Examples with STSClient org.apache.cxf.ws.security.trust.STSClient used on opensource projects

Example 61 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class DoubleItPortTypeImpl method doubleIt.

/**
 * Disable the STSClient after the first successful invocation
 */
public int doubleIt(int numberToDouble) {
    MessageContext context = wsc.getMessageContext();
    WrappedMessageContext wmc = (WrappedMessageContext) context;
    Exchange exchange = wmc.getWrappedMessage().getExchange();
    exchange.getEndpoint().put(SecurityConstants.STS_CLIENT, new STSClient(exchange.getBus()));
    return numberToDouble * 2;
}

Example 62 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class ServerCachingTest method testServerSideSAMLTokenCaching.

// Disabled due to continually failing on Jenkins build
@org.junit.Test
@org.junit.Ignore
public void testServerSideSAMLTokenCaching() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = ServerCachingTest.class.getResource("cxf-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = ServerCachingTest.class.getResource("DoubleIt.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1AlternativePort");
    DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
    ((BindingProvider) port).getRequestContext().put("thread.local.request.context", "true");
    updateAddressPort(port, PORT);
    // Make an initial successful invocation
    doubleIt(port, 25);
    // Store the SAML Assertion that was obtained from the STS
    Client client = ClientProxy.getClient(port);
    Endpoint ep = client.getEndpoint();
    String id = (String) ep.get(SecurityConstants.TOKEN_ID);
    TokenStore store = (TokenStore) ep.getEndpointInfo().getProperty(TokenStore.class.getName());
    SecurityToken tok = store.getToken(id);
    assertNotNull(tok);
    Element storedToken = tok.getToken();
    // Get another security token by invoking on the STS directly and save it on the client port
    SecurityToken token = requestSecurityToken(SAML1_TOKEN_TYPE, PUBLIC_KEY_KEYTYPE, bus, DEFAULT_ADDRESS);
    assertNotNull(token);
    tok.setToken(token.getToken());
    // after the first invocation
    try {
        doubleIt(port, 30);
        fail("Failure expected as the STSClient on the server side is null");
    } catch (Exception ex) {
    // expected
    }
    // Try again using the original SAML token - this should work as it should be cached by the service
    tok.setToken(storedToken);
    doubleIt(port, 35);
    ((java.io.Closeable) port).close();
    bus.shutdown(true);
}

Example 63 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class CustomParameterTest method testCustomParameterInRSTClaimsHandler2.

// Here the custom parameter in the RST is parsed by the CustomClaimsHandler
@org.junit.Test
public void testCustomParameterInRSTClaimsHandler2() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = CustomParameterTest.class.getResource("cxf-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = CustomParameterTest.class.getResource("DoubleIt.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItTransportCustomParameterClaimsPort");
    DoubleItPortType transportClaimsPort = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(transportClaimsPort, PORT);
    TokenTestUtils.updateSTSPort((BindingProvider) transportClaimsPort, STSPORT);
    STSClient stsClient = new STSClient(bus);
    stsClient.setWsdlLocation("https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl");
    stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
    stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
    Map<String, Object> properties = new HashMap<>();
    properties.put(SecurityConstants.USERNAME, "alice");
    properties.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
    properties.put("security.sts.token.username", "myclientkey");
    properties.put("security.sts.token.properties", "clientKeystore.properties");
    properties.put("security.sts.token.usecert", "true");
    stsClient.setProperties(properties);
    ((BindingProvider) transportClaimsPort).getRequestContext().put(SecurityConstants.STS_CLIENT, stsClient);
    // Failing test
    // Add custom content to the RST
    stsClient.setCustomContent("<realm xmlns=\"http://cxf.apache.org/custom\">custom-unknown-realm</realm>");
    try {
        doubleIt(transportClaimsPort, 25);
        fail("Failure expected on the wrong realm");
    } catch (Exception ex) {
    // expected
    }
    ((java.io.Closeable) transportClaimsPort).close();
    bus.shutdown(true);
}

Example 64 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class DefaultSTSProviderTest method validateSecurityToken.

private List<SecurityToken> validateSecurityToken(Bus bus, String wsdlLocation, SecurityToken securityToken) throws Exception {
    STSClient stsClient = new STSClient(bus);
    stsClient.setWsdlLocation(wsdlLocation);
    stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
    stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
    Map<String, Object> properties = new HashMap<>();
    properties.put(SecurityConstants.USERNAME, "alice");
    properties.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
    properties.put(SecurityConstants.STS_TOKEN_PROPERTIES, "serviceKeystore.properties");
    stsClient.setProperties(properties);
    stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
    return stsClient.validateSecurityToken(securityToken);
}

Example 65 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class JWTUnitTest method requestSecurityToken.

private SecurityToken requestSecurityToken(String tokenType, Bus bus, String endpointAddress, Map<String, Object> msgProperties, String wsdlPort) throws Exception {
    STSClient stsClient = new STSClient(bus);
    String port = STSPORT;
    stsClient.setWsdlLocation("https://localhost:" + port + "/SecurityTokenService/Transport?wsdl");
    stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
    if (wsdlPort != null) {
        stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}" + wsdlPort);
    } else {
        stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
    }
    Map<String, Object> properties = msgProperties;
    if (properties == null) {
        properties = new HashMap<>();
        properties.put(SecurityConstants.USERNAME, "alice");
        properties.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
    }
    stsClient.setProperties(properties);
    stsClient.setTokenType(tokenType);
    stsClient.setSendKeyType(false);
    return stsClient.requestSecurityToken(endpointAddress);
}