Example 86 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class RestSecurity method createSamlHeader.
/**
* Creates an authorization header to be returned to the browser if the token was successfully
* exchanged for a SAML assertion
*
* @param subject - {@link ddf.security.Subject} to create the header from
*/
private static String createSamlHeader(Subject subject) {
String encodedSamlHeader = null;
org.w3c.dom.Element samlToken = null;
try {
for (Object principal : subject.getPrincipals().asList()) {
if (principal instanceof SecurityAssertion) {
SecurityToken securityToken = ((SecurityAssertion) principal).getSecurityToken();
samlToken = securityToken.getToken();
}
}
if (samlToken != null) {
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlToken);
String saml = assertion.assertionToString();
encodedSamlHeader = SAML_HEADER_PREFIX + deflateAndBase64Encode(saml);
}
} catch (WSSecurityException | ArithmeticException | IOException e) {
LOGGER.info("Unable to parse SAML assertion from subject.", e);
}
return encodedSamlHeader;
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Example 87 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class SecurityAssertionImplTest method testSampleAssertion.
@Test
public void testSampleAssertion() throws Exception {
Element issuedAssertion = this.readDocument("/saml.xml").getDocumentElement();
String assertionId = issuedAssertion.getAttributeNodeNS(null, "ID").getNodeValue();
SecurityToken token = new SecurityToken(assertionId, issuedAssertion, null);
SecurityAssertionImpl assertion = new SecurityAssertionImpl(token);
assertNotNull(assertion.getSecurityToken());
assertEquals(token, assertion.getSecurityToken());
assertEquals(ISSUER, assertion.getIssuer());
assertEquals(PRINCIPAL, assertion.getPrincipal().getName());
assertEquals(PRINCIPAL, assertion.getPrincipal().toString());
assertEquals(NUM_ATTRIBUTES, assertion.getAttributeStatements().size());
assertEquals(NUM_NAUTH, assertion.getAuthnStatements().size());
assertEquals(DatatypeConverter.parseDateTime(BEFORE).getTimeInMillis(), assertion.getNotBefore().getTime());
assertEquals(DatatypeConverter.parseDateTime(AFTER).getTimeInMillis(), assertion.getNotOnOrAfter().getTime());
//we don't currently parse these
// assertEquals(NUM_AUTHZ, assertion.getAuthzDecisionStatements().size());
assertNotNull(assertion.toString());
assertTrue(assertion.isPresentlyValid());
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Element(org.w3c.dom.Element)
Test(org.junit.Test)
Example 88 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class RestSecurityTest method testNotSetSubjectOnClient.
@Test
public void testNotSetSubjectOnClient() throws Exception {
Element samlToken = readDocument("/saml.xml").getDocumentElement();
Subject subject = mock(Subject.class);
SecurityAssertion assertion = mock(SecurityAssertion.class);
SecurityToken token = new SecurityToken(UUID.randomUUID().toString(), samlToken, new Date(), new Date());
when(assertion.getSecurityToken()).thenReturn(token);
when(subject.getPrincipals()).thenReturn(new SimplePrincipalCollection(assertion, "sts"));
WebClient client = WebClient.create("http://example.org");
RestSecurity.setSubjectOnClient(subject, client);
assertNull(client.getHeaders().get(RestSecurity.AUTH_HEADER));
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Element(org.w3c.dom.Element)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
Subject(ddf.security.Subject)
Date(java.util.Date)
Test(org.junit.Test)
Example 89 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class SecurityAssertionImplTest method getSecurityAssertion.
private SecurityAssertionImpl getSecurityAssertion(Element issuedAssertion) {
String assertionId = issuedAssertion.getAttributeNodeNS(null, "ID").getNodeValue();
SecurityToken token = new SecurityToken(assertionId, issuedAssertion, null);
return new SecurityAssertionImpl(token);
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Example 90 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class LogoutRequestServiceTest method setup.
@Before
public void setup() throws ParserConfigurationException, SAXException, IOException {
simpleSign = mock(SimpleSign.class);
idpMetadata = mock(IdpMetadata.class);
relayStates = mock(RelayStates.class);
sessionFactory = mock(SessionFactory.class);
request = mock(HttpServletRequest.class);
logoutMessage = mock(LogoutMessage.class);
encryptionService = mock(EncryptionService.class);
session = mock(HttpSession.class);
securityTokenHolder = mock(SecurityTokenHolder.class);
Element issuedAssertion = readSamlAssertion().getDocumentElement();
String assertionId = issuedAssertion.getAttributeNodeNS(null, "ID").getNodeValue();
SecurityToken token = new SecurityToken(assertionId, issuedAssertion, null);
when(securityTokenHolder.getSecurityToken("idp")).thenReturn(token);
logoutRequestService = new MockLogoutRequestService(simpleSign, idpMetadata, relayStates);
logoutRequestService.setEncryptionService(encryptionService);
logoutRequestService.setLogOutPageTimeOut(LOGOUT_PAGE_TIMEOUT);
logoutRequestService.setLogoutMessage(logoutMessage);
logoutRequestService.setRequest(request);
logoutRequestService.setSessionFactory(sessionFactory);
logoutRequestService.init();
when(sessionFactory.getOrCreateSession(request)).thenReturn(session);
when(session.getAttribute(eq(SecurityConstants.SAML_ASSERTION))).thenReturn(securityTokenHolder);
when(request.getRequestURL()).thenReturn(new StringBuffer("www.url.com/url"));
when(idpMetadata.getSigningCertificate()).thenReturn("signingCertificate");
when(idpMetadata.getSingleLogoutBinding()).thenReturn(SamlProtocol.REDIRECT_BINDING);
when(idpMetadata.getSingleLogoutLocation()).thenReturn(redirectLogoutUrl);
System.setProperty("security.audit.roles", "none");
}
Also used :
SessionFactory(ddf.security.http.SessionFactory)
RelayStates(ddf.security.samlp.impl.RelayStates)
LogoutMessage(ddf.security.samlp.LogoutMessage)
HttpSession(javax.servlet.http.HttpSession)
Element(org.w3c.dom.Element)
Matchers.anyString(org.mockito.Matchers.anyString)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SimpleSign(ddf.security.samlp.SimpleSign)
SecurityTokenHolder(ddf.security.common.SecurityTokenHolder)
EncryptionService(ddf.security.encryption.EncryptionService)
Before(org.junit.Before)
Aggregations
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)177
Element (org.w3c.dom.Element)56
Bus (org.apache.cxf.Bus)41
Test (org.junit.Test)39
URL (java.net.URL)35
SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)34
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)34
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)27
Subject (ddf.security.Subject)24
SecurityAssertion (ddf.security.assertion.SecurityAssertion)24
QName (javax.xml.namespace.QName)21
Fault (org.apache.cxf.interceptor.Fault)19
SOAPException (javax.xml.soap.SOAPException)16
TokenStore (org.apache.cxf.ws.security.tokenstore.TokenStore)16
SecurityManager (ddf.security.service.SecurityManager)15
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)15
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)15
Document (org.w3c.dom.Document)14
ArrayList (java.util.ArrayList)13
Instant (java.time.Instant)12
