Example 16 with STSClient
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class SAMLRenewTest method testRenewExpiredTokens.
@org.junit.Test
public void testRenewExpiredTokens() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = SAMLRenewTest.class.getResource("cxf-client.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL wsdl = SAMLRenewTest.class.getResource("DoubleIt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName saml1PortQName = new QName(NAMESPACE, "DoubleItTransportSaml1Port");
DoubleItPortType saml1Port = service.getPort(saml1PortQName, DoubleItPortType.class);
updateAddressPort(saml1Port, PORT);
QName saml1BearerPortQName = new QName(NAMESPACE, "DoubleItTransportSaml1BearerPort");
DoubleItPortType saml1BearerPort = service.getPort(saml1BearerPortQName, DoubleItPortType.class);
updateAddressPort(saml1BearerPort, PORT);
QName saml2PortQName = new QName(NAMESPACE, "DoubleItTransportSaml2Port");
DoubleItPortType saml2Port = service.getPort(saml2PortQName, DoubleItPortType.class);
updateAddressPort(saml2Port, PORT);
QName saml2NoRenewPortQName = new QName(NAMESPACE, "DoubleItTransportSaml2NoRenewPort");
DoubleItPortType saml2NoRenewPort = service.getPort(saml2NoRenewPortQName, DoubleItPortType.class);
updateAddressPort(saml2NoRenewPort, PORT);
QName saml2IntermediaryPortQName = new QName(NAMESPACE, "DoubleItTransportSaml2IntermediaryPort");
DoubleItPortType saml2IntermediaryPort = service.getPort(saml2IntermediaryPortQName, DoubleItPortType.class);
updateAddressPort(saml2IntermediaryPort, PORT);
((BindingProvider) saml2IntermediaryPort).getRequestContext().put(SecurityConstants.USERNAME, "alice");
// Make initial successful invocation(s)
doubleIt(saml1Port, 25);
doubleIt(saml1BearerPort, 30);
doubleIt(saml2Port, 35);
doubleIt(saml2NoRenewPort, 35);
doubleIt(saml2IntermediaryPort, 40);
// Now sleep to expire the token(s)
Thread.sleep(8 * 1000);
// The IssuedTokenInterceptorProvider should renew the token
BindingProvider p = (BindingProvider) saml1Port;
STSClient stsClient = (STSClient) p.getRequestContext().get(SecurityConstants.STS_CLIENT);
stsClient.setTtl(300);
doubleIt(saml1Port, 25);
try {
// The IssuedTokenInterceptorProvider should renew the token - but it should fail on
// lack of Proof-of-Possession
doubleIt(saml1BearerPort, 30);
fail("Expected failure on no Proof-of-Possession");
} catch (Exception ex) {
// expected
}
// The IssuedTokenInterceptorProvider should renew the token
p = (BindingProvider) saml2Port;
stsClient = (STSClient) p.getRequestContext().get(SecurityConstants.STS_CLIENT);
stsClient.setTtl(300);
doubleIt(saml2Port, 35);
// Renew should fail here, but it should fall back to issue
doubleIt(saml2NoRenewPort, 35);
doubleIt(saml2IntermediaryPort, 40);
((java.io.Closeable) saml1Port).close();
((java.io.Closeable) saml1BearerPort).close();
((java.io.Closeable) saml2Port).close();
((java.io.Closeable) saml2IntermediaryPort).close();
bus.shutdown(true);
}
Also used :
Bus(org.apache.cxf.Bus)
STSClient(org.apache.cxf.ws.security.trust.STSClient)
SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory)
QName(javax.xml.namespace.QName)
Service(javax.xml.ws.Service)
DoubleItPortType(org.example.contract.doubleit.DoubleItPortType)
BindingProvider(javax.xml.ws.BindingProvider)
URL(java.net.URL)
Example 17 with STSClient
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class SAMLRenewUnitTest method requestSecurityToken.
private SecurityToken requestSecurityToken(Bus bus, String wsdlLocation, String tokenType, int ttl, boolean allowExpired, boolean sendRenewing) throws Exception {
STSClient stsClient = new STSClient(bus);
stsClient.setWsdlLocation(wsdlLocation);
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
stsClient.setTokenType(tokenType);
stsClient.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
Map<String, Object> properties = new HashMap<>();
properties.put(SecurityConstants.USERNAME, "alice");
properties.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
properties.put(SecurityConstants.STS_TOKEN_PROPERTIES, "serviceKeystore.properties");
stsClient.setTtl(ttl);
stsClient.setAllowRenewingAfterExpiry(allowExpired);
stsClient.setEnableLifetime(true);
stsClient.setProperties(properties);
stsClient.setRequiresEntropy(true);
stsClient.setKeySize(128);
stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
stsClient.setSendRenewing(sendRenewing);
return stsClient.requestSecurityToken("https://localhost:8081/doubleit/services/doubleittransport");
}Example 18 with STSClient
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class SAMLRenewUnitTest method validateSecurityToken.
private List<SecurityToken> validateSecurityToken(Bus bus, String wsdlLocation, SecurityToken securityToken) throws Exception {
STSClient stsClient = new STSClient(bus);
stsClient.setWsdlLocation(wsdlLocation);
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
Map<String, Object> properties = new HashMap<>();
properties.put(SecurityConstants.USERNAME, "alice");
properties.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
properties.put(SecurityConstants.STS_TOKEN_PROPERTIES, "serviceKeystore.properties");
stsClient.setProperties(properties);
stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
return stsClient.validateSecurityToken(securityToken);
}Example 19 with STSClient
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class AsymmetricEncryptionTest method requestSecurityToken.
private SecurityToken requestSecurityToken(Bus bus, String stsPort) throws Exception {
STSClient stsClient = new STSClient(bus);
stsClient.setWsdlLocation("http://localhost:" + stsPort + "/SecurityTokenService/X509?wsdl");
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}X509_Port");
stsClient.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
stsClient.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
Map<String, Object> properties = new HashMap<>();
properties.put(SecurityConstants.USERNAME, "alice");
properties.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
properties.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
properties.put(SecurityConstants.SIGNATURE_PROPERTIES, "clientKeystore.properties");
stsClient.setProperties(properties);
stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
return stsClient.requestSecurityToken("https://localhost:8081/doubleit/services/doubleittransport");
}Example 20 with STSClient
use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.
the class SecurityContextTokenUnitTest method requestSecurityToken.
private SecurityToken requestSecurityToken(Bus bus, String wsdlLocation, boolean enableEntropy) throws Exception {
STSClient stsClient = new STSClient(bus);
stsClient.setWsdlLocation(wsdlLocation);
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
Map<String, Object> properties = new HashMap<>();
properties.put(SecurityConstants.USERNAME, "alice");
properties.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
properties.put(SecurityConstants.STS_TOKEN_PROPERTIES, "serviceKeystore.properties");
stsClient.setProperties(properties);
stsClient.setSecureConv(true);
stsClient.setRequiresEntropy(enableEntropy);
stsClient.setKeySize(128);
stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
return stsClient.requestSecurityToken("http://localhost:8081/doubleit/services/doubleitsymmetric");
}Aggregations
STSClient (org.apache.cxf.ws.security.trust.STSClient)89
Bus (org.apache.cxf.Bus)35
HashMap (java.util.HashMap)33
URL (java.net.URL)31
QName (javax.xml.namespace.QName)29
Service (javax.xml.ws.Service)27
SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)24
DoubleItPortType (org.example.contract.doubleit.DoubleItPortType)21
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)14
BindingProvider (javax.xml.ws.BindingProvider)11
Test (org.junit.Test)11
Client (org.apache.cxf.endpoint.Client)9
WebService (javax.jws.WebService)5
BusException (org.apache.cxf.BusException)5
TLSClientParameters (org.apache.cxf.configuration.jsse.TLSClientParameters)5
EndpointException (org.apache.cxf.endpoint.EndpointException)5
MessageImpl (org.apache.cxf.message.MessageImpl)5
HTTPConduit (org.apache.cxf.transport.http.HTTPConduit)5
ClientCallbackHandler (org.jboss.as.test.integration.ws.wsse.trust.shared.ClientCallbackHandler)5
DOMSource (javax.xml.transform.dom.DOMSource)4
