Example 81 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class AbstractPolicySecurityTest method runOutInterceptorAndValidateSamlTokenAttached.
protected void runOutInterceptorAndValidateSamlTokenAttached(String policyDoc) throws Exception {
// create the request message
final Document document = this.readDocument("wsse-request-clean.xml");
final Element outPolicyElement = this.readDocument(policyDoc).getDocumentElement();
final Policy policy = this.policyBuilder.getPolicy(outPolicyElement);
AssertionInfoMap aim = new AssertionInfoMap(policy);
SoapMessage msg = this.getOutSoapMessageForDom(document, aim);
// add an "issued" assertion into the message exchange
Element issuedAssertion = this.readDocument("example-sts-issued-saml-assertion.xml").getDocumentElement();
Properties cryptoProps = new Properties();
URL url = ClassLoader.getSystemResource("outsecurity.properties");
cryptoProps.load(url.openStream());
Crypto crypto = CryptoFactory.getInstance(cryptoProps);
// Sign the "issued" assertion
SamlAssertionWrapper assertionWrapper = new SamlAssertionWrapper(issuedAssertion);
assertionWrapper.signAssertion("myalias", "myAliasPassword", crypto, false);
Document doc = DOMUtils.newDocument();
issuedAssertion = OpenSAMLUtil.toDom(assertionWrapper.getSaml1(), doc);
String assertionId = issuedAssertion.getAttributeNodeNS(null, "AssertionID").getNodeValue();
SecurityToken issuedToken = new SecurityToken(assertionId, issuedAssertion, null);
String alias = cryptoProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(alias);
issuedToken.setX509Certificate(crypto.getX509Certificates(cryptoType)[0], crypto);
msg.getExchange().getEndpoint().put(SecurityConstants.TOKEN_ID, issuedToken.getId());
msg.getExchange().put(SecurityConstants.TOKEN_ID, issuedToken.getId());
TokenStore tokenStore = new MemoryTokenStore();
msg.getExchange().getEndpoint().getEndpointInfo().setProperty(TokenStore.class.getName(), tokenStore);
tokenStore.add(issuedToken);
// fire the interceptor and verify results
final Document signedDoc = this.runOutInterceptorAndValidate(msg, policy, aim, null, null);
this.runInInterceptorAndValidate(signedDoc, policy, Collections.singletonList(SP12Constants.ISSUED_TOKEN), null, Collections.singletonList(CoverageType.SIGNED));
}
Also used :
Policy(org.apache.neethi.Policy)
Element(org.w3c.dom.Element)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
CryptoType(org.apache.wss4j.common.crypto.CryptoType)
Document(org.w3c.dom.Document)
Properties(java.util.Properties)
URL(java.net.URL)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
MemoryTokenStore(org.apache.cxf.ws.security.tokenstore.MemoryTokenStore)
Crypto(org.apache.wss4j.common.crypto.Crypto)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
MemoryTokenStore(org.apache.cxf.ws.security.tokenstore.MemoryTokenStore)
Example 82 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class STSTokenOutInterceptor method handleMessage.
@Override
public void handleMessage(Message message) throws Fault {
if (stsClient != null) {
message.put(SecurityConstants.STS_CLIENT, stsClient);
}
SecurityToken tok = STSTokenRetriever.getToken(message, tokenParams, tokenCacher);
if (tok == null) {
LOG.warning("Security token was not retrieved from STS");
}
processToken(message, tok);
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Example 83 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class SecureConversationOutInterceptor method handleMessage.
public void handleMessage(SoapMessage message) throws Fault {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
if (aim != null) {
Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SECURE_CONVERSATION_TOKEN);
if (ais.isEmpty()) {
return;
}
if (isRequestor(message)) {
SecureConversationToken itok = (SecureConversationToken) ais.iterator().next().getAssertion();
SecurityToken tok = (SecurityToken) message.getContextualProperty(SecurityConstants.TOKEN);
if (tok == null) {
String tokId = (String) message.getContextualProperty(SecurityConstants.TOKEN_ID);
if (tokId != null) {
tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
}
}
if (tok == null) {
tok = issueToken(message, aim, itok);
} else {
tok = renewToken(message, aim, tok, itok);
}
if (tok != null) {
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
message.getExchange().getEndpoint().put(SecurityConstants.TOKEN, tok);
message.getExchange().getEndpoint().put(SecurityConstants.TOKEN_ID, tok.getId());
message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
message.getExchange().put(SecurityConstants.TOKEN, tok);
TokenStoreUtils.getTokenStore(message).add(tok);
}
PolicyUtils.assertPolicy(aim, SPConstants.BOOTSTRAP_POLICY);
} else {
// server side should be checked on the way in
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
PolicyUtils.assertPolicy(aim, SPConstants.BOOTSTRAP_POLICY);
}
}
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Example 84 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class SpnegoContextTokenOutInterceptor method handleMessage.
public void handleMessage(SoapMessage message) throws Fault {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
if (aim != null) {
Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SPNEGO_CONTEXT_TOKEN);
if (ais.isEmpty()) {
return;
}
if (isRequestor(message)) {
String tokId = (String) message.getContextualProperty(SecurityConstants.TOKEN_ID);
SecurityToken tok = null;
if (tokId != null) {
tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
if (tok != null && tok.isExpired()) {
message.getExchange().getEndpoint().remove(SecurityConstants.TOKEN_ID);
message.getExchange().remove(SecurityConstants.TOKEN_ID);
TokenStoreUtils.getTokenStore(message).remove(tokId);
tok = null;
}
}
if (tok == null) {
tok = issueToken(message, aim);
}
if (tok != null) {
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
message.getExchange().getEndpoint().put(SecurityConstants.TOKEN_ID, tok.getId());
message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
TokenStoreUtils.getTokenStore(message).add(tok);
}
} else {
// server side should be checked on the way in
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
}
}
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Example 85 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cas by apereo.
the class BaseWSFederationRequestController method shouldRenewAuthentication.
/**
* Is authentication required?
*
* @param fedRequest the fed request
* @param request the request
* @return the boolean
*/
protected boolean shouldRenewAuthentication(final WSFederationRequest fedRequest, final HttpServletRequest request) {
if (StringUtils.isBlank(fedRequest.getWfresh()) || NumberUtils.isCreatable(fedRequest.getWfresh())) {
return false;
}
final long ttl = Long.parseLong(fedRequest.getWfresh().trim());
if (ttl == 0) {
return false;
}
final SecurityToken idpToken = getSecurityTokenFromRequest(request);
if (idpToken == null) {
return true;
}
final long ttlMs = ttl * 60L * 1000L;
if (ttlMs > 0) {
final Instant createdDate = idpToken.getCreated();
if (createdDate != null) {
final Date expiryDate = new Date();
expiryDate.setTime(createdDate.toEpochMilli() + ttlMs);
if (expiryDate.before(new Date())) {
return true;
}
}
}
return false;
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Instant(java.time.Instant)
Date(java.util.Date)
Aggregations
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)177
Element (org.w3c.dom.Element)56
Bus (org.apache.cxf.Bus)41
Test (org.junit.Test)39
URL (java.net.URL)35
SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)34
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)34
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)27
Subject (ddf.security.Subject)24
SecurityAssertion (ddf.security.assertion.SecurityAssertion)24
QName (javax.xml.namespace.QName)21
Fault (org.apache.cxf.interceptor.Fault)19
SOAPException (javax.xml.soap.SOAPException)16
TokenStore (org.apache.cxf.ws.security.tokenstore.TokenStore)16
SecurityManager (ddf.security.service.SecurityManager)15
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)15
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)15
Document (org.w3c.dom.Document)14
ArrayList (java.util.ArrayList)13
Instant (java.time.Instant)12
