Search in sources :

Example 81 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class TransportBindingTest method testSAML2ViaCode.

@org.junit.Test
public void testSAML2ViaCode() throws Exception {
    URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port");
    DoubleItPortType transportSaml2Port = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(transportSaml2Port, test.getPort());
    if (test.isStreaming()) {
        SecurityTestUtil.enableStreaming(transportSaml2Port);
    }
    // TLS configuration
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    final KeyStore ts = KeyStore.getInstance("JKS");
    try (InputStream trustStore = ClassLoaderUtils.getResourceAsStream("keys/clientstore.jks", TransportBindingTest.class)) {
        ts.load(trustStore, "cspass".toCharArray());
    }
    tmf.init(ts);
    kmf.init(ts, "ckpass".toCharArray());
    TLSClientParameters tlsParams = new TLSClientParameters();
    tlsParams.setTrustManagers(tmf.getTrustManagers());
    tlsParams.setKeyManagers(kmf.getKeyManagers());
    tlsParams.setDisableCNCheck(true);
    Client client = ClientProxy.getClient(transportSaml2Port);
    HTTPConduit http = (HTTPConduit) client.getConduit();
    http.setTlsClientParameters(tlsParams);
    // STSClient configuration
    Bus clientBus = BusFactory.newInstance().createBus();
    STSClient stsClient = new STSClient(clientBus);
    // Use a local WSDL or else we run into problems retrieving the WSDL over HTTPS
    // due to lack of TLS config when creating the client
    URL stsWsdl = TransportBindingTest.class.getResource("../deployment/ws-trust-1.4-service.wsdl");
    stsClient.setWsdlLocation(stsWsdl.toString());
    stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
    stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
    Map<String, Object> props = new HashMap<>();
    props.put("security.username", "alice");
    props.put("security.callback-handler", "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
    props.put("security.sts.token.username", "myclientkey");
    props.put("security.sts.token.properties", "clientKeystore.properties");
    props.put("security.sts.token.usecert", "false");
    stsClient.setProperties(props);
    ((BindingProvider) transportSaml2Port).getRequestContext().put("security.sts.client", stsClient);
    // Update ports + HTTPS configuration for the STSClient
    updateAddressPort(stsClient.getClient(), test.getStsPort());
    ((HTTPConduit) stsClient.getClient().getConduit()).setTlsClientParameters(tlsParams);
    doubleIt(transportSaml2Port, 25);
    ((java.io.Closeable) transportSaml2Port).close();
    clientBus.shutdown(true);
}
Also used : TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters) Bus(org.apache.cxf.Bus) HashMap(java.util.HashMap) QName(javax.xml.namespace.QName) InputStream(java.io.InputStream) Service(javax.xml.ws.Service) KeyStore(java.security.KeyStore) URL(java.net.URL) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) HTTPConduit(org.apache.cxf.transport.http.HTTPConduit) STSClient(org.apache.cxf.ws.security.trust.STSClient) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) STSClient(org.apache.cxf.ws.security.trust.STSClient) Client(org.apache.cxf.endpoint.Client)

Example 82 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class UsernameActAsCachingTest method clearSTSClient.

private void clearSTSClient(BindingProvider p) throws BusException, EndpointException {
    STSClient stsClient = (STSClient) p.getRequestContext().get(SecurityConstants.STS_CLIENT);
    if (stsClient == null) {
        stsClient = (STSClient) p.getRequestContext().get("ws-" + SecurityConstants.STS_CLIENT);
    }
    stsClient.getClient().destroy();
    stsClient.setWsdlLocation(null);
    stsClient.setLocation(null);
}
Also used : STSClient(org.apache.cxf.ws.security.trust.STSClient)

Example 83 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class UsernameActAsCachingTest method testNoAppliesToCaching.

/**
 * Test caching the issued token when the STSClient is deployed in an intermediary
 */
@org.junit.Test
public void testNoAppliesToCaching() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = UsernameActAsCachingTest.class.getResource("cxf-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = UsernameActAsCachingTest.class.getResource("DoubleIt.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2BearerPort5");
    DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(port, PORT);
    TokenTestUtils.updateSTSPort((BindingProvider) port, STSPORT2);
    // Disable storing tokens per-proxy
    ((BindingProvider) port).getRequestContext().put(SecurityConstants.CACHE_ISSUED_TOKEN_IN_ENDPOINT, "false");
    // Make a successful invocation
    ((BindingProvider) port).getRequestContext().put(SecurityConstants.USERNAME, "alice");
    // Disable appliesTo
    BindingProvider p = (BindingProvider) port;
    STSClient stsClient = (STSClient) p.getRequestContext().get(SecurityConstants.STS_CLIENT);
    if (stsClient == null) {
        stsClient = (STSClient) p.getRequestContext().get("ws-" + SecurityConstants.STS_CLIENT);
    }
    stsClient.setEnableAppliesTo(false);
    doubleIt(port, 25);
    // Change the STSClient so that it can no longer find the STS
    clearSTSClient(p);
    // This should work
    doubleIt(port, 25);
    // Bob should fail
    ((BindingProvider) port).getRequestContext().put(SecurityConstants.USERNAME, "bob");
    try {
        doubleIt(port, 30);
        fail("Failure expected");
    } catch (Exception ex) {
    // 
    }
    ((java.io.Closeable) port).close();
    bus.shutdown(true);
}
Also used : Bus(org.apache.cxf.Bus) STSClient(org.apache.cxf.ws.security.trust.STSClient) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) QName(javax.xml.namespace.QName) Service(javax.xml.ws.Service) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) BindingProvider(javax.xml.ws.BindingProvider) URL(java.net.URL) BusException(org.apache.cxf.BusException) EndpointException(org.apache.cxf.endpoint.EndpointException)

Example 84 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class UsernameOnBehalfOfCachingTest method clearSTSClient.

private void clearSTSClient(BindingProvider p) throws BusException, EndpointException {
    STSClient stsClient = (STSClient) p.getRequestContext().get(SecurityConstants.STS_CLIENT);
    if (stsClient == null) {
        stsClient = (STSClient) p.getRequestContext().get("ws-" + SecurityConstants.STS_CLIENT);
    }
    stsClient.getClient().destroy();
    stsClient.setWsdlLocation(null);
    stsClient.setLocation(null);
}
Also used : STSClient(org.apache.cxf.ws.security.trust.STSClient)

Example 85 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class UsernameOnBehalfOfCachingTest method testNoAppliesToCaching.

/**
 * Test caching the issued token when the STSClient is deployed in an intermediary
 */
@org.junit.Test
public void testNoAppliesToCaching() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = UsernameOnBehalfOfCachingTest.class.getResource("cxf-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = UsernameOnBehalfOfCachingTest.class.getResource("DoubleIt.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItOBOAsymmetricSAML2BearerPort5");
    DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(port, PORT);
    TokenTestUtils.updateSTSPort((BindingProvider) port, STSPORT2);
    // Disable storing tokens per-proxy
    ((BindingProvider) port).getRequestContext().put(SecurityConstants.CACHE_ISSUED_TOKEN_IN_ENDPOINT, "false");
    // Make a successful invocation
    ((BindingProvider) port).getRequestContext().put(SecurityConstants.USERNAME, "alice");
    // Disable appliesTo
    BindingProvider p = (BindingProvider) port;
    STSClient stsClient = (STSClient) p.getRequestContext().get(SecurityConstants.STS_CLIENT);
    if (stsClient == null) {
        stsClient = (STSClient) p.getRequestContext().get("ws-" + SecurityConstants.STS_CLIENT);
    }
    stsClient.setEnableAppliesTo(false);
    doubleIt(port, 25);
    // Change the STSClient so that it can no longer find the STS
    clearSTSClient(p);
    // This should work
    doubleIt(port, 25);
    // Bob should fail
    ((BindingProvider) port).getRequestContext().put(SecurityConstants.USERNAME, "bob");
    try {
        doubleIt(port, 30);
        fail("Failure expected");
    } catch (Exception ex) {
    // 
    }
    ((java.io.Closeable) port).close();
    bus.shutdown(true);
}
Also used : Bus(org.apache.cxf.Bus) STSClient(org.apache.cxf.ws.security.trust.STSClient) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) QName(javax.xml.namespace.QName) Service(javax.xml.ws.Service) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) BindingProvider(javax.xml.ws.BindingProvider) URL(java.net.URL) BusException(org.apache.cxf.BusException) EndpointException(org.apache.cxf.endpoint.EndpointException)

Aggregations

STSClient (org.apache.cxf.ws.security.trust.STSClient)89 Bus (org.apache.cxf.Bus)35 HashMap (java.util.HashMap)33 URL (java.net.URL)31 QName (javax.xml.namespace.QName)29 Service (javax.xml.ws.Service)27 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)24 DoubleItPortType (org.example.contract.doubleit.DoubleItPortType)21 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)14 BindingProvider (javax.xml.ws.BindingProvider)11 Test (org.junit.Test)11 Client (org.apache.cxf.endpoint.Client)9 WebService (javax.jws.WebService)5 BusException (org.apache.cxf.BusException)5 TLSClientParameters (org.apache.cxf.configuration.jsse.TLSClientParameters)5 EndpointException (org.apache.cxf.endpoint.EndpointException)5 MessageImpl (org.apache.cxf.message.MessageImpl)5 HTTPConduit (org.apache.cxf.transport.http.HTTPConduit)5 ClientCallbackHandler (org.jboss.as.test.integration.ws.wsse.trust.shared.ClientCallbackHandler)5 DOMSource (javax.xml.transform.dom.DOMSource)4