javax.xml.bind.JAXBElement)30 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)26 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)26 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)26 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)25 MessageImpl (org.apache.cxf.message.MessageImpl)25 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)24 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)24 ServiceMBean (org.apache.cxf.sts.service.ServiceMBean)21 StaticService (org.apache.cxf.sts.service.StaticService)20 RequestSecurityTokenResponseCollectionType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)18 Document (org.w3c.dom.Document)18 Principal (java.security.Principal)14 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)14 EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)14 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)13 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial