Examples of org.apache.cxf.sts.request.RequestParser

org.apache.cxf.sts.request.RequestParser
This class parses a RequestSecurityToken object. It stores the values that it finds into a KeyRequirements and TokenRequirements objects.

        if (stsProperties == null) {
            throw new STSException("No STSProperties object found");
        }
        stsProperties.configureProperties();
        
        RequestParser requestParser = new RequestParser();
        requestParser.parseRequest(request, context, stsProperties, claimsManager.getClaimParsers());
        
        return requestParser;
    }

View Full Code Here

    ) {
        long start = System.currentTimeMillis();
        TokenValidatorParameters validatorParameters = new TokenValidatorParameters();
        
        try {
            RequestParser requestParser = parseRequest(request, context);
            
            TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
            
            validatorParameters.setStsProperties(stsProperties);
            validatorParameters.setPrincipal(context.getUserPrincipal());
            validatorParameters.setWebServiceContext(context);
            validatorParameters.setTokenStore(getTokenStore());

View Full Code Here

            WebServiceContext context
    ) {
        long start = System.currentTimeMillis();
        TokenProviderParameters providerParameters = new TokenProviderParameters();
        try {
            RequestParser requestParser = parseRequest(request, context);
    
            providerParameters = createTokenProviderParameters(requestParser, context);
    
            // Check if the requested claims can be handled by the configured claim handlers
            RequestClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
            checkClaimsSupport(requestedClaims);
            requestedClaims = providerParameters.getRequestedSecondaryClaims();
            checkClaimsSupport(requestedClaims);
            providerParameters.setClaimsManager(claimsManager);
            
            String realm = providerParameters.getRealm();
    
            TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
            String tokenType = tokenRequirements.getTokenType();
    
            if (stsProperties.getSamlRealmCodec() != null) {
                SamlAssertionWrapper assertion = fetchSAMLAssertionFromWSSecuritySAMLToken(context);


                if (assertion != null) {
                    String wssecRealm = stsProperties.getSamlRealmCodec().getRealmFromToken(assertion);
                    SAMLTokenPrincipal samlPrincipal = new SAMLTokenPrincipalImpl(assertion);
                    if (LOG.isLoggable(Level.FINE)) {
                        LOG.fine("SAML token realm of user '" + samlPrincipal.getName() + "' is " + wssecRealm);
                    }


                    ReceivedToken wssecToken = new ReceivedToken(assertion.getElement());
                    wssecToken.setState(STATE.VALID);
                    TokenValidatorResponse tokenResponse = new TokenValidatorResponse();
                    tokenResponse.setPrincipal(samlPrincipal);
                    tokenResponse.setToken(wssecToken);
                    tokenResponse.setTokenRealm(wssecRealm);
                    tokenResponse.setAdditionalProperties(new HashMap<String, Object>());
                    processValidToken(providerParameters, wssecToken, tokenResponse);
                    providerParameters.setPrincipal(wssecToken.getPrincipal());
                }
            }
            
            // Validate OnBehalfOf token if present
            if (providerParameters.getTokenRequirements().getOnBehalfOf() != null) {
                ReceivedToken validateTarget = providerParameters.getTokenRequirements().getOnBehalfOf();
                TokenValidatorResponse tokenResponse = validateReceivedToken(
                        context, realm, tokenRequirements, validateTarget);
    
                if (tokenResponse == null) {
                    LOG.fine("No Token Validator has been found that can handle this token");
                } else if (validateTarget.getState().equals(STATE.INVALID)) {
                    throw new STSException("Incoming token is invalid", STSException.REQUEST_FAILED);
                } else if (validateTarget.getState().equals(STATE.VALID)) {
                    processValidToken(providerParameters, validateTarget, tokenResponse); 
                } else {
                    //[TODO] Add plugin for validation out-of-band
                    // Example:
                    // If the requestor is in the possession of a certificate (mutual ssl handshake)
                    // the STS trusts the token sent in OnBehalfOf element
                }
                
                Principal tokenPrincipal = null;
                Set<Principal> tokenRoles = null;
                
                if (tokenResponse != null) {
                    Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
                    if (additionalProperties != null) {
                        providerParameters.setAdditionalProperties(additionalProperties);
                    }
                    tokenPrincipal = tokenResponse.getPrincipal();
                    tokenRoles = tokenResponse.getRoles();
                }
                
                // See whether OnBehalfOf is allowed or not
                performDelegationHandling(requestParser, context,
                                    providerParameters.getTokenRequirements().getOnBehalfOf(),
                                    tokenPrincipal, tokenRoles);
            }
            
            // See whether ActAs is allowed or not
            // TODO Validate ActAs
            if (providerParameters.getTokenRequirements().getActAs() != null) {
                performDelegationHandling(requestParser, context,
                                    providerParameters.getTokenRequirements().getActAs(),
                                    null, null);
            }
    
            // create token
            TokenProviderResponse tokenResponse = null;
            for (TokenProvider tokenProvider : tokenProviders) {
                boolean canHandle = false;
                if (realm == null) {
                    canHandle = tokenProvider.canHandleToken(tokenType);
                } else {
                    canHandle = tokenProvider.canHandleToken(tokenType, realm);
                }
                if (canHandle) {
                    try {
                        tokenResponse = tokenProvider.createToken(providerParameters);
                    } catch (STSException ex) {
                        LOG.log(Level.WARNING, "", ex);
                        throw ex;
                    } catch (RuntimeException ex) {
                        LOG.log(Level.WARNING, "", ex);
                        throw new STSException("Error in providing a token", ex, STSException.REQUEST_FAILED);
                    }
                    break;
                }
            }
            if (tokenResponse == null || tokenResponse.getToken() == null) {
                LOG.log(Level.WARNING, "No token provider found for requested token type: " + tokenType);
                throw new STSException(
                        "No token provider found for requested token type: " + tokenType, 
                        STSException.REQUEST_FAILED
                );
            }
            // prepare response
            try {
                KeyRequirements keyRequirements = requestParser.getKeyRequirements();
                EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
                RequestSecurityTokenResponseType response = 
                    createResponse(
                            encryptionProperties, tokenResponse, tokenRequirements, keyRequirements, context
                    );

View Full Code Here

        if (stsProperties == null) {
            throw new STSException("No STSProperties object found");
        }
        stsProperties.configureProperties();
        
        RequestParser requestParser = new RequestParser();
        requestParser.parseRequest(request, context, stsProperties, claimsManager.getClaimParsers());
        
        return requestParser;
    }

View Full Code Here


    public RequestSecurityTokenResponseType issueSingle(
            RequestSecurityTokenType request,
            WebServiceContext context
    ) {
        RequestParser requestParser = parseRequest(request, context);


        TokenProviderParameters providerParameters = createTokenProviderParameters(requestParser, context);


        // Check if the requested claims can be handled by the configured claim handlers
        RequestClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
        checkClaimsSupport(requestedClaims);
        requestedClaims = providerParameters.getRequestedSecondaryClaims();
        checkClaimsSupport(requestedClaims);
        providerParameters.setClaimsManager(claimsManager);
        
        String realm = providerParameters.getRealm();


        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
        String tokenType = tokenRequirements.getTokenType();




        // Validate OnBehalfOf token if present
        if (providerParameters.getTokenRequirements().getOnBehalfOf() != null) {
            ReceivedToken validateTarget = providerParameters.getTokenRequirements().getOnBehalfOf();
            TokenValidatorResponse tokenResponse = validateReceivedToken(
                    context, realm, tokenRequirements, validateTarget);


            if (tokenResponse == null) {
                LOG.fine("No Token Validator has been found that can handle this token");
            } else if (validateTarget.getState().equals(STATE.INVALID)) {
                throw new STSException("Incoming token is invalid", STSException.REQUEST_FAILED);
            } else if (validateTarget.getState().equals(STATE.VALID)) {
                processValidToken(providerParameters, validateTarget, tokenResponse); 
            } else {
                //[TODO] Add plugin for validation out-of-band
                // Example:
                // If the requestor is in the possession of a certificate (mutual ssl handshake)
                // the STS trusts the token sent in OnBehalfOf element
            }
            if (tokenResponse != null) {
                Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
                if (additionalProperties != null) {
                    providerParameters.setAdditionalProperties(additionalProperties);
                }
            }
        }


        // create token
        TokenProviderResponse tokenResponse = null;
        for (TokenProvider tokenProvider : tokenProviders) {
            boolean canHandle = false;
            if (realm == null) {
                canHandle = tokenProvider.canHandleToken(tokenType);
            } else {
                canHandle = tokenProvider.canHandleToken(tokenType, realm);
            }
            if (canHandle) {
                try {
                    tokenResponse = tokenProvider.createToken(providerParameters);
                } catch (STSException ex) {
                    LOG.log(Level.WARNING, "", ex);
                    throw ex;
                } catch (RuntimeException ex) {
                    LOG.log(Level.WARNING, "", ex);
                    throw new STSException("Error in providing a token", ex, STSException.REQUEST_FAILED);
                }
                break;
            }
        }
        if (tokenResponse == null || tokenResponse.getToken() == null) {
            LOG.log(Level.WARNING, "No token provider found for requested token type: " + tokenType);
            throw new STSException(
                    "No token provider found for requested token type: " + tokenType, 
                    STSException.REQUEST_FAILED
            );
        }
        // prepare response
        try {
            KeyRequirements keyRequirements = requestParser.getKeyRequirements();
            EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
            RequestSecurityTokenResponseType response = 
                createResponse(
                        encryptionProperties, tokenResponse, tokenRequirements, keyRequirements, context
                );

View Full Code Here

        if (stsProperties == null) {
            throw new STSException("No STSProperties object found");
        }
        stsProperties.configureProperties();
        
        RequestParser requestParser = new RequestParser();
        requestParser.parseRequest(request, context, stsProperties, claimsManager.getClaimParsers());
        
        return requestParser;
    }

View Full Code Here

   
    public RequestSecurityTokenResponseType validate(
        RequestSecurityTokenType request, 
        WebServiceContext context
    ) {
        RequestParser requestParser = parseRequest(request, context);
        
        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
        
        ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
        if (validateTarget == null || validateTarget.getToken() == null) {
            throw new STSException("No element presented for validation", STSException.INVALID_REQUEST);
        }

View Full Code Here


    public RequestSecurityTokenResponseType issueSingle(
            RequestSecurityTokenType request,
            WebServiceContext context
    ) {
        RequestParser requestParser = parseRequest(request, context);


        TokenProviderParameters providerParameters = createTokenProviderParameters(requestParser, context);


        // Check if the requested claims can be handled by the configured claim handlers
        RequestClaimCollection requestedClaims = providerParameters.getRequestedClaims();
        checkClaimsSupport(requestedClaims);
        providerParameters.setClaimsManager(claimsManager);
        
        String realm = providerParameters.getRealm();


        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
        String tokenType = tokenRequirements.getTokenType();


        // Validate OnBehalfOf token if present
        if (providerParameters.getTokenRequirements().getOnBehalfOf() != null) {
            ReceivedToken validateTarget = providerParameters.getTokenRequirements().getOnBehalfOf();
            TokenValidatorResponse tokenResponse = validateReceivedToken(
                    context, realm, tokenRequirements, validateTarget);


            if (tokenResponse == null) {
                LOG.fine("No Token Validator has been found that can handle this token");
            } else if (validateTarget.getState().equals(STATE.INVALID)) {
                throw new STSException("Incoming token is invalid", STSException.REQUEST_FAILED);
            } else if (validateTarget.getState().equals(STATE.VALID)) {
                processValidToken(providerParameters, validateTarget, tokenResponse); 
            } else {
                //[TODO] Add plugin for validation out-of-band
                // Example:
                // If the requestor is in the possession of a certificate (mutual ssl handshake)
                // the STS trusts the token sent in OnBehalfOf element
            }


            if (tokenResponse != null) {
                Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
                if (additionalProperties != null) {
                    providerParameters.setAdditionalProperties(additionalProperties);
                }
            }
                
            // See whether OnBehalfOf is allowed or not
            performDelegationHandling(requestParser, context,
                                providerParameters.getTokenRequirements().getOnBehalfOf());
        }


        // See whether ActAs is allowed or not
        // TODO Validate ActAs
        if (providerParameters.getTokenRequirements().getActAs() != null) {
            performDelegationHandling(requestParser, context,
                                providerParameters.getTokenRequirements().getActAs());
        }




        // create token
        TokenProviderResponse tokenResponse = null;
        for (TokenProvider tokenProvider : tokenProviders) {
            boolean canHandle = false;
            if (realm == null) {
                canHandle = tokenProvider.canHandleToken(tokenType);
            } else {
                canHandle = tokenProvider.canHandleToken(tokenType, realm);
            }
            if (canHandle) {
                try {
                    tokenResponse = tokenProvider.createToken(providerParameters);
                } catch (STSException ex) {
                    LOG.log(Level.WARNING, "", ex);
                    throw ex;
                } catch (RuntimeException ex) {
                    LOG.log(Level.WARNING, "", ex);
                    throw new STSException("Error in providing a token", ex, STSException.REQUEST_FAILED);
                }
                break;
            }
        }
        if (tokenResponse == null || tokenResponse.getToken() == null) {
            LOG.log(Level.WARNING, "No token provider found for requested token type: " + tokenType);
            throw new STSException(
                    "No token provider found for requested token type: " + tokenType, 
                    STSException.REQUEST_FAILED
            );
        }
        // prepare response
        try {
            KeyRequirements keyRequirements = requestParser.getKeyRequirements();
            EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
            RequestSecurityTokenResponseType response = 
                createResponse(
                        encryptionProperties, tokenResponse, tokenRequirements, keyRequirements, context
                );

View Full Code Here

    }


    public RequestSecurityTokenResponseType renew(
        RequestSecurityTokenType request, WebServiceContext context
    ) {
        RequestParser requestParser = parseRequest(request, context);


        KeyRequirements keyRequirements = requestParser.getKeyRequirements();
        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
        
        ReceivedToken renewTarget = tokenRequirements.getRenewTarget();
        if (renewTarget == null || renewTarget.getToken() == null) {
            throw new STSException("No element presented for renewal", STSException.INVALID_REQUEST);
        }

View Full Code Here

   
    public RequestSecurityTokenResponseType validate(
        RequestSecurityTokenType request, 
        WebServiceContext context
    ) {
        RequestParser requestParser = parseRequest(request, context);
        
        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
        
        ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
        if (validateTarget == null || validateTarget.getToken() == null) {
            throw new STSException("No element presented for validation", STSException.INVALID_REQUEST);
        }

View Full Code Here

0 1 2 3 4 5

TOP

Related Classes of org.apache.cxf.sts.request.RequestParser

org.apache.cxf.rt.security.claims.Claim

org.apache.cxf.rt.security.claims.ClaimCollection

org.apache.cxf.sts.claims.RequestClaim

org.apache.cxf.sts.claims.RequestClaimCollection

org.apache.cxf.sts.operation.AbstractOperation

org.apache.cxf.sts.operation.TokenCancelOperation

org.apache.cxf.sts.operation.TokenIssueOperation

org.apache.cxf.sts.operation.TokenRenewOperation

org.apache.cxf.sts.operation.TokenValidateOperation

org.apache.cxf.ws.security.sts.provider.model.BinarySecretType

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.