Search in sources :

Example 1 with OpenAMSessionTokenServerAssertionBuilder

use of org.forgerock.openam.sts.soap.policy.am.OpenAMSessionTokenServerAssertionBuilder in project OpenAM by OpenRock.

the class SoapSTSLifecycleImpl method registerCustomPolicyInterceptors.

/*
    This method will register the OpenAMSessionToken AssertionBuilder and InterceptorProvider instances with the cxf
    Bus, so that any OpenAMSessionToken SecurityPolicy bindings in any of the published soap-sts instances can be
    supported. Note that this registration is global to all soap-sts instances published in this realm, as the AssertionBuilderRegistry
    and the PolicyInterceptorProviderRegistry are global to a cxf Bus, and thus to a cxf deployment. This does not cause
    problems however, as the OpenAM session validation which is consumed as part of realizing this interceptor context
    is specific only to a realm, and each soap-sts deployment is realm specific (as it corresponds to a soap-sts-agent,
    which is also realm-specific.) Note, however, if we wanted to support OpenID Connect ID tokens, then a global
    interceptor would have to be registered which would ultimately consult sts-instance-specific state corresponding to the
    authN context which would validate this OIDC id token, and the key used to look-up this instance-specific
    state from the global interceptor would be the last url constituent of the soap-sts invocation (including any realm
    elements), as this is the soap-sts-instance identifier.
     */
private void registerCustomPolicyInterceptors() {
    final boolean createIfNecessary = false;
    final Bus bus = BusFactory.getDefaultBus(createIfNecessary);
    final PolicyInterceptorProviderRegistry policyInterceptorProviderRegistry = bus.getExtension(PolicyInterceptorProviderRegistry.class);
    policyInterceptorProviderRegistry.register(openAMSessionTokenServerInterceptorProvider);
    AssertionBuilderRegistry assertionBuilderRegistry = bus.getExtension(AssertionBuilderRegistry.class);
    assertionBuilderRegistry.registerBuilder(AMSTSConstants.AM_SESSION_TOKEN_ASSERTION_QNAME, new OpenAMSessionTokenServerAssertionBuilder());
}
Also used : AssertionBuilderRegistry(org.apache.cxf.ws.policy.AssertionBuilderRegistry) Bus(org.apache.cxf.Bus) OpenAMSessionTokenServerAssertionBuilder(org.forgerock.openam.sts.soap.policy.am.OpenAMSessionTokenServerAssertionBuilder) PolicyInterceptorProviderRegistry(org.apache.cxf.ws.policy.PolicyInterceptorProviderRegistry)

Aggregations

Bus (org.apache.cxf.Bus)1 AssertionBuilderRegistry (org.apache.cxf.ws.policy.AssertionBuilderRegistry)1 PolicyInterceptorProviderRegistry (org.apache.cxf.ws.policy.PolicyInterceptorProviderRegistry)1 OpenAMSessionTokenServerAssertionBuilder (org.forgerock.openam.sts.soap.policy.am.OpenAMSessionTokenServerAssertionBuilder)1