Package org.apache.cxf.sts.request

Examples of org.apache.cxf.sts.request.TokenRequirements

166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
     */
    @org.junit.Test
    public void testInvalidSignatureSAML2Assertion() throws Exception {
        TokenValidator samlTokenValidator = new SAMLTokenValidator();
        TokenValidatorParameters validatorParameters = createValidatorParameters();
        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
       
        // Create a ValidateTarget consisting of a SAML Assertion
        Crypto crypto = CryptoFactory.getInstance(getEveCryptoProperties());
        CallbackHandler callbackHandler = new EveCallbackHandler();
        Element samlToken =
            createSAMLAssertion(WSConstants.WSS_SAML2_TOKEN_TYPE, crypto, "eve", callbackHandler);
        Document doc = samlToken.getOwnerDocument();
        samlToken = (Element)doc.appendChild(samlToken);
       
        ReceivedToken validateTarget = new ReceivedToken(samlToken);
        tokenRequirements.setValidateTarget(validateTarget);
       
        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
       
        // Set tokenstore to null so that issued token is not found in the cache
        validatorParameters.setTokenStore(null);
View Full Code Here
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
     */
    @org.junit.Test
    public void testSAML1AssertionCertConstraints() throws Exception {
        TokenValidator samlTokenValidator = new SAMLTokenValidator();
        TokenValidatorParameters validatorParameters = createValidatorParameters();
        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
        validatorParameters.setTokenStore(null);
       
        // Create a ValidateTarget consisting of a SAML Assertion
        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
        CallbackHandler callbackHandler = new PasswordCallbackHandler();
        Element samlToken =
            createSAMLAssertion(WSConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler);
        Document doc = samlToken.getOwnerDocument();
        samlToken = (Element)doc.appendChild(samlToken);
       
        ReceivedToken validateTarget = new ReceivedToken(samlToken);
        tokenRequirements.setValidateTarget(validateTarget);
       
        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
        List<String> certConstraints = new ArrayList<String>();
        certConstraints.add("XYZ");
        certConstraints.add(".*CN=www.sts.com.*");
 
View Full Code Here
233
234
235
236
237
238
239
240
241
242
243
244
    }
   
    private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
        TokenValidatorParameters parameters = new TokenValidatorParameters();
       
        TokenRequirements tokenRequirements = new TokenRequirements();
        tokenRequirements.setTokenType(STSConstants.STATUS);
        parameters.setTokenRequirements(tokenRequirements);
       
        KeyRequirements keyRequirements = new KeyRequirements();
        parameters.setKeyRequirements(keyRequirements);
       
View Full Code Here
283
284
285
286
287
288
289
290
291
292
293
294
        String tokenType, String keyType, Crypto crypto,
        String signatureUsername, CallbackHandler callbackHandler
    ) throws WSSecurityException {
        TokenProviderParameters parameters = new TokenProviderParameters();

        TokenRequirements tokenRequirements = new TokenRequirements();
        tokenRequirements.setTokenType(tokenType);
        parameters.setTokenRequirements(tokenRequirements);

        KeyRequirements keyRequirements = new KeyRequirements();
        keyRequirements.setKeyType(keyType);
        parameters.setKeyRequirements(keyRequirements);
View Full Code Here
114
115
116
117
118
119
120
121
122
123
124
125
        }
       
        providerParameters.setClaimsManager(claimsManager);
       
        // create token
        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
        String tokenType = tokenRequirements.getTokenType();
        TokenProviderResponse tokenResponse = null;
        String realm = providerParameters.getRealm();
        for (TokenProvider tokenProvider : tokenProviders) {
            if (tokenProvider.canHandleToken(tokenType, realm)) {
                try {
View Full Code Here
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
        providerParameters.setPrincipal(context.getUserPrincipal());
        providerParameters.setWebServiceContext(context);
        providerParameters.setTokenStore(getTokenStore());
       
        KeyRequirements keyRequirements = requestParser.getKeyRequirements();
        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
        providerParameters.setKeyRequirements(keyRequirements);
        providerParameters.setTokenRequirements(tokenRequirements);
       
        // Extract AppliesTo
        String address = extractAddressFromAppliesTo(tokenRequirements.getAppliesTo());
        LOG.fine("The AppliesTo address that has been received is: " + address);
        providerParameters.setAppliesToAddress(address);
       
        // Get the realm of the request
        if (stsProperties.getRealmParser() != null) {
            RealmParser realmParser = stsProperties.getRealmParser();
            String realm = realmParser.parseRealm(context);
            providerParameters.setRealm(realm);
        }
       
        // Set the requested Claims
        RequestClaimCollection claims = tokenRequirements.getPrimaryClaims();
        providerParameters.setRequestedPrimaryClaims(claims);
        claims = tokenRequirements.getSecondaryClaims();
        providerParameters.setRequestedSecondaryClaims(claims);
       
        EncryptionProperties encryptionProperties = stsProperties.getEncryptionProperties();
        if (address != null) {
            boolean foundService = false;
            // Get the stored Service object corresponding to the Service endpoint
            if (services != null) {
                for (ServiceMBean service : services) {
                    if (service.isAddressInEndpoints(address)) {
                        EncryptionProperties svcEncryptionProperties =
                            service.getEncryptionProperties();
                        if (svcEncryptionProperties != null) {
                            encryptionProperties = svcEncryptionProperties;
                        }
                        if (tokenRequirements.getTokenType() == null) {
                            String tokenType = service.getTokenType();
                            tokenRequirements.setTokenType(tokenType);
                            LOG.fine("Using default token type of: " + tokenType);
                        }
                        if (keyRequirements.getKeyType() == null) {
                            String keyType = service.getKeyType();
                            keyRequirements.setKeyType(keyType);
View Full Code Here
527
528
529
530
531
532
533
534
535
536
537
538
    protected TokenValidatorResponse validateReceivedToken(
            WebServiceContext context, String realm,
            TokenRequirements tokenRequirements, ReceivedToken token) {
        token.setState(STATE.NONE);
       
        TokenRequirements validateRequirements = new TokenRequirements();
        validateRequirements.setValidateTarget(token);
       
        TokenValidatorParameters validatorParameters = new TokenValidatorParameters();
        validatorParameters.setStsProperties(stsProperties);
        validatorParameters.setPrincipal(context.getUserPrincipal());
        validatorParameters.setWebServiceContext(context);
View Full Code Here
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
        byte[] secret = null;
        byte[] entropyBytes = null;
        long keySize = 0;
        boolean computedKey = false;
        KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
        LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
       
        if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyRequirements.getKeyType())) {
            SymmetricKeyHandler keyHandler = new SymmetricKeyHandler(tokenParameters);
            keyHandler.createSymmetricKey();
            secret = keyHandler.getSecret();
            entropyBytes = keyHandler.getEntropyBytes();
            keySize = keyHandler.getKeySize();
            computedKey = keyHandler.isComputedKey();
        }
       
        try {
            Document doc = DOMUtils.createDocument();
            AssertionWrapper assertion = createSamlToken(tokenParameters, secret, doc);
            Element token = assertion.toDOM(doc);
           
            // set the token in cache (only if the token is signed)
            byte[] signatureValue = assertion.getSignatureValue();
            if (tokenParameters.getTokenStore() != null && signatureValue != null
                && signatureValue.length > 0) {
                Date expires = new Date();
                long currentTime = expires.getTime();
                expires.setTime(currentTime + (conditionsProvider.getLifetime() * 1000L));
               
                SecurityToken securityToken = new SecurityToken(assertion.getId(), null, expires);
                securityToken.setToken(token);
                securityToken.setPrincipal(tokenParameters.getPrincipal());

                Properties props = securityToken.getProperties();
                if (props == null) {
                    props = new Properties();
                }
                securityToken.setProperties(props);
                if (tokenParameters.getRealm() != null) {
                    props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
                }

                // Handle Renewing logic
                Renewing renewing = tokenParameters.getTokenRequirements().getRenewing();
                if (renewing != null) {
                    props.put(
                        STSConstants.TOKEN_RENEWING_ALLOW,
                        String.valueOf(renewing.isAllowRenewing())
                    );
                    props.put(
                        STSConstants.TOKEN_RENEWING_ALLOW_AFTER_EXPIRY,
                        String.valueOf(renewing.isAllowRenewingAfterExpiry())
                    );
                } else {
                    props.setProperty(STSConstants.TOKEN_RENEWING_ALLOW, "true");
                    props.setProperty(STSConstants.TOKEN_RENEWING_ALLOW_AFTER_EXPIRY, "false");
                }
                   
                int hash = Arrays.hashCode(signatureValue);
                securityToken.setTokenHash(hash);
                String identifier = Integer.toString(hash);
                tokenParameters.getTokenStore().add(identifier, securityToken);
            }
           
            TokenProviderResponse response = new TokenProviderResponse();
            response.setToken(token);
            String tokenType = tokenRequirements.getTokenType();
            if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
                || WSConstants.SAML2_NS.equals(tokenType)) {
                response.setTokenId(token.getAttribute("ID"));
            } else {
                response.setTokenId(token.getAttribute("AssertionID"));
View Full Code Here
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
     * Get a SubjectBean object.
     */
    public SubjectBean getSubject(
        TokenProviderParameters providerParameters, Document doc, byte[] secret
    ) {
        TokenRequirements tokenRequirements = providerParameters.getTokenRequirements();
        KeyRequirements keyRequirements = providerParameters.getKeyRequirements();
        STSPropertiesMBean stsProperties = providerParameters.getStsProperties();

        String tokenType = tokenRequirements.getTokenType();
        String keyType = keyRequirements.getKeyType();
        String confirmationMethod = getSubjectConfirmationMethod(tokenType, keyType);
       
        Principal principal = null;
        ReceivedToken receivedToken = null;
View Full Code Here
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
        byte[] secret = null;
        byte[] entropyBytes = null;
        long keySize = 0;
        boolean computedKey = false;
        KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
        LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
       
        if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyRequirements.getKeyType())) {
            SymmetricKeyHandler keyHandler = new SymmetricKeyHandler(tokenParameters);
            keyHandler.createSymmetricKey();
            secret = keyHandler.getSecret();
            entropyBytes = keyHandler.getEntropyBytes();
            keySize = keyHandler.getKeySize();
            computedKey = keyHandler.isComputedKey();
        }
       
        try {
            Document doc = DOMUtils.createDocument();
            AssertionWrapper assertion = createSamlToken(tokenParameters, secret, doc);
            Element token = assertion.toDOM(doc);
           
            // set the token in cache (only if the token is signed)
            byte[] signatureValue = assertion.getSignatureValue();
            if (tokenParameters.getTokenStore() != null && signatureValue != null
                && signatureValue.length > 0) {
                Date expires = new Date();
                long currentTime = expires.getTime();
                expires.setTime(currentTime + (conditionsProvider.getLifetime() * 1000L));
               
                SecurityToken securityToken = new SecurityToken(assertion.getId(), null, expires);
                securityToken.setToken(token);
                securityToken.setPrincipal(tokenParameters.getPrincipal());

                Properties props = securityToken.getProperties();
                if (props == null) {
                    props = new Properties();
                }
                securityToken.setProperties(props);
                if (tokenParameters.getRealm() != null) {
                    props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
                }

                // Handle Renewing logic
                Renewing renewing = tokenParameters.getTokenRequirements().getRenewing();
                if (renewing != null) {
                    props.put(
                        STSConstants.TOKEN_RENEWING_ALLOW,
                        String.valueOf(renewing.isAllowRenewing())
                    );
                    props.put(
                        STSConstants.TOKEN_RENEWING_ALLOW_AFTER_EXPIRY,
                        String.valueOf(renewing.isAllowRenewingAfterExpiry())
                    );
                } else {
                    props.setProperty(STSConstants.TOKEN_RENEWING_ALLOW, "true");
                    props.setProperty(STSConstants.TOKEN_RENEWING_ALLOW_AFTER_EXPIRY, "false");
                }
                   
                int hash = Arrays.hashCode(signatureValue);
                securityToken.setTokenHash(hash);
                String identifier = Integer.toString(hash);
                tokenParameters.getTokenStore().add(identifier, securityToken);
            }
           
            TokenProviderResponse response = new TokenProviderResponse();
            response.setToken(token);
            String tokenType = tokenRequirements.getTokenType();
            if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
                || WSConstants.SAML2_NS.equals(tokenType)) {
                response.setTokenId(token.getAttribute("ID"));
            } else {
                response.setTokenId(token.getAttribute("AssertionID"));
View Full Code Here
TOP

Related Classes of org.apache.cxf.sts.request.TokenRequirements

  • org.apache.cxf.sts.common.CustomAttributeProvider
  • org.apache.cxf.sts.operation.AbstractOperation
  • org.apache.cxf.sts.operation.CancelSCTUnitTest
  • org.apache.cxf.sts.operation.DummyTokenValidator
  • org.apache.cxf.sts.operation.IssueOnbehalfofUnitTest
  • org.apache.cxf.sts.operation.IssueSamlClaimsUnitTest
  • org.apache.cxf.sts.operation.RenewSamlUnitTest
  • org.apache.cxf.sts.operation.TokenCancelOperation
  • org.apache.cxf.sts.operation.TokenIssueOperation
  • org.apache.cxf.sts.operation.TokenRenewOperation
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.