Examples with SecurityToken org.apache.cxf.ws.security.tokenstore.SecurityToken used on opensource projects

Search in sources :

Example 96 with SecurityToken

use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.

the class StsIssueTest method testBearerUsernameTokenSaml2.

/**
     * Test the Username Token
     */
public void testBearerUsernameTokenSaml2(StsPortTypes portType) throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = StsIssueTest.class.getResource("/cxf-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    SpringBusFactory.setDefaultBus(bus);
    SpringBusFactory.setThreadDefaultBus(bus);
    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
    DocumentBuilder builder = factory.newDocumentBuilder();
    Document doc = builder.newDocument();
    // Create a Username Token
    UsernameToken oboToken = new UsernameToken(false, doc, WSConstants.PASSWORD_TEXT);
    oboToken.setName("pangerer");
    oboToken.setPassword("password");
    // Build the Claims object
    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement(WST, CLAIMS, STSUtils.WST_NS_05_12);
    writer.writeNamespace(WST, STSUtils.WST_NS_05_12);
    writer.writeNamespace(IC, IDENTITY_URI);
    writer.writeAttribute(DIALECT, IDENTITY_URI);
    // Add the Role claim
    writer.writeStartElement(IC, CLAIM_TYPE, IDENTITY_URI);
    // writer.writeAttribute("Uri",
    // "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
    writer.writeAttribute(URI, "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uid");
    writer.writeEndElement();
    Element claims = writer.getDocument().getDocumentElement();
    // Get a token
    SecurityToken token = requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, oboToken.getElement(), bus, StsAddresses.valueOf(portType.toString()).toString(), WsdlLocations.valueOf(portType.toString()).toString(), EndPoints.valueOf(portType.toString()).toString(), claims);
    if (token != null) {
        validateSecurityToken(token);
    }
    bus.shutdown(true);
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Bus(org.apache.cxf.Bus) W3CDOMStreamWriter(org.apache.cxf.staxutils.W3CDOMStreamWriter) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory) DocumentBuilder(javax.xml.parsers.DocumentBuilder) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) Document(org.w3c.dom.Document) URL(java.net.URL)

Example 97 with SecurityToken

use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.

the class AbstractStsRealm method renewSecurityToken.

/**
     * Renew a security token (SAML assertion) from the STS.
     *
     * @param securityToken The token being renewed.
     * @return security token (SAML assertion)
     */
protected SecurityToken renewSecurityToken(SecurityToken securityToken) {
    SecurityToken token = null;
    String stsAddress = getAddress();
    try {
        LOGGER.debug("Renewing security token from STS at: {}.", stsAddress);
        if (securityToken != null) {
            LOGGER.debug("Telling the STS to renew a security token on behalf of the auth token");
            STSClient stsClient = configureStsClient();
            stsClient.setWsdlLocation(stsAddress);
            stsClient.setTokenType(getAssertionType());
            stsClient.setKeyType(getKeyType());
            stsClient.setKeySize(Integer.parseInt(getKeySize()));
            stsClient.setAllowRenewing(true);
            token = stsClient.renewSecurityToken(securityToken);
            LOGGER.debug("Finished renewing security token.");
        }
    } catch (Exception e) {
        String msg = "Error renewing the security token from STS at: " + stsAddress + ".";
        LOGGER.debug(msg, e);
        throw new AuthenticationException(msg, e);
    }
    return token;
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) STSClient(org.apache.cxf.ws.security.trust.STSClient) AuthenticationException(org.apache.shiro.authc.AuthenticationException) XMLStreamException(javax.xml.stream.XMLStreamException) AuthenticationException(org.apache.shiro.authc.AuthenticationException)

Example 98 with SecurityToken

use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.

the class AbstractStsRealm method doGetAuthenticationInfo.

/**
     * Perform authentication based on the supplied token.
     */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) {
    String method = "doGetAuthenticationInfo(    AuthenticationToken token )";
    Object credential;
    if (token instanceof SAMLAuthenticationToken) {
        credential = token.getCredentials();
    } else if (token instanceof BaseAuthenticationToken) {
        credential = ((BaseAuthenticationToken) token).getCredentialsAsXMLString();
    } else {
        credential = token.getCredentials().toString();
    }
    if (credential == null) {
        String msg = "Unable to authenticate credential.  A NULL credential was provided in the supplied authentication token. This may be due to an error with the SSO server that created the token.";
        LOGGER.info(msg);
        throw new AuthenticationException(msg);
    } else {
        //removed the credentials from the log message for now, I don't think we should be dumping user/pass into log
        LOGGER.debug("Received credentials.");
    }
    SecurityToken securityToken;
    if (token instanceof SAMLAuthenticationToken && credential instanceof SecurityToken) {
        securityToken = renewSecurityToken((SecurityToken) credential);
    } else {
        securityToken = requestSecurityToken(credential);
    }
    LOGGER.debug("Creating token authentication information with SAML.");
    SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo();
    SimplePrincipalCollection principals = new SimplePrincipalCollection();
    SecurityAssertion assertion = new SecurityAssertionImpl(securityToken);
    principals.add(assertion.getPrincipal(), NAME);
    principals.add(assertion, NAME);
    simpleAuthenticationInfo.setPrincipals(principals);
    simpleAuthenticationInfo.setCredentials(credential);
    return simpleAuthenticationInfo;
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) AuthenticationException(org.apache.shiro.authc.AuthenticationException) BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) SAMLAuthenticationToken(org.codice.ddf.security.handler.api.SAMLAuthenticationToken) SecurityAssertionImpl(ddf.security.assertion.impl.SecurityAssertionImpl)

Example 99 with SecurityToken

use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.

the class AbstractStsRealm method requestSecurityToken.

/**
     * Request a security token (SAML assertion) from the STS.
     *
     * @param authToken The subject the security token is being request for.
     * @return security token (SAML assertion)
     */
protected SecurityToken requestSecurityToken(Object authToken) {
    SecurityToken token = null;
    String stsAddress = getAddress();
    try {
        LOGGER.debug("Requesting security token from STS at: {}.", stsAddress);
        if (authToken != null) {
            LOGGER.debug("Telling the STS to request a security token on behalf of the auth token");
            STSClient stsClient = configureStsClient();
            stsClient.setWsdlLocation(stsAddress);
            stsClient.setOnBehalfOf(authToken);
            stsClient.setTokenType(getAssertionType());
            stsClient.setKeyType(getKeyType());
            stsClient.setKeySize(Integer.parseInt(getKeySize()));
            token = stsClient.requestSecurityToken(stsAddress);
            LOGGER.debug("Finished requesting security token.");
        }
    } catch (Exception e) {
        String msg = "Error requesting the security token from STS at: " + stsAddress + ".";
        LOGGER.debug(msg, e);
        throw new AuthenticationException(msg, e);
    }
    return token;
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) STSClient(org.apache.cxf.ws.security.trust.STSClient) AuthenticationException(org.apache.shiro.authc.AuthenticationException) XMLStreamException(javax.xml.stream.XMLStreamException) AuthenticationException(org.apache.shiro.authc.AuthenticationException)

Example 100 with SecurityToken

use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.

the class StsIssueTest method requestSecurityToken.

private SecurityToken requestSecurityToken(String tokenType, String keyType, Element supportingToken, Bus bus, String endpointAddress, String wsdlLocation, String endpointName, Element claims) {
    STSClient stsClient = new STSClient(bus);
    stsClient.setWsdlLocation(wsdlLocation);
    stsClient.setEndpointName(endpointName);
    stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
    Map<String, Object> properties = new HashMap<String, Object>();
    // XXX - Not sure how this is used - doesn't show up in the payload. -
    // Should this be "client"?
    // properties.put(SecurityConstants.USERNAME, "kcwire");
    // properties
    // .put(SecurityConstants.CALLBACK_HANDLER,
    // "org.apache.cxf.ws.security.trust.delegation.WSSUsernameCallbackHandler");
    properties.put(SecurityConstants.IS_BSP_COMPLIANT, "false");
    // }
    if (supportingToken != null) {
        stsClient.setOnBehalfOf(supportingToken);
    }
    stsClient.setClaims(claims);
    stsClient.setProperties(properties);
    stsClient.setTokenType(tokenType);
    stsClient.setKeyType(keyType);
    SecurityToken token = null;
    try {
        token = stsClient.requestSecurityToken(endpointAddress);
    } catch (Exception e) {
        LOGGER.info("Error requesting the SecurityToken.", e);
    }
    return token;
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) STSClient(org.apache.cxf.ws.security.trust.STSClient) HashMap(java.util.HashMap) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Aggregations

SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)177 Element (org.w3c.dom.Element)56 Bus (org.apache.cxf.Bus)41 Test (org.junit.Test)39 URL (java.net.URL)35 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)34 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)34 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)27 Subject (ddf.security.Subject)24 SecurityAssertion (ddf.security.assertion.SecurityAssertion)24 QName (javax.xml.namespace.QName)21 Fault (org.apache.cxf.interceptor.Fault)19 SOAPException (javax.xml.soap.SOAPException)16 TokenStore (org.apache.cxf.ws.security.tokenstore.TokenStore)16 SecurityManager (ddf.security.service.SecurityManager)15 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)15 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)15 Document (org.w3c.dom.Document)14 ArrayList (java.util.ArrayList)13 Instant (java.time.Instant)12
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial