Example 86 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class DoubleItPortTypeImpl method doubleIt.
public int doubleIt(int numberToDouble) {
//
// Get the transformed SAML Assertion from the STS and check it
//
MessageContext context = wsc.getMessageContext();
final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) context.get(WSHandlerConstants.RECV_RESULTS));
WSSecurityEngineResult actionResult = handlerResults.get(0).getActionResults().get(WSConstants.UT).get(0);
SamlAssertionWrapper assertion = (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
Assert.assertTrue(assertion != null && "DoubleItSTSIssuer".equals(assertion.getIssuerString()));
return numberToDouble * 2;
}
Also used :
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
MessageContext(javax.xml.ws.handler.MessageContext)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Example 87 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class CustomWSS4JSecurityContextCreator method createSecurityContext.
/**
* Create a SecurityContext and store it on the SoapMessage parameter
*/
public void createSecurityContext(SoapMessage msg, WSHandlerResult handlerResult) {
Map<Integer, List<WSSecurityEngineResult>> actionResults = handlerResult.getActionResults();
Principal asymmetricPrincipal = null;
// Get Asymmetric Signature action
List<WSSecurityEngineResult> foundResults = actionResults.get(WSConstants.SIGN);
if (foundResults != null && !foundResults.isEmpty()) {
for (WSSecurityEngineResult result : foundResults) {
PublicKey publickey = (PublicKey) result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
X509Certificate cert = (X509Certificate) result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
if (publickey == null && cert == null) {
continue;
}
SecurityContext context = createSecurityContext(msg, true, result);
if (context != null && context.getUserPrincipal() != null) {
asymmetricPrincipal = context.getUserPrincipal();
break;
}
}
}
// We must have an asymmetric principal
if (asymmetricPrincipal == null) {
return;
}
// Get signed SAML action
SAMLSecurityContext context = null;
foundResults = actionResults.get(WSConstants.ST_SIGNED);
if (foundResults != null && !foundResults.isEmpty()) {
for (WSSecurityEngineResult result : foundResults) {
Object receivedAssertion = result.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
if (receivedAssertion == null) {
receivedAssertion = result.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
}
if (receivedAssertion instanceof SamlAssertionWrapper) {
String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
if (roleAttributeName == null || roleAttributeName.length() == 0) {
roleAttributeName = WSS4JInInterceptor.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
}
ClaimCollection claims = SAMLUtils.getClaims((SamlAssertionWrapper) receivedAssertion);
Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
context = new SAMLSecurityContext(asymmetricPrincipal, roles, claims);
context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));
context.setAssertionElement(SAMLUtils.getAssertionElement(receivedAssertion));
break;
}
}
}
if (context != null) {
msg.put(SecurityContext.class, context);
}
}
Also used :
PublicKey(java.security.PublicKey)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
X509Certificate(java.security.cert.X509Certificate)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
List(java.util.List)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
Principal(java.security.Principal)
Example 88 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class IssueUnitTest method testPublicKeySaml2.
/**
* Test the Public Key SAML2 case
*/
@org.junit.Test
public void testPublicKeySaml2() throws Exception {
createBus(getClass().getResource("cxf-client.xml").toString());
// Get a token
SecurityToken token = requestSecurityToken(SAML2_TOKEN_TYPE, PUBLIC_KEY_KEYTYPE, bus, DEFAULT_ADDRESS);
assertTrue(token.getSecret() == null && token.getX509Certificate() != null);
assertEquals(SAML2_TOKEN_TYPE, token.getTokenType());
assertNotNull(token.getToken());
// Process the token
List<WSSecurityEngineResult> results = processToken(token);
assertTrue(results != null && results.size() == 1);
SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertNotNull(assertion);
assertTrue(assertion.getSaml1() == null && assertion.getSaml2() != null);
assertTrue(assertion.isSigned());
List<String> methods = assertion.getConfirmationMethods();
String confirmMethod = null;
if (methods != null && !methods.isEmpty()) {
confirmMethod = methods.get(0);
}
assertTrue(OpenSAMLUtil.isMethodHolderOfKey(confirmMethod));
SAMLKeyInfo subjectKeyInfo = assertion.getSubjectKeyInfo();
assertNotNull(subjectKeyInfo.getCerts());
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Example 89 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class IssueUnitTest method testBearerSaml1Context.
/**
* Test the Bearer SAML1 case with a Context Attribute
*/
@org.junit.Test
public void testBearerSaml1Context() throws Exception {
createBus(getClass().getResource("cxf-client.xml").toString());
// Get a token
String context = "AuthenticationContext";
SecurityToken token = requestSecurityToken(SAML1_TOKEN_TYPE, BEARER_KEYTYPE, bus, DEFAULT_ADDRESS, context);
assertEquals(SAML1_TOKEN_TYPE, token.getTokenType());
assertNotNull(token.getToken());
// Process the token
List<WSSecurityEngineResult> results = processToken(token);
assertTrue(results != null && results.size() == 1);
SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertNotNull(assertion);
assertTrue(assertion.getSaml1() != null && assertion.getSaml2() == null);
assertTrue(assertion.isSigned());
List<String> methods = assertion.getConfirmationMethods();
String confirmMethod = null;
if (methods != null && !methods.isEmpty()) {
confirmMethod = methods.get(0);
}
assertTrue(confirmMethod != null && confirmMethod.contains("bearer"));
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Aggregations
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)89
WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)42
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)35
Element (org.w3c.dom.Element)23
HashMap (java.util.HashMap)19
ArrayList (java.util.ArrayList)18
Test (org.junit.Test)18
QName (javax.xml.namespace.QName)17
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)16
X509Certificate (java.security.cert.X509Certificate)12
SOAPMessage (javax.xml.soap.SOAPMessage)12
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)12
SecurityContext (org.apache.cxf.security.SecurityContext)12
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12
Message (org.apache.cxf.message.Message)9
WSDataRef (org.apache.wss4j.dom.WSDataRef)9
Document (org.w3c.dom.Document)9
AbstractSecurityTest (org.apache.cxf.ws.security.wss4j.AbstractSecurityTest)8
BinarySecurity (org.apache.wss4j.common.token.BinarySecurity)8
RequestData (org.apache.wss4j.dom.handler.RequestData)8
