Example 91 with STSClient
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class SymmetricBindingTest method createDispatchSTSClient.
private STSClient createDispatchSTSClient(Bus bus) {
STSClient stsClient = new STSClient(bus);
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}UT_Port");
Map<String, Object> properties = new HashMap<>();
properties.put(SecurityConstants.USERNAME, "alice");
properties.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
properties.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
properties.put(SecurityConstants.ENCRYPT_PROPERTIES, "clientKeystore.properties");
properties.put("ws-security.is-bsp-compliant", "false");
stsClient.setProperties(properties);
return stsClient;
}Example 92 with STSClient
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class TransportBindingTest method testSAML2ViaCode.
@org.junit.Test
public void testSAML2ViaCode() throws Exception {
URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port");
DoubleItPortType transportSaml2Port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(transportSaml2Port, test.getPort());
if (test.isStreaming()) {
SecurityTestUtil.enableStreaming(transportSaml2Port);
}
// TLS configuration
TLSClientParameters tlsParams = TLSClientParametersUtils.getTLSClientParameters();
Client client = ClientProxy.getClient(transportSaml2Port);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
// STSClient configuration
Bus clientBus = BusFactory.newInstance().createBus();
STSClient stsClient = new STSClient(clientBus);
// HTTPS configuration for the STSClient
stsClient.setTlsClientParameters(tlsParams);
// Use a local WSDL or else we run into problems retrieving the WSDL over HTTPS
// due to lack of TLS config when creating the client
URL stsWsdl = TransportBindingTest.class.getResource("../deployment/ws-trust-1.4-service.wsdl");
stsClient.setWsdlLocation(stsWsdl.toString());
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
Map<String, Object> props = new HashMap<>();
props.put("security.username", "alice");
props.put("security.callback-handler", "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
props.put("security.sts.token.username", "myclientkey");
props.put("security.sts.token.properties", "clientKeystore.properties");
props.put("security.sts.token.usecert", "false");
stsClient.setProperties(props);
((BindingProvider) transportSaml2Port).getRequestContext().put("security.sts.client", stsClient);
// Update ports
updateAddressPort(stsClient.getClient(), test.getStsPort());
doubleIt(transportSaml2Port, 25);
((java.io.Closeable) transportSaml2Port).close();
clientBus.shutdown(true);
}
Also used :
TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters)
Bus(org.apache.cxf.Bus)
HashMap(java.util.HashMap)
QName(javax.xml.namespace.QName)
Service(javax.xml.ws.Service)
URL(java.net.URL)
HTTPConduit(org.apache.cxf.transport.http.HTTPConduit)
STSClient(org.apache.cxf.ws.security.trust.STSClient)
DoubleItPortType(org.example.contract.doubleit.DoubleItPortType)
STSClient(org.apache.cxf.ws.security.trust.STSClient)
Client(org.apache.cxf.endpoint.Client)
Example 93 with STSClient
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class UsernameActAsCachingTest method testNoAppliesToCaching.
/**
* Test caching the issued token when the STSClient is deployed in an intermediary
*/
@org.junit.Test
public void testNoAppliesToCaching() throws Exception {
createBus(getClass().getResource("cxf-client.xml").toString());
URL wsdl = UsernameActAsCachingTest.class.getResource("DoubleIt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2BearerPort5");
DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
TokenTestUtils.updateSTSPort((BindingProvider) port, STSPORT2);
// Disable storing tokens per-proxy
((BindingProvider) port).getRequestContext().put(SecurityConstants.CACHE_ISSUED_TOKEN_IN_ENDPOINT, "false");
// Make a successful invocation
((BindingProvider) port).getRequestContext().put(SecurityConstants.USERNAME, "alice");
// Disable appliesTo
BindingProvider p = (BindingProvider) port;
STSClient stsClient = (STSClient) p.getRequestContext().get(SecurityConstants.STS_CLIENT);
if (stsClient == null) {
stsClient = (STSClient) p.getRequestContext().get("ws-" + SecurityConstants.STS_CLIENT);
}
stsClient.setEnableAppliesTo(false);
doubleIt(port, 25);
// Change the STSClient so that it can no longer find the STS
clearSTSClient(p);
// This should work
doubleIt(port, 25);
// Bob should fail
((BindingProvider) port).getRequestContext().put(SecurityConstants.USERNAME, "bob");
try {
doubleIt(port, 30);
fail("Failure expected");
} catch (Exception ex) {
//
}
((java.io.Closeable) port).close();
}
Also used :
STSClient(org.apache.cxf.ws.security.trust.STSClient)
QName(javax.xml.namespace.QName)
Service(javax.xml.ws.Service)
DoubleItPortType(org.example.contract.doubleit.DoubleItPortType)
BindingProvider(javax.xml.ws.BindingProvider)
URL(java.net.URL)
BusException(org.apache.cxf.BusException)
EndpointException(org.apache.cxf.endpoint.EndpointException)
Example 94 with STSClient
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class UsernameActAsCachingTest method clearSTSClient.
private void clearSTSClient(BindingProvider p) throws BusException, EndpointException {
STSClient stsClient = (STSClient) p.getRequestContext().get(SecurityConstants.STS_CLIENT);
if (stsClient == null) {
stsClient = (STSClient) p.getRequestContext().get("ws-" + SecurityConstants.STS_CLIENT);
}
stsClient.getClient().destroy();
stsClient.setWsdlLocation(null);
stsClient.setLocation(null);
}
Also used :
STSClient(org.apache.cxf.ws.security.trust.STSClient)
Example 95 with STSClient
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class IssueUnitTest method requestSecurityToken.
// CHECKSTYLE:OFF
private SecurityToken requestSecurityToken(String tokenType, String keyType, Element supportingToken, Bus bus, String endpointAddress, String context, Map<String, Object> msgProperties, String realmUri, String wsdlPort) throws Exception {
STSClient stsClient = new STSClient(bus);
String port = STSPORT;
if (realmUri != null) {
stsClient.setWsdlLocation("https://localhost:" + port + "/SecurityTokenService/" + realmUri + "/Transport?wsdl");
} else {
stsClient.setWsdlLocation("https://localhost:" + port + "/SecurityTokenService/Transport?wsdl");
}
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
if (wsdlPort != null) {
stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}" + wsdlPort);
} else {
stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
}
Map<String, Object> properties = msgProperties;
if (properties == null) {
properties = new HashMap<>();
properties.put(SecurityConstants.USERNAME, "alice");
properties.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
}
properties.put(SecurityConstants.IS_BSP_COMPLIANT, "false");
if (PUBLIC_KEY_KEYTYPE.equals(keyType)) {
properties.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey");
properties.put(SecurityConstants.STS_TOKEN_PROPERTIES, "clientKeystore.properties");
stsClient.setUseCertificateForConfirmationKeyInfo(true);
}
if (supportingToken != null) {
stsClient.setOnBehalfOf(supportingToken);
}
if (context != null) {
stsClient.setContext(context);
}
stsClient.setProperties(properties);
stsClient.setTokenType(tokenType);
stsClient.setKeyType(keyType);
return stsClient.requestSecurityToken(endpointAddress);
}
Also used :
STSClient(org.apache.cxf.ws.security.trust.STSClient)
Aggregations
STSClient (org.apache.cxf.ws.security.trust.STSClient)130
HashMap (java.util.HashMap)44
QName (javax.xml.namespace.QName)40
URL (java.net.URL)31
Service (javax.xml.ws.Service)29
DoubleItPortType (org.example.contract.doubleit.DoubleItPortType)21
Test (org.junit.Test)17
Bus (org.apache.cxf.Bus)16
BindingProvider (javax.xml.ws.BindingProvider)15
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)13
Client (org.apache.cxf.endpoint.Client)9
WebService (javax.jws.WebService)7
BusException (org.apache.cxf.BusException)7
EndpointException (org.apache.cxf.endpoint.EndpointException)7
LoggingInInterceptor (org.apache.cxf.ext.logging.LoggingInInterceptor)6
LoggingOutInterceptor (org.apache.cxf.ext.logging.LoggingOutInterceptor)6
Map (java.util.Map)5
ClientCallbackHandler (org.jboss.as.test.integration.ws.wsse.trust.shared.ClientCallbackHandler)5
ClientCallbackHandler (org.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared.ClientCallbackHandler)5
SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)4
