Examples with TokenStore org.apache.cxf.ws.security.tokenstore.TokenStore used on opensource projects

Example 6 with TokenStore

use of org.apache.cxf.ws.security.tokenstore.TokenStore in project cxf by apache.

the class STSInvoker method doCancel.

private void doCancel(Exchange exchange, SecurityToken cancelToken, W3CDOMStreamWriter writer, String prefix, String namespace) throws Exception {
    if (STSUtils.WST_NS_05_12.equals(namespace)) {
        writer.writeStartElement(prefix, "RequestSecurityTokenResponseCollection", namespace);
    }
    writer.writeStartElement(prefix, "RequestSecurityTokenResponse", namespace);
    TokenStore store = (TokenStore) exchange.getEndpoint().getEndpointInfo().getProperty(TokenStore.class.getName());
    store.remove(cancelToken.getId());
    // Put the token on the out message so that we can sign the response
    exchange.put(SecurityConstants.TOKEN, cancelToken);
    writer.writeEmptyElement(prefix, "RequestedTokenCancelled", namespace);
    writer.writeEndElement();
    if (STSUtils.WST_NS_05_12.equals(namespace)) {
        writer.writeEndElement();
    }
}

Example 7 with TokenStore

use of org.apache.cxf.ws.security.tokenstore.TokenStore in project cxf by apache.

the class TokenTestUtils method verifyToken.

public static void verifyToken(DoubleItPortType port) throws Exception {
    Client client = ClientProxy.getClient(port);
    Endpoint ep = client.getEndpoint();
    String id = (String) ep.get(SecurityConstants.TOKEN_ID);
    TokenStore store = (TokenStore) ep.getEndpointInfo().getProperty(TokenStore.class.getName());
    org.apache.cxf.ws.security.tokenstore.SecurityToken tok = store.getToken(id);
    assertNotNull(tok);
    STSClient sts = (STSClient) ep.get(SecurityConstants.STS_CLIENT);
    if (sts == null) {
        sts = (STSClient) ep.get("ws-" + SecurityConstants.STS_CLIENT);
    }
    List<SecurityToken> validTokens = sts.validateSecurityToken(tok);
    assertTrue(validTokens != null && !validTokens.isEmpty());
    // mess with the token a bit to force it to fail to validate
    Element e = tok.getToken();
    Element e2 = DOMUtils.getFirstChildWithName(e, e.getNamespaceURI(), "Conditions");
    String nb = e2.getAttributeNS(null, "NotBefore");
    String noa = e2.getAttributeNS(null, "NotOnOrAfter");
    nb = "2010" + nb.substring(4);
    noa = "2010" + noa.substring(4);
    e2.setAttributeNS(null, "NotBefore", nb);
    e2.setAttributeNS(null, "NotOnOrAfter", noa);
    try {
        sts.validateSecurityToken(tok);
        fail("Failure expected on an invalid token");
    } catch (org.apache.cxf.ws.security.trust.TrustException ex) {
    // expected
    }
}

Example 8 with TokenStore

use of org.apache.cxf.ws.security.tokenstore.TokenStore in project cxf by apache.

the class CachingTest method testImminentExpiry.

@org.junit.Test
public void testImminentExpiry() throws Exception {
    createBus(getClass().getResource("cxf-client.xml").toString());
    URL wsdl = CachingTest.class.getResource("DoubleIt.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1Port");
    DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
    ((BindingProvider) port).getRequestContext().put("thread.local.request.context", "true");
    updateAddressPort(port, PORT);
    // Make a successful invocation
    doubleIt(port, 25);
    Client client = ClientProxy.getClient(port);
    Endpoint ep = client.getEndpoint();
    String id = (String) ep.get(SecurityConstants.TOKEN_ID);
    TokenStore store = (TokenStore) ep.getEndpointInfo().getProperty(TokenStore.class.getName());
    SecurityToken tok = store.getToken(id);
    assertNotNull(tok);
    // Make the token "about to expire"
    tok.setExpires(Instant.now().plusSeconds(5L));
    assertTrue(tok.isAboutToExpire(10L));
    doubleIt(port, 25);
    ((java.io.Closeable) port).close();
}

Example 9 with TokenStore

use of org.apache.cxf.ws.security.tokenstore.TokenStore in project cxf by apache.

the class BinarySecurityTokenInterceptor method getSecurityToken.

private SecurityToken getSecurityToken(SoapMessage message) {
    if (message.getContextualProperty(SecurityConstants.TOKEN) instanceof SecurityToken) {
        return (SecurityToken) message.getContextualProperty(SecurityConstants.TOKEN);
    }
    // Get the TokenStore
    TokenStore tokenStore = getTokenStore(message);
    if (tokenStore == null) {
        return null;
    }
    String id = (String) message.getContextualProperty(SecurityConstants.TOKEN_ID);
    if (id != null) {
        return tokenStore.getToken(id);
    }
    return null;
}

Example 10 with TokenStore

use of org.apache.cxf.ws.security.tokenstore.TokenStore in project cxf by apache.

the class CachingTest method testSymmetricCustom.

// Here we supply custom caching configuration
@org.junit.Test
public void testSymmetricCustom() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = CachingTest.class.getResource("client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = CachingTest.class.getResource("DoubleItCache.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItCachePerProxySymmetricPort");
    // First invocation
    DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(port, test.getPort());
    ((BindingProvider) port).getRequestContext().put(SecurityConstants.CACHE_IDENTIFIER, "proxy1");
    ((BindingProvider) port).getRequestContext().put(SecurityConstants.CACHE_CONFIG_FILE, ClassLoaderUtils.getResource("per-proxy-cache.xml", this.getClass()));
    if (test.isStreaming()) {
        SecurityTestUtil.enableStreaming(port);
    }
    assertEquals(50, port.doubleIt(25));
    Client client = ClientProxy.getClient(port);
    TokenStore tokenStore = (TokenStore) client.getEndpoint().getEndpointInfo().getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
    assertNotNull(tokenStore);
    // We expect two tokens as the identifier + SHA-1 are cached
    assertEquals(2, tokenStore.getTokenIdentifiers().size());
    // Second invocation
    DoubleItPortType port2 = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(port2, test.getPort());
    ((BindingProvider) port2).getRequestContext().put(SecurityConstants.CACHE_IDENTIFIER, "proxy2");
    ((BindingProvider) port2).getRequestContext().put(SecurityConstants.CACHE_CONFIG_FILE, ClassLoaderUtils.getResource("per-proxy-cache.xml", this.getClass()));
    if (test.isStreaming()) {
        SecurityTestUtil.enableStreaming(port2);
    }
    assertEquals(70, port2.doubleIt(35));
    client = ClientProxy.getClient(port2);
    tokenStore = (TokenStore) client.getEndpoint().getEndpointInfo().getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
    assertNotNull(tokenStore);
    // We expect two tokens as the identifier + SHA-1 are cached
    assertEquals(2, tokenStore.getTokenIdentifiers().size());
    ((java.io.Closeable) port).close();
    ((java.io.Closeable) port2).close();
    bus.shutdown(true);
}