use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class TransportBindingTest method testSAML2ViaCode.
@org.junit.Test
public void testSAML2ViaCode() throws Exception {
URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port");
DoubleItPortType transportSaml2Port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(transportSaml2Port, test.getPort());
if (test.isStreaming()) {
SecurityTestUtil.enableStreaming(transportSaml2Port);
}
// TLS configuration
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
final KeyStore ts = KeyStore.getInstance("JKS");
try (InputStream trustStore = ClassLoaderUtils.getResourceAsStream("keys/clientstore.jks", TransportBindingTest.class)) {
ts.load(trustStore, "cspass".toCharArray());
}
tmf.init(ts);
kmf.init(ts, "ckpass".toCharArray());
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setTrustManagers(tmf.getTrustManagers());
tlsParams.setKeyManagers(kmf.getKeyManagers());
tlsParams.setDisableCNCheck(true);
Client client = ClientProxy.getClient(transportSaml2Port);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
// STSClient configuration
Bus clientBus = BusFactory.newInstance().createBus();
STSClient stsClient = new STSClient(clientBus);
// Use a local WSDL or else we run into problems retrieving the WSDL over HTTPS
// due to lack of TLS config when creating the client
URL stsWsdl = TransportBindingTest.class.getResource("../deployment/ws-trust-1.4-service.wsdl");
stsClient.setWsdlLocation(stsWsdl.toString());
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
Map<String, Object> props = new HashMap<>();
props.put("security.username", "alice");
props.put("security.callback-handler", "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
props.put("security.sts.token.username", "myclientkey");
props.put("security.sts.token.properties", "clientKeystore.properties");
props.put("security.sts.token.usecert", "false");
stsClient.setProperties(props);
((BindingProvider) transportSaml2Port).getRequestContext().put("security.sts.client", stsClient);
// Update ports + HTTPS configuration for the STSClient
updateAddressPort(stsClient.getClient(), test.getStsPort());
((HTTPConduit) stsClient.getClient().getConduit()).setTlsClientParameters(tlsParams);
doubleIt(transportSaml2Port, 25);
((java.io.Closeable) transportSaml2Port).close();
clientBus.shutdown(true);
}
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class UsernameActAsCachingTest method clearSTSClient.
private void clearSTSClient(BindingProvider p) throws BusException, EndpointException {
STSClient stsClient = (STSClient) p.getRequestContext().get(SecurityConstants.STS_CLIENT);
if (stsClient == null) {
stsClient = (STSClient) p.getRequestContext().get("ws-" + SecurityConstants.STS_CLIENT);
}
stsClient.getClient().destroy();
stsClient.setWsdlLocation(null);
stsClient.setLocation(null);
}
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class UsernameActAsCachingTest method testNoAppliesToCaching.
/**
* Test caching the issued token when the STSClient is deployed in an intermediary
*/
@org.junit.Test
public void testNoAppliesToCaching() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = UsernameActAsCachingTest.class.getResource("cxf-client.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL wsdl = UsernameActAsCachingTest.class.getResource("DoubleIt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2BearerPort5");
DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
TokenTestUtils.updateSTSPort((BindingProvider) port, STSPORT2);
// Disable storing tokens per-proxy
((BindingProvider) port).getRequestContext().put(SecurityConstants.CACHE_ISSUED_TOKEN_IN_ENDPOINT, "false");
// Make a successful invocation
((BindingProvider) port).getRequestContext().put(SecurityConstants.USERNAME, "alice");
// Disable appliesTo
BindingProvider p = (BindingProvider) port;
STSClient stsClient = (STSClient) p.getRequestContext().get(SecurityConstants.STS_CLIENT);
if (stsClient == null) {
stsClient = (STSClient) p.getRequestContext().get("ws-" + SecurityConstants.STS_CLIENT);
}
stsClient.setEnableAppliesTo(false);
doubleIt(port, 25);
// Change the STSClient so that it can no longer find the STS
clearSTSClient(p);
// This should work
doubleIt(port, 25);
// Bob should fail
((BindingProvider) port).getRequestContext().put(SecurityConstants.USERNAME, "bob");
try {
doubleIt(port, 30);
fail("Failure expected");
} catch (Exception ex) {
//
}
((java.io.Closeable) port).close();
bus.shutdown(true);
}
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class UsernameOnBehalfOfCachingTest method clearSTSClient.
private void clearSTSClient(BindingProvider p) throws BusException, EndpointException {
STSClient stsClient = (STSClient) p.getRequestContext().get(SecurityConstants.STS_CLIENT);
if (stsClient == null) {
stsClient = (STSClient) p.getRequestContext().get("ws-" + SecurityConstants.STS_CLIENT);
}
stsClient.getClient().destroy();
stsClient.setWsdlLocation(null);
stsClient.setLocation(null);
}
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class UsernameOnBehalfOfCachingTest method testNoAppliesToCaching.
/**
* Test caching the issued token when the STSClient is deployed in an intermediary
*/
@org.junit.Test
public void testNoAppliesToCaching() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = UsernameOnBehalfOfCachingTest.class.getResource("cxf-client.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL wsdl = UsernameOnBehalfOfCachingTest.class.getResource("DoubleIt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItOBOAsymmetricSAML2BearerPort5");
DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
TokenTestUtils.updateSTSPort((BindingProvider) port, STSPORT2);
// Disable storing tokens per-proxy
((BindingProvider) port).getRequestContext().put(SecurityConstants.CACHE_ISSUED_TOKEN_IN_ENDPOINT, "false");
// Make a successful invocation
((BindingProvider) port).getRequestContext().put(SecurityConstants.USERNAME, "alice");
// Disable appliesTo
BindingProvider p = (BindingProvider) port;
STSClient stsClient = (STSClient) p.getRequestContext().get(SecurityConstants.STS_CLIENT);
if (stsClient == null) {
stsClient = (STSClient) p.getRequestContext().get("ws-" + SecurityConstants.STS_CLIENT);
}
stsClient.setEnableAppliesTo(false);
doubleIt(port, 25);
// Change the STSClient so that it can no longer find the STS
clearSTSClient(p);
// This should work
doubleIt(port, 25);
// Bob should fail
((BindingProvider) port).getRequestContext().put(SecurityConstants.USERNAME, "bob");
try {
doubleIt(port, 30);
fail("Failure expected");
} catch (Exception ex) {
//
}
((java.io.Closeable) port).close();
bus.shutdown(true);
}
Aggregations