Search in sources :

Example 6 with WSS4JInInterceptor

use of org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor in project cxf by apache.

the class StaxToDOMSamlTest method testSaml1TokenHOK.

@Test
public void testSaml1TokenHOK() throws Exception {
    // Create + configure service
    Service service = createService();
    Map<String, Object> inProperties = new HashMap<>();
    inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED + " " + ConfigurationConstants.SIGNATURE);
    inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
    final Map<QName, Object> customMap = new HashMap<>();
    CustomSamlValidator validator = new CustomSamlValidator();
    customMap.put(WSConstants.SAML_TOKEN, validator);
    customMap.put(WSConstants.SAML2_TOKEN, validator);
    inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
    WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties);
    service.getInInterceptors().add(inInterceptor);
    // Create + configure client
    Echo echo = createClientProxy();
    Client client = ClientProxy.getClient(echo);
    client.getInInterceptors().add(new LoggingInInterceptor());
    client.getOutInterceptors().add(new LoggingOutInterceptor());
    WSSSecurityProperties properties = new WSSSecurityProperties();
    List<WSSConstants.Action> actions = new ArrayList<>();
    actions.add(WSSConstants.SAML_TOKEN_SIGNED);
    properties.setActions(actions);
    SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
    callbackHandler.setSignAssertion(true);
    callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
    properties.setSamlCallbackHandler(callbackHandler);
    properties.setSignatureUser("alice");
    Properties cryptoProperties = CryptoFactory.getProperties("alice.properties", this.getClass().getClassLoader());
    properties.setSignatureCryptoProperties(cryptoProperties);
    properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
    properties.setCallbackHandler(new PasswordCallbackHandler());
    WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
    client.getOutInterceptors().add(ohandler);
    try {
        echo.echo("test");
        fail("Failure expected on receiving sender vouches instead of HOK");
    } catch (javax.xml.ws.soap.SOAPFaultException ex) {
    // expected
    }
    validator.setRequireSenderVouches(false);
    assertEquals("test", echo.echo("test"));
}
Also used : WSS4JStaxOutInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor) WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties) HashMap(java.util.HashMap) Echo(org.apache.cxf.ws.security.wss4j.Echo) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) Service(org.apache.cxf.service.Service) Properties(java.util.Properties) WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties) LoggingOutInterceptor(org.apache.cxf.ext.logging.LoggingOutInterceptor) WSS4JInInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor) LoggingInInterceptor(org.apache.cxf.ext.logging.LoggingInInterceptor) Client(org.apache.cxf.endpoint.Client) AbstractSecurityTest(org.apache.cxf.ws.security.wss4j.AbstractSecurityTest) Test(org.junit.Test)

Example 7 with WSS4JInInterceptor

use of org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor in project cxf by apache.

the class StaxToDOMSamlTest method testSaml2SignedSenderVouches.

@Test
public void testSaml2SignedSenderVouches() throws Exception {
    // Create + configure service
    Service service = createService();
    Map<String, Object> inProperties = new HashMap<>();
    inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED + " " + ConfigurationConstants.SIGNATURE);
    inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
    final Map<QName, Object> customMap = new HashMap<>();
    CustomSamlValidator validator = new CustomSamlValidator();
    validator.setRequireSAML1Assertion(false);
    customMap.put(WSConstants.SAML_TOKEN, validator);
    customMap.put(WSConstants.SAML2_TOKEN, validator);
    inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
    WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties);
    service.getInInterceptors().add(inInterceptor);
    // Create + configure client
    Echo echo = createClientProxy();
    Client client = ClientProxy.getClient(echo);
    client.getInInterceptors().add(new LoggingInInterceptor());
    client.getOutInterceptors().add(new LoggingOutInterceptor());
    WSSSecurityProperties properties = new WSSSecurityProperties();
    List<WSSConstants.Action> actions = new ArrayList<>();
    actions.add(WSSConstants.SAML_TOKEN_SIGNED);
    properties.setActions(actions);
    properties.setSamlCallbackHandler(new SAML2CallbackHandler());
    properties.setCallbackHandler(new PasswordCallbackHandler());
    properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
    WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
    client.getOutInterceptors().add(ohandler);
    assertEquals("test", echo.echo("test"));
}
Also used : WSS4JStaxOutInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor) WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties) HashMap(java.util.HashMap) Echo(org.apache.cxf.ws.security.wss4j.Echo) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) Service(org.apache.cxf.service.Service) LoggingOutInterceptor(org.apache.cxf.ext.logging.LoggingOutInterceptor) WSS4JInInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor) LoggingInInterceptor(org.apache.cxf.ext.logging.LoggingInInterceptor) Client(org.apache.cxf.endpoint.Client) AbstractSecurityTest(org.apache.cxf.ws.security.wss4j.AbstractSecurityTest) Test(org.junit.Test)

Example 8 with WSS4JInInterceptor

use of org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor in project cxf by apache.

the class StaxToDOMSamlTest method testSaml2TokenHOKConfig.

@Test
public void testSaml2TokenHOKConfig() throws Exception {
    // Create + configure service
    Service service = createService();
    Map<String, Object> inProperties = new HashMap<>();
    inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED + " " + ConfigurationConstants.SIGNATURE);
    inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
    final Map<QName, Object> customMap = new HashMap<>();
    CustomSamlValidator validator = new CustomSamlValidator();
    customMap.put(WSConstants.SAML_TOKEN, validator);
    customMap.put(WSConstants.SAML2_TOKEN, validator);
    inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
    WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties);
    service.getInInterceptors().add(inInterceptor);
    // Create + configure client
    Echo echo = createClientProxy();
    Client client = ClientProxy.getClient(echo);
    client.getInInterceptors().add(new LoggingInInterceptor());
    client.getOutInterceptors().add(new LoggingOutInterceptor());
    Map<String, Object> outConfig = new HashMap<>();
    outConfig.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setSignAssertion(true);
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
    outConfig.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
    outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new PasswordCallbackHandler());
    outConfig.put(ConfigurationConstants.SIGNATURE_USER, "alice");
    outConfig.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
    outConfig.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
    WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig);
    client.getOutInterceptors().add(ohandler);
    try {
        echo.echo("test");
        fail("Failure expected on receiving sender vouches instead of HOK");
    } catch (javax.xml.ws.soap.SOAPFaultException ex) {
    // expected
    }
    validator.setRequireSenderVouches(false);
    try {
        echo.echo("test");
        fail("Failure expected on receiving a SAML 1.1 Token instead of SAML 2.0");
    } catch (javax.xml.ws.soap.SOAPFaultException ex) {
    // expected
    }
    validator.setRequireSAML1Assertion(false);
    assertEquals("test", echo.echo("test"));
}
Also used : WSS4JStaxOutInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor) HashMap(java.util.HashMap) Echo(org.apache.cxf.ws.security.wss4j.Echo) QName(javax.xml.namespace.QName) Service(org.apache.cxf.service.Service) LoggingOutInterceptor(org.apache.cxf.ext.logging.LoggingOutInterceptor) WSS4JInInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor) LoggingInInterceptor(org.apache.cxf.ext.logging.LoggingInInterceptor) Client(org.apache.cxf.endpoint.Client) AbstractSecurityTest(org.apache.cxf.ws.security.wss4j.AbstractSecurityTest) Test(org.junit.Test)

Example 9 with WSS4JInInterceptor

use of org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor in project cxf by apache.

the class SamlTokenTest method makeInvocation.

private SoapMessage makeInvocation(Map<String, Object> outProperties, List<String> xpaths, Map<String, Object> inProperties, Map<String, String> inMessageProperties) throws Exception {
    Document doc = readDocument("wsse-request-clean.xml");
    WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
    PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();
    SoapMessage msg = getSoapMessageForDom(doc);
    for (String key : outProperties.keySet()) {
        msg.put(key, outProperties.get(key));
    }
    handler.handleMessage(msg);
    SOAPMessage saajMsg = msg.getContent(SOAPMessage.class);
    doc = saajMsg.getSOAPPart();
    for (String xpath : xpaths) {
        assertValid(xpath, doc);
    }
    byte[] docbytes = getMessageBytes(doc);
    XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
    dbf.setValidating(false);
    dbf.setIgnoringComments(false);
    dbf.setIgnoringElementContentWhitespace(true);
    dbf.setNamespaceAware(true);
    DocumentBuilder db = dbf.newDocumentBuilder();
    db.setEntityResolver(new NullResolver());
    StaxUtils.read(db, reader, false);
    WSS4JInInterceptor inHandler = new WSS4JInInterceptor(inProperties);
    SoapMessage inmsg = new SoapMessage(new MessageImpl());
    inmsg.put(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, "role");
    for (String inMessageProperty : inMessageProperties.keySet()) {
        inmsg.put(inMessageProperty, inMessageProperties.get(inMessageProperty));
    }
    Exchange ex = new ExchangeImpl();
    ex.setInMessage(inmsg);
    inmsg.setContent(SOAPMessage.class, saajMsg);
    inHandler.handleMessage(inmsg);
    return inmsg;
}
Also used : XMLStreamReader(javax.xml.stream.XMLStreamReader) DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory) Document(org.w3c.dom.Document) SOAPMessage(javax.xml.soap.SOAPMessage) SoapMessage(org.apache.cxf.binding.soap.SoapMessage) NullResolver(org.apache.cxf.helpers.DOMUtils.NullResolver) Exchange(org.apache.cxf.message.Exchange) ByteArrayInputStream(java.io.ByteArrayInputStream) DocumentBuilder(javax.xml.parsers.DocumentBuilder) WSS4JInInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor) WSS4JOutInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor) MessageImpl(org.apache.cxf.message.MessageImpl) ExchangeImpl(org.apache.cxf.message.ExchangeImpl)

Example 10 with WSS4JInInterceptor

use of org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor in project cxf by apache.

the class Server method run.

protected void run() {
    Bus bus = BusFactory.getDefaultBus();
    setBus(bus);
    Map<String, Object> inProperties = new HashMap<>();
    inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
    inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new KeystorePasswordCallback());
    inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "bob.properties");
    WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties);
    bus.getInInterceptors().add(inInterceptor);
    broker.updateWsdl(bus, "testutils/jms_test.wsdl");
    Endpoint.publish(null, new SecurityGreeterImplTwoWayJMS());
}
Also used : Bus(org.apache.cxf.Bus) HashMap(java.util.HashMap) WSS4JInInterceptor(org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor)

Aggregations

WSS4JInInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor)18 HashMap (java.util.HashMap)15 Client (org.apache.cxf.endpoint.Client)14 QName (javax.xml.namespace.QName)13 LoggingInInterceptor (org.apache.cxf.ext.logging.LoggingInInterceptor)12 LoggingOutInterceptor (org.apache.cxf.ext.logging.LoggingOutInterceptor)12 Service (org.apache.cxf.service.Service)12 AbstractSecurityTest (org.apache.cxf.ws.security.wss4j.AbstractSecurityTest)12 Echo (org.apache.cxf.ws.security.wss4j.Echo)12 WSS4JStaxOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor)12 Test (org.junit.Test)12 ArrayList (java.util.ArrayList)6 WSSSecurityProperties (org.apache.wss4j.stax.ext.WSSSecurityProperties)6 WSS4JOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor)4 Properties (java.util.Properties)2 Bus (org.apache.cxf.Bus)2 SAAJInInterceptor (org.apache.cxf.binding.soap.saaj.SAAJInInterceptor)2 SAAJOutInterceptor (org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor)2 Endpoint (org.apache.cxf.endpoint.Endpoint)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1