Example 6 with WSS4JInInterceptor
use of org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor in project cxf by apache.
the class StaxToDOMSamlTest method testSaml1TokenHOK.
@Test
public void testSaml1TokenHOK() throws Exception {
// Create + configure service
Service service = createService();
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED + " " + ConfigurationConstants.SIGNATURE);
inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
final Map<QName, Object> customMap = new HashMap<>();
CustomSamlValidator validator = new CustomSamlValidator();
customMap.put(WSConstants.SAML_TOKEN, validator);
customMap.put(WSConstants.SAML2_TOKEN, validator);
inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties);
service.getInInterceptors().add(inInterceptor);
// Create + configure client
Echo echo = createClientProxy();
Client client = ClientProxy.getClient(echo);
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
WSSSecurityProperties properties = new WSSSecurityProperties();
List<WSSConstants.Action> actions = new ArrayList<>();
actions.add(WSSConstants.SAML_TOKEN_SIGNED);
properties.setActions(actions);
SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
callbackHandler.setSignAssertion(true);
callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
properties.setSamlCallbackHandler(callbackHandler);
properties.setSignatureUser("alice");
Properties cryptoProperties = CryptoFactory.getProperties("alice.properties", this.getClass().getClassLoader());
properties.setSignatureCryptoProperties(cryptoProperties);
properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
properties.setCallbackHandler(new PasswordCallbackHandler());
WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
client.getOutInterceptors().add(ohandler);
try {
echo.echo("test");
fail("Failure expected on receiving sender vouches instead of HOK");
} catch (javax.xml.ws.soap.SOAPFaultException ex) {
// expected
}
validator.setRequireSenderVouches(false);
assertEquals("test", echo.echo("test"));
}
Also used :
WSS4JStaxOutInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor)
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
HashMap(java.util.HashMap)
Echo(org.apache.cxf.ws.security.wss4j.Echo)
QName(javax.xml.namespace.QName)
ArrayList(java.util.ArrayList)
Service(org.apache.cxf.service.Service)
Properties(java.util.Properties)
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
LoggingOutInterceptor(org.apache.cxf.ext.logging.LoggingOutInterceptor)
WSS4JInInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor)
LoggingInInterceptor(org.apache.cxf.ext.logging.LoggingInInterceptor)
Client(org.apache.cxf.endpoint.Client)
AbstractSecurityTest(org.apache.cxf.ws.security.wss4j.AbstractSecurityTest)
Test(org.junit.Test)
Example 7 with WSS4JInInterceptor
use of org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor in project cxf by apache.
the class StaxToDOMSamlTest method testSaml2SignedSenderVouches.
@Test
public void testSaml2SignedSenderVouches() throws Exception {
// Create + configure service
Service service = createService();
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED + " " + ConfigurationConstants.SIGNATURE);
inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
final Map<QName, Object> customMap = new HashMap<>();
CustomSamlValidator validator = new CustomSamlValidator();
validator.setRequireSAML1Assertion(false);
customMap.put(WSConstants.SAML_TOKEN, validator);
customMap.put(WSConstants.SAML2_TOKEN, validator);
inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties);
service.getInInterceptors().add(inInterceptor);
// Create + configure client
Echo echo = createClientProxy();
Client client = ClientProxy.getClient(echo);
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
WSSSecurityProperties properties = new WSSSecurityProperties();
List<WSSConstants.Action> actions = new ArrayList<>();
actions.add(WSSConstants.SAML_TOKEN_SIGNED);
properties.setActions(actions);
properties.setSamlCallbackHandler(new SAML2CallbackHandler());
properties.setCallbackHandler(new PasswordCallbackHandler());
properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
client.getOutInterceptors().add(ohandler);
assertEquals("test", echo.echo("test"));
}
Also used :
WSS4JStaxOutInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor)
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
HashMap(java.util.HashMap)
Echo(org.apache.cxf.ws.security.wss4j.Echo)
QName(javax.xml.namespace.QName)
ArrayList(java.util.ArrayList)
Service(org.apache.cxf.service.Service)
LoggingOutInterceptor(org.apache.cxf.ext.logging.LoggingOutInterceptor)
WSS4JInInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor)
LoggingInInterceptor(org.apache.cxf.ext.logging.LoggingInInterceptor)
Client(org.apache.cxf.endpoint.Client)
AbstractSecurityTest(org.apache.cxf.ws.security.wss4j.AbstractSecurityTest)
Test(org.junit.Test)
Example 8 with WSS4JInInterceptor
use of org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor in project cxf by apache.
the class StaxToDOMSamlTest method testSaml2TokenHOKConfig.
@Test
public void testSaml2TokenHOKConfig() throws Exception {
// Create + configure service
Service service = createService();
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED + " " + ConfigurationConstants.SIGNATURE);
inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
final Map<QName, Object> customMap = new HashMap<>();
CustomSamlValidator validator = new CustomSamlValidator();
customMap.put(WSConstants.SAML_TOKEN, validator);
customMap.put(WSConstants.SAML2_TOKEN, validator);
inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties);
service.getInInterceptors().add(inInterceptor);
// Create + configure client
Echo echo = createClientProxy();
Client client = ClientProxy.getClient(echo);
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
Map<String, Object> outConfig = new HashMap<>();
outConfig.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setSignAssertion(true);
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
outConfig.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new PasswordCallbackHandler());
outConfig.put(ConfigurationConstants.SIGNATURE_USER, "alice");
outConfig.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
outConfig.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig);
client.getOutInterceptors().add(ohandler);
try {
echo.echo("test");
fail("Failure expected on receiving sender vouches instead of HOK");
} catch (javax.xml.ws.soap.SOAPFaultException ex) {
// expected
}
validator.setRequireSenderVouches(false);
try {
echo.echo("test");
fail("Failure expected on receiving a SAML 1.1 Token instead of SAML 2.0");
} catch (javax.xml.ws.soap.SOAPFaultException ex) {
// expected
}
validator.setRequireSAML1Assertion(false);
assertEquals("test", echo.echo("test"));
}
Also used :
WSS4JStaxOutInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor)
HashMap(java.util.HashMap)
Echo(org.apache.cxf.ws.security.wss4j.Echo)
QName(javax.xml.namespace.QName)
Service(org.apache.cxf.service.Service)
LoggingOutInterceptor(org.apache.cxf.ext.logging.LoggingOutInterceptor)
WSS4JInInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor)
LoggingInInterceptor(org.apache.cxf.ext.logging.LoggingInInterceptor)
Client(org.apache.cxf.endpoint.Client)
AbstractSecurityTest(org.apache.cxf.ws.security.wss4j.AbstractSecurityTest)
Test(org.junit.Test)
Example 9 with WSS4JInInterceptor
use of org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor in project cxf by apache.
the class SamlTokenTest method makeInvocation.
private SoapMessage makeInvocation(Map<String, Object> outProperties, List<String> xpaths, Map<String, Object> inProperties, Map<String, String> inMessageProperties) throws Exception {
Document doc = readDocument("wsse-request-clean.xml");
WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();
SoapMessage msg = getSoapMessageForDom(doc);
for (String key : outProperties.keySet()) {
msg.put(key, outProperties.get(key));
}
handler.handleMessage(msg);
SOAPMessage saajMsg = msg.getContent(SOAPMessage.class);
doc = saajMsg.getSOAPPart();
for (String xpath : xpaths) {
assertValid(xpath, doc);
}
byte[] docbytes = getMessageBytes(doc);
XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(false);
dbf.setIgnoringComments(false);
dbf.setIgnoringElementContentWhitespace(true);
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
db.setEntityResolver(new NullResolver());
StaxUtils.read(db, reader, false);
WSS4JInInterceptor inHandler = new WSS4JInInterceptor(inProperties);
SoapMessage inmsg = new SoapMessage(new MessageImpl());
inmsg.put(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, "role");
for (String inMessageProperty : inMessageProperties.keySet()) {
inmsg.put(inMessageProperty, inMessageProperties.get(inMessageProperty));
}
Exchange ex = new ExchangeImpl();
ex.setInMessage(inmsg);
inmsg.setContent(SOAPMessage.class, saajMsg);
inHandler.handleMessage(inmsg);
return inmsg;
}
Also used :
XMLStreamReader(javax.xml.stream.XMLStreamReader)
DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory)
Document(org.w3c.dom.Document)
SOAPMessage(javax.xml.soap.SOAPMessage)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
NullResolver(org.apache.cxf.helpers.DOMUtils.NullResolver)
Exchange(org.apache.cxf.message.Exchange)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
WSS4JInInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor)
WSS4JOutInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor)
MessageImpl(org.apache.cxf.message.MessageImpl)
ExchangeImpl(org.apache.cxf.message.ExchangeImpl)
Example 10 with WSS4JInInterceptor
use of org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor in project cxf by apache.
the class Server method run.
protected void run() {
Bus bus = BusFactory.getDefaultBus();
setBus(bus);
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new KeystorePasswordCallback());
inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "bob.properties");
WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties);
bus.getInInterceptors().add(inInterceptor);
broker.updateWsdl(bus, "testutils/jms_test.wsdl");
Endpoint.publish(null, new SecurityGreeterImplTwoWayJMS());
}
Also used :
Bus(org.apache.cxf.Bus)
HashMap(java.util.HashMap)
WSS4JInInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor)
Aggregations
WSS4JInInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor)18
HashMap (java.util.HashMap)15
Client (org.apache.cxf.endpoint.Client)14
QName (javax.xml.namespace.QName)13
LoggingInInterceptor (org.apache.cxf.ext.logging.LoggingInInterceptor)12
LoggingOutInterceptor (org.apache.cxf.ext.logging.LoggingOutInterceptor)12
Service (org.apache.cxf.service.Service)12
AbstractSecurityTest (org.apache.cxf.ws.security.wss4j.AbstractSecurityTest)12
Echo (org.apache.cxf.ws.security.wss4j.Echo)12
WSS4JStaxOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor)12
Test (org.junit.Test)12
ArrayList (java.util.ArrayList)6
WSSSecurityProperties (org.apache.wss4j.stax.ext.WSSSecurityProperties)6
WSS4JOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor)4
Properties (java.util.Properties)2
Bus (org.apache.cxf.Bus)2
SAAJInInterceptor (org.apache.cxf.binding.soap.saaj.SAAJInInterceptor)2
SAAJOutInterceptor (org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor)2
Endpoint (org.apache.cxf.endpoint.Endpoint)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
