Examples of org.apache.cxf.sts.token.validator.TokenValidatorParameters

Package org.apache.cxf.sts.token.validator

Examples of org.apache.cxf.sts.token.validator.TokenValidatorParameters

org.apache.cxf.sts.token.validator.TokenValidatorParameters
This class encapsulates the parameters that will be passed to a TokenValidator instance to validate a token. It consists of both parameters that have been extracted from the request, as well as configuration specific to the Operation itself (STSPropertiesMBean etc.)

            TokenRequirements tokenRequirements, ReceivedToken token) {
        token.setValidationState(STATE.NONE);
        
        tokenRequirements.setValidateTarget(token);


        TokenValidatorParameters validatorParameters = new TokenValidatorParameters();
        validatorParameters.setStsProperties(stsProperties);
        validatorParameters.setPrincipal(context.getUserPrincipal());
        validatorParameters.setWebServiceContext(context);
        validatorParameters.setTokenStore(getTokenStore());
        validatorParameters.setKeyRequirements(null);
        validatorParameters.setTokenRequirements(tokenRequirements);


        TokenValidatorResponse tokenResponse = null;
        for (TokenValidator tokenValidator : tokenValidators) {
            boolean canHandle = false;
            if (realm == null) {

View Full Code Here

            TokenRequirements tokenRequirements, ReceivedToken token) {
        token.setValidationState(STATE.NONE);
        
        tokenRequirements.setValidateTarget(token);


        TokenValidatorParameters validatorParameters = new TokenValidatorParameters();
        validatorParameters.setStsProperties(stsProperties);
        validatorParameters.setPrincipal(context.getUserPrincipal());
        validatorParameters.setWebServiceContext(context);
        validatorParameters.setTokenStore(getTokenStore());
        validatorParameters.setKeyRequirements(null);
        validatorParameters.setTokenRequirements(tokenRequirements);


        TokenValidatorResponse tokenResponse = null;
        for (TokenValidator tokenValidator : tokenValidators) {
            boolean canHandle = false;
            if (realm == null) {

View Full Code Here

            TokenRequirements tokenRequirements, ReceivedToken token) {
        token.setValidationState(STATE.NONE);
        
        tokenRequirements.setValidateTarget(token);


        TokenValidatorParameters validatorParameters = new TokenValidatorParameters();
        validatorParameters.setStsProperties(stsProperties);
        validatorParameters.setPrincipal(context.getUserPrincipal());
        validatorParameters.setWebServiceContext(context);
        validatorParameters.setTokenStore(getTokenStore());
        validatorParameters.setKeyRequirements(null);
        validatorParameters.setTokenRequirements(tokenRequirements);


        TokenValidatorResponse tokenResponse = null;
        for (TokenValidator tokenValidator : tokenValidators) {
            boolean canHandle = false;
            if (realm == null) {

View Full Code Here

        }
    }


    
    private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
        TokenValidatorParameters parameters = new TokenValidatorParameters();
        
        TokenRequirements tokenRequirements = new TokenRequirements();
        parameters.setTokenRequirements(tokenRequirements);
        
        KeyRequirements keyRequirements = new KeyRequirements();
        parameters.setKeyRequirements(keyRequirements);
        
        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
        // Mock up message context
        MessageImpl msg = new MessageImpl();
        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
        parameters.setWebServiceContext(webServiceContext);
        
        // Add STSProperties object
        StaticSTSProperties stsProperties = new StaticSTSProperties();
        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
        stsProperties.setEncryptionCrypto(crypto);
        stsProperties.setSignatureCrypto(crypto);
        stsProperties.setEncryptionUsername("myservicekey");
        stsProperties.setSignatureUsername("mystskey");
        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
        stsProperties.setIssuer("STS");
        parameters.setStsProperties(stsProperties);
        parameters.setTokenStore(tokenStore);
        
        return parameters;
    }

View Full Code Here

    public RequestSecurityTokenResponseType validate(
        RequestSecurityTokenType request, 
        WebServiceContext context
    ) {
        long start = System.currentTimeMillis();
        TokenValidatorParameters validatorParameters = new TokenValidatorParameters();
        
        try {
            RequestParser requestParser = parseRequest(request, context);
            
            TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
            
            validatorParameters.setStsProperties(stsProperties);
            validatorParameters.setPrincipal(context.getUserPrincipal());
            validatorParameters.setWebServiceContext(context);
            validatorParameters.setTokenStore(getTokenStore());
            
            //validatorParameters.setKeyRequirements(keyRequirements);
            validatorParameters.setTokenRequirements(tokenRequirements);
            
            ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
            if (validateTarget == null || validateTarget.getToken() == null) {
                throw new STSException("No element presented for validation", STSException.INVALID_REQUEST);
            }
            validatorParameters.setToken(validateTarget);
            
            if (tokenRequirements.getTokenType() == null) {
                tokenRequirements.setTokenType(STSConstants.STATUS);
                LOG.fine(
                    "Received TokenType is null, falling back to default token type: " 
                    + STSConstants.STATUS
                );
            }
            
            // Get the realm of the request
            String realm = null;
            if (stsProperties.getRealmParser() != null) {
                RealmParser realmParser = stsProperties.getRealmParser();
                realm = realmParser.parseRealm(context);
            }
            validatorParameters.setRealm(realm);
            
            TokenValidatorResponse tokenResponse = validateReceivedToken(
                    context, realm, tokenRequirements, validateTarget);
            
            if (tokenResponse == null) {

View Full Code Here

        Document doc = samlToken.getOwnerDocument();
        samlToken = (Element)doc.appendChild(samlToken);
        
        // Validate the Assertion
        TokenValidator samlTokenValidator = new SAMLTokenValidator();
        TokenValidatorParameters validatorParameters = createValidatorParameters();
        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
        ReceivedToken validateTarget = new ReceivedToken(samlToken);
        tokenRequirements.setValidateTarget(validateTarget);
        validatorParameters.setToken(validateTarget);
        
        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
        
        TokenValidatorResponse validatorResponse = 
                samlTokenValidator.validateToken(validatorParameters);
        assertTrue(validatorResponse != null);
        assertTrue(validatorResponse.getToken() != null);
        assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
        
        // Renew the Assertion
        TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
        renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
        renewerParameters.setStsProperties(validatorParameters.getStsProperties());
        renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
        renewerParameters.setWebServiceContext(validatorParameters.getWebServiceContext());
        renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
        renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
        renewerParameters.setTokenStore(validatorParameters.getTokenStore());
        renewerParameters.setToken(validatorResponse.getToken());
        
        TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
        assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));
        
        try {
            samlTokenRenewer.renewToken(renewerParameters);
            fail("Expected failure on lack of proof of possession");
        } catch (Exception ex) {
            // expected
        }
        
        List<WSSecurityEngineResult> signedResults = new ArrayList<WSSecurityEngineResult>();
        WSSecurityEngineResult signedResult = new WSSecurityEngineResult(WSConstants.SIGN);
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("myclientkey");
        signedResult.put(
            WSSecurityEngineResult.TAG_X509_CERTIFICATES, crypto.getX509Certificates(cryptoType)
        );
        signedResults.add(signedResult);
        
        List<WSHandlerResult> handlerResults = new ArrayList<WSHandlerResult>();
        WSHandlerResult handlerResult = new WSHandlerResult(null, signedResults);
        handlerResults.add(handlerResult);
        
        WebServiceContext context = validatorParameters.getWebServiceContext();
        context.getMessageContext().put(WSHandlerConstants.RECV_RESULTS, handlerResults);


        // Now successfully renew the token
        TokenRenewerResponse renewerResponse = 
                samlTokenRenewer.renewToken(renewerParameters);

View Full Code Here

        Document doc = samlToken.getOwnerDocument();
        samlToken = (Element)doc.appendChild(samlToken);
        
        // Validate the Assertion
        TokenValidator samlTokenValidator = new SAMLTokenValidator();
        TokenValidatorParameters validatorParameters = createValidatorParameters();
        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
        ReceivedToken validateTarget = new ReceivedToken(samlToken);
        tokenRequirements.setValidateTarget(validateTarget);
        validatorParameters.setToken(validateTarget);
        
        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
        
        TokenValidatorResponse validatorResponse = 
                samlTokenValidator.validateToken(validatorParameters);
        assertTrue(validatorResponse != null);
        assertTrue(validatorResponse.getToken() != null);
        assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
        
        // Renew the Assertion
        TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
        renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
        renewerParameters.setStsProperties(validatorParameters.getStsProperties());
        renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
        renewerParameters.setWebServiceContext(validatorParameters.getWebServiceContext());
        renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
        renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
        renewerParameters.setTokenStore(validatorParameters.getTokenStore());
        renewerParameters.setToken(validatorResponse.getToken());
        
        TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
        assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));
        
        try {
            samlTokenRenewer.renewToken(renewerParameters);
            fail("Expected failure on lack of proof of possession");
        } catch (Exception ex) {
            // expected
        }
        
        List<WSSecurityEngineResult> signedResults = new ArrayList<WSSecurityEngineResult>();
        WSSecurityEngineResult signedResult = new WSSecurityEngineResult(WSConstants.SIGN);
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias("myservicekey");
        signedResult.put(
            WSSecurityEngineResult.TAG_X509_CERTIFICATES, crypto.getX509Certificates(cryptoType)
        );
        signedResults.add(signedResult);
        
        List<WSHandlerResult> handlerResults = new ArrayList<WSHandlerResult>();
        WSHandlerResult handlerResult = new WSHandlerResult(null, signedResults);
        handlerResults.add(handlerResult);
        
        WebServiceContext context = validatorParameters.getWebServiceContext();
        context.getMessageContext().put(WSHandlerConstants.RECV_RESULTS, handlerResults);


        try {
            samlTokenRenewer.renewToken(renewerParameters);
            fail("Expected failure on wrong signature key");

View Full Code Here

        }
    }
    
    
    private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
        TokenValidatorParameters parameters = new TokenValidatorParameters();
        
        TokenRequirements tokenRequirements = new TokenRequirements();
        parameters.setTokenRequirements(tokenRequirements);
        
        KeyRequirements keyRequirements = new KeyRequirements();
        parameters.setKeyRequirements(keyRequirements);
        
        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
        // Mock up message context
        MessageImpl msg = new MessageImpl();
        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
        parameters.setWebServiceContext(webServiceContext);
        
        // Add STSProperties object
        StaticSTSProperties stsProperties = new StaticSTSProperties();
        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
        stsProperties.setEncryptionCrypto(crypto);
        stsProperties.setSignatureCrypto(crypto);
        stsProperties.setEncryptionUsername("myservicekey");
        stsProperties.setSignatureUsername("mystskey");
        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
        stsProperties.setIssuer("STS");
        parameters.setStsProperties(stsProperties);
        parameters.setTokenStore(tokenStore);
        
        return parameters;
    }

View Full Code Here

        
        TokenValidator samlTokenValidator = new SAMLTokenValidator();
        SAMLRealmCodec samlRealmCodec = new IssuerSAMLRealmCodec();
        ((SAMLTokenValidator)samlTokenValidator).setSamlRealmCodec(samlRealmCodec);
        
        TokenValidatorParameters validatorParameters = createValidatorParameters();
        ReceivedToken renewTarget = new ReceivedToken(samlToken);
        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
        tokenRequirements.setValidateTarget(renewTarget);
        validatorParameters.setToken(renewTarget);
        
        // Validate the token
        TokenValidatorResponse validatorResponse = 
            samlTokenValidator.validateToken(validatorParameters);
        assertTrue(validatorResponse != null);
        assertTrue(validatorResponse.getToken() != null);
        assertTrue(validatorResponse.getToken().getState() == STATE.EXPIRED);
        assertTrue(validatorResponse.getTokenRealm().equals("A"));
        
        // Renew the Assertion
        TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
        renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
        renewerParameters.setStsProperties(validatorParameters.getStsProperties());
        renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
        renewerParameters.setWebServiceContext(validatorParameters.getWebServiceContext());
        renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
        renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
        renewerParameters.setTokenStore(validatorParameters.getTokenStore());
        renewerParameters.setToken(validatorResponse.getToken());
        
        TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
        samlTokenRenewer.setVerifyProofOfPossession(false);
        samlTokenRenewer.setAllowRenewalAfterExpiry(true);
        Map<String, SAMLRealm> samlRealms = getSamlRealms();
        ((SAMLTokenRenewer)samlTokenRenewer).setRealmMap(samlRealms);
        String realm = validatorResponse.getTokenRealm();
        assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken(), realm));
        
        TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
        assertTrue(renewerResponse != null);
        assertTrue(renewerResponse.getToken() != null);
        
        // Now validate it again
        ReceivedToken validateTarget = new ReceivedToken(renewerResponse.getToken());
        tokenRequirements.setValidateTarget(validateTarget);
        validatorParameters.setToken(validateTarget);
        
        validatorResponse = samlTokenValidator.validateToken(validatorParameters);
        assertTrue(validatorResponse != null);
        assertTrue(validatorResponse.getToken() != null);
        assertTrue(validatorResponse.getToken().getState() == STATE.VALID);

View Full Code Here

        
        TokenValidator samlTokenValidator = new SAMLTokenValidator();
        SAMLRealmCodec samlRealmCodec = new IssuerSAMLRealmCodec();
        ((SAMLTokenValidator)samlTokenValidator).setSamlRealmCodec(samlRealmCodec);
        
        TokenValidatorParameters validatorParameters = createValidatorParameters();
        ReceivedToken renewTarget = new ReceivedToken(samlToken);
        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
        tokenRequirements.setValidateTarget(renewTarget);
        validatorParameters.setToken(renewTarget);
        
        // Validate the token
        TokenValidatorResponse validatorResponse = 
            samlTokenValidator.validateToken(validatorParameters);
        assertTrue(validatorResponse != null);
        assertTrue(validatorResponse.getToken() != null);
        assertTrue(validatorResponse.getToken().getState() == STATE.EXPIRED);
        assertTrue(validatorResponse.getTokenRealm().equals("B"));
        
        // Renew the Assertion
        TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
        renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
        renewerParameters.setStsProperties(validatorParameters.getStsProperties());
        renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
        renewerParameters.setWebServiceContext(validatorParameters.getWebServiceContext());
        renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
        renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
        renewerParameters.setTokenStore(validatorParameters.getTokenStore());
        renewerParameters.setToken(validatorResponse.getToken());
        
        TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
        samlTokenRenewer.setVerifyProofOfPossession(false);
        samlTokenRenewer.setAllowRenewalAfterExpiry(true);
        Map<String, SAMLRealm> samlRealms = getSamlRealms();
        ((SAMLTokenRenewer)samlTokenRenewer).setRealmMap(samlRealms);
        String realm = validatorResponse.getTokenRealm();
        assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken(), realm));
        
        TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
        assertTrue(renewerResponse != null);
        assertTrue(renewerResponse.getToken() != null);
        
        // Now validate it again
        ReceivedToken validateTarget = new ReceivedToken(renewerResponse.getToken());
        tokenRequirements.setValidateTarget(validateTarget);
        validatorParameters.setToken(validateTarget);
        
        validatorResponse = samlTokenValidator.validateToken(validatorParameters);
        assertTrue(validatorResponse != null);
        assertTrue(validatorResponse.getToken() != null);
        assertTrue(validatorResponse.getToken().getState() == STATE.VALID);

View Full Code Here

0 1 2 3 4 5 6 7

TOP

Related Classes of org.apache.cxf.sts.token.validator.TokenValidatorParameters

org.apache.cxf.sts.event.LoggerListener

org.apache.cxf.sts.event.map.EventMapper

org.apache.cxf.sts.operation.AbstractOperation

org.apache.cxf.sts.operation.TokenValidateOperation

org.apache.cxf.sts.token.renewer.SAMLTokenRenewerPOPTest

org.apache.cxf.sts.token.renewer.SAMLTokenRenewerRealmTest

org.apache.cxf.sts.token.renewer.SAMLTokenRenewerTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.