Example 1 with SamlSecurityTokenImpl
use of org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl in project cxf by apache.
the class STSStaxTokenValidator method validate.
@SuppressWarnings("unchecked")
@Override
public <T extends SamlSecurityToken & InboundSecurityToken> T validate(final SamlAssertionWrapper samlAssertionWrapper, final InboundSecurityToken subjectSecurityToken, final TokenContext tokenContext) throws WSSecurityException {
// Check conditions
checkConditions(samlAssertionWrapper);
// Check OneTimeUse Condition
checkOneTimeUse(samlAssertionWrapper, tokenContext.getWssSecurityProperties().getSamlOneTimeUseReplayCache());
// Validate the assertion against schemas/profiles
validateAssertion(samlAssertionWrapper);
Crypto sigVerCrypto = null;
if (samlAssertionWrapper.isSigned()) {
sigVerCrypto = tokenContext.getWssSecurityProperties().getSignatureVerificationCrypto();
}
final SoapMessage message = (SoapMessage) tokenContext.getWssSecurityProperties().getMsgContext();
// Validate to STS if required
boolean valid = false;
if (alwaysValidateToSts) {
Element tokenElement = samlAssertionWrapper.getElement();
validateTokenToSTS(tokenElement, message);
valid = true;
}
final boolean stsValidated = valid;
SamlSecurityTokenImpl securityToken = new SamlSecurityTokenImpl(samlAssertionWrapper, subjectSecurityToken, tokenContext.getWsSecurityContext(), sigVerCrypto, WSSecurityTokenConstants.KeyIdentifier_NoKeyInfo, tokenContext.getWssSecurityProperties()) {
@Override
public void verify() throws XMLSecurityException {
if (stsValidated) {
// Already validated
return;
}
try {
super.verify();
} catch (XMLSecurityException ex) {
SamlAssertionWrapper assertion = super.getSamlAssertionWrapper();
Element tokenElement = assertion.getElement();
validateTokenToSTS(tokenElement, message);
}
}
};
securityToken.setElementPath(tokenContext.getElementPath());
securityToken.setXMLSecEvent(tokenContext.getFirstXMLSecEvent());
return (T) securityToken;
}
Also used :
Crypto(org.apache.wss4j.common.crypto.Crypto)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
SamlSecurityTokenImpl(org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
SoapMessage(org.apache.cxf.binding.soap.SoapMessage)
Example 2 with SamlSecurityTokenImpl
use of org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl in project cxf by apache.
the class CustomStaxSamlValidator method validate.
@SuppressWarnings("unchecked")
@Override
public <T extends SamlSecurityToken & InboundSecurityToken> T validate(final SamlAssertionWrapper samlAssertionWrapper, final InboundSecurityToken subjectSecurityToken, final TokenContext tokenContext) throws WSSecurityException {
// jdk 1.6 compiler bug? http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6302954
// type parameters of <T>T cannot be determined; no unique maximal instance exists for type variable T with
// upper bounds org.apache.wss4j.stax.securityToken.SamlSecurityToken,
// org.apache.wss4j.stax.securityToken.SamlSecurityToken,
// org.apache.xml.security.stax.ext.securityToken.InboundSecurityToken
// works fine on jdk 1.7
final SamlSecurityToken token = super.</*fake @see above*/
SamlSecurityTokenImpl>validate(samlAssertionWrapper, subjectSecurityToken, tokenContext);
//
if (!"www.example.com".equals(samlAssertionWrapper.getIssuerString())) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
if (requireSAML1Assertion && samlAssertionWrapper.getSaml1() == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
} else if (!requireSAML1Assertion && samlAssertionWrapper.getSaml2() == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
String confirmationMethod = samlAssertionWrapper.getConfirmationMethods().get(0);
if (confirmationMethod == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
if (requireSenderVouches && !OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
} else if (!requireSenderVouches && !OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
return (T) token;
}
Also used :
SamlSecurityToken(org.apache.wss4j.stax.securityToken.SamlSecurityToken)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SamlSecurityTokenImpl(org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl)
Example 3 with SamlSecurityTokenImpl
use of org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl in project cxf by apache.
the class StaxClaimsValidator method validate.
@SuppressWarnings("unchecked")
@Override
public <T extends SamlSecurityToken & InboundSecurityToken> T validate(final SamlAssertionWrapper samlAssertionWrapper, final InboundSecurityToken subjectSecurityToken, final TokenContext tokenContext) throws WSSecurityException {
// Check conditions
checkConditions(samlAssertionWrapper);
// Check OneTimeUse Condition
checkOneTimeUse(samlAssertionWrapper, tokenContext.getWssSecurityProperties().getSamlOneTimeUseReplayCache());
// Validate the assertion against schemas/profiles
validateAssertion(samlAssertionWrapper);
// Now check Claims
boolean valid = false;
if (samlAssertionWrapper.getSaml1() != null) {
valid = handleSAML1Assertion(samlAssertionWrapper.getSaml1());
} else if (samlAssertionWrapper.getSaml2() != null) {
valid = handleSAML2Assertion(samlAssertionWrapper.getSaml2());
}
if (!valid) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Crypto sigVerCrypto = null;
if (samlAssertionWrapper.isSigned()) {
sigVerCrypto = tokenContext.getWssSecurityProperties().getSignatureVerificationCrypto();
}
SamlSecurityTokenImpl securityToken = new SamlSecurityTokenImpl(samlAssertionWrapper, subjectSecurityToken, tokenContext.getWsSecurityContext(), sigVerCrypto, WSSecurityTokenConstants.KeyIdentifier_NoKeyInfo, tokenContext.getWssSecurityProperties());
securityToken.setElementPath(tokenContext.getElementPath());
securityToken.setXMLSecEvent(tokenContext.getFirstXMLSecEvent());
return (T) securityToken;
}
Also used :
Crypto(org.apache.wss4j.common.crypto.Crypto)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SamlSecurityTokenImpl(org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl)
Aggregations
SamlSecurityTokenImpl (org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl)3
Crypto (org.apache.wss4j.common.crypto.Crypto)2
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)2
JAXBElement (javax.xml.bind.JAXBElement)1
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)1
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)1
SamlSecurityToken (org.apache.wss4j.stax.securityToken.SamlSecurityToken)1
XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)1
Element (org.w3c.dom.Element)1
