Example 6 with SecurityContextToken
use of org.apache.wss4j.dom.message.token.SecurityContextToken in project cxf by apache.
the class SCTValidator method validateToken.
/**
* Validate a Token using the given TokenValidatorParameters.
*/
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
LOG.fine("Validating SecurityContextToken");
TokenValidatorResponse response = new TokenValidatorResponse();
ReceivedToken validateTarget = tokenParameters.getToken();
validateTarget.setState(STATE.INVALID);
response.setToken(validateTarget);
if (tokenParameters.getTokenStore() == null) {
LOG.log(Level.FINE, "A cache must be configured to use the SCTValidator");
return response;
}
if (validateTarget.isDOMElement()) {
try {
Element validateTargetElement = (Element) validateTarget.getToken();
SecurityContextToken sct = new SecurityContextToken(validateTargetElement);
String identifier = sct.getIdentifier();
SecurityToken token = tokenParameters.getTokenStore().getToken(identifier);
if (token == null) {
LOG.fine("Identifier: " + identifier + " is not found in the cache");
return response;
}
if (token.isExpired()) {
validateTarget.setState(STATE.EXPIRED);
LOG.fine("Token: " + identifier + " is in the cache but expired");
return response;
}
byte[] secret = token.getSecret();
Map<String, Object> properties = new HashMap<>(1);
properties.put(SCT_VALIDATOR_SECRET, secret);
response.setAdditionalProperties(properties);
response.setPrincipal(token.getPrincipal());
Map<String, Object> props = token.getProperties();
if (props != null) {
String realm = (String) props.get(STSConstants.TOKEN_REALM);
response.setTokenRealm(realm);
}
validateTarget.setState(STATE.VALID);
LOG.fine("SecurityContextToken successfully validated");
} catch (WSSecurityException ex) {
LOG.log(Level.WARNING, "", ex);
}
}
return response;
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SecurityContextToken(org.apache.wss4j.dom.message.token.SecurityContextToken)
HashMap(java.util.HashMap)
Element(org.w3c.dom.Element)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Example 7 with SecurityContextToken
use of org.apache.wss4j.dom.message.token.SecurityContextToken in project cxf by apache.
the class SCTCancellerTest method testCancelInvalidToken.
/**
* Try to cancel an invalid SecurityContextToken
*/
@org.junit.Test
public void testCancelInvalidToken() throws Exception {
TokenCanceller sctCanceller = new SCTCanceller();
sctCanceller.setVerifyProofOfPossession(false);
TokenCancellerParameters cancellerParameters = createCancellerParameters();
TokenRequirements tokenRequirements = cancellerParameters.getTokenRequirements();
// Create a CancelTarget consisting of a SecurityContextToken
Document doc = DOMUtils.getEmptyDocument();
SecurityContextToken sct = new SecurityContextToken(doc);
ReceivedToken cancelTarget = new ReceivedToken(sct.getElement());
tokenRequirements.setCancelTarget(cancelTarget);
cancellerParameters.setToken(cancelTarget);
assertTrue(sctCanceller.canHandleToken(cancelTarget));
TokenCancellerResponse cancellerResponse = sctCanceller.cancelToken(cancellerParameters);
assertTrue(cancellerResponse != null);
assertFalse(cancellerResponse.getToken().getState() == STATE.CANCELLED);
}
Also used :
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
SecurityContextToken(org.apache.wss4j.dom.message.token.SecurityContextToken)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Document(org.w3c.dom.Document)
Example 8 with SecurityContextToken
use of org.apache.wss4j.dom.message.token.SecurityContextToken in project cxf by apache.
the class SCTProviderTest method testCreateSCTCache.
/**
* Create a SecurityContextToken and test that it's stored in the cache
*/
@org.junit.Test
public void testCreateSCTCache() throws Exception {
TokenProvider sctTokenProvider = new SCTProvider();
TokenProviderParameters providerParameters = createProviderParameters(STSUtils.TOKEN_TYPE_SCT_05_12);
assertTrue(sctTokenProvider.canHandleToken(STSUtils.TOKEN_TYPE_SCT_05_12));
TokenProviderResponse providerResponse = sctTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
SecurityContextToken sctToken = new SecurityContextToken(token);
String identifier = sctToken.getIdentifier();
assertNotNull(tokenStore.getToken(identifier));
assertNull(tokenStore.getToken(identifier + "1234"));
}
Also used :
SecurityContextToken(org.apache.wss4j.dom.message.token.SecurityContextToken)
Element(org.w3c.dom.Element)
Example 9 with SecurityContextToken
use of org.apache.wss4j.dom.message.token.SecurityContextToken in project cxf by apache.
the class SCTValidatorTest method testInvalidSecurityContextToken.
/**
* Test an invalid SecurityContextToken
*/
@org.junit.Test
public void testInvalidSecurityContextToken() throws Exception {
TokenValidator sctValidator = new SCTValidator();
TokenValidatorParameters validatorParameters = createValidatorParameters();
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
// Create a ValidateTarget consisting of a SecurityContextToken
Document doc = DOMUtils.createDocument();
SecurityContextToken sct = new SecurityContextToken(doc);
ReceivedToken validateTarget = new ReceivedToken(sct.getElement());
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
assertTrue(sctValidator.canHandleToken(validateTarget));
TokenValidatorResponse validatorResponse = sctValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
}
Also used :
TokenRequirements(org.apache.cxf.sts.request.TokenRequirements)
SecurityContextToken(org.apache.wss4j.dom.message.token.SecurityContextToken)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Document(org.w3c.dom.Document)
Aggregations
SecurityContextToken (org.apache.wss4j.dom.message.token.SecurityContextToken)9
Element (org.w3c.dom.Element)6
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)4
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)4
TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)3
STSException (org.apache.cxf.ws.security.sts.provider.STSException)3
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)3
Document (org.w3c.dom.Document)3
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)2
WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)2
Instant (java.time.Instant)1
HashMap (java.util.HashMap)1
Iterator (java.util.Iterator)1
List (java.util.List)1
JAXBElement (javax.xml.bind.JAXBElement)1
SecurityContext (org.apache.cxf.security.SecurityContext)1
Renewing (org.apache.cxf.sts.request.Renewing)1
ReferenceType (org.apache.cxf.ws.security.sts.provider.model.secext.ReferenceType)1
SecurityTokenReferenceType (org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType)1
TokenStore (org.apache.cxf.ws.security.tokenstore.TokenStore)1
