Example 6 with WSSecurityException
use of org.apache.ws.security.WSSecurityException in project OpenAM by OpenRock.
the class SoapSTSInstanceModule method getSTSProperties.
/**
* This method will provide the instance of the STSPropertiesMBean necessary both for the STS proper, and for the
* CXF interceptor-set which enforces the SecurityPolicy bindings.
*
* It should be a singleton because this same instance is shared by all of the token operation instances, as well as
* by the CXF interceptor-set
*/
@Provides
@Singleton
@Inject
STSPropertiesMBean getSTSProperties(Logger logger) {
StaticSTSProperties stsProperties = new StaticSTSProperties();
// KeystoreConfig may be null for a TLS-based SecurityPolicy binding, or for the AM-bare binding.
if (stsInstanceConfig.getKeystoreConfig() != null) {
stsProperties.setCallbackHandler(new SoapSTSCallbackHandler(stsInstanceConfig.getKeystoreConfig(), logger));
Crypto crypto;
try {
crypto = CryptoFactory.getInstance(getEncryptionProperties());
} catch (WSSecurityException e) {
String message = "Exception caught initializing the CryptoFactory: " + e;
logger.error(message, e);
throw new IllegalStateException(message);
}
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureUsername(stsInstanceConfig.getKeystoreConfig().getSignatureKeyAlias());
}
return stsProperties;
}
Also used :
Crypto(org.apache.ws.security.components.crypto.Crypto)
SoapSTSCallbackHandler(org.forgerock.openam.sts.soap.SoapSTSCallbackHandler)
WSSecurityException(org.apache.ws.security.WSSecurityException)
StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties)
Inject(javax.inject.Inject)
Singleton(javax.inject.Singleton)
Provides(com.google.inject.Provides)
Example 7 with WSSecurityException
use of org.apache.ws.security.WSSecurityException in project OpenAM by OpenRock.
the class OpenAMSessionTokenServerInterceptor method processToken.
/**
* This method is called in-bound on the server-side - validate-request in JASPI terms. The method must validate the
* OpenAM session id with OpenAM, and, if validation is successful, populate the wss4j results with state corresponding
* to the token validation. It will also assert the relevant tokens, which means affirm that the assertions corresponding
* to the OpenAMSessionToken have been successfully fulfilled.
* @param message The message encapsulating the soap invocation.
* @throws Fault if the OpenAM session in the BinarySecurityToken in invalid.
*/
@Override
protected void processToken(SoapMessage message) throws Fault {
Header header = findSecurityHeader(message, false);
if (header == null) {
return;
}
Element el = (Element) header.getObject();
Element child = DOMUtils.getFirstElement(el);
while (child != null) {
if (WSConstants.BINARY_TOKEN_LN.equals(child.getLocalName()) && WSConstants.WSSE_NS.equals(child.getNamespaceURI()) && AMSTSConstants.AM_SESSION_TOKEN_ASSERTION_BST_VALUE_TYPE.equals(child.getAttribute("ValueType"))) {
try {
List<WSSecurityEngineResult> validationResults = validateToken(child);
if (validationResults != null) {
List<WSHandlerResult> results = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
if (results == null) {
results = new ArrayList<WSHandlerResult>();
message.put(WSHandlerConstants.RECV_RESULTS, results);
}
WSHandlerResult rResult = new WSHandlerResult(null, validationResults);
results.add(0, rResult);
assertTokens(message);
Principal principal = (Principal) validationResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, principal);
SecurityContext sc = message.get(SecurityContext.class);
if (sc == null || sc.getUserPrincipal() == null) {
message.put(SecurityContext.class, new DefaultSecurityContext(principal, null));
}
}
} catch (WSSecurityException ex) {
throw new Fault(ex);
}
}
child = DOMUtils.getNextElement(child);
}
}
Also used :
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
Header(org.apache.cxf.headers.Header)
Element(org.w3c.dom.Element)
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
WSSecurityException(org.apache.ws.security.WSSecurityException)
Fault(org.apache.cxf.interceptor.Fault)
WSSecurityEngineResult(org.apache.ws.security.WSSecurityEngineResult)
WSHandlerResult(org.apache.ws.security.handler.WSHandlerResult)
Principal(java.security.Principal)
Aggregations
WSSecurityException (org.apache.ws.security.WSSecurityException)7
TokenValidationException (org.forgerock.openam.sts.TokenValidationException)3
Principal (java.security.Principal)2
WSSecurityEngineResult (org.apache.ws.security.WSSecurityEngineResult)2
Crypto (org.apache.ws.security.components.crypto.Crypto)2
Provides (com.google.inject.Provides)1
X509Certificate (java.security.cert.X509Certificate)1
HashMap (java.util.HashMap)1
Inject (javax.inject.Inject)1
Singleton (javax.inject.Singleton)1
Header (org.apache.cxf.headers.Header)1
Fault (org.apache.cxf.interceptor.Fault)1
LoggingInInterceptor (org.apache.cxf.interceptor.LoggingInInterceptor)1
LoggingOutInterceptor (org.apache.cxf.interceptor.LoggingOutInterceptor)1
DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)1
SecurityContext (org.apache.cxf.security.SecurityContext)1
StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)1
STSClient (org.apache.cxf.ws.security.trust.STSClient)1
WSHandlerResult (org.apache.ws.security.handler.WSHandlerResult)1
BinarySecurity (org.apache.ws.security.message.token.BinarySecurity)1
