use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.
the class Logout method doLogout.
private void doLogout(final SAML2ReceivedResponseTO receivedResponse, final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
SyncopeClientFactoryBean clientFactory = (SyncopeClientFactoryBean) request.getServletContext().getAttribute(Constants.SYNCOPE_CLIENT_FACTORY);
try {
String accessToken = (String) request.getSession().getAttribute(Constants.SAML2SPJWT);
if (StringUtils.isBlank(accessToken)) {
throw new IllegalArgumentException("No access token found ");
}
SyncopeClient client = clientFactory.create(accessToken);
client.getService(SAML2SPService.class).validateLogoutResponse(receivedResponse);
String successURL = getServletContext().getInitParameter(Constants.CONTEXT_PARAM_LOGOUT_SUCCESS_URL);
if (successURL == null) {
request.getRequestDispatcher("logoutSuccess.jsp").forward(request, response);
} else {
response.sendRedirect(successURL);
}
request.getSession().removeAttribute(Constants.SAML2SPJWT);
} catch (Exception e) {
LOG.error("While processing authentication response from IdP", e);
String errorURL = getServletContext().getInitParameter(Constants.CONTEXT_PARAM_LOGOUT_ERROR_URL);
if (errorURL == null) {
request.setAttribute("exception", e);
request.getRequestDispatcher("logoutError.jsp").forward(request, response);
e.printStackTrace(response.getWriter());
} else {
response.sendRedirect(errorURL + "?errorMessage=" + URLEncoder.encode(e.getMessage(), StandardCharsets.UTF_8.name()));
}
}
}
use of org.apache.syncope.client.lib.SyncopeClient in project testcases by coheigea.
the class JWTTestIT method testAuthenticatedRequest.
@org.junit.Test
public void testAuthenticatedRequest() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = JWTTestIT.class.getResource("cxf-client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
// 1. Get a JWT Token from the STS via the REST interface for "alice"
String address = "https://localhost:" + STS_PORT + "/SecurityTokenService/token";
WebClient client = WebClient.create(address, "alice", "security", busFile.toString());
client.accept("text/plain");
client.path("jwt");
// sclient.query("appliesTo", "bob/service.ws.apache.org@service.ws.apache.org");
Response response = client.get();
String jwtToken = response.readEntity(String.class);
assertNotNull(jwtToken);
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(jwtToken);
JwtToken jwt = jwtConsumer.getJwtToken();
Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
// 2. Now use the JWT Token to authenticate to Syncope.
String syncopePort = System.getProperty("syncope.port");
SyncopeClientFactoryBean clientFactory = new SyncopeClientFactoryBean().setAddress("http://localhost:" + syncopePort + "/syncope/rest/");
SyncopeClient syncopeClient = clientFactory.create(jwtToken);
syncopeClient.self();
}
use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.
the class Logout method doGet.
@Override
protected void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
String samlResponse = request.getParameter(SSOConstants.SAML_RESPONSE);
String relayState = request.getParameter(SSOConstants.RELAY_STATE);
if (samlResponse == null) {
// prepare logout response
SyncopeClientFactoryBean clientFactory = (SyncopeClientFactoryBean) request.getServletContext().getAttribute(Constants.SYNCOPE_CLIENT_FACTORY);
try {
String accessToken = (String) request.getSession().getAttribute(Constants.SAML2SPJWT);
if (StringUtils.isBlank(accessToken)) {
throw new IllegalArgumentException("No access token found ");
}
SyncopeClient client = clientFactory.create(accessToken);
SAML2RequestTO requestTO = client.getService(SAML2SPService.class).createLogoutRequest(StringUtils.substringBefore(request.getRequestURL().toString(), "/saml2sp"));
prepare(response, requestTO);
} catch (Exception e) {
LOG.error("While preparing logout request to IdP", e);
String errorURL = getServletContext().getInitParameter(Constants.CONTEXT_PARAM_LOGOUT_ERROR_URL);
if (errorURL == null) {
request.setAttribute("exception", e);
request.getRequestDispatcher("logoutError.jsp").forward(request, response);
e.printStackTrace(response.getWriter());
} else {
response.sendRedirect(errorURL + "?errorMessage=" + URLEncoder.encode(e.getMessage(), StandardCharsets.UTF_8.name()));
}
}
} else {
// process REDIRECT binding logout response
SAML2ReceivedResponseTO receivedResponse = new SAML2ReceivedResponseTO();
receivedResponse.setSamlResponse(samlResponse);
receivedResponse.setRelayState(relayState);
doLogout(receivedResponse, request, response);
}
}
use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.
the class Metadata method doGet.
@Override
protected void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
SyncopeClient anonymous = (SyncopeClient) request.getServletContext().getAttribute(Constants.SYNCOPE_ANONYMOUS_CLIENT);
SAML2SPService service = anonymous.getService(SAML2SPService.class);
WebClient.client(service).accept(MediaType.APPLICATION_XML_TYPE).type(MediaType.APPLICATION_XML_TYPE);
try {
Response metadataResponse = service.getMetadata(StringUtils.substringBefore(request.getRequestURL().toString(), "/saml2sp"), "saml2sp");
response.setContentType(metadataResponse.getMediaType().toString());
IOUtils.copy((InputStream) metadataResponse.getEntity(), response.getOutputStream());
((InputStream) metadataResponse.getEntity()).close();
} catch (Exception e) {
throw new ServletException(e.getMessage());
}
}
use of org.apache.syncope.client.lib.SyncopeClient in project syncope by apache.
the class RESTITCase method unauthorizedOrForbidden.
@Test
public void unauthorizedOrForbidden() {
// service as admin: it works
List<ConnInstanceTO> connectors = connectorService.list(null);
assertNotNull(connectors);
assertFalse(connectors.isEmpty());
// service with bad password: 401 unauthorized
try {
clientFactory.create("bellini", "passwor");
fail("This should not happen");
} catch (AccessControlException e) {
assertNotNull(e);
}
// service with invalid JWT string: 401 unauthorized
try {
clientFactory.create(RandomStringUtils.random(20, true, true)).self();
fail("This should not happen");
} catch (AccessControlException e) {
assertNotNull(e);
}
// service with good password, but no entitlements owned: 403 forbidden
SyncopeClient goodClient = clientFactory.create("bellini", "password");
try {
goodClient.getService(ConnectorService.class).list(null);
fail("This should not happen");
} catch (ForbiddenException e) {
assertNotNull(e);
}
}
Aggregations