Java Code Examples for org.apache.cxf.jaxws.context.WrappedMessageContext#put()
The following examples show how to use
org.apache.cxf.jaxws.context.WrappedMessageContext#put() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: RequestParserUnitTest.java From cxf with Apache License 2.0 | 5 votes |
|
/**
* Test for fetching (and cancelling) a referenced SecurityContextToken.
*/
@org.junit.Test
public void testCancelSCT() throws Exception {
Element secHeaderElement = (Element) parseStringToElement(SECURITY_HEADER).getFirstChild();
RequestSecurityTokenType request = createJaxbObject(CANCEL_SCT_REFERENCE);
RequestParser parser = new RequestParser();
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgContext = new WrappedMessageContext(msg);
// Process the security header and store the results in the message context
WSSecurityEngine securityEngine = new WSSecurityEngine();
RequestData reqData = new RequestData();
reqData.setCallbackHandler(new PasswordCallbackHandler());
WSHandlerResult results =
securityEngine.processSecurityHeader(secHeaderElement, reqData);
List<WSHandlerResult> resultsList = new ArrayList<>();
resultsList.add(results);
msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList);
RequestRequirements requestRequirements = parser.parseRequest(request, msgContext, null, null);
SCTCanceller sctCanceller = new SCTCanceller();
assertTrue(sctCanceller.canHandleToken(requestRequirements.getTokenRequirements().getCancelTarget()));
}
Example 2
| Source File: RequestParserUnitTest.java From cxf with Apache License 2.0 | 5 votes |
|
/**
* Test for fetching (and validating) a referenced SecurityContextToken.
*/
@org.junit.Test
public void testValidateSCT() throws Exception {
Element secHeaderElement = (Element) parseStringToElement(SECURITY_HEADER).getFirstChild();
RequestSecurityTokenType request = createJaxbObject(VALIDATE_SCT_REFERENCE);
RequestParser parser = new RequestParser();
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgContext = new WrappedMessageContext(msg);
// Process the security header and store the results in the message context
WSSecurityEngine securityEngine = new WSSecurityEngine();
RequestData reqData = new RequestData();
reqData.setCallbackHandler(new PasswordCallbackHandler());
WSHandlerResult results =
securityEngine.processSecurityHeader(secHeaderElement, reqData);
List<WSHandlerResult> resultsList = new ArrayList<>();
resultsList.add(results);
msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList);
RequestRequirements requestRequirements = parser.parseRequest(request, msgContext, null, null);
SCTValidator sctValidator = new SCTValidator();
assertTrue(sctValidator.canHandleToken(requestRequirements.getTokenRequirements().getValidateTarget()));
}
Example 3
| Source File: RequestParserUnitTest.java From cxf with Apache License 2.0 | 5 votes |
|
/**
* Test for fetching (and validating) a referenced BinarySecurityToken from a UseKey Element.
*/
@org.junit.Test
public void testUseKeyX509() throws Exception {
Element secHeaderElement = (Element) parseStringToElement(SECURITY_HEADER_X509).getFirstChild();
RequestSecurityTokenType request = createJaxbObject(USE_KEY_X509_REFERENCE);
RequestParser parser = new RequestParser();
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgContext = new WrappedMessageContext(msg);
// Process the security header and store the results in the message context
WSSecurityEngine securityEngine = new WSSecurityEngine();
RequestData reqData = new RequestData();
reqData.setSigVerCrypto(getCrypto());
reqData.setCallbackHandler(new PasswordCallbackHandler());
WSHandlerResult results =
securityEngine.processSecurityHeader(secHeaderElement, reqData);
List<WSHandlerResult> resultsList = new ArrayList<>();
resultsList.add(results);
msgContext.put(WSHandlerConstants.RECV_RESULTS, resultsList);
RequestRequirements requestRequirements = parser.parseRequest(request, msgContext, null, null);
assertNotNull(requestRequirements.getKeyRequirements().getReceivedCredential().getX509Cert());
}
Example 4
| Source File: IssueSamlClaimsUnitTest.java From cxf with Apache License 2.0 | 5 votes |
|
/**
* @return
*/
private Map<String, Object> setupMessageContext() {
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
msgCtx.put(
SecurityContext.class.getName(),
createSecurityContext(new CustomTokenPrincipal("alice"))
);
return msgCtx;
}
Example 5
| Source File: IssueJWTClaimsUnitTest.java From cxf with Apache License 2.0 | 5 votes |
|
/**
* @return
*/
private Map<String, Object> setupMessageContext() {
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
msgCtx.put(
SecurityContext.class.getName(),
createSecurityContext(new CustomTokenPrincipal("alice"))
);
return msgCtx;
}
Example 6
| Source File: ValidateX509TokenUnitTest.java From cxf with Apache License 2.0 | 4 votes |
|
/**
* Test to successfully validate an X.509 token
*/
@org.junit.Test
public void testValidateX509Token() throws Exception {
TokenValidateOperation validateOperation = new TokenValidateOperation();
// Add Token Validator
List<TokenValidator> validatorList = new ArrayList<>();
validatorList.add(new X509TokenValidator());
validateOperation.setTokenValidators(validatorList);
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
validateOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(
QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS
);
request.getAny().add(tokenType);
// Create a BinarySecurityToken
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("myclientkey");
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
assertTrue(certs != null && certs.length > 0);
JAXBElement<BinarySecurityTokenType> binarySecurityTokenType =
createBinarySecurityToken(certs[0]);
ValidateTargetType validateTarget = new ValidateTargetType();
validateTarget.setAny(binarySecurityTokenType);
JAXBElement<ValidateTargetType> validateTargetType =
new JAXBElement<ValidateTargetType>(
QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget
);
request.getAny().add(validateTargetType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(
SecurityContext.class.getName(),
createSecurityContext(principal)
);
// Validate a token
RequestSecurityTokenResponseType response =
validateOperation.validate(request, principal, msgCtx);
assertTrue(validateResponse(response));
}
Example 7
| Source File: ValidateX509TokenUnitTest.java From cxf with Apache License 2.0 | 4 votes |
|
/**
* Test to validate an invalid X.509 token
*/
@org.junit.Test
public void testValidateInvalidX509Token() throws Exception {
TokenValidateOperation validateOperation = new TokenValidateOperation();
// Add Token Validator
List<TokenValidator> validatorList = new ArrayList<>();
validatorList.add(new X509TokenValidator());
validateOperation.setTokenValidators(validatorList);
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
validateOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(
QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS
);
request.getAny().add(tokenType);
// Create a BinarySecurityToken
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("eve");
Crypto eveCrypto = CryptoFactory.getInstance(getEveCryptoProperties());
X509Certificate[] certs = eveCrypto.getX509Certificates(cryptoType);
assertTrue(certs != null && certs.length > 0);
JAXBElement<BinarySecurityTokenType> binarySecurityTokenType =
createBinarySecurityToken(certs[0]);
ValidateTargetType validateTarget = new ValidateTargetType();
validateTarget.setAny(binarySecurityTokenType);
JAXBElement<ValidateTargetType> validateTargetType =
new JAXBElement<ValidateTargetType>(
QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget
);
request.getAny().add(validateTargetType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(
SecurityContext.class.getName(),
createSecurityContext(principal)
);
// Validate a token
RequestSecurityTokenResponseType response =
validateOperation.validate(request, principal, msgCtx);
assertFalse(validateResponse(response));
}
Example 8
| Source File: CancelSCTUnitTest.java From cxf with Apache License 2.0 | 4 votes |
|
/**
* Test to successfully cancel a SecurityContextToken
*/
@org.junit.Test
public void testCancelSCT() throws Exception {
TokenCancelOperation cancelOperation = new TokenCancelOperation();
cancelOperation.setTokenStore(tokenStore);
// Add Token Canceller
List<TokenCanceller> cancellerList = new ArrayList<>();
TokenCanceller sctCanceller = new SCTCanceller();
sctCanceller.setVerifyProofOfPossession(false);
cancellerList.add(sctCanceller);
cancelOperation.setTokenCancellers(cancellerList);
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
cancelOperation.setStsProperties(stsProperties);
// Get a SecurityContextToken via the SCTProvider
TokenProviderResponse providerResponse = createSCT();
Element sct = (Element)providerResponse.getToken();
CancelTargetType cancelTarget = new CancelTargetType();
cancelTarget.setAny(sct);
// Mock up a request
JAXBElement<CancelTargetType> cancelTargetType =
new JAXBElement<CancelTargetType>(
QNameConstants.CANCEL_TARGET, CancelTargetType.class, cancelTarget
);
RequestSecurityTokenType request = new RequestSecurityTokenType();
request.getAny().add(cancelTargetType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(
SecurityContext.class.getName(),
createSecurityContext(principal)
);
// Cancel a token
RequestSecurityTokenResponseType response =
cancelOperation.cancel(request, principal, msgCtx);
assertTrue(validateResponse(response));
// Now try to cancel again
try {
cancelOperation.cancel(request, principal, msgCtx);
} catch (STSException ex) {
// expected
}
}
Example 9
| Source File: IssueSCTUnitTest.java From cxf with Apache License 2.0 | 4 votes |
|
/**
* Test to successfully issue a SecurityContextToken with no references
*/
@org.junit.Test
public void testIssueSCTNoReferences() throws Exception {
TokenIssueOperation issueOperation = new TokenIssueOperation();
issueOperation.setTokenStore(tokenStore);
issueOperation.setReturnReferences(false);
// Add Token Provider
List<TokenProvider> providerList = new ArrayList<>();
providerList.add(new SCTProvider());
issueOperation.setTokenProviders(providerList);
// Add Service
ServiceMBean service = new StaticService();
service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
issueOperation.setServices(Collections.singletonList(service));
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
issueOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(
QNameConstants.TOKEN_TYPE, String.class, STSUtils.TOKEN_TYPE_SCT_05_12
);
request.getAny().add(tokenType);
request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(
SecurityContext.class.getName(),
createSecurityContext(principal)
);
// Issue a token
RequestSecurityTokenResponseCollectionType response =
issueOperation.issue(request, principal, msgCtx);
List<RequestSecurityTokenResponseType> securityTokenResponse =
response.getRequestSecurityTokenResponse();
assertFalse(securityTokenResponse.isEmpty());
// Test that no references were returned
boolean foundReference = false;
for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
if (tokenObject instanceof JAXBElement<?>
&& (ATTACHED_REFERENCE.equals(((JAXBElement<?>)tokenObject).getName())
|| UNATTACHED_REFERENCE.equals(((JAXBElement<?>)tokenObject).getName()))) {
foundReference = true;
break;
}
}
assertFalse(foundReference);
}
Example 10
| Source File: ValidateUsernameTokenUnitTest.java From cxf with Apache License 2.0 | 4 votes |
|
/**
* Test to successfully validate a UsernameToken.
*/
@org.junit.Test
public void testValidateUsernameToken() throws Exception {
TokenValidateOperation validateOperation = new TokenValidateOperation();
// Add Token Validator
List<TokenValidator> validatorList = new ArrayList<>();
validatorList.add(new UsernameTokenValidator());
validateOperation.setTokenValidators(validatorList);
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
validateOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(
QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS
);
request.getAny().add(tokenType);
// Create a UsernameToken
JAXBElement<UsernameTokenType> usernameTokenType = createUsernameToken("alice", "clarinet");
ValidateTargetType validateTarget = new ValidateTargetType();
validateTarget.setAny(usernameTokenType);
JAXBElement<ValidateTargetType> validateTargetType =
new JAXBElement<ValidateTargetType>(
QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget
);
request.getAny().add(validateTargetType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(
SecurityContext.class.getName(),
createSecurityContext(principal)
);
// Validate a token
RequestSecurityTokenResponseType response =
validateOperation.validate(request, principal, msgCtx);
assertTrue(validateResponse(response));
}
Example 11
| Source File: ValidateUsernameTokenUnitTest.java From cxf with Apache License 2.0 | 4 votes |
|
/**
* Test to validate an invalid UsernameToken.
*/
@org.junit.Test
public void testValidateInvalidUsernameToken() throws Exception {
TokenValidateOperation validateOperation = new TokenValidateOperation();
// Add Token Validator
List<TokenValidator> validatorList = new ArrayList<>();
validatorList.add(new UsernameTokenValidator());
validateOperation.setTokenValidators(validatorList);
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
validateOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(
QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS
);
request.getAny().add(tokenType);
// Create a UsernameToken
JAXBElement<UsernameTokenType> usernameTokenType = createUsernameToken("alice", "badpassword");
ValidateTargetType validateTarget = new ValidateTargetType();
validateTarget.setAny(usernameTokenType);
JAXBElement<ValidateTargetType> validateTargetType =
new JAXBElement<ValidateTargetType>(
QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget
);
request.getAny().add(validateTargetType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(
SecurityContext.class.getName(),
createSecurityContext(principal)
);
// Validate a token
RequestSecurityTokenResponseType response =
validateOperation.validate(request, principal, msgCtx);
assertFalse(validateResponse(response));
}
Example 12
| Source File: IssueSamlUnitTest.java From cxf with Apache License 2.0 | 4 votes |
|
/**
* Test to successfully issue a Saml 1.1 token with no References
*/
@org.junit.Test
public void testIssueSaml1TokenNoReference() throws Exception {
TokenIssueOperation issueOperation = new TokenIssueOperation();
issueOperation.setReturnReferences(false);
// Add Token Provider
List<TokenProvider> providerList = new ArrayList<>();
providerList.add(new SAMLTokenProvider());
issueOperation.setTokenProviders(providerList);
// Add Service
ServiceMBean service = new StaticService();
service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
issueOperation.setServices(Collections.singletonList(service));
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
issueOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(
QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML_TOKEN_TYPE
);
request.getAny().add(tokenType);
request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(
SecurityContext.class.getName(),
createSecurityContext(principal)
);
// Issue a token
RequestSecurityTokenResponseCollectionType response =
issueOperation.issue(request, principal, msgCtx);
List<RequestSecurityTokenResponseType> securityTokenResponse =
response.getRequestSecurityTokenResponse();
assertFalse(securityTokenResponse.isEmpty());
// Test that no references were returned
boolean foundReference = false;
for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
if (tokenObject instanceof JAXBElement<?>
&& (ATTACHED_REFERENCE.equals(((JAXBElement<?>)tokenObject).getName())
|| UNATTACHED_REFERENCE.equals(((JAXBElement<?>)tokenObject).getName()))) {
foundReference = true;
break;
}
}
assertFalse(foundReference);
}
Example 13
| Source File: ValidateJWTUnitTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testValidateJWT() throws Exception {
TokenValidateOperation validateOperation = new TokenValidateOperation();
// Add Token Validator
List<TokenValidator> validatorList = new ArrayList<>();
validatorList.add(new JWTTokenValidator());
validateOperation.setTokenValidators(validatorList);
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
validateOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(
QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS
);
request.getAny().add(tokenType);
// Get a JWTToken via the JWTTokenProvider
TokenProviderResponse providerResponse = createJWT();
Element wrapper = createTokenWrapper((String)providerResponse.getToken());
ValidateTargetType validateTarget = new ValidateTargetType();
validateTarget.setAny(wrapper);
JAXBElement<ValidateTargetType> validateTargetType =
new JAXBElement<ValidateTargetType>(
QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget
);
request.getAny().add(validateTargetType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(
SecurityContext.class.getName(),
createSecurityContext(principal)
);
// Validate a token
RequestSecurityTokenResponseType response =
validateOperation.validate(request, principal, msgCtx);
assertTrue(validateResponse(response));
}
Example 14
| Source File: ValidateSCTUnitTest.java From cxf with Apache License 2.0 | 4 votes |
|
/**
* Test to successfully validate a SecurityContextToken
*/
@org.junit.Test
public void testValidateSCT() throws Exception {
TokenValidateOperation validateOperation = new TokenValidateOperation();
validateOperation.setTokenStore(tokenStore);
// Add Token Validator
List<TokenValidator> validatorList = new ArrayList<>();
validatorList.add(new SCTValidator());
validateOperation.setTokenValidators(validatorList);
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
validateOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(
QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS
);
request.getAny().add(tokenType);
// Get a SecurityContextToken via the SCTProvider
TokenProviderResponse providerResponse = createSCT();
Element sct = (Element)providerResponse.getToken();
ValidateTargetType validateTarget = new ValidateTargetType();
validateTarget.setAny(sct);
JAXBElement<ValidateTargetType> validateTargetType =
new JAXBElement<ValidateTargetType>(
QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget
);
request.getAny().add(validateTargetType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(
SecurityContext.class.getName(),
createSecurityContext(principal)
);
// Validate a token
RequestSecurityTokenResponseType response =
validateOperation.validate(request, principal, msgCtx);
assertTrue(validateResponse(response));
// Now remove the token from the cache before validating again
tokenStore.remove(tokenStore.getToken(providerResponse.getTokenId()).getId());
assertNull(tokenStore.getToken(providerResponse.getTokenId()));
response = validateOperation.validate(request, principal, msgCtx);
assertFalse(validateResponse(response));
}
Example 15
| Source File: AbstractJAXWSMethodInvoker.java From cxf with Apache License 2.0 | 4 votes |
|
protected void addHandlerProperties(WrappedMessageContext ctx,
Map<String, Object> handlerScopedStuff) {
for (Map.Entry<String, Object> key : handlerScopedStuff.entrySet()) {
ctx.put(key.getKey(), key.getValue(), Scope.HANDLER);
}
}
