Example 56 with STSClient
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class SecureConversationOutInterceptor method issueToken.
private SecurityToken issueToken(SoapMessage message, AssertionInfoMap aim, SecureConversationToken itok) {
STSClient client = STSUtils.getClient(message, "sct");
AddressingProperties maps = (AddressingProperties) message.get("javax.xml.ws.addressing.context.outbound");
if (maps == null) {
maps = (AddressingProperties) message.get("javax.xml.ws.addressing.context");
}
synchronized (client) {
try {
String s = SecureConversationTokenInterceptorProvider.setupClient(client, message, aim, itok, false);
if (maps != null) {
client.setAddressingNamespace(maps.getNamespaceURI());
}
SecurityToken tok = client.requestSecurityToken(s);
String tokenType = tok.getTokenType();
tok.setTokenType(tokenType);
if (tokenType == null || "".equals(tokenType)) {
tok.setTokenType(WSS4JConstants.WSC_SCT);
}
return tok;
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
throw new Fault(e);
} finally {
client.setTrust((Trust10) null);
client.setTrust((Trust13) null);
client.setTemplate(null);
client.setLocation(null);
client.setAddressingNamespace(null);
}
}
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
STSClient(org.apache.cxf.ws.security.trust.STSClient)
AddressingProperties(org.apache.cxf.ws.addressing.AddressingProperties)
Fault(org.apache.cxf.interceptor.Fault)
Example 57 with STSClient
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class SpnegoContextTokenOutInterceptor method issueToken.
private SecurityToken issueToken(SoapMessage message, AssertionInfoMap aim) {
//
// Get a SPNEGO token
//
String jaasContext = (String) message.getContextualProperty(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME);
String kerberosSpn = (String) message.getContextualProperty(SecurityConstants.KERBEROS_SPN);
SpnegoTokenContext spnegoToken = new SpnegoTokenContext();
Object spnegoClientAction = message.getContextualProperty(SecurityConstants.SPNEGO_CLIENT_ACTION);
if (spnegoClientAction instanceof SpnegoClientAction) {
spnegoToken.setSpnegoClientAction((SpnegoClientAction) spnegoClientAction);
}
try {
CallbackHandler callbackHandler = SecurityUtils.getCallbackHandler(SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message));
spnegoToken.retrieveServiceTicket(jaasContext, callbackHandler, kerberosSpn);
} catch (Exception e) {
throw new Fault(e);
}
//
// Now initiate WS-Trust exchange
//
STSClient client = STSUtils.getClient(message, "spnego");
AddressingProperties maps = (AddressingProperties) message.get("javax.xml.ws.addressing.context.outbound");
if (maps == null) {
maps = (AddressingProperties) message.get("javax.xml.ws.addressing.context");
}
synchronized (client) {
try {
String s = SpnegoTokenInterceptorProvider.setupClient(client, message, aim);
if (maps != null) {
client.setAddressingNamespace(maps.getNamespaceURI());
}
SecurityToken tok = client.requestSecurityToken(s, Base64.getMimeEncoder().encodeToString(spnegoToken.getToken()));
byte[] wrappedTok = spnegoToken.unwrapKey(tok.getSecret());
tok.setSecret(wrappedTok);
spnegoToken.clear();
return tok;
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
throw new Fault(e);
} finally {
client.setTrust((Trust10) null);
client.setTrust((Trust13) null);
client.setTemplate(null);
client.setLocation(null);
client.setAddressingNamespace(null);
}
}
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
STSClient(org.apache.cxf.ws.security.trust.STSClient)
SpnegoClientAction(org.apache.wss4j.common.spnego.SpnegoClientAction)
Fault(org.apache.cxf.interceptor.Fault)
AddressingProperties(org.apache.cxf.ws.addressing.AddressingProperties)
SpnegoTokenContext(org.apache.wss4j.common.spnego.SpnegoTokenContext)
Example 58 with STSClient
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class STSClientTest method testConfigureViaEPR.
@Test
public void testConfigureViaEPR() throws Exception {
final Set<Class<?>> addressingClasses = new HashSet<Class<?>>();
addressingClasses.add(org.apache.cxf.ws.addressing.wsdl.ObjectFactory.class);
addressingClasses.add(org.apache.cxf.ws.addressing.ObjectFactory.class);
JAXBContext ctx = JAXBContextCache.getCachedContextAndSchemas(addressingClasses, null, null, null, true).getContext();
Unmarshaller um = ctx.createUnmarshaller();
InputStream inStream = getClass().getResourceAsStream("epr.xml");
JAXBElement<?> el = (JAXBElement<?>) um.unmarshal(inStream);
EndpointReferenceType ref = (EndpointReferenceType) el.getValue();
Bus bus = BusFactory.getThreadDefaultBus();
STSClient client = new STSClient(bus);
client.configureViaEPR(ref, false);
assertEquals("http://localhost:8080/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService?wsdl", client.getWsdlLocation());
assertEquals(new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "SecurityTokenService"), client.getServiceQName());
assertEquals(new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "UT_Port"), client.getEndpointQName());
}
Also used :
Bus(org.apache.cxf.Bus)
EndpointReferenceType(org.apache.cxf.ws.addressing.EndpointReferenceType)
InputStream(java.io.InputStream)
QName(javax.xml.namespace.QName)
JAXBContext(javax.xml.bind.JAXBContext)
JAXBElement(javax.xml.bind.JAXBElement)
STSClient(org.apache.cxf.ws.security.trust.STSClient)
Unmarshaller(javax.xml.bind.Unmarshaller)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Example 59 with STSClient
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class STSUnitTest method requestSecurityToken.
private SecurityToken requestSecurityToken(String tokenType, String keyType, Bus bus, String endpointAddress) throws Exception {
STSClient stsClient = new STSClient(bus);
stsClient.setWsdlLocation(endpointAddress + "?wsdl");
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}X509_Port");
stsClient.setEnableAppliesTo(false);
Map<String, Object> properties = new HashMap<>();
properties.put(SecurityConstants.USERNAME, "alice");
properties.put(SecurityConstants.CALLBACK_HANDLER, new CommonCallbackHandler());
properties.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
properties.put(SecurityConstants.SIGNATURE_PROPERTIES, "clientKeystore.properties");
properties.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
properties.put(SecurityConstants.ENCRYPT_PROPERTIES, "clientKeystore.properties");
stsClient.setProperties(properties);
stsClient.setTokenType(tokenType);
stsClient.setKeyType(keyType);
return stsClient.requestSecurityToken(endpointAddress);
}Example 60 with STSClient
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class CachingTest method testSTSClientCaching.
// @Ignore'd because failing too often on slow Jenkins machines
@org.junit.Test
@org.junit.Ignore
public void testSTSClientCaching() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = CachingTest.class.getResource("cxf-client.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL wsdl = CachingTest.class.getResource("DoubleIt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1Port");
DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
((BindingProvider) port).getRequestContext().put("thread.local.request.context", "true");
updateAddressPort(port, PORT);
// Make a successful invocation
doubleIt(port, 25);
// Change the STSClient so that it can no longer find the STS
BindingProvider p = (BindingProvider) port;
clearSTSClient(p, bus);
// This should succeed as the token is cached
doubleIt(port, 30);
// This should fail as the cached token is manually removed
Client client = ClientProxy.getClient(port);
Endpoint ep = client.getEndpoint();
ep.remove(SecurityConstants.TOKEN_ID);
ep.remove(SecurityConstants.TOKEN);
try {
doubleIt(port, 35);
fail("Expected failure on clearing the cache");
} catch (SOAPFaultException ex) {
// Expected
}
((java.io.Closeable) port).close();
bus.shutdown(true);
}
Also used :
Bus(org.apache.cxf.Bus)
SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory)
Endpoint(org.apache.cxf.endpoint.Endpoint)
QName(javax.xml.namespace.QName)
Service(javax.xml.ws.Service)
SOAPFaultException(javax.xml.ws.soap.SOAPFaultException)
DoubleItPortType(org.example.contract.doubleit.DoubleItPortType)
BindingProvider(javax.xml.ws.BindingProvider)
Client(org.apache.cxf.endpoint.Client)
STSClient(org.apache.cxf.ws.security.trust.STSClient)
URL(java.net.URL)
Aggregations
STSClient (org.apache.cxf.ws.security.trust.STSClient)89
Bus (org.apache.cxf.Bus)35
HashMap (java.util.HashMap)33
URL (java.net.URL)31
QName (javax.xml.namespace.QName)29
Service (javax.xml.ws.Service)27
SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)24
DoubleItPortType (org.example.contract.doubleit.DoubleItPortType)21
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)14
BindingProvider (javax.xml.ws.BindingProvider)11
Test (org.junit.Test)11
Client (org.apache.cxf.endpoint.Client)9
WebService (javax.jws.WebService)5
BusException (org.apache.cxf.BusException)5
TLSClientParameters (org.apache.cxf.configuration.jsse.TLSClientParameters)5
EndpointException (org.apache.cxf.endpoint.EndpointException)5
MessageImpl (org.apache.cxf.message.MessageImpl)5
HTTPConduit (org.apache.cxf.transport.http.HTTPConduit)5
ClientCallbackHandler (org.jboss.as.test.integration.ws.wsse.trust.shared.ClientCallbackHandler)5
DOMSource (javax.xml.transform.dom.DOMSource)4
