Examples with STSException org.apache.cxf.ws.security.sts.provider.STSException used on opensource projects

Search in sources :

Example 36 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class UriRealmParser method parseRealm.

@Override
public String parseRealm(Map<String, Object> messageContext) throws STSException {
    String realm = null;
    try {
        String url = (String) messageContext.get("org.apache.cxf.request.url");
        StringTokenizer st = new StringTokenizer(url, "/");
        int count = st.countTokens();
        if (count <= 4) {
            return null;
        }
        count--;
        for (int i = 0; i < count; i++) {
            realm = st.nextToken();
        }
    } catch (Exception ex) {
    // No realm found
    }
    return realm;
}
Also used : StringTokenizer(java.util.StringTokenizer) STSException(org.apache.cxf.ws.security.sts.provider.STSException)

Example 37 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class SAMLProviderLifetimeTest method testSaml2ExceededConfiguredMaxLifetime.

/**
 * Issue SAML 2 token with a with a lifetime
 * which exceeds configured maximum lifetime
 */
@org.junit.Test
public void testSaml2ExceededConfiguredMaxLifetime() throws Exception {
    // 30 minutes
    long maxLifetime = 30 * 60L;
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
    conditionsProvider.setMaxLifetime(maxLifetime);
    conditionsProvider.setAcceptClientLifetime(true);
    samlTokenProvider.setConditionsProvider(conditionsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
    // Set expected lifetime to 35 minutes
    Instant creationTime = Instant.now();
    long requestedLifetime = 35 * 60L;
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    providerParameters.getTokenRequirements().setLifetime(lifetime);
    assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
    try {
        samlTokenProvider.createToken(providerParameters);
        fail("Failure expected due to exceeded lifetime");
    } catch (STSException ex) {
    // expected
    }
}
Also used : Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) STSException(org.apache.cxf.ws.security.sts.provider.STSException)

Example 38 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class SAMLProviderLifetimeTest method testSaml2FarFutureCreatedLifetime.

/**
 * Issue SAML 2 token with a future Created Lifetime. This should fail as we only allow a future
 * dated Lifetime up to 60 seconds to avoid clock skew problems.
 */
@org.junit.Test
public void testSaml2FarFutureCreatedLifetime() throws Exception {
    int requestedLifetime = 60;
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
    conditionsProvider.setAcceptClientLifetime(true);
    samlTokenProvider.setConditionsProvider(conditionsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
    // Set expected lifetime to 1 minute
    Instant creationTime = Instant.now().plusSeconds(120L);
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    providerParameters.getTokenRequirements().setLifetime(lifetime);
    assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
    try {
        samlTokenProvider.createToken(providerParameters);
        fail("Failure expected on a Created Element too far in the future");
    } catch (STSException ex) {
    // expected
    }
    // Now allow this sort of Created Element
    conditionsProvider.setFutureTimeToLive(60L * 60L);
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    Element token = (Element) providerResponse.getToken();
    String tokenString = DOM2Writer.nodeToString(token);
    assertTrue(tokenString.contains(providerResponse.getTokenId()));
}
Also used : Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) Element(org.w3c.dom.Element) STSException(org.apache.cxf.ws.security.sts.provider.STSException)

Example 39 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class SAMLProviderLifetimeTest method testSaml2ExceededDefaultMaxLifetime.

/**
 * Issue SAML 2 token with a with a lifetime
 * which exceeds default maximum lifetime
 */
@org.junit.Test
public void testSaml2ExceededDefaultMaxLifetime() throws Exception {
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
    conditionsProvider.setAcceptClientLifetime(true);
    samlTokenProvider.setConditionsProvider(conditionsProvider);
    TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
    // Set expected lifetime to Default max lifetime plus 1
    Instant creationTime = Instant.now();
    long requestedLifetime = DefaultConditionsProvider.DEFAULT_MAX_LIFETIME + 1;
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    providerParameters.getTokenRequirements().setLifetime(lifetime);
    assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
    try {
        samlTokenProvider.createToken(providerParameters);
        fail("Failure expected due to exceeded lifetime");
    } catch (STSException ex) {
    // expected
    }
}
Also used : Lifetime(org.apache.cxf.sts.request.Lifetime) Instant(java.time.Instant) STSException(org.apache.cxf.ws.security.sts.provider.STSException)

Example 40 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class SAMLProviderKeyTypeTest method testDefaultSaml1SymmetricKeyAssertion.

/**
 * Create a default Saml1 SymmetricKey Assertion.
 */
@org.junit.Test
public void testDefaultSaml1SymmetricKeyAssertion() throws Exception {
    TokenProvider samlTokenProvider = new SAMLTokenProvider();
    TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML_TOKEN_TYPE, STSConstants.SYMMETRIC_KEY_KEYTYPE);
    assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML_TOKEN_TYPE));
    Entropy entropy = new Entropy();
    BinarySecret binarySecret = new BinarySecret();
    binarySecret.setBinarySecretValue(WSSecurityUtil.generateNonce(256 / 8));
    entropy.setBinarySecret(binarySecret);
    providerParameters.getKeyRequirements().setEntropy(entropy);
    binarySecret.setBinarySecretType("bad-type");
    try {
        samlTokenProvider.createToken(providerParameters);
        fail("Failure expected on a bad type");
    } catch (STSException ex) {
    // expected as no type is provided
    }
    binarySecret.setBinarySecretType(STSConstants.NONCE_TYPE);
    try {
        samlTokenProvider.createToken(providerParameters);
        fail("Failure expected on no computed key algorithm");
    } catch (STSException ex) {
    // expected as no computed key algorithm is provided
    }
    providerParameters.getKeyRequirements().setComputedKeyAlgorithm(STSConstants.COMPUTED_KEY_PSHA1);
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    Element token = (Element) providerResponse.getToken();
    String tokenString = DOM2Writer.nodeToString(token);
    assertTrue(tokenString.contains(providerResponse.getTokenId()));
    assertTrue(tokenString.contains("AttributeStatement"));
    assertFalse(tokenString.contains("AuthenticationStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML1Constants.CONF_HOLDER_KEY));
    assertFalse(tokenString.contains(SAML1Constants.CONF_BEARER));
    // Test custom keySize
    SignatureProperties signatureProperties = providerParameters.getStsProperties().getSignatureProperties();
    signatureProperties.setMinimumKeySize(-8);
    providerParameters.getKeyRequirements().setKeySize(-8);
    try {
        samlTokenProvider.createToken(providerParameters);
        fail("Failure expected on a bad KeySize");
    } catch (STSException ex) {
    // expected on a bad KeySize
    }
    signatureProperties.setMinimumKeySize(128);
    providerParameters.getKeyRequirements().setKeySize(192);
    samlTokenProvider.createToken(providerParameters);
}
Also used : Element(org.w3c.dom.Element) SignatureProperties(org.apache.cxf.sts.SignatureProperties) STSException(org.apache.cxf.ws.security.sts.provider.STSException) Entropy(org.apache.cxf.sts.request.Entropy) BinarySecret(org.apache.cxf.sts.request.BinarySecret)

Aggregations

STSException (org.apache.cxf.ws.security.sts.provider.STSException)87 Element (org.w3c.dom.Element)33 Crypto (org.apache.wss4j.common.crypto.Crypto)31 JAXBElement (javax.xml.bind.JAXBElement)30 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)26 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)26 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)26 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)25 MessageImpl (org.apache.cxf.message.MessageImpl)25 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)24 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)24 ServiceMBean (org.apache.cxf.sts.service.ServiceMBean)21 StaticService (org.apache.cxf.sts.service.StaticService)20 RequestSecurityTokenResponseCollectionType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)18 Document (org.w3c.dom.Document)18 Principal (java.security.Principal)14 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)14 EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)14 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)13 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial