Examples with SamlAssertionWrapper org.apache.wss4j.common.saml.SamlAssertionWrapper used on opensource projects

Search in sources :

Example 46 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class STSRESTTest method testIssueSymmetricKeySaml1.

@org.junit.Test
public void testIssueSymmetricKeySaml1() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = STSRESTTest.class.getResource("cxf-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
    WebClient client = WebClient.create(address, busFile.toString());
    client.accept("application/xml");
    client.path("saml1.1");
    client.query("keyType", SYMMETRIC_KEY_KEYTYPE);
    Response response = client.get();
    Document assertionDoc = response.readEntity(Document.class);
    assertNotNull(assertionDoc);
    // Process the token
    List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
    assertTrue(results != null && results.size() == 1);
    SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertTrue(assertion != null);
    assertTrue(assertion.getSaml2() == null && assertion.getSaml1() != null);
    assertTrue(assertion.isSigned());
    List<String> methods = assertion.getConfirmationMethods();
    String confirmMethod = null;
    if (methods != null && !methods.isEmpty()) {
        confirmMethod = methods.get(0);
    }
    assertTrue(OpenSAMLUtil.isMethodHolderOfKey(confirmMethod));
    SAMLKeyInfo subjectKeyInfo = assertion.getSubjectKeyInfo();
    assertTrue(subjectKeyInfo.getSecret() != null);
    bus.shutdown(true);
}
Also used : Response(javax.ws.rs.core.Response) Bus(org.apache.cxf.Bus) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Document(org.w3c.dom.Document) WebClient(org.apache.cxf.jaxrs.client.WebClient) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) URL(java.net.URL)

Example 47 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class STSRESTTest method testIssueBearerSAML1Token.

@org.junit.Test
public void testIssueBearerSAML1Token() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = STSRESTTest.class.getResource("cxf-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
    WebClient client = WebClient.create(address, busFile.toString());
    client.accept("application/xml");
    client.path("saml1.1");
    client.query("keyType", BEARER_KEYTYPE);
    Response response = client.get();
    Document assertionDoc = response.readEntity(Document.class);
    assertNotNull(assertionDoc);
    // Process the token
    List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
    assertTrue(results != null && results.size() == 1);
    SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertTrue(assertion != null);
    assertTrue(assertion.getSaml2() == null && assertion.getSaml1() != null);
    assertTrue(assertion.isSigned());
    List<String> methods = assertion.getConfirmationMethods();
    String confirmMethod = null;
    if (methods != null && !methods.isEmpty()) {
        confirmMethod = methods.get(0);
    }
    assertTrue(confirmMethod.contains("bearer"));
    bus.shutdown(true);
}
Also used : Response(javax.ws.rs.core.Response) Bus(org.apache.cxf.Bus) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Document(org.w3c.dom.Document) WebClient(org.apache.cxf.jaxrs.client.WebClient) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) URL(java.net.URL)

Example 48 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class STSRESTTest method testIssueSAML2Token.

@org.junit.Test
public void testIssueSAML2Token() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = STSRESTTest.class.getResource("cxf-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
    WebClient client = WebClient.create(address, busFile.toString());
    client.accept("application/xml");
    client.path("saml2.0");
    Response response = client.get();
    Document assertionDoc = response.readEntity(Document.class);
    assertNotNull(assertionDoc);
    // Process the token
    List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
    assertTrue(results != null && results.size() == 1);
    SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertTrue(assertion != null);
    assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
    assertTrue(assertion.isSigned());
    bus.shutdown(true);
}
Also used : Response(javax.ws.rs.core.Response) Bus(org.apache.cxf.Bus) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Document(org.w3c.dom.Document) WebClient(org.apache.cxf.jaxrs.client.WebClient) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) URL(java.net.URL)

Example 49 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class STSRESTTest method testIssueSAML2TokenAppliesTo.

@org.junit.Test
public void testIssueSAML2TokenAppliesTo() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = STSRESTTest.class.getResource("cxf-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
    WebClient client = WebClient.create(address, busFile.toString());
    client.accept("application/xml");
    client.path("saml2.0");
    client.query("appliesTo", DEFAULT_ADDRESS);
    Response response = client.get();
    Document assertionDoc = response.readEntity(Document.class);
    assertNotNull(assertionDoc);
    // Process the token
    List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
    assertTrue(results != null && results.size() == 1);
    SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertTrue(assertion != null);
    assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
    assertTrue(assertion.isSigned());
    bus.shutdown(true);
}
Also used : Response(javax.ws.rs.core.Response) Bus(org.apache.cxf.Bus) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Document(org.w3c.dom.Document) WebClient(org.apache.cxf.jaxrs.client.WebClient) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) URL(java.net.URL)

Example 50 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class ActAsValidator method validate.

@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
    Credential validatedCredential = super.validate(credential, data);
    SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
    Assertion saml2Assertion = assertion.getSaml2();
    if (saml2Assertion == null) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    // The technical user should be in the Subject
    Subject subject = saml2Assertion.getSubject();
    if (subject == null || subject.getNameID() == null || !subject.getNameID().getValue().contains("www.client.com")) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
    if (attributeStatements == null || attributeStatements.isEmpty()) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    for (AttributeStatement statement : attributeStatements) {
        List<Attribute> attributes = statement.getAttributes();
        for (Attribute attribute : attributes) {
            if (!"CustomActAs".equals(attribute.getName()) && !"ActAs".equals(attribute.getName())) {
                continue;
            }
            for (XMLObject attributeValue : attribute.getAttributeValues()) {
                Element attributeValueElement = attributeValue.getDOM();
                String text = attributeValueElement.getTextContent();
                if (text.contains("alice") || text.contains("bob")) {
                    return validatedCredential;
                }
            }
        }
    }
    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Element(org.w3c.dom.Element) Assertion(org.opensaml.saml.saml2.core.Assertion) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) XMLObject(org.opensaml.core.xml.XMLObject) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Subject(org.opensaml.saml.saml2.core.Subject)

Aggregations

SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)141 Element (org.w3c.dom.Element)68 Document (org.w3c.dom.Document)55 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)44 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)40 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)35 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)27 Crypto (org.apache.wss4j.common.crypto.Crypto)26 Response (org.opensaml.saml.saml2.core.Response)23 URL (java.net.URL)22 Bus (org.apache.cxf.Bus)20 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)19 ArrayList (java.util.ArrayList)18 WebClient (org.apache.cxf.jaxrs.client.WebClient)18 Status (org.opensaml.saml.saml2.core.Status)18 HashMap (java.util.HashMap)16 Test (org.junit.Test)16 Principal (java.security.Principal)15 WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)14 Response (javax.ws.rs.core.Response)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial