Search in sources :

Example 21 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class Logout method doLogout.

private void doLogout(final SAML2ReceivedResponseTO receivedResponse, final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
    SyncopeClientFactoryBean clientFactory = (SyncopeClientFactoryBean) request.getServletContext().getAttribute(Constants.SYNCOPE_CLIENT_FACTORY);
    try {
        String accessToken = (String) request.getSession().getAttribute(Constants.SAML2SPJWT);
        if (StringUtils.isBlank(accessToken)) {
            throw new IllegalArgumentException("No access token found ");
        }
        SyncopeClient client = clientFactory.create(accessToken);
        client.getService(SAML2SPService.class).validateLogoutResponse(receivedResponse);
        String successURL = getServletContext().getInitParameter(Constants.CONTEXT_PARAM_LOGOUT_SUCCESS_URL);
        if (successURL == null) {
            request.getRequestDispatcher("logoutSuccess.jsp").forward(request, response);
        } else {
            response.sendRedirect(successURL);
        }
        request.getSession().removeAttribute(Constants.SAML2SPJWT);
    } catch (Exception e) {
        LOG.error("While processing authentication response from IdP", e);
        String errorURL = getServletContext().getInitParameter(Constants.CONTEXT_PARAM_LOGOUT_ERROR_URL);
        if (errorURL == null) {
            request.setAttribute("exception", e);
            request.getRequestDispatcher("logoutError.jsp").forward(request, response);
            e.printStackTrace(response.getWriter());
        } else {
            response.sendRedirect(errorURL + "?errorMessage=" + URLEncoder.encode(e.getMessage(), StandardCharsets.UTF_8.name()));
        }
    }
}
Also used : SAML2SPService(org.apache.syncope.common.rest.api.service.SAML2SPService) SyncopeClientFactoryBean(org.apache.syncope.client.lib.SyncopeClientFactoryBean) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Example 22 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project testcases by coheigea.

the class JWTTestIT method testAuthenticatedRequest.

@org.junit.Test
public void testAuthenticatedRequest() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = JWTTestIT.class.getResource("cxf-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    SpringBusFactory.setDefaultBus(bus);
    SpringBusFactory.setThreadDefaultBus(bus);
    // 1. Get a JWT Token from the STS via the REST interface for "alice"
    String address = "https://localhost:" + STS_PORT + "/SecurityTokenService/token";
    WebClient client = WebClient.create(address, "alice", "security", busFile.toString());
    client.accept("text/plain");
    client.path("jwt");
    // sclient.query("appliesTo", "bob/service.ws.apache.org@service.ws.apache.org");
    Response response = client.get();
    String jwtToken = response.readEntity(String.class);
    assertNotNull(jwtToken);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(jwtToken);
    JwtToken jwt = jwtConsumer.getJwtToken();
    Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
    // 2. Now use the JWT Token to authenticate to Syncope.
    String syncopePort = System.getProperty("syncope.port");
    SyncopeClientFactoryBean clientFactory = new SyncopeClientFactoryBean().setAddress("http://localhost:" + syncopePort + "/syncope/rest/");
    SyncopeClient syncopeClient = clientFactory.create(jwtToken);
    syncopeClient.self();
}
Also used : Response(javax.ws.rs.core.Response) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) Bus(org.apache.cxf.Bus) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) SyncopeClientFactoryBean(org.apache.syncope.client.lib.SyncopeClientFactoryBean) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient)

Example 23 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class Logout method doGet.

@Override
protected void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
    String samlResponse = request.getParameter(SSOConstants.SAML_RESPONSE);
    String relayState = request.getParameter(SSOConstants.RELAY_STATE);
    if (samlResponse == null) {
        // prepare logout response
        SyncopeClientFactoryBean clientFactory = (SyncopeClientFactoryBean) request.getServletContext().getAttribute(Constants.SYNCOPE_CLIENT_FACTORY);
        try {
            String accessToken = (String) request.getSession().getAttribute(Constants.SAML2SPJWT);
            if (StringUtils.isBlank(accessToken)) {
                throw new IllegalArgumentException("No access token found ");
            }
            SyncopeClient client = clientFactory.create(accessToken);
            SAML2RequestTO requestTO = client.getService(SAML2SPService.class).createLogoutRequest(StringUtils.substringBefore(request.getRequestURL().toString(), "/saml2sp"));
            prepare(response, requestTO);
        } catch (Exception e) {
            LOG.error("While preparing logout request to IdP", e);
            String errorURL = getServletContext().getInitParameter(Constants.CONTEXT_PARAM_LOGOUT_ERROR_URL);
            if (errorURL == null) {
                request.setAttribute("exception", e);
                request.getRequestDispatcher("logoutError.jsp").forward(request, response);
                e.printStackTrace(response.getWriter());
            } else {
                response.sendRedirect(errorURL + "?errorMessage=" + URLEncoder.encode(e.getMessage(), StandardCharsets.UTF_8.name()));
            }
        }
    } else {
        // process REDIRECT binding logout response
        SAML2ReceivedResponseTO receivedResponse = new SAML2ReceivedResponseTO();
        receivedResponse.setSamlResponse(samlResponse);
        receivedResponse.setRelayState(relayState);
        doLogout(receivedResponse, request, response);
    }
}
Also used : SAML2SPService(org.apache.syncope.common.rest.api.service.SAML2SPService) SAML2RequestTO(org.apache.syncope.common.lib.to.SAML2RequestTO) SAML2ReceivedResponseTO(org.apache.syncope.common.lib.to.SAML2ReceivedResponseTO) SyncopeClientFactoryBean(org.apache.syncope.client.lib.SyncopeClientFactoryBean) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Example 24 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class Metadata method doGet.

@Override
protected void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
    SyncopeClient anonymous = (SyncopeClient) request.getServletContext().getAttribute(Constants.SYNCOPE_ANONYMOUS_CLIENT);
    SAML2SPService service = anonymous.getService(SAML2SPService.class);
    WebClient.client(service).accept(MediaType.APPLICATION_XML_TYPE).type(MediaType.APPLICATION_XML_TYPE);
    try {
        Response metadataResponse = service.getMetadata(StringUtils.substringBefore(request.getRequestURL().toString(), "/saml2sp"), "saml2sp");
        response.setContentType(metadataResponse.getMediaType().toString());
        IOUtils.copy((InputStream) metadataResponse.getEntity(), response.getOutputStream());
        ((InputStream) metadataResponse.getEntity()).close();
    } catch (Exception e) {
        throw new ServletException(e.getMessage());
    }
}
Also used : SAML2SPService(org.apache.syncope.common.rest.api.service.SAML2SPService) HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(javax.ws.rs.core.Response) ServletException(javax.servlet.ServletException) InputStream(java.io.InputStream) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Example 25 with SyncopeClient

use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.

the class RESTITCase method unauthorizedOrForbidden.

@Test
public void unauthorizedOrForbidden() {
    // service as admin: it works
    List<ConnInstanceTO> connectors = connectorService.list(null);
    assertNotNull(connectors);
    assertFalse(connectors.isEmpty());
    // service with bad password: 401 unauthorized
    try {
        clientFactory.create("bellini", "passwor");
        fail("This should not happen");
    } catch (AccessControlException e) {
        assertNotNull(e);
    }
    // service with invalid JWT string: 401 unauthorized
    try {
        clientFactory.create(RandomStringUtils.random(20, true, true)).self();
        fail("This should not happen");
    } catch (AccessControlException e) {
        assertNotNull(e);
    }
    // service with good password, but no entitlements owned: 403 forbidden
    SyncopeClient goodClient = clientFactory.create("bellini", "password");
    try {
        goodClient.getService(ConnectorService.class).list(null);
        fail("This should not happen");
    } catch (ForbiddenException e) {
        assertNotNull(e);
    }
}
Also used : ForbiddenException(javax.ws.rs.ForbiddenException) ConnInstanceTO(org.apache.syncope.common.lib.to.ConnInstanceTO) AccessControlException(java.security.AccessControlException) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) ConnectorService(org.apache.syncope.common.rest.api.service.ConnectorService) Test(org.junit.jupiter.api.Test)

Aggregations

SyncopeClient (org.apache.syncope.client.lib.SyncopeClient)40 Test (org.junit.jupiter.api.Test)31 Response (javax.ws.rs.core.Response)15 UserTO (org.apache.syncope.common.lib.to.UserTO)15 UserSelfService (org.apache.syncope.common.rest.api.service.UserSelfService)15 AccessControlException (java.security.AccessControlException)12 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)11 Date (java.util.Date)10 HmacJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.HmacJwsSignatureProvider)10 JwsHeaders (org.apache.cxf.rs.security.jose.jws.JwsHeaders)10 JwsJwtCompactProducer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer)10 JwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider)10 NoneJwsSignatureProvider (org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider)10 JwtClaims (org.apache.cxf.rs.security.jose.jwt.JwtClaims)10 Calendar (java.util.Calendar)9 IOException (java.io.IOException)8 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)8 AccessTokenService (org.apache.syncope.common.rest.api.service.AccessTokenService)8 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)7 SyncopeClientFactoryBean (org.apache.syncope.client.lib.SyncopeClientFactoryBean)7