Examples of IssuedToken

Examples of org.apache.cxf.ws.security.policy.model.IssuedToken

62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
        if (ais == null || ais.isEmpty()) {
            return true;
        }
       
        for (AssertionInfo ai : ais) {
            IssuedToken issuedToken = (IssuedToken)ai.getAssertion();
            ai.setAsserted(true);

            if (!isTokenRequired(issuedToken, message)) {
                continue;
            }
           
            if (assertionWrapper == null) {
                ai.setNotAsserted(
                    "The received token does not match the token inclusion requirement"
                );
                continue;
            }

            Element template = issuedToken.getRstTemplate();
            if (template != null && !checkIssuedTokenTemplate(template, assertionWrapper)) {
                ai.setNotAsserted("Error in validating the IssuedToken policy");
                continue;
            }
View Full Code Here

Examples of org.apache.cxf.ws.security.policy.model.IssuedToken

104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
        if (ais == null || ais.isEmpty()) {
            return true;
        }
       
        for (AssertionInfo ai : ais) {
            IssuedToken issuedToken = (IssuedToken)ai.getAssertion();
            ai.setAsserted(true);

            if (!isTokenRequired(issuedToken, message)) {
                continue;
            }
            if (binarySecurityToken == null) {
                ai.setNotAsserted(
                    "The received token does not match the token inclusion requirement"
                );
                return false;
            }

            Element template = issuedToken.getRstTemplate();
            if (template != null && !checkIssuedTokenTemplate(template, binarySecurityToken)) {
                ai.setNotAsserted("Error in validating the IssuedToken policy");
                return false;
            }
        }
View Full Code Here

Examples of org.apache.cxf.ws.security.policy.model.IssuedToken

140
141
142
143
144
145
146
147
148
149
150
                Collection<AssertionInfo> ais = aim.get(SP12Constants.ISSUED_TOKEN);
                if (ais == null || ais.isEmpty()) {
                    return;
                }
                if (isRequestor(message)) {
                    IssuedToken itok = (IssuedToken)ais.iterator().next().getAssertion();
                   
                    SecurityToken tok = retrieveCachedToken(message);
                    if (tok == null) {
                        tok = issueToken(message, aim, itok);
                    } else {
View Full Code Here

Examples of org.apache.cxf.ws.security.policy.model.IssuedToken

56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
       
        SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
            ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;
   

        IssuedToken issuedToken = new IssuedToken(consts);
        issuedToken.setOptional(PolicyConstants.isOptional(element));
        issuedToken.setIgnorable(PolicyConstants.isIgnorable(element));

        String includeAttr = DOMUtils.getAttribute(element, consts.getIncludeToken());
        if (includeAttr != null) {
            issuedToken.setInclusion(consts.getInclusionFromAttributeValue(includeAttr));
        }
       
        Element child = DOMUtils.getFirstElement(element);
        while (child != null) {
            String ln = child.getLocalName();
            if (SPConstants.ISSUER.equals(ln)) {
                try {
                    EndpointReferenceType epr = VersionTransformer.parseEndpointReference(child);
                    issuedToken.setIssuerEpr(epr);
                } catch (JAXBException e) {
                    throw new IllegalArgumentException(e);
                }
            } else if (SPConstants.REQUEST_SECURITY_TOKEN_TEMPLATE.equals(ln)) {
                issuedToken.setRstTemplate(child);
            } else if (org.apache.neethi.Constants.ELEM_POLICY.equals(ln)) {
                Policy policy = builder.getPolicy(child);
                policy = (Policy)policy.normalize(builder.getPolicyRegistry(), false);

                for (Iterator<List<Assertion>> iterator = policy.getAlternatives(); iterator.hasNext();) {
                    processAlternative(iterator.next(), issuedToken);
                    break; // since there should be only one alternative ..
                }               
            } else if (SPConstants.ISSUER_NAME.equals(ln)) {
                String issuerName = child.getNodeValue();
                issuedToken.setIssuerName(issuerName);
            }
           
            child = DOMUtils.getNextElement(child);
        }
        return issuedToken;
View Full Code Here

Examples of org.apache.cxf.ws.security.policy.model.IssuedToken

133
134
135
136
137
138
139
140
141
142
143
                Collection<AssertionInfo> ais = aim.get(SP12Constants.ISSUED_TOKEN);
                if (ais == null || ais.isEmpty()) {
                    return;
                }
                if (isRequestor(message)) {
                    IssuedToken itok = (IssuedToken)ais.iterator().next().getAssertion();
                   
                    SecurityToken tok = retrieveCachedToken(message);
                    if (tok == null) {
                        STSClient client = STSUtils.getClient(message, "sts", itok);
                        AddressingProperties maps =
View Full Code Here

Examples of org.apache.cxf.ws.security.policy.model.IssuedToken

93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
                Collection<AssertionInfo> ais = aim.get(SP12Constants.ISSUED_TOKEN);
                if (ais == null || ais.isEmpty()) {
                    return;
                }
                if (isRequestor(message)) {
                    IssuedToken itok = (IssuedToken)ais.iterator().next().getAssertion();
                   
                    SecurityToken tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
                    if (tok == null) {
                        String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
                        if (tokId != null) {
                            tok = getTokenStore(message).getToken(tokId);
                        }
                    }
                    if (tok == null) {
                        STSClient client = getClient(message);
                        AddressingProperties maps =
                            (AddressingProperties)message
                                .get("javax.xml.ws.addressing.context.outbound");
                        if (maps == null) {
                            maps = (AddressingProperties)message
                                .get("javax.xml.ws.addressing.context");
                        }
                        synchronized (client) {
                            try {
                                client.setTrust(getTrust10(aim));
                                client.setTrust(getTrust13(aim));
                                client.setTemplate(itok.getRstTemplate());
                                if (maps == null) {
                                    tok = client.requestSecurityToken();
                                } else {
                                    Object o = message
                                        .getContextualProperty(SecurityConstants.STS_APPLIES_TO);
View Full Code Here

Examples of org.apache.ws.secpolicy.model.IssuedToken

818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
                log.debug("SignatureToken is an IssuedToken");
               
                if(rmd.getIssuedSignatureTokenId() == null) {
                    log.debug("No Issuedtoken found, requesting a new token");
                   
                    IssuedToken issuedToken = (IssuedToken)sigTok;
                   
                    String id = RampartUtil.getIssuedToken(rmd,
                            issuedToken);
                    rmd.setIssuedSignatureTokenId(id);
                   
                }
               
            } else if(sigTok instanceof SecureConversationToken) {
               
                log.debug("SignatureToken is a SecureConversationToken");
               
                //TODO check for an existing token and use it
               
                String secConvTokenId = rmd.getSecConvTokenId();
               
                //The RSTR has to be secured with the cancelled token
                String action = msgContext.getOptions().getAction();
                boolean cancelReqResp = action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT);
               
                //In the case of the cancel req or resp we should mark the token as cancelled
                if(secConvTokenId != null && cancelReqResp) {
                    try {
                        rmd.getTokenStorage().getToken(secConvTokenId).setState(org.apache.rahas.Token.CANCELLED);
                        msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);
                       
                        //remove from the local map of contexts
                        String contextIdentifierKey = RampartUtil.getContextIdentifierKey(msgContext);
                        RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);
                    } catch (TrustException e) {
                        throw new RampartException("errorExtractingToken");
                    }
                }
               
                if (secConvTokenId == null
                        || (secConvTokenId != null &&
                                (!RampartUtil.isTokenValid(rmd, secConvTokenId) && !cancelReqResp))) {
               
                    log.debug("No SecureConversationToken found, " +
                            "requesting a new token");
                   
                    SecureConversationToken secConvTok =
                                        (SecureConversationToken) sigTok;
                   
                    try {

                        String id = RampartUtil.getSecConvToken(rmd, secConvTok);
                        rmd.setSecConvTokenId(id);
                       
                    } catch (TrustException e) {
                        throw new RampartException("errorInObtainingSct", e);
                    }
                }
            }
           
            //If it was the ProtectionToken assertion then sigTok is the
            //same as encrTok
            if(sigTok.equals(encrTok) && sigTok instanceof IssuedToken) {
               
                log.debug("Symmetric binding uses a ProtectionToken, both" +
                        " SignatureToken and EncryptionToken are the same");
               
                rmd.setIssuedEncryptionTokenId(rmd.getIssuedEncryptionTokenId());
            } else {
                //Now we'll have to obtain the encryption token as well :-)
                //ASSUMPTION: SecureConversationToken is used as a
                //ProtectionToken therefore we only have to process a issued
                //token here
               
                log.debug("Obtaining the Encryption Token");
                if(rmd.getIssuedEncryptionTokenId() != null) {
                   
                    log.debug("EncrytionToken not alredy set");

                    IssuedToken issuedToken = (IssuedToken)encrTok;
                       
                    String id = RampartUtil.getIssuedToken(rmd,
                            issuedToken);
                    rmd.setIssuedEncryptionTokenId(id);
View Full Code Here

Examples of org.apache.ws.secpolicy.model.IssuedToken

825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
            if(sigTok instanceof IssuedToken) {
                log.debug("SignatureToken is an IssuedToken");
                if(rmd.getIssuedSignatureTokenId() == null) {
                    log.debug("No Issuedtoken found, requesting a new token");

                    IssuedToken issuedToken = (IssuedToken)sigTok;
                   
                    String id = RampartUtil.getIssuedToken(rmd,
                            issuedToken);
                    rmd.setIssuedSignatureTokenId(id);
                   
                }
               
            } else if(sigTok instanceof SecureConversationToken) {

                log.debug("SignatureToken is a SecureConversationToken");

                //TODO check for an existing token and use it
               
                String secConvTokenId = rmd.getSecConvTokenId();
               
                //The RSTR has to be secured with the cancelled token
                String action = msgContext.getOptions().getAction();
                boolean cancelReqResp = action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT) ||
                                           action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT);
               
                //In the case of the cancel req or resp we should mark the token as cancelled
                if(secConvTokenId != null && cancelReqResp) {
                    try {
                        rmd.getTokenStorage().getToken(secConvTokenId).setState(org.apache.rahas.Token.CANCELLED);
                        msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);
                       
                        //remove from the local map of contexts
                        String contextIdentifierKey = RampartUtil.getContextIdentifierKey(msgContext);
                        RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);
                    } catch (TrustException e) {
                        throw new RampartException("errorExtractingToken");
                    }
                }

                if (secConvTokenId == null
                    || (secConvTokenId != null &&
                        (!RampartUtil.isTokenValid(rmd, secConvTokenId) && !cancelReqResp))) {

                    log.debug("No SecureConversationToken found, requesting a new token");

                    SecureConversationToken secConvTok =
                                        (SecureConversationToken) sigTok;
                   
                    try {

                        String id = RampartUtil.getSecConvToken(rmd, secConvTok);
                        rmd.setSecConvTokenId(id);
                       
                    } catch (TrustException e) {
                        throw new RampartException("errorInObtainingSct", e);
                    }
                }
            }
           
            //If it was the ProtectionToken assertion then sigTok is the
            //same as encrTok
            if(sigTok.equals(encrTok) && sigTok instanceof IssuedToken) {

                log.debug("Symmetric binding uses a ProtectionToken, both" +
                            " SignatureToken and EncryptionToken are the same");

                rmd.setIssuedEncryptionTokenId(rmd.getIssuedEncryptionTokenId());
            } else {
                //Now we'll have to obtain the encryption token as well :-)
                //ASSUMPTION: SecureConversationToken is used as a
                //ProtectionToken therefore we only have to process a issued
                //token here

                log.debug("Obtaining the Encryption Token");

                if(rmd.getIssuedEncryptionTokenId() != null) {

                    log.debug("EncrytionToken not alredy set");

                    IssuedToken issuedToken = (IssuedToken)encrTok;
                       
                    String id = RampartUtil.getIssuedToken(rmd,
                            issuedToken);
                    rmd.setIssuedEncryptionTokenId(id);
View Full Code Here

Examples of org.apache.ws.secpolicy.model.IssuedToken

903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
            if (sigTok instanceof IssuedToken) {
                log.debug("SignatureToken is an IssuedToken");
                if (rmd.getIssuedSignatureTokenId() == null) {
                    log.debug("No Issuedtoken found, requesting a new token");

                    IssuedToken issuedToken = (IssuedToken) sigTok;

                    String id = RampartUtil.getIssuedToken(rmd, issuedToken);
                    rmd.setIssuedSignatureTokenId(id);

                }

            } else if (sigTok instanceof SecureConversationToken) {

                log.debug("SignatureToken is a SecureConversationToken");

                // TODO check for an existing token and use it

                String secConvTokenId = rmd.getSecConvTokenId();

                // The RSTR has to be secured with the cancelled token
                String action = msgContext.getOptions().getAction();
                boolean cancelReqResp = action.equals(RahasConstants.WST_NS_05_02
                        + RahasConstants.RSTR_ACTION_CANCEL_SCT)
                        || action.equals(RahasConstants.WST_NS_05_02
                                + RahasConstants.RSTR_ACTION_CANCEL_SCT)
                        || action.equals(RahasConstants.WST_NS_05_02
                                + RahasConstants.RST_ACTION_CANCEL_SCT)
                        || action.equals(RahasConstants.WST_NS_05_02
                                + RahasConstants.RST_ACTION_CANCEL_SCT);

                // In the case of the cancel req or resp we should mark the token as cancelled
                if (secConvTokenId != null && cancelReqResp) {
                    try {
                        rmd.getTokenStorage().getToken(secConvTokenId)
                                .setState(org.apache.rahas.Token.CANCELLED);
                        msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);

                        // remove from the local map of contexts
                        String contextIdentifierKey = RampartUtil
                                .getContextIdentifierKey(msgContext);
                        RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);
                    } catch (TrustException e) {
                        throw new RampartException("errorExtractingToken");
                    }
                }

                if (secConvTokenId == null
                        || (secConvTokenId != null && (!RampartUtil.isTokenValid(rmd,
                                secConvTokenId) && !cancelReqResp))) {

                    log.debug("No SecureConversationToken found, requesting a new token");

                    SecureConversationToken secConvTok = (SecureConversationToken) sigTok;

                    try {

                        String id = RampartUtil.getSecConvToken(rmd, secConvTok);
                        rmd.setSecConvTokenId(id);

                    } catch (TrustException e) {
                        throw new RampartException("errorInObtainingSct", e);
                    }
                }
            }

            // If it was the ProtectionToken assertion then sigTok is the
            // same as encrTok
            if (sigTok.equals(encrTok) && sigTok instanceof IssuedToken) {

                log.debug("Symmetric binding uses a ProtectionToken, both"
                        + " SignatureToken and EncryptionToken are the same");

                rmd.setIssuedEncryptionTokenId(rmd.getIssuedEncryptionTokenId());
            } else {
                // Now we'll have to obtain the encryption token as well :-)
                // ASSUMPTION: SecureConversationToken is used as a
                // ProtectionToken therefore we only have to process a issued
                // token here

                log.debug("Obtaining the Encryption Token");

                if (rmd.getIssuedEncryptionTokenId() != null) {

                    log.debug("EncrytionToken not alredy set");

                    IssuedToken issuedToken = (IssuedToken) encrTok;

                    String id = RampartUtil.getIssuedToken(rmd, issuedToken);
                    rmd.setIssuedEncryptionTokenId(id);

                }
View Full Code Here

Examples of org.apache.ws.secpolicy.model.IssuedToken

36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
public class IssuedTokenBuilder implements AssertionBuilder {

    public Assertion build(OMElement element, AssertionBuilderFactory factory)
            throws IllegalArgumentException {
        IssuedToken issuedToken = new IssuedToken(SPConstants.SP_V11);

        OMAttribute  includeAttr = element.getAttribute(SP11Constants.INCLUDE_TOKEN);
        if(includeAttr != null) {
            issuedToken.setInclusion(SP11Constants.getInclusionFromAttributeValue(includeAttr.getAttributeValue()));
        }
        // Extract Issuer
        OMElement issuerElem = element.getFirstChildWithName(SP11Constants.ISSUER);
        if(issuerElem != null) {
            OMElement issuerEpr = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Address"));
           
            //try the other addressing namespace
            if (issuerEpr == null) {
                issuerEpr = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Address"));
            }
           
            issuedToken.setIssuerEpr(issuerEpr);
        }
       
        //TODO check why this returns an Address element
        //iter = issuerElem.getChildrenWithLocalName("Metadata");
       
        if (issuerElem != null ) {
            OMElement issuerMex = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Metadata"));
           
          //try the other addressing namespace
            if (issuerMex == null) {
                issuerMex = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Metadata"));
            }
                       
            issuedToken.setIssuerMex(issuerMex);
        }
       

        // Extract RSTTemplate
        OMElement rstTmplElem = element.getFirstChildWithName(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
        if (rstTmplElem != null) {
            issuedToken.setRstTemplate(rstTmplElem);
            // Process the RST Template and extract the token type
            Iterator<OMElement> tokenTypeElems = rstTmplElem.getChildrenWithName(
                    SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE_TOKEN_TYPE);
            if(tokenTypeElems != null && tokenTypeElems.hasNext()){
                issuedToken.setRstTokenType(tokenTypeElems.next().getText());
            }

            // Process the RST Template and extract the Claim set
            Iterator<OMElement> claimsElemIterator = rstTmplElem.getChildrenWithName(
                    SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE_CLAIMS);

            Set<String> claimSet = new TreeSet<String>() ;
            if (claimsElemIterator != null && claimsElemIterator.hasNext()) {
                OMElement claimsElem = claimsElemIterator.next();
                if(claimsElem != null && claimsElem.getChildrenWithName(
                            SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE_CLAIM_TYPE) != null){
                    for(Iterator<OMElement> claims = claimsElem.getChildrenWithName(
                            SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE_CLAIM_TYPE); claims.hasNext();){
                        OMElement claim = claims.next();
                        // exclude the claims with the attribute Optional=true
                        if(!(claim.getAttribute(
                                SP11Constants.ATTR_RST_TEMPLATE_CLAIM_TYPE_OPTIONAL) != null &&
                           "true".equals(claim.getAttribute(
                                SP11Constants.ATTR_RST_TEMPLATE_CLAIM_TYPE_OPTIONAL).getAttributeValue()))){
                            claimSet.add(claim.getAttributeValue(
                                SP11Constants.ATTR_RST_TEMPLATE_CLAIM_TYPE_URI));
                        }
                    }
                }
            }
            issuedToken.setRstClaimSet(claimSet);
        }

        OMElement policyElement = element.getFirstChildWithName(org.apache.neethi.Constants.Q_ELEM_POLICY);

        if (policyElement != null) {
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.