Examples of STSException

org.apache.cxf.ws.security.sts.provider.STSException
A RuntimeException that can be thrown by an STS implementation. If the FaultCode is set, then this code/String will be returned to the user, otherwise the Exception message is returned.

Examples of org.apache.cxf.ws.security.sts.provider.STSException

            //validatorParameters.setKeyRequirements(keyRequirements);
            validatorParameters.setTokenRequirements(tokenRequirements);
            
            ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
            if (validateTarget == null || validateTarget.getToken() == null) {
                throw new STSException("No element presented for validation", STSException.INVALID_REQUEST);
            }
            validatorParameters.setToken(validateTarget);
            
            if (tokenRequirements.getTokenType() == null) {
                tokenRequirements.setTokenType(STSConstants.STATUS);
                LOG.fine(
                    "Received TokenType is null, falling back to default token type: " 
                    + STSConstants.STATUS
                );
            }
            
            // Get the realm of the request
            String realm = null;
            if (stsProperties.getRealmParser() != null) {
                RealmParser realmParser = stsProperties.getRealmParser();
                realm = realmParser.parseRealm(context);
            }
            validatorParameters.setRealm(realm);
            
            TokenValidatorResponse tokenResponse = validateReceivedToken(
                    context, realm, tokenRequirements, validateTarget);
            
            if (tokenResponse == null) {
                LOG.fine("No Token Validator has been found that can handle this token");
                tokenResponse = new TokenValidatorResponse();
                validateTarget.setState(STATE.INVALID);
                tokenResponse.setToken(validateTarget);
            }
            
            //
            // Create a new token (if requested)
            //
            TokenProviderResponse tokenProviderResponse = null;
            String tokenType = tokenRequirements.getTokenType();
            if (tokenResponse.getToken().getState() == STATE.VALID 
                && !STSConstants.STATUS.equals(tokenType)) {
                TokenProviderParameters providerParameters = 
                     createTokenProviderParameters(requestParser, context);
                
                processValidToken(providerParameters, validateTarget, tokenResponse);
                
                // Check if the requested claims can be handled by the configured claim handlers
                RequestClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
                checkClaimsSupport(requestedClaims);
                requestedClaims = providerParameters.getRequestedSecondaryClaims();
                checkClaimsSupport(requestedClaims);
                providerParameters.setClaimsManager(claimsManager);
                
                Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
                if (additionalProperties != null) {
                    providerParameters.setAdditionalProperties(additionalProperties);
                }
                realm = providerParameters.getRealm();
                for (TokenProvider tokenProvider : tokenProviders) {
                    boolean canHandle = false;
                    if (realm == null) {
                        canHandle = tokenProvider.canHandleToken(tokenType);
                    } else {
                        canHandle = tokenProvider.canHandleToken(tokenType, realm);
                    }
                    if (canHandle) {
                        try {
                            tokenProviderResponse = tokenProvider.createToken(providerParameters);
                        } catch (STSException ex) {
                            LOG.log(Level.WARNING, "", ex);
                            throw ex;
                        } catch (RuntimeException ex) {
                            LOG.log(Level.WARNING, "", ex);
                            throw new STSException(
                                "Error in providing a token", ex, STSException.REQUEST_FAILED
                            );
                        }
                        break;
                    }
                }
                if (tokenProviderResponse == null || tokenProviderResponse.getToken() == null) {
                    LOG.fine("No Token Provider has been found that can handle this token");
                    throw new STSException(
                        "No token provider found for requested token type: " + tokenType, 
                        STSException.REQUEST_FAILED
                    );
                }
            }
            
            // prepare response
            try {
                RequestSecurityTokenResponseType response =
                    createResponse(tokenResponse, tokenProviderResponse, tokenRequirements);
                STSValidateSuccessEvent event = new STSValidateSuccessEvent(validatorParameters,
                        System.currentTimeMillis() - start);
                publishEvent(event);
                return response;
            } catch (Throwable ex) {
                LOG.log(Level.WARNING, "", ex);
                throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED);
            }
            
        } catch (RuntimeException ex) {
            STSValidateFailureEvent event = new STSValidateFailureEvent(validatorParameters,
                                                              System.currentTimeMillis() - start, ex);

View Full Code Here

Examples of org.apache.cxf.ws.security.sts.provider.STSException

            cancellerParameters.setKeyRequirements(keyRequirements);
            cancellerParameters.setTokenRequirements(tokenRequirements);  
            
            ReceivedToken cancelTarget = tokenRequirements.getCancelTarget();
            if (cancelTarget == null || cancelTarget.getToken() == null) {
                throw new STSException("No element presented for cancellation", STSException.INVALID_REQUEST);
            }
            cancellerParameters.setToken(cancelTarget);
            
            if (tokenRequirements.getTokenType() == null) {
                tokenRequirements.setTokenType(STSConstants.STATUS);
                LOG.fine(
                    "Received TokenType is null, falling back to default token type: " + STSConstants.STATUS
                );
            }
            
            //
            // Cancel token
            //
            TokenCancellerResponse tokenResponse = null;
            for (TokenCanceller tokenCanceller : tokencancellers) {
                if (tokenCanceller.canHandleToken(cancelTarget)) {
                    try {
                        tokenResponse = tokenCanceller.cancelToken(cancellerParameters);
                    } catch (RuntimeException ex) {
                        LOG.log(Level.WARNING, "", ex);
                        throw new STSException(
                            "Error while cancelling a token", ex, STSException.REQUEST_FAILED
                        );
                    }
                    break;
                }
            }
            if (tokenResponse == null || tokenResponse.getToken() == null) {
                LOG.fine("No Token Canceller has been found that can handle this token");
                throw new STSException(
                    "No token canceller found for requested token type: " 
                    + tokenRequirements.getTokenType(), 
                    STSException.REQUEST_FAILED
                );
            }
            
            if (tokenResponse.getToken().getState() != STATE.CANCELLED) {
                LOG.log(Level.WARNING, "Token cancellation failed.");
                throw new STSException("Token cancellation failed.");
            }
            
            // prepare response
            try {
                RequestSecurityTokenResponseType response = createResponse(tokenRequirements);
                STSCancelSuccessEvent event = new STSCancelSuccessEvent(cancellerParameters,
                        System.currentTimeMillis() - start);
                publishEvent(event);
                return response;
            } catch (Throwable ex) {
                LOG.log(Level.WARNING, "", ex);
                throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED);
            }
        
        } catch (RuntimeException ex) {
            STSCancelFailureEvent event = new STSCancelFailureEvent(cancellerParameters,
                                                              System.currentTimeMillis() - start, ex);

View Full Code Here

Examples of org.apache.cxf.ws.security.sts.provider.STSException

                        context, realm, tokenRequirements, validateTarget);
    
                if (tokenResponse == null) {
                    LOG.fine("No Token Validator has been found that can handle this token");
                } else if (validateTarget.getState().equals(STATE.INVALID)) {
                    throw new STSException("Incoming token is invalid", STSException.REQUEST_FAILED);
                } else if (validateTarget.getState().equals(STATE.VALID)) {
                    processValidToken(providerParameters, validateTarget, tokenResponse); 
                } else {
                    //[TODO] Add plugin for validation out-of-band
                    // Example:
                    // If the requestor is in the possession of a certificate (mutual ssl handshake)
                    // the STS trusts the token sent in OnBehalfOf element
                }
                
                Principal tokenPrincipal = null;
                Set<Principal> tokenRoles = null;
                
                if (tokenResponse != null) {
                    Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
                    if (additionalProperties != null) {
                        providerParameters.setAdditionalProperties(additionalProperties);
                    }
                    tokenPrincipal = tokenResponse.getPrincipal();
                    tokenRoles = tokenResponse.getRoles();
                }
                
                // See whether OnBehalfOf is allowed or not
                performDelegationHandling(requestParser, context,
                                    providerParameters.getTokenRequirements().getOnBehalfOf(),
                                    tokenPrincipal, tokenRoles);
            }
            
            // See whether ActAs is allowed or not
            // TODO Validate ActAs
            if (providerParameters.getTokenRequirements().getActAs() != null) {
                performDelegationHandling(requestParser, context,
                                    providerParameters.getTokenRequirements().getActAs(),
                                    null, null);
            }
    
            // create token
            TokenProviderResponse tokenResponse = null;
            for (TokenProvider tokenProvider : tokenProviders) {
                boolean canHandle = false;
                if (realm == null) {
                    canHandle = tokenProvider.canHandleToken(tokenType);
                } else {
                    canHandle = tokenProvider.canHandleToken(tokenType, realm);
                }
                if (canHandle) {
                    try {
                        tokenResponse = tokenProvider.createToken(providerParameters);
                    } catch (STSException ex) {
                        LOG.log(Level.WARNING, "", ex);
                        throw ex;
                    } catch (RuntimeException ex) {
                        LOG.log(Level.WARNING, "", ex);
                        throw new STSException("Error in providing a token", ex, STSException.REQUEST_FAILED);
                    }
                    break;
                }
            }
            if (tokenResponse == null || tokenResponse.getToken() == null) {
                LOG.log(Level.WARNING, "No token provider found for requested token type: " + tokenType);
                throw new STSException(
                        "No token provider found for requested token type: " + tokenType, 
                        STSException.REQUEST_FAILED
                );
            }
            // prepare response
            try {
                KeyRequirements keyRequirements = requestParser.getKeyRequirements();
                EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
                RequestSecurityTokenResponseType response = 
                    createResponse(
                            encryptionProperties, tokenResponse, tokenRequirements, keyRequirements, context
                    );
                STSIssueSuccessEvent event = new STSIssueSuccessEvent(providerParameters,
                        System.currentTimeMillis() - start);
                publishEvent(event);
                return response;
            } catch (Throwable ex) {
                LOG.log(Level.WARNING, "", ex);
                throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED);
            }
        
        } catch (RuntimeException ex) {
            STSIssueFailureEvent event = new STSIssueFailureEvent(providerParameters,
                                                              System.currentTimeMillis() - start, ex);

View Full Code Here

Examples of org.apache.cxf.ws.security.sts.provider.STSException

                if (!parameterBean.getAttributeValues().isEmpty()) {
                    attributeList.add(parameterBean);
                }
            }
        } catch (WSSecurityException ex) {
            throw new STSException(ex.getMessage(), ex);
        }
        
        attrBean.setSamlAttributes(attributeList);
        
        return attrBean;

View Full Code Here

Examples of org.apache.cxf.ws.security.sts.provider.STSException

            principal = providerParameters.getPrincipal();
        }
        
        if (principal == null) {
            LOG.fine("Error in getting principal");
            throw new STSException("Error in getting principal", STSException.REQUEST_FAILED);
        }
        
        SubjectBean subjectBean = 
            new SubjectBean(principal.getName(), subjectNameQualifier, confirmationMethod);
        LOG.fine("Creating new subject with principal name: " + principal.getName());
        if (subjectNameIDFormat != null && subjectNameIDFormat.length() > 0) {
            subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);
        }
        
        if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)) {
            Crypto crypto = stsProperties.getEncryptionCrypto();
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
            EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
            String encryptionName = encryptionProperties.getEncryptionName();
            if (encryptionName == null) {
                // Fall back on the STS encryption name
                encryptionName = stsProperties.getEncryptionUsername();
            }
            if (encryptionName == null) {
                LOG.fine("No encryption Name is configured for Symmetric KeyType");
                throw new STSException("No Encryption Name is configured", STSException.REQUEST_FAILED);
            }
            cryptoType.setAlias(encryptionName);
            try {
                X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
                if (certs == null || certs.length <= 0) {
                    new STSException("Encryption certificate is not found for alias: " + encryptionName,
                                     STSException.REQUEST_FAILED);
                }
                KeyInfoBean keyInfo = 
                    createKeyInfo(certs[0], secret, doc, encryptionProperties, crypto);
                subjectBean.setKeyInfo(keyInfo);
            } catch (WSSecurityException ex) {
                LOG.log(Level.WARNING, "", ex);
                throw new STSException(ex.getMessage(), ex);
            }
        } else if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
            ReceivedKey receivedKey = keyRequirements.getReceivedKey();
            
            // Validate UseKey trust
            if (stsProperties.isValidateUseKey() && stsProperties.getSignatureCrypto() != null) {
                if (receivedKey.getX509Cert() != null) {
                    try {
                        if (!stsProperties.getSignatureCrypto().verifyTrust(
                            new X509Certificate[]{receivedKey.getX509Cert()}, false)) {
                            LOG.log(Level.FINE, "Error in trust validation of UseKey");
                            throw new STSException("Error in trust validation of UseKey", STSException.REQUEST_FAILED);
                        }
                    } catch (WSSecurityException e) {
                        LOG.log(Level.FINE, "Error in trust validation of UseKey: ", e);
                        throw new STSException("Error in trust validation of UseKey", STSException.REQUEST_FAILED);
                    }
                }
                if (receivedKey.getPublicKey() != null) {
                    try {
                        if (!stsProperties.getSignatureCrypto().verifyTrust(receivedKey.getPublicKey())) {
                            LOG.log(Level.FINE, "Error in trust validation of UseKey");
                            throw new STSException("Error in trust validation of UseKey", STSException.REQUEST_FAILED);
                        }
                    } catch (WSSecurityException e) {
                        LOG.log(Level.FINE, "Error in trust validation of UseKey: ", e);
                        throw new STSException("Error in trust validation of UseKey", STSException.REQUEST_FAILED);
                    }
                }
            }
            
            KeyInfoBean keyInfo = createKeyInfo(receivedKey.getX509Cert(), receivedKey.getPublicKey());

View Full Code Here

Examples of org.apache.cxf.ws.security.sts.provider.STSException

                                    handlerRealmSupport.getHandlerRealm());
                        } catch (Exception ex) {
                            LOG.log(Level.WARNING, "Failed to map user '" + parameters.getPrincipal().getName()
                                    + "' [" + parameters.getRealm() + "] to realm '"
                                    + handlerRealmSupport.getHandlerRealm() + "'", ex);
                            throw new STSException("Failed to map user for claims handler",
                                    STSException.REQUEST_FAILED);
                        }
                        
                        if (targetPrincipal == null) {
                            LOG.log(Level.WARNING, "Null. Failed to map user '" + parameters.getPrincipal().getName()
                                    + "' [" + parameters.getRealm() + "] to realm '"
                                    + handlerRealmSupport.getHandlerRealm() + "'");
                            throw new STSException("Failed to map user for claims handler",
                                    STSException.REQUEST_FAILED);
                        }
                        if (LOG.isLoggable(Level.INFO)) {
                            LOG.info("Principal '" + targetPrincipal.getName()
                                    + "' passed to handler '" + handler.getClass().getName() + "'");
                        }
                        parameters.setPrincipal(targetPrincipal);
                    } else {
                        if (LOG.isLoggable(Level.FINER)) {
                            LOG.finer("Handler '" + handler.getClass().getName() + "' doesn't require"
                                    + " identity mapping '" + parameters.getRealm()  + "'");
                        }
                        
                    }
                }
                
                ClaimCollection claimCollection = null;
                try {
                    claimCollection = handler.retrieveClaimValues(supportedClaims, parameters);
                } catch (RuntimeException ex) {
                    LOG.log(Level.INFO, "Failed retrieving claims from ClaimsHandler "
                            + handler.getClass().getName(), ex);
                    if (this.isStopProcessingOnException()) {
                        throw ex;
                    }
                } finally {
                    // set original principal again, otherwise wrong principal passed to next claim handler in the list
                    // if no mapping required or wrong source principal used for next identity mapping
                    parameters.setPrincipal(originalPrincipal);
                }
                
                if (claimCollection != null && claimCollection.size() != 0) {
                    returnCollection.addAll(claimCollection);
                }
            }
            validateClaimValues(claims, returnCollection);
            return returnCollection;
            
        } else {
            // Federate claims
            ClaimsMapper claimsMapper = relationship.getClaimsMapper();
            if (claimsMapper == null) {
                LOG.log(Level.SEVERE, "ClaimsMapper required to federate claims but not configured.");
                throw new STSException("ClaimsMapper required to federate claims but not configured",
                                       STSException.BAD_REQUEST);
            }
            
            // Get the claims of the received token (only SAML supported)
            // Consider refactoring to use a CallbackHandler and keep ClaimsManager token independent

View Full Code Here

Examples of org.apache.cxf.ws.security.sts.provider.STSException

                        break;
                    }
                }
                if (!found) {
                    LOG.warning("Mandatory claim not found: " + claim.getClaimType());
                    throw new STSException("Mandatory claim '" + claim.getClaimType() + "' not found");
                }
            }
        }
        return true;

View Full Code Here

Examples of org.apache.cxf.ws.security.sts.provider.STSException

                // Fall back on the STS encryption name
                encryptionName = stsProperties.getEncryptionUsername();
            }
            if (encryptionName == null) {
                LOG.fine("No encryption Name is configured for Symmetric KeyType");
                throw new STSException("No Encryption Name is configured", STSException.REQUEST_FAILED);
            }
            cryptoType.setAlias(encryptionName);
            try {
                X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
                if (certs == null || certs.length <= 0) {
                    new STSException("Encryption certificate is not found for alias: " + encryptionName,
                                     STSException.REQUEST_FAILED);
                }
                KeyInfoBean keyInfo = 
                    createKeyInfo(certs[0], secret, doc, encryptionProperties, crypto);
                subjectBean.setKeyInfo(keyInfo);
            } catch (WSSecurityException ex) {
                LOG.log(Level.WARNING, "", ex);
                throw new STSException(ex.getMessage(), ex);
            }
        } else if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
            KeyInfoBean keyInfo = createKeyInfo(keyRequirements.getCertificate());
            subjectBean.setKeyInfo(keyInfo);
        }

View Full Code Here

Examples of org.apache.cxf.ws.security.sts.provider.STSException

            response.setComputedKey(computedKey);
            
            return response;
        } catch (Exception e) {
            LOG.log(Level.WARNING, "", e);
            throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
        }
    }

View Full Code Here

Examples of org.apache.cxf.ws.security.sts.provider.STSException


        String keyType = keyRequirements.getKeyType();
        if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
            if (keyRequirements.getCertificate() == null) {
                LOG.log(Level.WARNING, "A PublicKey Keytype is requested, but no certificate is provided");
                throw new STSException(
                    "No client certificate for PublicKey KeyType", STSException.INVALID_REQUEST
                );
            }
        } else if (!STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)
            && !STSConstants.BEARER_KEY_KEYTYPE.equals(keyType) && keyType != null) {
            LOG.log(Level.WARNING, "An unknown KeyType was requested: " + keyType);
            throw new STSException("Unknown KeyType", STSException.INVALID_REQUEST);
        }
        
    }

View Full Code Here

0 1 2 3 4 5

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.