Examples with STSClient org.apache.cxf.ws.security.trust.STSClient used on opensource projects

Search in sources :

Example 21 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class Soap12Test method requestSecurityToken.

private SecurityToken requestSecurityToken(String tokenType, String keyType, Element supportingToken, Bus bus, String endpointAddress, String context) throws Exception {
    STSClient stsClient = new STSClient(bus);
    stsClient.setWsdlLocation("https://localhost:" + STSPORT + "/SecurityTokenService/TransportSoap12?wsdl");
    stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
    stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Soap12_Port");
    Map<String, Object> properties = new HashMap<>();
    properties.put(SecurityConstants.USERNAME, "alice");
    properties.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
    properties.put(SecurityConstants.ENCRYPT_PROPERTIES, "clientKeystore.properties");
    properties.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
    if (PUBLIC_KEY_KEYTYPE.equals(keyType)) {
        properties.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey");
        properties.put(SecurityConstants.STS_TOKEN_PROPERTIES, "clientKeystore.properties");
        stsClient.setUseCertificateForConfirmationKeyInfo(true);
    }
    if (supportingToken != null) {
        stsClient.setOnBehalfOf(supportingToken);
    }
    if (context != null) {
        stsClient.setContext(context);
    }
    stsClient.setProperties(properties);
    stsClient.setTokenType(tokenType);
    stsClient.setKeyType(keyType);
    stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
    return stsClient.requestSecurityToken(endpointAddress);
}
Also used : STSClient(org.apache.cxf.ws.security.trust.STSClient) HashMap(java.util.HashMap)

Example 22 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class AsymmetricBindingTest method testUsernameTokenSAML1Encrypted.

@org.junit.Test
public void testUsernameTokenSAML1Encrypted() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = AsymmetricBindingTest.class.getResource("cxf-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = AsymmetricBindingTest.class.getResource("DoubleIt.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML1EncryptedPort");
    DoubleItPortType asymmetricSaml1EncryptedPort = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(asymmetricSaml1EncryptedPort, test.getPort());
    TokenTestUtils.updateSTSPort((BindingProvider) asymmetricSaml1EncryptedPort, test.getStsPort());
    if (test.isStreaming()) {
        SecurityTestUtil.enableStreaming(asymmetricSaml1EncryptedPort);
    }
    // Set the X509Certificate manually on the STSClient (just to test that we can)
    BindingProvider bindingProvider = (BindingProvider) asymmetricSaml1EncryptedPort;
    STSClient stsClient = (STSClient) bindingProvider.getRequestContext().get(SecurityConstants.STS_CLIENT);
    if (stsClient == null) {
        stsClient = (STSClient) bindingProvider.getRequestContext().get("ws-" + SecurityConstants.STS_CLIENT);
    }
    Crypto crypto = CryptoFactory.getInstance("clientKeystore.properties");
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias("myclientkey");
    X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
    stsClient.setUseKeyCertificate(certs[0]);
    doubleIt(asymmetricSaml1EncryptedPort, 40);
    ((java.io.Closeable) asymmetricSaml1EncryptedPort).close();
    bus.shutdown(true);
}
Also used : Bus(org.apache.cxf.Bus) QName(javax.xml.namespace.QName) Service(javax.xml.ws.Service) BindingProvider(javax.xml.ws.BindingProvider) CryptoType(org.apache.wss4j.common.crypto.CryptoType) URL(java.net.URL) X509Certificate(java.security.cert.X509Certificate) STSClient(org.apache.cxf.ws.security.trust.STSClient) Crypto(org.apache.wss4j.common.crypto.Crypto) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType)

Example 23 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class TokenTestUtils method verifyToken.

public static void verifyToken(DoubleItPortType port) throws Exception {
    Client client = ClientProxy.getClient(port);
    Endpoint ep = client.getEndpoint();
    String id = (String) ep.get(SecurityConstants.TOKEN_ID);
    TokenStore store = (TokenStore) ep.getEndpointInfo().getProperty(TokenStore.class.getName());
    org.apache.cxf.ws.security.tokenstore.SecurityToken tok = store.getToken(id);
    assertNotNull(tok);
    STSClient sts = (STSClient) ep.get(SecurityConstants.STS_CLIENT);
    if (sts == null) {
        sts = (STSClient) ep.get("ws-" + SecurityConstants.STS_CLIENT);
    }
    List<SecurityToken> validTokens = sts.validateSecurityToken(tok);
    assertTrue(validTokens != null && !validTokens.isEmpty());
    // mess with the token a bit to force it to fail to validate
    Element e = tok.getToken();
    Element e2 = DOMUtils.getFirstChildWithName(e, e.getNamespaceURI(), "Conditions");
    String nb = e2.getAttributeNS(null, "NotBefore");
    String noa = e2.getAttributeNS(null, "NotOnOrAfter");
    nb = "2010" + nb.substring(4);
    noa = "2010" + noa.substring(4);
    e2.setAttributeNS(null, "NotBefore", nb);
    e2.setAttributeNS(null, "NotOnOrAfter", noa);
    try {
        sts.validateSecurityToken(tok);
        fail("Failure expected on an invalid token");
    } catch (org.apache.cxf.ws.security.trust.TrustException ex) {
    // expected
    }
}
Also used : Element(org.w3c.dom.Element) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) STSClient(org.apache.cxf.ws.security.trust.STSClient) Endpoint(org.apache.cxf.endpoint.Endpoint) Client(org.apache.cxf.endpoint.Client) STSClient(org.apache.cxf.ws.security.trust.STSClient) TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)

Example 24 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class SAMLDelegationTest method requestSecurityToken.

private SecurityToken requestSecurityToken(String tokenType, String keyType, Element supportingToken, Bus bus, String endpointAddress, boolean onBehalfOf, String wsdlPort) throws Exception {
    STSClient stsClient = new STSClient(bus);
    String port = STSPORT;
    stsClient.setWsdlLocation("https://localhost:" + port + "/SecurityTokenService/Transport?wsdl");
    stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
    if (wsdlPort != null) {
        stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}" + wsdlPort);
    } else {
        stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
    }
    Map<String, Object> properties = new HashMap<>();
    properties.put(SecurityConstants.USERNAME, "alice");
    properties.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
    properties.put(SecurityConstants.IS_BSP_COMPLIANT, "false");
    if (PUBLIC_KEY_KEYTYPE.equals(keyType)) {
        properties.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey");
        properties.put(SecurityConstants.STS_TOKEN_PROPERTIES, "clientKeystore.properties");
        stsClient.setUseCertificateForConfirmationKeyInfo(true);
    }
    if (supportingToken != null) {
        if (onBehalfOf) {
            stsClient.setOnBehalfOf(supportingToken);
        } else {
            stsClient.setActAs(supportingToken);
        }
    }
    stsClient.setProperties(properties);
    stsClient.setTokenType(tokenType);
    stsClient.setKeyType(keyType);
    return stsClient.requestSecurityToken(endpointAddress);
}
Also used : STSClient(org.apache.cxf.ws.security.trust.STSClient) HashMap(java.util.HashMap)

Example 25 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class IntermediaryCachingPortTypeImpl method doubleIt.

public int doubleIt(int numberToDouble) {
    if (transportPort == null) {
        // Re-use the same proxy
        URL wsdl = IntermediaryCachingPortTypeImpl.class.getResource("DoubleIt.wsdl");
        Service service = Service.create(wsdl, SERVICE_QNAME);
        QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port");
        transportPort = service.getPort(portQName, DoubleItPortType.class);
        try {
            updateAddressPort(transportPort, IntermediaryTransformationCachingTest.PORT2);
        } catch (Exception ex) {
            ex.printStackTrace();
        }
        if ("standalone".equals(System.getProperty("sts.deployment"))) {
            Map<String, Object> context = ((BindingProvider) transportPort).getRequestContext();
            STSClient stsClient = (STSClient) context.get(SecurityConstants.STS_CLIENT);
            if (stsClient == null) {
                stsClient = (STSClient) context.get("ws-" + SecurityConstants.STS_CLIENT);
            }
            if (stsClient != null) {
                String location = stsClient.getWsdlLocation();
                if (location.contains("8080")) {
                    stsClient.setWsdlLocation(location.replace("8080", IntermediaryTransformationCachingTest.STSPORT2));
                } else if (location.contains("8443")) {
                    stsClient.setWsdlLocation(location.replace("8443", IntermediaryTransformationCachingTest.STSPORT));
                }
            }
        }
    }
    Principal pr = wsc.getUserPrincipal();
    Assert.assertNotNull("Principal must not be null", pr);
    Assert.assertNotNull("Principal.getName() must not return null", pr.getName());
    // Disable the STSClient after the second invocation
    if (i > 1) {
        BindingProvider p = (BindingProvider) transportPort;
        STSClient stsClient = new STSClient(null);
        stsClient.setOnBehalfOf(new ReceivedTokenCallbackHandler());
        p.getRequestContext().put(SecurityConstants.STS_CLIENT, stsClient);
    }
    i++;
    return transportPort.doubleIt(numberToDouble);
}
Also used : STSClient(org.apache.cxf.ws.security.trust.STSClient) QName(javax.xml.namespace.QName) ReceivedTokenCallbackHandler(org.apache.cxf.ws.security.trust.delegation.ReceivedTokenCallbackHandler) WebService(javax.jws.WebService) Service(javax.xml.ws.Service) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) BindingProvider(javax.xml.ws.BindingProvider) URL(java.net.URL) Principal(java.security.Principal)

Aggregations

STSClient (org.apache.cxf.ws.security.trust.STSClient)89 Bus (org.apache.cxf.Bus)35 HashMap (java.util.HashMap)33 URL (java.net.URL)31 QName (javax.xml.namespace.QName)29 Service (javax.xml.ws.Service)27 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)24 DoubleItPortType (org.example.contract.doubleit.DoubleItPortType)21 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)14 BindingProvider (javax.xml.ws.BindingProvider)11 Test (org.junit.Test)11 Client (org.apache.cxf.endpoint.Client)9 WebService (javax.jws.WebService)5 BusException (org.apache.cxf.BusException)5 TLSClientParameters (org.apache.cxf.configuration.jsse.TLSClientParameters)5 EndpointException (org.apache.cxf.endpoint.EndpointException)5 MessageImpl (org.apache.cxf.message.MessageImpl)5 HTTPConduit (org.apache.cxf.transport.http.HTTPConduit)5 ClientCallbackHandler (org.jboss.as.test.integration.ws.wsse.trust.shared.ClientCallbackHandler)5 DOMSource (javax.xml.transform.dom.DOMSource)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial