Examples of TokenProviderParameters

org.apache.cxf.sts.token.provider.TokenProviderParameters
This class encapsulates the parameters that will be passed to a TokenProvider instance to create a token. It consists of both parameters that have been extracted from the request, as well as configuration specific to the STS itself.

Examples of org.apache.cxf.sts.token.provider.TokenProviderParameters

    }


    private TokenRenewerParameters createTokenRenewerParameters(
        RequestParser requestParser, WebServiceContext context
    ) {
        TokenProviderParameters providerParameters = 
            createTokenProviderParameters(requestParser, context);
        
        TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
        renewerParameters.setAppliesToAddress(providerParameters.getAppliesToAddress());
        renewerParameters.setEncryptionProperties(providerParameters.getEncryptionProperties());
        renewerParameters.setKeyRequirements(providerParameters.getKeyRequirements());
        renewerParameters.setPrincipal(providerParameters.getPrincipal());
        renewerParameters.setStsProperties(providerParameters.getStsProperties());
        renewerParameters.setTokenRequirements(providerParameters.getTokenRequirements());
        renewerParameters.setTokenStore(providerParameters.getTokenStore());
        renewerParameters.setWebServiceContext(providerParameters.getWebServiceContext());
        
        return renewerParameters;
    }

View Full Code Here

Examples of org.apache.cxf.sts.token.provider.TokenProviderParameters

            AbstractSTSEvent baseEvent = (AbstractSTSEvent)event;
            map.put(KEYS.TIME.name(), this.dateFormat.format(new Date(baseEvent.getTimestamp())));
            map.put(KEYS.OPERATION.name(), baseEvent.getOperation());
            map.put(KEYS.DURATION.name(), String.valueOf(baseEvent.getDuration()) + "ms");
            
            TokenProviderParameters params = event.getTokenParameters();
            try {
                HttpServletRequest req = (HttpServletRequest)params.getWebServiceContext().
                    getMessageContext().get(AbstractHTTPDestination.HTTP_REQUEST);
                map.put(KEYS.REMOTE_HOST.name(), req.getRemoteHost());
                map.put(KEYS.REMOTE_PORT.name(), String.valueOf(req.getRemotePort()));
                map.put(KEYS.URL.name(), (String)params.getWebServiceContext().
                        getMessageContext().get("org.apache.cxf.request.url"));
            } catch (NullPointerException ex) {
                map.put(KEYS.REMOTE_HOST.name(), "N.A.");
                map.put(KEYS.REMOTE_PORT.name(), "N.A.");
                map.put(KEYS.URL.name(), "N.A.");
            }
            
            try {
                map.put(KEYS.TOKENTYPE.name(), params.getTokenRequirements().getTokenType());
            } catch (NullPointerException ex) {
                map.put(KEYS.TOKENTYPE.name(), "N.A.");
            }
            
            try {
                if (params.getTokenRequirements().getOnBehalfOf() != null) {
                    map.put(KEYS.ONBEHALFOF_PRINCIPAL.name(),
                            params.getTokenRequirements().getOnBehalfOf().getPrincipal().getName());
                }
                if (params.getTokenRequirements().getActAs() != null) {
                    map.put(KEYS.ACTAS_PRINCIPAL.name(),
                            params.getTokenRequirements().getActAs().getPrincipal().getName());
                }
                if (params.getPrincipal() != null) {
                    map.put(KEYS.WS_SEC_PRINCIPAL.name(), params.getPrincipal().getName());
                }
            } catch (NullPointerException ex) {
                //Principal could be null
            }
            map.put(KEYS.REALM.name(), params.getRealm());
            map.put(KEYS.APPLIESTO.name(), params.getAppliesToAddress());
            
            if (params.getRequestedPrimaryClaims() != null
                    && fieldOrder.indexOf(KEYS.CLAIMS_PRIMARY.name()) != -1) {
                List<String> claims = new ArrayList<String>();
                for (RequestClaim claim : params.getRequestedPrimaryClaims()) {
                    claims.add(claim.getClaimType().toString());
                }
                map.put(KEYS.CLAIMS_PRIMARY.name(), claims.toString());
            }
            if (params.getRequestedSecondaryClaims() != null
                    && fieldOrder.indexOf(KEYS.CLAIMS_SECONDARY.name()) != -1) {
                List<String> claims = new ArrayList<String>();
                for (RequestClaim claim : params.getRequestedSecondaryClaims()) {
                    claims.add(claim.getClaimType().toString());
                }
                map.put(KEYS.CLAIMS_SECONDARY.name(), claims.toString());
            }
            if (event instanceof AbstractSTSFailureEvent) {

View Full Code Here

Examples of org.apache.cxf.sts.token.provider.TokenProviderParameters

            //
            TokenProviderResponse tokenProviderResponse = null;
            String tokenType = tokenRequirements.getTokenType();
            if (tokenResponse.getToken().getState() == STATE.VALID 
                && !STSConstants.STATUS.equals(tokenType)) {
                TokenProviderParameters providerParameters = 
                     createTokenProviderParameters(requestParser, context);
                
                processValidToken(providerParameters, validateTarget, tokenResponse);
                
                // Check if the requested claims can be handled by the configured claim handlers
                RequestClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
                checkClaimsSupport(requestedClaims);
                requestedClaims = providerParameters.getRequestedSecondaryClaims();
                checkClaimsSupport(requestedClaims);
                providerParameters.setClaimsManager(claimsManager);
                
                Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
                if (additionalProperties != null) {
                    providerParameters.setAdditionalProperties(additionalProperties);
                }
                realm = providerParameters.getRealm();
                for (TokenProvider tokenProvider : tokenProviders) {
                    boolean canHandle = false;
                    if (realm == null) {
                        canHandle = tokenProvider.canHandleToken(tokenType);
                    } else {

View Full Code Here

Examples of org.apache.cxf.sts.token.provider.TokenProviderParameters

            Map<String, SAMLRealm> realms, String user, String issuer
    ) throws WSSecurityException {
        SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
        samlTokenProvider.setRealmMap(realms);


        TokenProviderParameters providerParameters = 
            createProviderParameters(
                    tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername,
                    callbackHandler, user, issuer
            );
        if (realms != null) {
            providerParameters.setRealm("A");
        }
        TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
        assertTrue(providerResponse != null);
        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

View Full Code Here

Examples of org.apache.cxf.sts.token.provider.TokenProviderParameters

    private TokenProviderParameters createProviderParameters(
            String tokenType, String keyType, Crypto crypto, 
            String signatureUsername, CallbackHandler callbackHandler,
            String username, String issuer
    ) throws WSSecurityException {
        TokenProviderParameters parameters = new TokenProviderParameters();


        TokenRequirements tokenRequirements = new TokenRequirements();
        tokenRequirements.setTokenType(tokenType);
        parameters.setTokenRequirements(tokenRequirements);


        KeyRequirements keyRequirements = new KeyRequirements();
        keyRequirements.setKeyType(keyType);
        parameters.setKeyRequirements(keyRequirements);


        parameters.setPrincipal(new CustomTokenPrincipal(username));
        // Mock up message context
        MessageImpl msg = new MessageImpl();
        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
        parameters.setWebServiceContext(webServiceContext);


        parameters.setAppliesToAddress("http://dummy-service.com/dummy");


        // Add STSProperties object
        StaticSTSProperties stsProperties = new StaticSTSProperties();
        stsProperties.setSignatureCrypto(crypto);
        stsProperties.setSignatureUsername(signatureUsername);
        stsProperties.setCallbackHandler(callbackHandler);
        stsProperties.setIssuer(issuer);
        parameters.setStsProperties(stsProperties);


        parameters.setEncryptionProperties(new EncryptionProperties());


        return parameters;
    }

View Full Code Here

Examples of org.apache.cxf.sts.token.provider.TokenProviderParameters

    public RequestSecurityTokenResponseType issueSingle(
            RequestSecurityTokenType request,
            WebServiceContext context
    ) {
        long start = System.currentTimeMillis();
        TokenProviderParameters providerParameters = new TokenProviderParameters();
        try {
            RequestParser requestParser = parseRequest(request, context);
    
            providerParameters = createTokenProviderParameters(requestParser, context);
    
            // Check if the requested claims can be handled by the configured claim handlers
            RequestClaimCollection requestedClaims = providerParameters.getRequestedPrimaryClaims();
            checkClaimsSupport(requestedClaims);
            requestedClaims = providerParameters.getRequestedSecondaryClaims();
            checkClaimsSupport(requestedClaims);
            providerParameters.setClaimsManager(claimsManager);
            
            String realm = providerParameters.getRealm();
    
            TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
            String tokenType = tokenRequirements.getTokenType();
            
            
            if (stsProperties.getSamlRealmCodec() != null) {
                AssertionWrapper assertion = fetchSAMLAssertionFromWSSecuritySAMLToken(context);
                
                if (assertion != null) {
                    String wssecRealm = stsProperties.getSamlRealmCodec().getRealmFromToken(assertion);
                    SAMLTokenPrincipal samlPrincipal = new SAMLTokenPrincipal(assertion);
                    if (LOG.isLoggable(Level.FINE)) {
                        LOG.fine("SAML token realm of user '" + samlPrincipal.getName() + "' is " + wssecRealm);
                    }
                    
                    ReceivedToken wssecToken = new ReceivedToken(assertion.getElement());
                    wssecToken.setState(STATE.VALID);
                    TokenValidatorResponse tokenResponse = new TokenValidatorResponse();
                    tokenResponse.setPrincipal(samlPrincipal);
                    tokenResponse.setToken(wssecToken);
                    tokenResponse.setTokenRealm(wssecRealm);
                    tokenResponse.setAdditionalProperties(new HashMap<String, Object>());
                    processValidToken(providerParameters, wssecToken, tokenResponse);
                    providerParameters.setPrincipal(wssecToken.getPrincipal());
                }
            }
    
    
            // Validate OnBehalfOf token if present
            if (providerParameters.getTokenRequirements().getOnBehalfOf() != null) {
                ReceivedToken validateTarget = providerParameters.getTokenRequirements().getOnBehalfOf();
                TokenValidatorResponse tokenResponse = validateReceivedToken(
                        context, realm, tokenRequirements, validateTarget);
    
                if (tokenResponse == null) {
                    LOG.fine("No Token Validator has been found that can handle this token");
                } else if (validateTarget.getState().equals(STATE.INVALID)) {
                    throw new STSException("Incoming token is invalid", STSException.REQUEST_FAILED);
                } else if (validateTarget.getState().equals(STATE.VALID)) {
                    processValidToken(providerParameters, validateTarget, tokenResponse); 
                } else {
                    //[TODO] Add plugin for validation out-of-band
                    // Example:
                    // If the requestor is in the possession of a certificate (mutual ssl handshake)
                    // the STS trusts the token sent in OnBehalfOf element
                }
                if (tokenResponse != null) {
                    Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
                    if (additionalProperties != null) {
                        providerParameters.setAdditionalProperties(additionalProperties);
                    }
                }
            }
    
            // create token
            TokenProviderResponse tokenResponse = null;
            for (TokenProvider tokenProvider : tokenProviders) {
                boolean canHandle = false;
                if (realm == null) {
                    canHandle = tokenProvider.canHandleToken(tokenType);
                } else {
                    canHandle = tokenProvider.canHandleToken(tokenType, realm);
                }
                if (canHandle) {
                    try {
                        tokenResponse = tokenProvider.createToken(providerParameters);
                    } catch (STSException ex) {
                        LOG.log(Level.WARNING, "", ex);
                        throw ex;
                    } catch (RuntimeException ex) {
                        LOG.log(Level.WARNING, "", ex);
                        throw new STSException("Error in providing a token", ex, STSException.REQUEST_FAILED);
                    }
                    break;
                }
            }
            if (tokenResponse == null || tokenResponse.getToken() == null) {
                LOG.log(Level.WARNING, "No token provider found for requested token type: " + tokenType);
                throw new STSException(
                        "No token provider found for requested token type: " + tokenType, 
                        STSException.REQUEST_FAILED
                );
            }
            // prepare response
            try {
                KeyRequirements keyRequirements = requestParser.getKeyRequirements();
                EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
                RequestSecurityTokenResponseType response = 
                    createResponse(
                            encryptionProperties, tokenResponse, tokenRequirements, keyRequirements, context
                    );
                STSIssueSuccessEvent event = new STSIssueSuccessEvent(providerParameters,

View Full Code Here

Examples of org.apache.cxf.sts.token.provider.TokenProviderParameters

     * Create a TokenProviderParameters object given a RequestParser and WebServiceContext object
     */
    protected TokenProviderParameters createTokenProviderParameters(
        RequestParser requestParser, WebServiceContext context
    ) {
        TokenProviderParameters providerParameters = new TokenProviderParameters();
        providerParameters.setStsProperties(stsProperties);
        providerParameters.setPrincipal(context.getUserPrincipal());
        providerParameters.setWebServiceContext(context);
        providerParameters.setTokenStore(getTokenStore());
        
        KeyRequirements keyRequirements = requestParser.getKeyRequirements();
        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
        providerParameters.setKeyRequirements(keyRequirements);
        providerParameters.setTokenRequirements(tokenRequirements);
        
        // Extract AppliesTo
        String address = extractAddressFromAppliesTo(tokenRequirements.getAppliesTo());
        LOG.fine("The AppliesTo address that has been received is: " + address);
        providerParameters.setAppliesToAddress(address);
        
        // Get the realm of the request
        if (stsProperties.getRealmParser() != null) {
            RealmParser realmParser = stsProperties.getRealmParser();
            String realm = realmParser.parseRealm(context);
            providerParameters.setRealm(realm);
        }
        
        // Set the requested Claims
        RequestClaimCollection claims = tokenRequirements.getPrimaryClaims();
        providerParameters.setRequestedPrimaryClaims(claims);
        claims = tokenRequirements.getSecondaryClaims();
        providerParameters.setRequestedSecondaryClaims(claims);
        
        EncryptionProperties encryptionProperties = stsProperties.getEncryptionProperties();
        if (address != null) {
            boolean foundService = false;
            // Get the stored Service object corresponding to the Service endpoint
            if (services != null) {
                for (ServiceMBean service : services) {
                    if (service.isAddressInEndpoints(address)) {
                        EncryptionProperties svcEncryptionProperties = 
                            service.getEncryptionProperties();
                        if (svcEncryptionProperties != null) {
                            encryptionProperties = svcEncryptionProperties;
                        }
                        if (tokenRequirements.getTokenType() == null) {
                            String tokenType = service.getTokenType();
                            tokenRequirements.setTokenType(tokenType);
                            LOG.fine("Using default token type of: " + tokenType);
                        }
                        if (keyRequirements.getKeyType() == null) {
                            String keyType = service.getKeyType();
                            keyRequirements.setKeyType(keyType);
                            LOG.fine("Using default key type of: " + keyType);
                        }
                        foundService = true;
                        break;
                    }
                }
            }
            if (!foundService) {
                LOG.log(Level.WARNING, "The Service cannot match the received AppliesTo address");
                throw new STSException(
                    "No service corresponding to " + address + " is known", STSException.REQUEST_FAILED
                );
            }
        }
        
        providerParameters.setEncryptionProperties(encryptionProperties);
        
        return providerParameters;
    }

View Full Code Here

Examples of org.apache.cxf.sts.token.provider.TokenProviderParameters

            RequestSecurityTokenType request,
            WebServiceContext context
    ) {
        RequestParser requestParser = parseRequest(request, context);


        TokenProviderParameters providerParameters = createTokenProviderParameters(requestParser, context);


        // Check if the requested claims can be handled by the configured claim handlers
        RequestClaimCollection requestedClaims = providerParameters.getRequestedClaims();
        checkClaimsSupport(requestedClaims);
        providerParameters.setClaimsManager(claimsManager);
        
        String realm = providerParameters.getRealm();


        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
        String tokenType = tokenRequirements.getTokenType();




        // Validate OnBehalfOf token if present
        if (providerParameters.getTokenRequirements().getOnBehalfOf() != null) {
            ReceivedToken validateTarget = providerParameters.getTokenRequirements().getOnBehalfOf();
            TokenValidatorResponse tokenResponse = validateReceivedToken(
                    context, realm, tokenRequirements, validateTarget);
            
            if (tokenResponse == null) {
                LOG.fine("No Token Validator has been found that can handle this token");


            } else if (validateTarget.getValidationState().equals(STATE.VALID)) {
                // Map the principal (if it exists)
                Principal responsePrincipal = tokenResponse.getPrincipal();
                if (responsePrincipal != null) {
                    String targetRealm = providerParameters.getRealm();
                    String sourceRealm = tokenResponse.getTokenRealm();
                    IdentityMapper identityMapper = stsProperties.getIdentityMapper();
                    if (sourceRealm != null && !sourceRealm.equals(targetRealm) && identityMapper != null) {
                        Principal targetPrincipal = 
                            identityMapper.mapPrincipal(sourceRealm, responsePrincipal, targetRealm);
                        validateTarget.setPrincipal(targetPrincipal);
                    }
                } 
            } else {
                //[TODO] Add plugin for validation out-of-band
                // Example:
                // If the requestor is in the possession of a certificate (mutual ssl handshake)
                // the STS trusts the token sent in OnBehalfOf element
            }
            if (tokenResponse != null) {
                Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
                if (additionalProperties != null) {
                    providerParameters.setAdditionalProperties(additionalProperties);
                }
            }
        }


        // create token
        TokenProviderResponse tokenResponse = null;
        for (TokenProvider tokenProvider : tokenProviders) {
            boolean canHandle = false;
            if (realm == null) {
                canHandle = tokenProvider.canHandleToken(tokenType);
            } else {
                canHandle = tokenProvider.canHandleToken(tokenType, realm);
            }
            if (canHandle) {
                try {
                    tokenResponse = tokenProvider.createToken(providerParameters);
                } catch (STSException ex) {
                    LOG.log(Level.WARNING, "", ex);
                    throw ex;
                } catch (RuntimeException ex) {
                    LOG.log(Level.WARNING, "", ex);
                    throw new STSException("Error in providing a token", ex, STSException.REQUEST_FAILED);
                }
                break;
            }
        }
        if (tokenResponse == null || tokenResponse.getToken() == null) {
            LOG.log(Level.WARNING, "No token provider found for requested token type: " + tokenType);
            throw new STSException(
                    "No token provider found for requested token type: " + tokenType, 
                    STSException.REQUEST_FAILED
            );
        }
        // prepare response
        try {
            KeyRequirements keyRequirements = requestParser.getKeyRequirements();
            EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
            RequestSecurityTokenResponseType response = 
                createResponse(
                        encryptionProperties, tokenResponse, tokenRequirements, keyRequirements, context
                );
            return response;

View Full Code Here

Examples of org.apache.cxf.sts.token.provider.TokenProviderParameters

     * Create a TokenProviderParameters object given a RequestParser and WebServiceContext object
     */
    protected TokenProviderParameters createTokenProviderParameters(
        RequestParser requestParser, WebServiceContext context
    ) {
        TokenProviderParameters providerParameters = new TokenProviderParameters();
        providerParameters.setStsProperties(stsProperties);
        providerParameters.setPrincipal(context.getUserPrincipal());
        providerParameters.setWebServiceContext(context);
        providerParameters.setTokenStore(getTokenStore());
        
        KeyRequirements keyRequirements = requestParser.getKeyRequirements();
        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
        providerParameters.setKeyRequirements(keyRequirements);
        providerParameters.setTokenRequirements(tokenRequirements);
        
        // Extract AppliesTo
        String address = extractAddressFromAppliesTo(tokenRequirements.getAppliesTo());
        LOG.fine("The AppliesTo address that has been received is: " + address);
        providerParameters.setAppliesToAddress(address);
        
        // Get the realm of the request
        if (stsProperties.getRealmParser() != null) {
            RealmParser realmParser = stsProperties.getRealmParser();
            String realm = realmParser.parseRealm(context);
            providerParameters.setRealm(realm);
        }
        
        // Set the requested Claims
        RequestClaimCollection claims = tokenRequirements.getClaims();
        providerParameters.setRequestedClaims(claims);
        
        EncryptionProperties encryptionProperties = stsProperties.getEncryptionProperties();
        if (address != null) {
            boolean foundService = false;
            // Get the stored Service object corresponding to the Service endpoint
            if (services != null) {
                for (ServiceMBean service : services) {
                    if (service.isAddressInEndpoints(address)) {
                        EncryptionProperties svcEncryptionProperties = 
                            service.getEncryptionProperties();
                        if (svcEncryptionProperties != null) {
                            encryptionProperties = svcEncryptionProperties;
                        }
                        if (tokenRequirements.getTokenType() == null) {
                            String tokenType = service.getTokenType();
                            tokenRequirements.setTokenType(tokenType);
                            LOG.fine("Using default token type of: " + tokenType);
                        }
                        if (keyRequirements.getKeyType() == null) {
                            String keyType = service.getKeyType();
                            keyRequirements.setKeyType(keyType);
                            LOG.fine("Using default key type of: " + keyType);
                        }
                        foundService = true;
                        break;
                    }
                }
            }
            if (!foundService) {
                LOG.log(Level.WARNING, "The Service cannot match the received AppliesTo address");
                throw new STSException(
                    "No service corresponding to " + address + " is known", STSException.REQUEST_FAILED
                );
            }
        }
        
        providerParameters.setEncryptionProperties(encryptionProperties);
        
        return providerParameters;
    }

View Full Code Here

Examples of org.apache.cxf.sts.token.provider.TokenProviderParameters

    
    private Element createSAMLAssertion(
        String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler
    ) throws WSSecurityException {
        TokenProvider samlTokenProvider = new SAMLTokenProvider();
        TokenProviderParameters providerParameters = 
            createProviderParameters(
                tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler
            );
        TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
        assertTrue(providerResponse != null);

View Full Code Here

0 1 2 3 4 5

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.