Search in sources :

Example 86 with DoubleItPortType

use of org.example.contract.doubleit.DoubleItPortType in project cxf by apache.

the class SamlTokenTest method testSaml2Replay.

@org.junit.Test
public void testSaml2Replay() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = SamlTokenTest.class.getResource("client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort");
    DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class);
    String portNumber = PORT2;
    if (STAX_PORT.equals(test.getPort())) {
        portNumber = STAX_PORT2;
    }
    updateAddressPort(saml2Port, portNumber);
    // Create a SAML Token with no "OneTimeUse" Condition
    ((BindingProvider) saml2Port).getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, new SamlCallbackHandler());
    Client cxfClient = ClientProxy.getClient(saml2Port);
    SecurityHeaderCacheInterceptor cacheInterceptor = new SecurityHeaderCacheInterceptor();
    cxfClient.getOutInterceptors().add(cacheInterceptor);
    // Make two invocations...should succeed
    saml2Port.doubleIt(25);
    saml2Port.doubleIt(25);
    // Now create a SAML Token with a "OneTimeUse" Condition
    ConditionsBean conditions = new ConditionsBean();
    conditions.setTokenPeriodMinutes(5);
    conditions.setOneTimeUse(true);
    SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
    callbackHandler.setConditions(conditions);
    ((BindingProvider) saml2Port).getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, callbackHandler);
    cxfClient.getOutInterceptors().remove(cacheInterceptor);
    cacheInterceptor = new SecurityHeaderCacheInterceptor();
    cxfClient.getOutInterceptors().add(cacheInterceptor);
    // Make two invocations...should fail on the second one
    saml2Port.doubleIt(25);
    try {
        saml2Port.doubleIt(25);
        fail("Failure expected on a replayed SAML Assertion");
    } catch (javax.xml.ws.soap.SOAPFaultException ex) {
        assertTrue(ex.getMessage().contains(WSSecurityException.UNIFIED_SECURITY_ERR));
    }
    ((java.io.Closeable) saml2Port).close();
    bus.shutdown(true);
}
Also used : Bus(org.apache.cxf.Bus) QName(javax.xml.namespace.QName) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) Service(javax.xml.ws.Service) URL(java.net.URL) SamlCallbackHandler(org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) SecurityHeaderCacheInterceptor(org.apache.cxf.systest.ws.ut.SecurityHeaderCacheInterceptor) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) Client(org.apache.cxf.endpoint.Client)

Example 87 with DoubleItPortType

use of org.example.contract.doubleit.DoubleItPortType in project cxf by apache.

the class SamlTokenTest method testAudienceRestriction.

@org.junit.Test
public void testAudienceRestriction() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = SamlTokenTest.class.getResource("client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort2");
    DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class);
    String portNumber = PORT2;
    if (STAX_PORT.equals(test.getPort())) {
        portNumber = STAX_PORT2;
    }
    updateAddressPort(saml2Port, portNumber);
    // Create a SAML Token with an AudienceRestrictionCondition
    ConditionsBean conditions = new ConditionsBean();
    List<AudienceRestrictionBean> audienceRestrictions = new ArrayList<>();
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.setAudienceURIs(Collections.singletonList("https://localhost:" + portNumber + "/DoubleItSaml2Transport2"));
    audienceRestrictions.add(audienceRestriction);
    conditions.setAudienceRestrictions(audienceRestrictions);
    SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
    callbackHandler.setConditions(conditions);
    ((BindingProvider) saml2Port).getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, callbackHandler);
    saml2Port.doubleIt(25);
    try {
        // Now use an "unknown" audience restriction
        audienceRestriction = new AudienceRestrictionBean();
        audienceRestriction.setAudienceURIs(Collections.singletonList("https://localhost:" + portNumber + "/DoubleItSaml2Transport2unknown"));
        audienceRestrictions.clear();
        audienceRestrictions.add(audienceRestriction);
        conditions.setAudienceRestrictions(audienceRestrictions);
        callbackHandler.setConditions(conditions);
        saml2Port.doubleIt(25);
        fail("Failure expected on unknown AudienceRestriction");
    } catch (javax.xml.ws.soap.SOAPFaultException ex) {
    // expected
    }
}
Also used : Bus(org.apache.cxf.Bus) AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean) QName(javax.xml.namespace.QName) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) ArrayList(java.util.ArrayList) Service(javax.xml.ws.Service) URL(java.net.URL) SamlCallbackHandler(org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType)

Example 88 with DoubleItPortType

use of org.example.contract.doubleit.DoubleItPortType in project cxf by apache.

the class SamlTokenTest method testSaml2OverSymmetricSignedElements.

@org.junit.Test
public void testSaml2OverSymmetricSignedElements() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = SamlTokenTest.class.getResource("client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItSaml2SymmetricSignedElementsPort");
    DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(saml2Port, test.getPort());
    if (test.isStreaming()) {
        SecurityTestUtil.enableStreaming(saml2Port);
    }
    // This test only works for DOM
    if (!test.isStreaming() && PORT.equals(test.getPort())) {
        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
        ((BindingProvider) saml2Port).getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, samlCallbackHandler);
        int result = saml2Port.doubleIt(25);
        assertTrue(result == 50);
    }
    ((java.io.Closeable) saml2Port).close();
    bus.shutdown(true);
}
Also used : Bus(org.apache.cxf.Bus) SamlCallbackHandler(org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) QName(javax.xml.namespace.QName) Service(javax.xml.ws.Service) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) URL(java.net.URL)

Example 89 with DoubleItPortType

use of org.example.contract.doubleit.DoubleItPortType in project cxf by apache.

the class SamlTokenTest method testSaml2OverSymmetric.

@org.junit.Test
public void testSaml2OverSymmetric() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = SamlTokenTest.class.getResource("client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItSaml2SymmetricPort");
    DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(saml2Port, test.getPort());
    if (test.isStreaming()) {
        SecurityTestUtil.enableStreaming(saml2Port);
    }
    try {
        saml2Port.doubleIt(25);
        fail("Expected failure on an invocation with no SAML Assertion");
    } catch (javax.xml.ws.soap.SOAPFaultException ex) {
        assertTrue(ex.getMessage().contains("No SAML CallbackHandler available"));
    }
    ((BindingProvider) saml2Port).getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, new SamlCallbackHandler(false));
    try {
        saml2Port.doubleIt(25);
        fail("Expected failure on an invocation with a SAML1 Assertion");
    } catch (javax.xml.ws.soap.SOAPFaultException ex) {
        assertTrue(ex.getMessage().contains("Wrong SAML Version") || ex.getMessage().contains("enforces SamlVersion20Profile11 but we got 1.1"));
    }
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
    samlCallbackHandler.setSignAssertion(true);
    ((BindingProvider) saml2Port).getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, samlCallbackHandler);
    int result = saml2Port.doubleIt(25);
    assertTrue(result == 50);
    ((java.io.Closeable) saml2Port).close();
    bus.shutdown(true);
}
Also used : Bus(org.apache.cxf.Bus) QName(javax.xml.namespace.QName) Service(javax.xml.ws.Service) URL(java.net.URL) SamlCallbackHandler(org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType)

Example 90 with DoubleItPortType

use of org.example.contract.doubleit.DoubleItPortType in project cxf by apache.

the class SamlTokenTest method testSaml2OverAsymmetricSignedEncrypted.

@org.junit.Test
public void testSaml2OverAsymmetricSignedEncrypted() throws Exception {
    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = SamlTokenTest.class.getResource("client.xml");
    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricSignedEncryptedPort");
    DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(saml2Port, test.getPort());
    if (test.isStreaming()) {
        SecurityTestUtil.enableStreaming(saml2Port);
    }
    ((BindingProvider) saml2Port).getRequestContext().put(SecurityConstants.SAML_CALLBACK_HANDLER, new SamlCallbackHandler());
    int result = saml2Port.doubleIt(25);
    assertTrue(result == 50);
    ((java.io.Closeable) saml2Port).close();
    bus.shutdown(true);
}
Also used : Bus(org.apache.cxf.Bus) SamlCallbackHandler(org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) QName(javax.xml.namespace.QName) Service(javax.xml.ws.Service) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) URL(java.net.URL)

Aggregations

URL (java.net.URL)360 QName (javax.xml.namespace.QName)360 Service (javax.xml.ws.Service)360 DoubleItPortType (org.example.contract.doubleit.DoubleItPortType)360 Bus (org.apache.cxf.Bus)354 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)352 SamlCallbackHandler (org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler)31 Client (org.apache.cxf.endpoint.Client)22 STSClient (org.apache.cxf.ws.security.trust.STSClient)21 HashMap (java.util.HashMap)20 BindingProvider (javax.xml.ws.BindingProvider)17 WSS4JOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor)15 WSS4JStaxOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor)13 KeystorePasswordCallback (org.apache.cxf.systest.ws.common.KeystorePasswordCallback)9 Test (org.junit.Test)9 SOAPFaultException (javax.xml.ws.soap.SOAPFaultException)8 BusException (org.apache.cxf.BusException)8 EndpointException (org.apache.cxf.endpoint.EndpointException)8 TokenStore (org.apache.cxf.ws.security.tokenstore.TokenStore)8 WebService (javax.jws.WebService)5