Example 61 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class RestSecurityTest method testNotSetSubjectOnClient.
@Test
public void testNotSetSubjectOnClient() throws Exception {
Element samlToken = readDocument("/saml.xml").getDocumentElement();
Subject subject = mock(Subject.class);
SecurityAssertion assertion = mock(SecurityAssertion.class);
SecurityToken token = new SecurityToken(UUID.randomUUID().toString(), samlToken, new Date(), new Date());
when(assertion.getSecurityToken()).thenReturn(token);
when(subject.getPrincipals()).thenReturn(new SimplePrincipalCollection(assertion, "sts"));
WebClient client = WebClient.create("http://example.org");
RestSecurity.setSubjectOnClient(subject, client);
assertNull(client.getHeaders().get(RestSecurity.AUTH_HEADER));
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Element(org.w3c.dom.Element)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
Subject(ddf.security.Subject)
Date(java.util.Date)
Test(org.junit.Test)
Example 62 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class SecurityAssertionImplTest method getSecurityAssertion.
private SecurityAssertionImpl getSecurityAssertion(Element issuedAssertion) {
String assertionId = issuedAssertion.getAttributeNodeNS(null, "ID").getNodeValue();
SecurityToken token = new SecurityToken(assertionId, issuedAssertion, null);
return new SecurityAssertionImpl(token);
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Example 63 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class LogoutRequestServiceTest method setup.
@Before
public void setup() throws ParserConfigurationException, SAXException, IOException {
simpleSign = mock(SimpleSign.class);
idpMetadata = mock(IdpMetadata.class);
relayStates = mock(RelayStates.class);
sessionFactory = mock(SessionFactory.class);
request = mock(HttpServletRequest.class);
logoutMessage = mock(LogoutMessage.class);
encryptionService = mock(EncryptionService.class);
session = mock(HttpSession.class);
securityTokenHolder = mock(SecurityTokenHolder.class);
Element issuedAssertion = readSamlAssertion().getDocumentElement();
String assertionId = issuedAssertion.getAttributeNodeNS(null, "ID").getNodeValue();
SecurityToken token = new SecurityToken(assertionId, issuedAssertion, null);
when(securityTokenHolder.getSecurityToken("idp")).thenReturn(token);
logoutRequestService = new MockLogoutRequestService(simpleSign, idpMetadata, relayStates);
logoutRequestService.setEncryptionService(encryptionService);
logoutRequestService.setLogOutPageTimeOut(LOGOUT_PAGE_TIMEOUT);
logoutRequestService.setLogoutMessage(logoutMessage);
logoutRequestService.setRequest(request);
logoutRequestService.setSessionFactory(sessionFactory);
logoutRequestService.init();
when(sessionFactory.getOrCreateSession(request)).thenReturn(session);
when(session.getAttribute(eq(SecurityConstants.SAML_ASSERTION))).thenReturn(securityTokenHolder);
when(request.getRequestURL()).thenReturn(new StringBuffer("www.url.com/url"));
when(idpMetadata.getSigningCertificate()).thenReturn("signingCertificate");
when(idpMetadata.getSingleLogoutBinding()).thenReturn(SamlProtocol.REDIRECT_BINDING);
when(idpMetadata.getSingleLogoutLocation()).thenReturn(redirectLogoutUrl);
System.setProperty("security.audit.roles", "none");
}
Also used :
SessionFactory(ddf.security.http.SessionFactory)
RelayStates(ddf.security.samlp.impl.RelayStates)
LogoutMessage(ddf.security.samlp.LogoutMessage)
HttpSession(javax.servlet.http.HttpSession)
Element(org.w3c.dom.Element)
Matchers.anyString(org.mockito.Matchers.anyString)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SimpleSign(ddf.security.samlp.SimpleSign)
SecurityTokenHolder(ddf.security.common.SecurityTokenHolder)
EncryptionService(ddf.security.encryption.EncryptionService)
Before(org.junit.Before)
Aggregations
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)63
Test (org.junit.Test)30
Subject (ddf.security.Subject)24
SecurityAssertion (ddf.security.assertion.SecurityAssertion)24
Element (org.w3c.dom.Element)23
SecurityManager (ddf.security.service.SecurityManager)15
HttpServletRequest (javax.servlet.http.HttpServletRequest)11
SecurityTokenHolder (ddf.security.common.SecurityTokenHolder)9
HttpSession (javax.servlet.http.HttpSession)9
Message (org.apache.cxf.message.Message)8
HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)8
SecurityAssertionImpl (ddf.security.assertion.impl.SecurityAssertionImpl)7
CollectionPermission (ddf.security.permission.CollectionPermission)7
SAMLAuthenticationToken (org.codice.ddf.security.handler.api.SAMLAuthenticationToken)7
Matchers.anyString (org.mockito.Matchers.anyString)7
FilterChain (javax.servlet.FilterChain)6
ServletException (javax.servlet.ServletException)6
HttpServletResponse (javax.servlet.http.HttpServletResponse)6
Exchange (org.apache.cxf.message.Exchange)6
BindingOperationInfo (org.apache.cxf.service.model.BindingOperationInfo)6
