Examples with SamlAssertionWrapper org.apache.wss4j.common.saml.SamlAssertionWrapper used on opensource projects

Search in sources :

Example 36 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class DifferentRealmValidator method validate.

public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
    Credential validatedCredential = super.validate(credential, data);
    SamlAssertionWrapper transformedToken = validatedCredential.getTransformedToken();
    if (transformedToken == null || transformedToken.getSaml2() == null || !"B-Issuer".equals(transformedToken.getIssuerString())) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
    }
    Assertion assertion = transformedToken.getSaml2();
    if (!"B-Principal".equals(assertion.getSubject().getNameID().getValue())) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
    }
    return validatedCredential;
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) Assertion(org.opensaml.saml.saml2.core.Assertion) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 37 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class SAMLTokenRenewerTest method renewValidSAML1Assertion.

/**
 * Renew a valid SAML1 Assertion
 */
@org.junit.Test
public void renewValidSAML1Assertion() throws Exception {
    // Create the Assertion
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50000, true, false);
    Document doc = samlToken.getOwnerDocument();
    samlToken = (Element) doc.appendChild(samlToken);
    // Validate the Assertion
    TokenValidator samlTokenValidator = new SAMLTokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    ReceivedToken validateTarget = new ReceivedToken(samlToken);
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    assertTrue(samlTokenValidator.canHandleToken(validateTarget));
    TokenValidatorResponse validatorResponse = samlTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
    // Renew the Assertion
    TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
    renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
    renewerParameters.setStsProperties(validatorParameters.getStsProperties());
    renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
    renewerParameters.setMessageContext(validatorParameters.getMessageContext());
    renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
    renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
    renewerParameters.setTokenStore(validatorParameters.getTokenStore());
    renewerParameters.setToken(validatorResponse.getToken());
    TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
    samlTokenRenewer.setVerifyProofOfPossession(false);
    assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));
    TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
    assertTrue(renewerResponse != null);
    assertTrue(renewerResponse.getToken() != null);
    String oldId = new SamlAssertionWrapper(samlToken).getId();
    String newId = new SamlAssertionWrapper(renewerResponse.getToken()).getId();
    assertFalse(oldId.equals(newId));
    // Now validate it again
    validateTarget = new ReceivedToken(renewerResponse.getToken());
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    validatorResponse = samlTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
    // Now try to renew it again!
    renewerParameters.setToken(validatorResponse.getToken());
    samlTokenRenewer = new SAMLTokenRenewer();
    samlTokenRenewer.setVerifyProofOfPossession(false);
    assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));
    renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
    assertTrue(renewerResponse != null);
    assertTrue(renewerResponse.getToken() != null);
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Document(org.w3c.dom.Document) TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Crypto(org.apache.wss4j.common.crypto.Crypto) TokenValidator(org.apache.cxf.sts.token.validator.TokenValidator) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)

Example 38 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class SAMLTokenRenewerTest method renewExpiredSAML1Assertion.

/**
 * Renew an expired SAML1 Assertion
 */
@org.junit.Test
public void renewExpiredSAML1Assertion() throws Exception {
    // Create the Assertion
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50, true, true);
    Document doc = samlToken.getOwnerDocument();
    samlToken = (Element) doc.appendChild(samlToken);
    // Sleep to expire the token
    Thread.sleep(100);
    // Validate the Assertion
    TokenValidator samlTokenValidator = new SAMLTokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    ReceivedToken validateTarget = new ReceivedToken(samlToken);
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    assertTrue(samlTokenValidator.canHandleToken(validateTarget));
    TokenValidatorResponse validatorResponse = samlTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.EXPIRED);
    // Renew the Assertion
    TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
    renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
    renewerParameters.setStsProperties(validatorParameters.getStsProperties());
    renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
    renewerParameters.setMessageContext(validatorParameters.getMessageContext());
    renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
    renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
    renewerParameters.setTokenStore(validatorParameters.getTokenStore());
    renewerParameters.setToken(validatorResponse.getToken());
    TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
    samlTokenRenewer.setVerifyProofOfPossession(false);
    assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));
    try {
        samlTokenRenewer.renewToken(renewerParameters);
        fail("Failure expected on an expired token, which is not allowed by default");
    } catch (Exception ex) {
    // expected
    }
    samlTokenRenewer.setAllowRenewalAfterExpiry(true);
    TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
    assertTrue(renewerResponse != null);
    assertTrue(renewerResponse.getToken() != null);
    String oldId = new SamlAssertionWrapper(samlToken).getId();
    String newId = new SamlAssertionWrapper(renewerResponse.getToken()).getId();
    assertFalse(oldId.equals(newId));
    // Now validate it again
    validateTarget = new ReceivedToken(renewerResponse.getToken());
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    validatorResponse = samlTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Document(org.w3c.dom.Document) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) STSException(org.apache.cxf.ws.security.sts.provider.STSException) TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Crypto(org.apache.wss4j.common.crypto.Crypto) TokenValidator(org.apache.cxf.sts.token.validator.TokenValidator) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)

Example 39 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class IssueUnitTest method testBearerSaml1Lifetime.

/**
 * Test the Bearer SAML1 case with a Lifetime element
 */
@org.junit.Test
public void testBearerSaml1Lifetime() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = IssueUnitTest.class.getResource("cxf-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    // Get a token
    SecurityToken token = requestSecurityTokenTTL(SAML1_TOKEN_TYPE, BEARER_KEYTYPE, bus, DEFAULT_ADDRESS);
    assertTrue(SAML1_TOKEN_TYPE.equals(token.getTokenType()));
    assertTrue(token.getToken() != null);
    // Process the token
    List<WSSecurityEngineResult> results = processToken(token);
    assertTrue(results != null && results.size() == 1);
    SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertTrue(assertion != null);
    assertTrue(assertion.getSaml1() != null && assertion.getSaml2() == null);
    assertTrue(assertion.isSigned());
    List<String> methods = assertion.getConfirmationMethods();
    String confirmMethod = null;
    if (methods != null && !methods.isEmpty()) {
        confirmMethod = methods.get(0);
    }
    assertTrue(confirmMethod != null && confirmMethod.contains("bearer"));
    bus.shutdown(true);
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Bus(org.apache.cxf.Bus) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) URL(java.net.URL)

Example 40 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class IssueUnitTest method testBearerSaml1.

/**
 * Test the Bearer SAML1 case
 */
@org.junit.Test
public void testBearerSaml1() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = IssueUnitTest.class.getResource("cxf-client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    // Get a token
    SecurityToken token = requestSecurityToken(SAML1_TOKEN_TYPE, BEARER_KEYTYPE, bus, DEFAULT_ADDRESS);
    assertTrue(SAML1_TOKEN_TYPE.equals(token.getTokenType()));
    assertTrue(token.getToken() != null);
    // Process the token
    List<WSSecurityEngineResult> results = processToken(token);
    assertTrue(results != null && results.size() == 1);
    SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertTrue(assertion != null);
    assertTrue(assertion.getSaml1() != null && assertion.getSaml2() == null);
    assertTrue(assertion.isSigned());
    List<String> methods = assertion.getConfirmationMethods();
    String confirmMethod = null;
    if (methods != null && !methods.isEmpty()) {
        confirmMethod = methods.get(0);
    }
    assertTrue(confirmMethod != null && confirmMethod.contains("bearer"));
    bus.shutdown(true);
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Bus(org.apache.cxf.Bus) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) URL(java.net.URL)

Aggregations

SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)141 Element (org.w3c.dom.Element)68 Document (org.w3c.dom.Document)55 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)44 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)40 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)35 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)27 Crypto (org.apache.wss4j.common.crypto.Crypto)26 Response (org.opensaml.saml.saml2.core.Response)23 URL (java.net.URL)22 Bus (org.apache.cxf.Bus)20 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)19 ArrayList (java.util.ArrayList)18 WebClient (org.apache.cxf.jaxrs.client.WebClient)18 Status (org.opensaml.saml.saml2.core.Status)18 HashMap (java.util.HashMap)16 Test (org.junit.Test)16 Principal (java.security.Principal)15 WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)14 Response (javax.ws.rs.core.Response)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial