Examples of org.apache.cxf.sts.token.validator.TokenValidatorResponse

Package org.apache.cxf.sts.token.validator

Examples of org.apache.cxf.sts.token.validator.TokenValidatorResponse

org.apache.cxf.sts.token.validator.TokenValidatorResponse
This class encapsulates the response from a TokenValidator instance after validating a token.

            RealmParser realmParser = stsProperties.getRealmParser();
            realm = realmParser.parseRealm(context);
        }
        
        // Validate the request
        TokenValidatorResponse tokenResponse = validateReceivedToken(
                context, realm, tokenRequirements, renewTarget);
        
        if (tokenResponse == null) {
            LOG.fine("No Token Validator has been found that can handle this token");
            renewTarget.setState(STATE.INVALID);
            throw new STSException(
                "No Token Validator has been found that can handle this token" 
                + tokenRequirements.getTokenType(), 
                STSException.REQUEST_FAILED
            );
        }
        
        // Reject an invalid token
        if (tokenResponse.getToken().getState() != STATE.EXPIRED
            && tokenResponse.getToken().getState() != STATE.VALID) {
            LOG.fine("The token is not valid or expired, and so it cannot be renewed");
            throw new STSException(
                "No Token Validator has been found that can handle this token" 
                + tokenRequirements.getTokenType(), 
                STSException.REQUEST_FAILED
            );
        }
        
        //
        // Renew the token
        //
        TokenRenewerResponse tokenRenewerResponse = null;
        TokenRenewerParameters renewerParameters = createTokenRenewerParameters(requestParser, context);
        Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
        if (additionalProperties != null) {
            renewerParameters.setAdditionalProperties(additionalProperties);
        }
        renewerParameters.setRealm(tokenResponse.getTokenRealm());
        renewerParameters.setToken(tokenResponse.getToken());


        realm = tokenResponse.getTokenRealm();
        for (TokenRenewer tokenRenewer : tokenRenewers) {
            boolean canHandle = false;
            if (realm == null) {
                canHandle = tokenRenewer.canHandleToken(tokenResponse.getToken());
            } else {
                canHandle = tokenRenewer.canHandleToken(tokenResponse.getToken(), realm);
            }
            if (canHandle) {
                try {
                    tokenRenewerResponse = tokenRenewer.renewToken(renewerParameters);
                } catch (STSException ex) {

View Full Code Here

        if (stsProperties.getRealmParser() != null) {
            RealmParser realmParser = stsProperties.getRealmParser();
            realm = realmParser.parseRealm(context);
        }
        
        TokenValidatorResponse tokenResponse = validateReceivedToken(
                context, realm, tokenRequirements, validateTarget);
        
        if (tokenResponse == null) {
            LOG.fine("No Token Validator has been found that can handle this token");
            tokenResponse = new TokenValidatorResponse();
            validateTarget.setState(STATE.INVALID);
            tokenResponse.setToken(validateTarget);
        }
        
        //
        // Create a new token (if requested)
        //
        TokenProviderResponse tokenProviderResponse = null;
        String tokenType = tokenRequirements.getTokenType();
        if (tokenResponse.getToken().getState() == STATE.VALID 
            && !STSConstants.STATUS.equals(tokenType)) {
            TokenProviderParameters providerParameters = 
                 createTokenProviderParameters(requestParser, context);
            
            processValidToken(providerParameters, validateTarget, tokenResponse);
            
            // Check if the requested claims can be handled by the configured claim handlers
            RequestClaimCollection requestedClaims = providerParameters.getRequestedClaims();
            checkClaimsSupport(requestedClaims);
            providerParameters.setClaimsManager(claimsManager);
            
            Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
            if (additionalProperties != null) {
                providerParameters.setAdditionalProperties(additionalProperties);
            }
            realm = providerParameters.getRealm();
            for (TokenProvider tokenProvider : tokenProviders) {

View Full Code Here




        // Validate OnBehalfOf token if present
        if (providerParameters.getTokenRequirements().getOnBehalfOf() != null) {
            ReceivedToken validateTarget = providerParameters.getTokenRequirements().getOnBehalfOf();
            TokenValidatorResponse tokenResponse = validateReceivedToken(
                    context, realm, tokenRequirements, validateTarget);


            if (tokenResponse == null) {
                LOG.fine("No Token Validator has been found that can handle this token");
            } else if (validateTarget.getState().equals(STATE.INVALID)) {
                throw new STSException("Incoming token is invalid", STSException.REQUEST_FAILED);
            } else if (validateTarget.getState().equals(STATE.VALID)) {
                processValidToken(providerParameters, validateTarget, tokenResponse); 
            } else {
                //[TODO] Add plugin for validation out-of-band
                // Example:
                // If the requestor is in the possession of a certificate (mutual ssl handshake)
                // the STS trusts the token sent in OnBehalfOf element
            }
            if (tokenResponse != null) {
                Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
                if (additionalProperties != null) {
                    providerParameters.setAdditionalProperties(additionalProperties);
                }
            }
        }


        // create token
        TokenProviderResponse tokenResponse = null;
        for (TokenProvider tokenProvider : tokenProviders) {
            boolean canHandle = false;
            if (realm == null) {
                canHandle = tokenProvider.canHandleToken(tokenType);
            } else {
                canHandle = tokenProvider.canHandleToken(tokenType, realm);
            }
            if (canHandle) {
                try {
                    tokenResponse = tokenProvider.createToken(providerParameters);
                } catch (STSException ex) {
                    LOG.log(Level.WARNING, "", ex);
                    throw ex;
                } catch (RuntimeException ex) {
                    LOG.log(Level.WARNING, "", ex);
                    throw new STSException("Error in providing a token", ex, STSException.REQUEST_FAILED);
                }
                break;
            }
        }
        if (tokenResponse == null || tokenResponse.getToken() == null) {
            LOG.log(Level.WARNING, "No token provider found for requested token type: " + tokenType);
            throw new STSException(
                    "No token provider found for requested token type: " + tokenType, 
                    STSException.REQUEST_FAILED
            );

View Full Code Here

        validatorParameters.setTokenStore(getTokenStore());
        validatorParameters.setKeyRequirements(null);
        validatorParameters.setTokenRequirements(validateRequirements);
        validatorParameters.setToken(token);


        TokenValidatorResponse tokenResponse = null;
        for (TokenValidator tokenValidator : tokenValidators) {
            boolean canHandle = false;
            if (realm == null) {
                canHandle = tokenValidator.canHandleToken(token);
            } else {
                canHandle = tokenValidator.canHandleToken(token, realm);
            }
            if (canHandle) {
                try {
                    tokenResponse = tokenValidator.validateToken(validatorParameters);
                    token = tokenResponse.getToken();
                    // The parsed principal is set if available. It's up to other components to
                    // deal with the STATE of the validation
                    token.setPrincipal(tokenResponse.getPrincipal());
                } catch (RuntimeException ex) {
                    LOG.log(Level.WARNING, "Failed to validate the token", ex);
                    token.setState(STATE.INVALID);
                }
                break;

View Full Code Here

        tokenRequirements.setValidateTarget(validateTarget);
        validatorParameters.setToken(validateTarget);
        
        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
        
        TokenValidatorResponse validatorResponse = 
                samlTokenValidator.validateToken(validatorParameters);
        assertTrue(validatorResponse != null);
        assertTrue(validatorResponse.getToken() != null);
        assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
        
        // Renew the Assertion
        TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
        renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
        renewerParameters.setStsProperties(validatorParameters.getStsProperties());
        renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
        renewerParameters.setWebServiceContext(validatorParameters.getWebServiceContext());
        renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
        renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
        renewerParameters.setTokenStore(validatorParameters.getTokenStore());
        renewerParameters.setToken(validatorResponse.getToken());
        
        TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
        samlTokenRenewer.setVerifyProofOfPossession(false);
        assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));
        
        TokenRenewerResponse renewerResponse = 
                samlTokenRenewer.renewToken(renewerParameters);
        assertTrue(renewerResponse != null);
        assertTrue(renewerResponse.getToken() != null);
        
        String oldId = new AssertionWrapper(samlToken).getId();
        String newId = new AssertionWrapper((Element)renewerResponse.getToken()).getId();
        assertFalse(oldId.equals(newId));
        
        // Now validate it again
        validateTarget = new ReceivedToken(renewerResponse.getToken());
        tokenRequirements.setValidateTarget(validateTarget);
        validatorParameters.setToken(validateTarget);
        
        validatorResponse = samlTokenValidator.validateToken(validatorParameters);
        assertTrue(validatorResponse != null);
        assertTrue(validatorResponse.getToken() != null);
        assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
    }

View Full Code Here

        tokenRequirements.setValidateTarget(validateTarget);
        validatorParameters.setToken(validateTarget);
        
        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
        
        TokenValidatorResponse validatorResponse = 
                samlTokenValidator.validateToken(validatorParameters);
        assertTrue(validatorResponse != null);
        assertTrue(validatorResponse.getToken() != null);
        assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
        
        // Renew the Assertion
        TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
        renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
        renewerParameters.setStsProperties(validatorParameters.getStsProperties());
        renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
        renewerParameters.setWebServiceContext(validatorParameters.getWebServiceContext());
        renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
        renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
        renewerParameters.setTokenStore(validatorParameters.getTokenStore());
        renewerParameters.setToken(validatorResponse.getToken());
        
        TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
        samlTokenRenewer.setVerifyProofOfPossession(false);
        assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));
        
        try {
            samlTokenRenewer.renewToken(renewerParameters);
            fail("Failure expected on attempting to renew a token that was not allowed to be renewed");
        } catch (Exception ex) {

View Full Code Here

        tokenRequirements.setValidateTarget(validateTarget);
        validatorParameters.setToken(validateTarget);
        
        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
        
        TokenValidatorResponse validatorResponse = 
                samlTokenValidator.validateToken(validatorParameters);
        assertTrue(validatorResponse != null);
        assertTrue(validatorResponse.getToken() != null);
        assertTrue(validatorResponse.getToken().getState() == STATE.EXPIRED);
        
        // Renew the Assertion
        TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
        renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
        renewerParameters.setStsProperties(validatorParameters.getStsProperties());
        renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
        renewerParameters.setWebServiceContext(validatorParameters.getWebServiceContext());
        renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
        renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
        renewerParameters.setTokenStore(validatorParameters.getTokenStore());
        renewerParameters.setToken(validatorResponse.getToken());
        
        TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
        samlTokenRenewer.setVerifyProofOfPossession(false);
        assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));
        
        try {
            samlTokenRenewer.renewToken(renewerParameters);
            fail("Failure expected on an expired token, which is not allowed by default");
        } catch (Exception ex) {
            // expected
        }
        
        samlTokenRenewer.setAllowRenewalAfterExpiry(true);
        TokenRenewerResponse renewerResponse = 
                samlTokenRenewer.renewToken(renewerParameters);
        assertTrue(renewerResponse != null);
        assertTrue(renewerResponse.getToken() != null);
        
        String oldId = new AssertionWrapper(samlToken).getId();
        String newId = new AssertionWrapper((Element)renewerResponse.getToken()).getId();
        assertFalse(oldId.equals(newId));
        
        // Now validate it again
        validateTarget = new ReceivedToken(renewerResponse.getToken());
        tokenRequirements.setValidateTarget(validateTarget);
        validatorParameters.setToken(validateTarget);
        
        validatorResponse = samlTokenValidator.validateToken(validatorParameters);
        assertTrue(validatorResponse != null);
        assertTrue(validatorResponse.getToken() != null);
        assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
    }

View Full Code Here

        tokenRequirements.setValidateTarget(validateTarget);
        validatorParameters.setToken(validateTarget);
        
        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
        
        TokenValidatorResponse validatorResponse = 
                samlTokenValidator.validateToken(validatorParameters);
        assertTrue(validatorResponse != null);
        assertTrue(validatorResponse.getToken() != null);
        assertTrue(validatorResponse.getToken().getState() == STATE.EXPIRED);
        
        // Renew the Assertion
        TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
        renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
        renewerParameters.setStsProperties(validatorParameters.getStsProperties());
        renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
        renewerParameters.setWebServiceContext(validatorParameters.getWebServiceContext());
        renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
        renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
        renewerParameters.setTokenStore(validatorParameters.getTokenStore());
        renewerParameters.setToken(validatorResponse.getToken());
        
        TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
        samlTokenRenewer.setVerifyProofOfPossession(false);
        assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));


        try {
            samlTokenRenewer.renewToken(renewerParameters);
            fail("Failure expected on an expired token, which is not allowed by default");
        } catch (Exception ex) {
            // expected
        }
        
        samlTokenRenewer.setAllowRenewalAfterExpiry(true);
        TokenRenewerResponse renewerResponse = 
                samlTokenRenewer.renewToken(renewerParameters);
        assertTrue(renewerResponse != null);
        assertTrue(renewerResponse.getToken() != null);
        
        String oldId = new AssertionWrapper(samlToken).getId();
        String newId = new AssertionWrapper((Element)renewerResponse.getToken()).getId();
        assertFalse(oldId.equals(newId));
        
        // Now validate it again
        validateTarget = new ReceivedToken(renewerResponse.getToken());
        tokenRequirements.setValidateTarget(validateTarget);
        validatorParameters.setToken(validateTarget);
        
        validatorResponse = samlTokenValidator.validateToken(validatorParameters);
        assertTrue(validatorResponse != null);
        assertTrue(validatorResponse.getToken() != null);
        assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
    }

View Full Code Here

        tokenRequirements.setValidateTarget(validateTarget);
        validatorParameters.setToken(validateTarget);
        
        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
        
        TokenValidatorResponse validatorResponse = 
                samlTokenValidator.validateToken(validatorParameters);
        assertTrue(validatorResponse != null);
        assertTrue(validatorResponse.getToken() != null);
        assertTrue(validatorResponse.getToken().getState() == STATE.EXPIRED);
        
        // Renew the Assertion
        TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
        renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
        renewerParameters.setStsProperties(validatorParameters.getStsProperties());
        renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
        renewerParameters.setWebServiceContext(validatorParameters.getWebServiceContext());
        renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
        renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
        renewerParameters.setTokenStore(validatorParameters.getTokenStore());
        renewerParameters.setToken(validatorResponse.getToken());
        
        TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
        samlTokenRenewer.setVerifyProofOfPossession(false);
        samlTokenRenewer.setAllowRenewalAfterExpiry(true);
        assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));
        
        try {
            samlTokenRenewer.renewToken(renewerParameters);
            fail("Failure on attempting to renew an expired token, which is not allowed");
        } catch (Exception ex) {

View Full Code Here

        tokenRequirements.setValidateTarget(validateTarget);
        validatorParameters.setToken(validateTarget);
        
        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
        
        TokenValidatorResponse validatorResponse = 
                samlTokenValidator.validateToken(validatorParameters);
        assertTrue(validatorResponse != null);
        assertTrue(validatorResponse.getToken() != null);
        assertTrue(validatorResponse.getToken().getState() == STATE.EXPIRED);
        
        // Renew the Assertion
        TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
        renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
        renewerParameters.setStsProperties(validatorParameters.getStsProperties());
        renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
        renewerParameters.setWebServiceContext(validatorParameters.getWebServiceContext());
        renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
        renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
        renewerParameters.setTokenStore(validatorParameters.getTokenStore());
        renewerParameters.setToken(validatorResponse.getToken());
        
        TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
        samlTokenRenewer.setVerifyProofOfPossession(false);
        samlTokenRenewer.setAllowRenewalAfterExpiry(true);
        ((SAMLTokenRenewer)samlTokenRenewer).setMaxExpiry(1L);
        assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));
        
        try {
            samlTokenRenewer.renewToken(renewerParameters);
            fail("Failure expected as the token expired too long ago");
        } catch (STSException ex) {

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.cxf.sts.token.validator.TokenValidatorResponse

org.apache.cxf.sts.operation.AbstractOperation

org.apache.cxf.sts.operation.DummyTokenValidator

org.apache.cxf.sts.operation.TokenIssueOperation

org.apache.cxf.sts.operation.TokenRenewOperation

org.apache.cxf.sts.operation.TokenValidateOperation

org.apache.cxf.sts.token.renewer.SAMLTokenRenewerPOPTest

org.apache.cxf.sts.token.renewer.SAMLTokenRenewerRealmTest

org.apache.cxf.sts.token.renewer.SAMLTokenRenewerTest

org.apache.cxf.systest.sts.deployment.CustomBSTTokenValidator

org.apache.cxf.systest.sts.username_onbehalfof.UsernameTokenValidator

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.