
Examples of

            ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
            if (validateTarget == null || validateTarget.getToken() == null) {
                throw new STSException("No element presented for validation", STSException.INVALID_REQUEST);
            if (tokenRequirements.getTokenType() == null) {
                    "Received TokenType is null, falling back to default token type: "
                    + STSConstants.STATUS
            // Get the realm of the request
            String realm = null;
            if (stsProperties.getRealmParser() != null) {
                RealmParser realmParser = stsProperties.getRealmParser();
                realm = realmParser.parseRealm(context);
            TokenValidatorResponse tokenResponse = validateReceivedToken(
                    context, realm, tokenRequirements, validateTarget);
            if (tokenResponse == null) {
                LOG.fine("No Token Validator has been found that can handle this token");
                tokenResponse = new TokenValidatorResponse();
            // Create a new token (if requested)
            TokenProviderResponse tokenProviderResponse = null;
            String tokenType = tokenRequirements.getTokenType();
            if (tokenResponse.getToken().getState() == STATE.VALID
                && !STSConstants.STATUS.equals(tokenType)) {
                TokenProviderParameters providerParameters =
                     createTokenProviderParameters(requestParser, context);
                processValidToken(providerParameters, validateTarget, tokenResponse);
                // Check if the requested claims can be handled by the configured claim handlers
                RequestClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
                requestedClaims = providerParameters.getRequestedSecondaryClaims();
                Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
                if (additionalProperties != null) {
                realm = providerParameters.getRealm();
                for (TokenProvider tokenProvider : tokenProviders) {
                    boolean canHandle = false;
                    if (realm == null) {
                        canHandle = tokenProvider.canHandleToken(tokenType);
                    } else {
                        canHandle = tokenProvider.canHandleToken(tokenType, realm);
                    if (canHandle) {
                        try {
                            tokenProviderResponse = tokenProvider.createToken(providerParameters);
                        } catch (STSException ex) {
                            LOG.log(Level.WARNING, "", ex);
                            throw ex;
                        } catch (RuntimeException ex) {
                            LOG.log(Level.WARNING, "", ex);
                            throw new STSException(
                                "Error in providing a token", ex, STSException.REQUEST_FAILED
                if (tokenProviderResponse == null || tokenProviderResponse.getToken() == null) {
                    LOG.fine("No Token Provider has been found that can handle this token");
                    throw new STSException(
                        "No token provider found for requested token type: " + tokenType,
            // prepare response
            try {
                RequestSecurityTokenResponseType response =
                    createResponse(tokenResponse, tokenProviderResponse, tokenRequirements);
                STSValidateSuccessEvent event = new STSValidateSuccessEvent(validatorParameters,
                        System.currentTimeMillis() - start);
                return response;
            } catch (Throwable ex) {
                LOG.log(Level.WARNING, "", ex);
                throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED);
        } catch (RuntimeException ex) {
            STSValidateFailureEvent event = new STSValidateFailureEvent(validatorParameters,
                                                              System.currentTimeMillis() - start, ex);
View Full Code Here

            ReceivedToken cancelTarget = tokenRequirements.getCancelTarget();
            if (cancelTarget == null || cancelTarget.getToken() == null) {
                throw new STSException("No element presented for cancellation", STSException.INVALID_REQUEST);
            if (tokenRequirements.getTokenType() == null) {
                    "Received TokenType is null, falling back to default token type: " + STSConstants.STATUS
            // Cancel token
            TokenCancellerResponse tokenResponse = null;
            for (TokenCanceller tokenCanceller : tokencancellers) {
                if (tokenCanceller.canHandleToken(cancelTarget)) {
                    try {
                        tokenResponse = tokenCanceller.cancelToken(cancellerParameters);
                    } catch (RuntimeException ex) {
                        LOG.log(Level.WARNING, "", ex);
                        throw new STSException(
                            "Error while cancelling a token", ex, STSException.REQUEST_FAILED
            if (tokenResponse == null || tokenResponse.getToken() == null) {
                LOG.fine("No Token Canceller has been found that can handle this token");
                throw new STSException(
                    "No token canceller found for requested token type: "
                    + tokenRequirements.getTokenType(),
            if (tokenResponse.getToken().getState() != STATE.CANCELLED) {
                LOG.log(Level.WARNING, "Token cancellation failed.");
                throw new STSException("Token cancellation failed.");
            // prepare response
            try {
                RequestSecurityTokenResponseType response = createResponse(tokenRequirements);
                STSCancelSuccessEvent event = new STSCancelSuccessEvent(cancellerParameters,
                        System.currentTimeMillis() - start);
                return response;
            } catch (Throwable ex) {
                LOG.log(Level.WARNING, "", ex);
                throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED);
        } catch (RuntimeException ex) {
            STSCancelFailureEvent event = new STSCancelFailureEvent(cancellerParameters,
                                                              System.currentTimeMillis() - start, ex);
View Full Code Here

                        context, realm, tokenRequirements, validateTarget);
                if (tokenResponse == null) {
                    LOG.fine("No Token Validator has been found that can handle this token");
                } else if (validateTarget.getState().equals(STATE.INVALID)) {
                    throw new STSException("Incoming token is invalid", STSException.REQUEST_FAILED);
                } else if (validateTarget.getState().equals(STATE.VALID)) {
                    processValidToken(providerParameters, validateTarget, tokenResponse);
                } else {
                    //[TODO] Add plugin for validation out-of-band
                    // Example:
                    // If the requestor is in the possession of a certificate (mutual ssl handshake)
                    // the STS trusts the token sent in OnBehalfOf element
                Principal tokenPrincipal = null;
                Set<Principal> tokenRoles = null;
                if (tokenResponse != null) {
                    Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
                    if (additionalProperties != null) {
                    tokenPrincipal = tokenResponse.getPrincipal();
                    tokenRoles = tokenResponse.getRoles();
                // See whether OnBehalfOf is allowed or not
                performDelegationHandling(requestParser, context,
                                    tokenPrincipal, tokenRoles);
            // See whether ActAs is allowed or not
            // TODO Validate ActAs
            if (providerParameters.getTokenRequirements().getActAs() != null) {
                performDelegationHandling(requestParser, context,
                                    null, null);
            // create token
            TokenProviderResponse tokenResponse = null;
            for (TokenProvider tokenProvider : tokenProviders) {
                boolean canHandle = false;
                if (realm == null) {
                    canHandle = tokenProvider.canHandleToken(tokenType);
                } else {
                    canHandle = tokenProvider.canHandleToken(tokenType, realm);
                if (canHandle) {
                    try {
                        tokenResponse = tokenProvider.createToken(providerParameters);
                    } catch (STSException ex) {
                        LOG.log(Level.WARNING, "", ex);
                        throw ex;
                    } catch (RuntimeException ex) {
                        LOG.log(Level.WARNING, "", ex);
                        throw new STSException("Error in providing a token", ex, STSException.REQUEST_FAILED);
            if (tokenResponse == null || tokenResponse.getToken() == null) {
                LOG.log(Level.WARNING, "No token provider found for requested token type: " + tokenType);
                throw new STSException(
                        "No token provider found for requested token type: " + tokenType,
            // prepare response
            try {
                KeyRequirements keyRequirements = requestParser.getKeyRequirements();
                EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
                RequestSecurityTokenResponseType response =
                            encryptionProperties, tokenResponse, tokenRequirements, keyRequirements, context
                STSIssueSuccessEvent event = new STSIssueSuccessEvent(providerParameters,
                        System.currentTimeMillis() - start);
                return response;
            } catch (Throwable ex) {
                LOG.log(Level.WARNING, "", ex);
                throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED);
        } catch (RuntimeException ex) {
            STSIssueFailureEvent event = new STSIssueFailureEvent(providerParameters,
                                                              System.currentTimeMillis() - start, ex);
View Full Code Here

                if (!parameterBean.getAttributeValues().isEmpty()) {
        } catch (WSSecurityException ex) {
            throw new STSException(ex.getMessage(), ex);
        return attrBean;
View Full Code Here

            principal = providerParameters.getPrincipal();
        if (principal == null) {
            LOG.fine("Error in getting principal");
            throw new STSException("Error in getting principal", STSException.REQUEST_FAILED);
        SubjectBean subjectBean =
            new SubjectBean(principal.getName(), subjectNameQualifier, confirmationMethod);
        LOG.fine("Creating new subject with principal name: " + principal.getName());
        if (subjectNameIDFormat != null && subjectNameIDFormat.length() > 0) {
        if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)) {
            Crypto crypto = stsProperties.getEncryptionCrypto();
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
            EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
            String encryptionName = encryptionProperties.getEncryptionName();
            if (encryptionName == null) {
                // Fall back on the STS encryption name
                encryptionName = stsProperties.getEncryptionUsername();
            if (encryptionName == null) {
                LOG.fine("No encryption Name is configured for Symmetric KeyType");
                throw new STSException("No Encryption Name is configured", STSException.REQUEST_FAILED);
            try {
                X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
                if (certs == null || certs.length <= 0) {
                    new STSException("Encryption certificate is not found for alias: " + encryptionName,
                KeyInfoBean keyInfo =
                    createKeyInfo(certs[0], secret, doc, encryptionProperties, crypto);
            } catch (WSSecurityException ex) {
                LOG.log(Level.WARNING, "", ex);
                throw new STSException(ex.getMessage(), ex);
        } else if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
            ReceivedKey receivedKey = keyRequirements.getReceivedKey();
            // Validate UseKey trust
            if (stsProperties.isValidateUseKey() && stsProperties.getSignatureCrypto() != null) {
                if (receivedKey.getX509Cert() != null) {
                    try {
                        if (!stsProperties.getSignatureCrypto().verifyTrust(
                            new X509Certificate[]{receivedKey.getX509Cert()}, false)) {
                            LOG.log(Level.FINE, "Error in trust validation of UseKey");
                            throw new STSException("Error in trust validation of UseKey", STSException.REQUEST_FAILED);
                    } catch (WSSecurityException e) {
                        LOG.log(Level.FINE, "Error in trust validation of UseKey: ", e);
                        throw new STSException("Error in trust validation of UseKey", STSException.REQUEST_FAILED);
                if (receivedKey.getPublicKey() != null) {
                    try {
                        if (!stsProperties.getSignatureCrypto().verifyTrust(receivedKey.getPublicKey())) {
                            LOG.log(Level.FINE, "Error in trust validation of UseKey");
                            throw new STSException("Error in trust validation of UseKey", STSException.REQUEST_FAILED);
                    } catch (WSSecurityException e) {
                        LOG.log(Level.FINE, "Error in trust validation of UseKey: ", e);
                        throw new STSException("Error in trust validation of UseKey", STSException.REQUEST_FAILED);
            KeyInfoBean keyInfo = createKeyInfo(receivedKey.getX509Cert(), receivedKey.getPublicKey());
View Full Code Here

                        } catch (Exception ex) {
                            LOG.log(Level.WARNING, "Failed to map user '" + parameters.getPrincipal().getName()
                                    + "' [" + parameters.getRealm() + "] to realm '"
                                    + handlerRealmSupport.getHandlerRealm() + "'", ex);
                            throw new STSException("Failed to map user for claims handler",
                        if (targetPrincipal == null) {
                            LOG.log(Level.WARNING, "Null. Failed to map user '" + parameters.getPrincipal().getName()
                                    + "' [" + parameters.getRealm() + "] to realm '"
                                    + handlerRealmSupport.getHandlerRealm() + "'");
                            throw new STSException("Failed to map user for claims handler",
                        if (LOG.isLoggable(Level.INFO)) {
                  "Principal '" + targetPrincipal.getName()
                                    + "' passed to handler '" + handler.getClass().getName() + "'");
                    } else {
                        if (LOG.isLoggable(Level.FINER)) {
                            LOG.finer("Handler '" + handler.getClass().getName() + "' doesn't require"
                                    + " identity mapping '" + parameters.getRealm()  + "'");
                ClaimCollection claimCollection = null;
                try {
                    claimCollection = handler.retrieveClaimValues(supportedClaims, parameters);
                } catch (RuntimeException ex) {
                    LOG.log(Level.INFO, "Failed retrieving claims from ClaimsHandler "
                            + handler.getClass().getName(), ex);
                    if (this.isStopProcessingOnException()) {
                        throw ex;
                } finally {
                    // set original principal again, otherwise wrong principal passed to next claim handler in the list
                    // if no mapping required or wrong source principal used for next identity mapping
                if (claimCollection != null && claimCollection.size() != 0) {
            validateClaimValues(claims, returnCollection);
            return returnCollection;
        } else {
            // Federate claims
            ClaimsMapper claimsMapper = relationship.getClaimsMapper();
            if (claimsMapper == null) {
                LOG.log(Level.SEVERE, "ClaimsMapper required to federate claims but not configured.");
                throw new STSException("ClaimsMapper required to federate claims but not configured",
            // Get the claims of the received token (only SAML supported)
            // Consider refactoring to use a CallbackHandler and keep ClaimsManager token independent
View Full Code Here

                if (!found) {
                    LOG.warning("Mandatory claim not found: " + claim.getClaimType());
                    throw new STSException("Mandatory claim '" + claim.getClaimType() + "' not found");
        return true;
View Full Code Here

                // Fall back on the STS encryption name
                encryptionName = stsProperties.getEncryptionUsername();
            if (encryptionName == null) {
                LOG.fine("No encryption Name is configured for Symmetric KeyType");
                throw new STSException("No Encryption Name is configured", STSException.REQUEST_FAILED);
            try {
                X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
                if (certs == null || certs.length <= 0) {
                    new STSException("Encryption certificate is not found for alias: " + encryptionName,
                KeyInfoBean keyInfo =
                    createKeyInfo(certs[0], secret, doc, encryptionProperties, crypto);
            } catch (WSSecurityException ex) {
                LOG.log(Level.WARNING, "", ex);
                throw new STSException(ex.getMessage(), ex);
        } else if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
            KeyInfoBean keyInfo = createKeyInfo(keyRequirements.getCertificate());
View Full Code Here

            return response;
        } catch (Exception e) {
            LOG.log(Level.WARNING, "", e);
            throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
View Full Code Here

        String keyType = keyRequirements.getKeyType();
        if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
            if (keyRequirements.getCertificate() == null) {
                LOG.log(Level.WARNING, "A PublicKey Keytype is requested, but no certificate is provided");
                throw new STSException(
                    "No client certificate for PublicKey KeyType", STSException.INVALID_REQUEST
        } else if (!STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)
            && !STSConstants.BEARER_KEY_KEYTYPE.equals(keyType) && keyType != null) {
            LOG.log(Level.WARNING, "An unknown KeyType was requested: " + keyType);
            throw new STSException("Unknown KeyType", STSException.INVALID_REQUEST);
View Full Code Here


Related Classes of

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact