Search in sources :

Example 6 with SyncopeClientFactoryBean

use of org.apache.syncope.client.lib.SyncopeClientFactoryBean in project syncope by apache.

the class DomainITCase method update.

@Test
public void update() {
    DomainTO two = domainService.read("Two");
    assertNotNull(two);
    try {
        // 1. change admin pwd for domain Two
        two.setAdminCipherAlgorithm(CipherAlgorithm.AES);
        two.setAdminPwd("password3");
        domainService.update(two);
        // 2. attempt to access with old pwd -> fail
        try {
            new SyncopeClientFactoryBean().setAddress(ADDRESS).setDomain("Two").setContentType(clientFactory.getContentType()).create(ADMIN_UNAME, "password2").self();
        } catch (AccessControlException e) {
            assertNotNull(e);
        }
        // 3. access with new pwd -> succeed
        new SyncopeClientFactoryBean().setAddress(ADDRESS).setDomain("Two").setContentType(clientFactory.getContentType()).create(ADMIN_UNAME, "password3").self();
    } finally {
        restoreTwo();
    }
}
Also used : DomainTO(org.apache.syncope.common.lib.to.DomainTO) SyncopeClientFactoryBean(org.apache.syncope.client.lib.SyncopeClientFactoryBean) AccessControlException(java.security.AccessControlException) Test(org.junit.jupiter.api.Test)

Example 7 with SyncopeClientFactoryBean

use of org.apache.syncope.client.lib.SyncopeClientFactoryBean in project syncope by apache.

the class Logout method doLogout.

private void doLogout(final SAML2ReceivedResponseTO receivedResponse, final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
    SyncopeClientFactoryBean clientFactory = (SyncopeClientFactoryBean) request.getServletContext().getAttribute(Constants.SYNCOPE_CLIENT_FACTORY);
    try {
        String accessToken = (String) request.getSession().getAttribute(Constants.SAML2SPJWT);
        if (StringUtils.isBlank(accessToken)) {
            throw new IllegalArgumentException("No access token found ");
        }
        SyncopeClient client = clientFactory.create(accessToken);
        client.getService(SAML2SPService.class).validateLogoutResponse(receivedResponse);
        String successURL = getServletContext().getInitParameter(Constants.CONTEXT_PARAM_LOGOUT_SUCCESS_URL);
        if (successURL == null) {
            request.getRequestDispatcher("logoutSuccess.jsp").forward(request, response);
        } else {
            response.sendRedirect(successURL);
        }
        request.getSession().removeAttribute(Constants.SAML2SPJWT);
    } catch (Exception e) {
        LOG.error("While processing authentication response from IdP", e);
        String errorURL = getServletContext().getInitParameter(Constants.CONTEXT_PARAM_LOGOUT_ERROR_URL);
        if (errorURL == null) {
            request.setAttribute("exception", e);
            request.getRequestDispatcher("logoutError.jsp").forward(request, response);
            e.printStackTrace(response.getWriter());
        } else {
            response.sendRedirect(errorURL + "?errorMessage=" + URLEncoder.encode(e.getMessage(), StandardCharsets.UTF_8.name()));
        }
    }
}
Also used : SAML2SPService(org.apache.syncope.common.rest.api.service.SAML2SPService) SyncopeClientFactoryBean(org.apache.syncope.client.lib.SyncopeClientFactoryBean) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Example 8 with SyncopeClientFactoryBean

use of org.apache.syncope.client.lib.SyncopeClientFactoryBean in project syncope by apache.

the class SAML2SPAgentSetup method contextInitialized.

@Override
public void contextInitialized(final ServletContextEvent sce) {
    // read saml2spagent.properties
    Properties props = PropertyUtils.read(getClass(), SAML2SP_AGENT_PROPERTIES, "conf.directory").getLeft();
    String anonymousUser = props.getProperty("anonymousUser");
    assertNotNull(anonymousUser, "<anonymousUser>");
    String anonymousKey = props.getProperty("anonymousKey");
    assertNotNull(anonymousKey, "<anonymousKey>");
    String scheme = props.getProperty("scheme");
    assertNotNull(scheme, "<scheme>");
    String host = props.getProperty("host");
    assertNotNull(host, "<host>");
    String port = props.getProperty("port");
    assertNotNull(port, "<port>");
    String rootPath = props.getProperty("rootPath");
    assertNotNull(rootPath, "<rootPath>");
    String useGZIPCompression = props.getProperty("useGZIPCompression");
    assertNotNull(useGZIPCompression, "<useGZIPCompression>");
    SyncopeClientFactoryBean clientFactory = new SyncopeClientFactoryBean().setAddress(scheme + "://" + host + ":" + port + "/" + rootPath).setUseCompression(BooleanUtils.toBoolean(useGZIPCompression));
    sce.getServletContext().setAttribute(Constants.SYNCOPE_CLIENT_FACTORY, clientFactory);
    sce.getServletContext().setAttribute(Constants.SYNCOPE_ANONYMOUS_CLIENT, clientFactory.create(new AnonymousAuthenticationHandler(anonymousUser, anonymousKey)));
}
Also used : SyncopeClientFactoryBean(org.apache.syncope.client.lib.SyncopeClientFactoryBean) AnonymousAuthenticationHandler(org.apache.syncope.client.lib.AnonymousAuthenticationHandler) Properties(java.util.Properties)

Example 9 with SyncopeClientFactoryBean

use of org.apache.syncope.client.lib.SyncopeClientFactoryBean in project testcases by coheigea.

the class JWTTestIT method testAuthenticatedRequest.

@org.junit.Test
public void testAuthenticatedRequest() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = JWTTestIT.class.getResource("cxf-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    SpringBusFactory.setDefaultBus(bus);
    SpringBusFactory.setThreadDefaultBus(bus);
    // 1. Get a JWT Token from the STS via the REST interface for "alice"
    String address = "https://localhost:" + STS_PORT + "/SecurityTokenService/token";
    WebClient client = WebClient.create(address, "alice", "security", busFile.toString());
    client.accept("text/plain");
    client.path("jwt");
    // sclient.query("appliesTo", "bob/service.ws.apache.org@service.ws.apache.org");
    Response response = client.get();
    String jwtToken = response.readEntity(String.class);
    assertNotNull(jwtToken);
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(jwtToken);
    JwtToken jwt = jwtConsumer.getJwtToken();
    Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
    // 2. Now use the JWT Token to authenticate to Syncope.
    String syncopePort = System.getProperty("syncope.port");
    SyncopeClientFactoryBean clientFactory = new SyncopeClientFactoryBean().setAddress("http://localhost:" + syncopePort + "/syncope/rest/");
    SyncopeClient syncopeClient = clientFactory.create(jwtToken);
    syncopeClient.self();
}
Also used : Response(javax.ws.rs.core.Response) JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) Bus(org.apache.cxf.Bus) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) SyncopeClientFactoryBean(org.apache.syncope.client.lib.SyncopeClientFactoryBean) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) WebClient(org.apache.cxf.jaxrs.client.WebClient) URL(java.net.URL) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient)

Example 10 with SyncopeClientFactoryBean

use of org.apache.syncope.client.lib.SyncopeClientFactoryBean in project syncope by apache.

the class Logout method doGet.

@Override
protected void doGet(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
    String samlResponse = request.getParameter(SSOConstants.SAML_RESPONSE);
    String relayState = request.getParameter(SSOConstants.RELAY_STATE);
    if (samlResponse == null) {
        // prepare logout response
        SyncopeClientFactoryBean clientFactory = (SyncopeClientFactoryBean) request.getServletContext().getAttribute(Constants.SYNCOPE_CLIENT_FACTORY);
        try {
            String accessToken = (String) request.getSession().getAttribute(Constants.SAML2SPJWT);
            if (StringUtils.isBlank(accessToken)) {
                throw new IllegalArgumentException("No access token found ");
            }
            SyncopeClient client = clientFactory.create(accessToken);
            SAML2RequestTO requestTO = client.getService(SAML2SPService.class).createLogoutRequest(StringUtils.substringBefore(request.getRequestURL().toString(), "/saml2sp"));
            prepare(response, requestTO);
        } catch (Exception e) {
            LOG.error("While preparing logout request to IdP", e);
            String errorURL = getServletContext().getInitParameter(Constants.CONTEXT_PARAM_LOGOUT_ERROR_URL);
            if (errorURL == null) {
                request.setAttribute("exception", e);
                request.getRequestDispatcher("logoutError.jsp").forward(request, response);
                e.printStackTrace(response.getWriter());
            } else {
                response.sendRedirect(errorURL + "?errorMessage=" + URLEncoder.encode(e.getMessage(), StandardCharsets.UTF_8.name()));
            }
        }
    } else {
        // process REDIRECT binding logout response
        SAML2ReceivedResponseTO receivedResponse = new SAML2ReceivedResponseTO();
        receivedResponse.setSamlResponse(samlResponse);
        receivedResponse.setRelayState(relayState);
        doLogout(receivedResponse, request, response);
    }
}
Also used : SAML2SPService(org.apache.syncope.common.rest.api.service.SAML2SPService) SAML2RequestTO(org.apache.syncope.common.lib.to.SAML2RequestTO) SAML2ReceivedResponseTO(org.apache.syncope.common.lib.to.SAML2ReceivedResponseTO) SyncopeClientFactoryBean(org.apache.syncope.client.lib.SyncopeClientFactoryBean) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Aggregations

SyncopeClientFactoryBean (org.apache.syncope.client.lib.SyncopeClientFactoryBean)13 SyncopeClient (org.apache.syncope.client.lib.SyncopeClient)7 IOException (java.io.IOException)5 Properties (java.util.Properties)4 InputStream (java.io.InputStream)3 AnonymousAuthenticationHandler (org.apache.syncope.client.lib.AnonymousAuthenticationHandler)3 SAML2SPService (org.apache.syncope.common.rest.api.service.SAML2SPService)3 ServletException (javax.servlet.ServletException)2 WebClient (org.apache.cxf.jaxrs.client.WebClient)2 BeforeAll (org.junit.jupiter.api.BeforeAll)2 TypeReference (com.fasterxml.jackson.core.type.TypeReference)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 File (java.io.File)1 Serializable (java.io.Serializable)1 URL (java.net.URL)1 AccessControlException (java.security.AccessControlException)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 Response (javax.ws.rs.core.Response)1 FileUtils (org.apache.commons.io.FileUtils)1