Example 66 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class DefaultSTSTokenCacher method retrieveToken.
public SecurityToken retrieveToken(Message message, Element delegationToken, String cacheKey) {
if (delegationToken == null) {
return null;
}
TokenStore tokenStore = TokenStoreUtils.getTokenStore(message);
// See if the token corresponding to the delegation Token is stored in the cache
// and if it points to an issued token
String id = getIdFromToken(delegationToken);
SecurityToken cachedToken = tokenStore.getToken(id);
if (cachedToken != null) {
Map<String, Object> properties = cachedToken.getProperties();
if (properties != null && properties.containsKey(cacheKey)) {
String associatedToken = (String) properties.get(cacheKey);
SecurityToken issuedToken = tokenStore.getToken(associatedToken);
if (issuedToken != null) {
return issuedToken;
}
}
}
return null;
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
Example 67 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class STSClient method validateSecurityToken.
protected List<SecurityToken> validateSecurityToken(SecurityToken tok, String tokentype) throws Exception {
STSResponse response = validate(tok, tokentype);
Element el = getDocumentElement(response.getResponse());
if ("RequestSecurityTokenResponseCollection".equals(el.getLocalName())) {
el = DOMUtils.getFirstElement(el);
}
if (!"RequestSecurityTokenResponse".equals(el.getLocalName())) {
throw new Fault("Unexpected element " + el.getLocalName(), LOG);
}
el = DOMUtils.getFirstElement(el);
String reason = null;
boolean valid = false;
List<SecurityToken> tokens = new LinkedList<>();
while (el != null) {
if ("Status".equals(el.getLocalName())) {
Element e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Code");
String s = DOMUtils.getContent(e2);
valid = s.endsWith("/status/valid");
e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Reason");
if (e2 != null) {
reason = DOMUtils.getContent(e2);
}
} else if ("RequestedSecurityToken".equals(el.getLocalName())) {
SecurityToken token = createSecurityToken(getDocumentElement(response.getResponse()), response.getEntropy());
if (response.getCert() != null) {
token.setX509Certificate(response.getCert(), response.getCrypto());
}
if (token.getTokenType() == null) {
String tokenTypeFromTemplate = getTokenTypeFromTemplate();
if (tokenTypeFromTemplate != null) {
token.setTokenType(tokenTypeFromTemplate);
} else if (tokenType != null) {
token.setTokenType(tokenType);
}
}
tokens.add(token);
}
el = DOMUtils.getNextElement(el);
}
if (!valid) {
throw new TrustException(LOG, "VALIDATION_FAILED", reason);
}
if (tokens.isEmpty()) {
tokens.add(tok);
}
return tokens;
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Element(org.w3c.dom.Element)
Fault(org.apache.cxf.interceptor.Fault)
LinkedList(java.util.LinkedList)
Example 68 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class STSClient method renewSecurityToken.
public SecurityToken renewSecurityToken(SecurityToken tok) throws Exception {
STSResponse response = renew(tok);
SecurityToken token = createSecurityToken(getDocumentElement(response.getResponse()), null);
if (token.getTokenType() == null) {
String tokenTypeFromTemplate = getTokenTypeFromTemplate();
if (tokenTypeFromTemplate != null) {
token.setTokenType(tokenTypeFromTemplate);
} else if (tokenType != null) {
token.setTokenType(tokenType);
}
}
return token;
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Example 69 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class STSStaxTokenValidator method validateTokenToSTS.
private static void validateTokenToSTS(Element tokenElement, SoapMessage message) throws WSSecurityException {
SecurityToken token = new SecurityToken();
token.setToken(tokenElement);
STSClient c = STSUtils.getClient(message, "sts");
synchronized (c) {
System.setProperty("noprint", "true");
try {
c.validateSecurityToken(token);
} catch (Exception e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
}
}
}
Also used :
UsernameSecurityToken(org.apache.wss4j.stax.securityToken.UsernameSecurityToken)
InboundSecurityToken(org.apache.xml.security.stax.securityToken.InboundSecurityToken)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SamlSecurityToken(org.apache.wss4j.stax.securityToken.SamlSecurityToken)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
Example 70 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class STSTokenRetriever method getToken.
public static SecurityToken getToken(Message message, TokenRequestParams params, STSTokenCacher tokenCacher) {
Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.STS_APPLIES_TO, message);
String appliesTo = o == null ? null : o.toString();
if (appliesTo == null) {
String endpointAddress = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
// Strip out any query parameters if they exist
int query = endpointAddress.indexOf('?');
if (query > 0) {
endpointAddress = endpointAddress.substring(0, query);
}
appliesTo = endpointAddress;
}
STSClient client = STSUtils.getClientWithIssuer(message, "sts", params.getIssuer());
synchronized (client) {
try {
client.setMessage(message);
// Transpose ActAs/OnBehalfOf info from original request to the STS client.
Object token = SecurityUtils.getSecurityPropertyValue(SecurityConstants.STS_TOKEN_ACT_AS, message);
if (token != null) {
client.setActAs(token);
}
token = SecurityUtils.getSecurityPropertyValue(SecurityConstants.STS_TOKEN_ON_BEHALF_OF, message);
if (token != null) {
client.setOnBehalfOf(token);
}
boolean enableAppliesTo = client.isEnableAppliesTo();
Element onBehalfOfToken = client.getOnBehalfOfToken();
Element actAsToken = client.getActAsToken();
String key = appliesTo;
if (!enableAppliesTo || key == null || "".equals(key)) {
key = ASSOCIATED_TOKEN;
}
boolean cacheToken = isCachedTokenFromEndpoint(message, onBehalfOfToken, actAsToken);
// Try to retrieve a cached token from the message
SecurityToken secToken = tokenCacher.retrieveToken(message, cacheToken);
// Otherwise try to get a cached token corresponding to the delegation token
if (secToken == null && onBehalfOfToken != null) {
secToken = tokenCacher.retrieveToken(message, onBehalfOfToken, key);
}
if (secToken == null && actAsToken != null) {
secToken = tokenCacher.retrieveToken(message, actAsToken, key);
}
if (secToken != null) {
// Check to see whether the token needs to be renewed
secToken = renewToken(message, secToken, params, tokenCacher);
} else {
secToken = getTokenFromSTS(message, client, appliesTo, params);
}
if (secToken != null) {
tokenCacher.storeToken(message, onBehalfOfToken, secToken.getId(), key);
tokenCacher.storeToken(message, actAsToken, secToken.getId(), key);
tokenCacher.storeToken(message, secToken, cacheToken);
}
return secToken;
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
throw new Fault(e);
} finally {
client.setTrust((Trust10) null);
client.setTrust((Trust13) null);
client.setTemplate(null);
client.setAddressingNamespace(null);
}
}
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Element(org.w3c.dom.Element)
Fault(org.apache.cxf.interceptor.Fault)
Aggregations
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)177
Element (org.w3c.dom.Element)56
Bus (org.apache.cxf.Bus)41
Test (org.junit.Test)39
URL (java.net.URL)35
SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)34
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)34
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)27
Subject (ddf.security.Subject)24
SecurityAssertion (ddf.security.assertion.SecurityAssertion)24
QName (javax.xml.namespace.QName)21
Fault (org.apache.cxf.interceptor.Fault)19
SOAPException (javax.xml.soap.SOAPException)16
TokenStore (org.apache.cxf.ws.security.tokenstore.TokenStore)16
SecurityManager (ddf.security.service.SecurityManager)15
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)15
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)15
Document (org.w3c.dom.Document)14
ArrayList (java.util.ArrayList)13
Instant (java.time.Instant)12
