Examples of org.apache.wss4j.policy.model.IssuedToken

org.apache.wss4j.policy.model.IssuedToken

                               AbstractToken abstractToken) throws WSSPolicyException {
        if (!(tokenSecurityEvent instanceof IssuedTokenSecurityEvent)) {
            throw new WSSPolicyException("Expected a IssuedTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
        }


        IssuedToken issuedToken = (IssuedToken) abstractToken;
        IssuedTokenSecurityEvent<? extends SecurityToken> issuedTokenSecurityEvent 
            = (IssuedTokenSecurityEvent<? extends SecurityToken>) tokenSecurityEvent;
        try {
            if (issuedToken.getIssuerName() != null &&
                    !issuedToken.getIssuerName().equals(issuedTokenSecurityEvent.getIssuerName())) {
                setErrorMessage("IssuerName in Policy (" + issuedToken.getIssuerName() +
                        ") didn't match with the one in the IssuedToken (" + issuedTokenSecurityEvent.getIssuerName() + ")");
                return false;
            }
            if (issuedToken.getRequestSecurityTokenTemplate() != null) {
                if (issuedTokenSecurityEvent instanceof SamlTokenSecurityEvent) {
                    SamlTokenSecurityEvent samlTokenSecurityEvent = (SamlTokenSecurityEvent) issuedTokenSecurityEvent;
                    String errorMsg = checkIssuedTokenTemplate(issuedToken.getRequestSecurityTokenTemplate(), samlTokenSecurityEvent);
                    if (errorMsg != null) {
                        setErrorMessage(errorMsg);
                        return false;
                    }
                } else if (issuedTokenSecurityEvent instanceof KerberosTokenSecurityEvent) {
                    KerberosTokenSecurityEvent kerberosTokenSecurityEvent = (KerberosTokenSecurityEvent) issuedTokenSecurityEvent;
                    String errorMsg = checkIssuedTokenTemplate(issuedToken.getRequestSecurityTokenTemplate(), kerberosTokenSecurityEvent);
                    if (errorMsg != null) {
                        setErrorMessage(errorMsg);
                        return false;
                    }
                }
            }
            
            Element claims = issuedToken.getClaims();
            if (claims != null && issuedTokenSecurityEvent instanceof SamlTokenSecurityEvent) {
                String errorMsg = 
                    validateClaims((Element) claims, (SamlTokenSecurityEvent)issuedTokenSecurityEvent);
                if (errorMsg != null) {
                    setErrorMessage(errorMsg);

View Full Code Here

                    NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.ISSUED_TOKEN);
                if (ais.isEmpty()) {
                    return;
                }
                if (isRequestor(message)) {
                    IssuedToken itok = (IssuedToken)ais.iterator().next().getAssertion();
                    assertIssuedToken(itok, aim);
                    
                    SecurityToken tok = retrieveCachedToken(message);
                    if (tok == null) {
                        tok = issueToken(message, aim, itok);
                    } else {
                        tok = renewToken(message, aim, itok, tok);
                    }
                    if (tok != null) {
                        for (AssertionInfo ai : ais) {
                            ai.setAsserted(true);
                        }
                        boolean cacheIssuedToken = 
                            MessageUtils.getContextualBoolean(
                                message, SecurityConstants.CACHE_ISSUED_TOKEN_IN_ENDPOINT, true
                            ) && !isOneTimeUse(tok);
                        if (cacheIssuedToken) {
                            message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN, tok);
                            message.getExchange().put(SecurityConstants.TOKEN, tok);
                            message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
                            message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, 
                                                                          tok.getId());
                        } else {
                            message.put(SecurityConstants.TOKEN, tok);
                            message.put(SecurityConstants.TOKEN_ID, tok.getId());
                        }
                        WSS4JUtils.getTokenStore(message).add(tok);
                    }
                } else {
                    //server side should be checked on the way in
                    for (AssertionInfo ai : ais) {
                        ai.setAsserted(true);
                    }
                    IssuedToken itok = (IssuedToken)ais.iterator().next().getAssertion();
                    assertIssuedToken(itok, aim);
                }
            }
        }

View Full Code Here

                }
                
                for (AssertionInfo ai : ais) {
                    ai.setAsserted(true);
                }
                IssuedToken itok = (IssuedToken)ais.iterator().next().getAssertion();
                assertIssuedToken(itok, aim);
                
                if (!isRequestor(message)) {
                    message.getExchange().remove(SecurityConstants.TOKEN);
                    List<WSHandlerResult> results =

View Full Code Here

                               AbstractToken abstractToken) throws WSSPolicyException {
        if (!(tokenSecurityEvent instanceof IssuedTokenSecurityEvent)) {
            throw new WSSPolicyException("Expected a IssuedTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
        }


        IssuedToken issuedToken = (IssuedToken) abstractToken;
        IssuedTokenSecurityEvent<? extends SecurityToken> issuedTokenSecurityEvent 
            = (IssuedTokenSecurityEvent<? extends SecurityToken>) tokenSecurityEvent;
        try {
            if (issuedToken.getIssuerName() != null &&
                    !issuedToken.getIssuerName().equals(issuedTokenSecurityEvent.getIssuerName())) {
                setErrorMessage("IssuerName in Policy (" + issuedToken.getIssuerName() +
                        ") didn't match with the one in the IssuedToken (" + issuedTokenSecurityEvent.getIssuerName() + ")");
                return false;
            }
            if (issuedToken.getRequestSecurityTokenTemplate() != null) {
                if (issuedTokenSecurityEvent instanceof SamlTokenSecurityEvent) {
                    SamlTokenSecurityEvent samlTokenSecurityEvent = (SamlTokenSecurityEvent) issuedTokenSecurityEvent;
                    String errorMsg = checkIssuedTokenTemplate(issuedToken.getRequestSecurityTokenTemplate(), samlTokenSecurityEvent);
                    if (errorMsg != null) {
                        setErrorMessage(errorMsg);
                        return false;
                    }
                } else if (issuedTokenSecurityEvent instanceof KerberosTokenSecurityEvent) {
                    KerberosTokenSecurityEvent kerberosTokenSecurityEvent = (KerberosTokenSecurityEvent) issuedTokenSecurityEvent;
                    String errorMsg = checkIssuedTokenTemplate(issuedToken.getRequestSecurityTokenTemplate(), kerberosTokenSecurityEvent);
                    if (errorMsg != null) {
                        setErrorMessage(errorMsg);
                        return false;
                    }
                }
            }
            
            Element claims = issuedToken.getClaims();
            if (claims != null && issuedTokenSecurityEvent instanceof SamlTokenSecurityEvent) {
                String errorMsg = 
                    validateClaims((Element) claims, (SamlTokenSecurityEvent)issuedTokenSecurityEvent);
                if (errorMsg != null) {
                    setErrorMessage(errorMsg);

View Full Code Here

        final Policy nestedPolicy = factory.getPolicyEngine().getPolicy(nestedPolicyElement);
        final Element requestSecurityTokenTemplate = SPUtils.getFirstChildElement(element, spVersion.getSPConstants().getRequestSecurityTokenTemplate());
        if (requestSecurityTokenTemplate == null) {
            throw new IllegalArgumentException("sp:IssuedToken must have a sp:RequestSecurityTokenTemplate element");
        }
        IssuedToken issuedToken = new IssuedToken(
                spVersion,
                spVersion.getSPConstants().getInclusionFromAttributeValue(includeTokenValue),
                issuer,
                issuerName,
                requestSecurityTokenTemplate,
                claims,
                nestedPolicy
        );
        issuedToken.setOptional(SPUtils.isOptional(element));
        issuedToken.setIgnorable(SPUtils.isIgnorable(element));
        return issuedToken;
    }

View Full Code Here

        int count = 0;
        while (alternativeIterator.hasNext()) {
            List<Assertion> alternative = alternativeIterator.next();
            assertEquals(1, alternative.size());
            assertTrue(alternative.get(0) instanceof IssuedToken);
            IssuedToken issuedToken = (IssuedToken) alternative.get(0);
            assertFalse(issuedToken.isNormalized());
            assertTrue(issuedToken.isIgnorable());
            assertTrue(issuedToken.isOptional());
            assertEquals(Constants.TYPE_ASSERTION, issuedToken.getType());
            assertEquals(SP12Constants.ISSUED_TOKEN, issuedToken.getName());
            assertNotNull(issuedToken.getRequestSecurityTokenTemplate());
            assertTrue(issuedToken.isRequireExternalReference());
            assertTrue(issuedToken.isRequireInternalReference());
            count++;
        }
        assertEquals(1, count);


        policy = policy.normalize(true);
        serializedPolicy = serializePolicy(policy);
        assertXMLisEqual(serializedPolicy, normalizedPolicyReferenceFile);


        alternativeIterator = policy.getAlternatives();
        List<Assertion> alternative = alternativeIterator.next();
        assertEquals(0, alternative.size());


        List<PolicyComponent> policyComponents = policy.getPolicyComponents();
        assertEquals(1, policyComponents.size());
        PolicyOperator policyOperator = (PolicyOperator) policyComponents.get(0);
        policyComponents = policyOperator.getPolicyComponents();
        assertEquals(2, policyComponents.size());
        All all = (All) policyComponents.get(0);
        List<PolicyComponent> policyComponentsAll = all.getAssertions();
        assertEquals(0, policyComponentsAll.size());


        all = (All) policyComponents.get(1);
        policyComponentsAll = all.getAssertions();
        assertEquals(1, policyComponentsAll.size());


        Iterator<PolicyComponent> policyComponentIterator = policyComponentsAll.iterator();
        IssuedToken issuedToken = (IssuedToken) policyComponentIterator.next();
        assertTrue(issuedToken.isNormalized());
        assertTrue(issuedToken.isIgnorable());
        assertFalse(issuedToken.isOptional());
        assertEquals(Constants.TYPE_ASSERTION, issuedToken.getType());
        assertEquals(SP12Constants.ISSUED_TOKEN, issuedToken.getName());
        assertNotNull(issuedToken.getRequestSecurityTokenTemplate());
        assertTrue(issuedToken.isRequireExternalReference());
        assertTrue(issuedToken.isRequireInternalReference());
    }

View Full Code Here

                               AbstractToken abstractToken) throws WSSPolicyException {
        if (!(tokenSecurityEvent instanceof IssuedTokenSecurityEvent)) {
            throw new WSSPolicyException("Expected a IssuedTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
        }


        IssuedToken issuedToken = (IssuedToken) abstractToken;
        IssuedTokenSecurityEvent<? extends SecurityToken> issuedTokenSecurityEvent 
            = (IssuedTokenSecurityEvent<? extends SecurityToken>) tokenSecurityEvent;
        try {
            if (issuedToken.getIssuerName() != null &&
                    !issuedToken.getIssuerName().equals(issuedTokenSecurityEvent.getIssuerName())) {
                setErrorMessage("IssuerName in Policy (" + issuedToken.getIssuerName() +
                        ") didn't match with the one in the IssuedToken (" + issuedTokenSecurityEvent.getIssuerName() + ")");
                return false;
            }
            if (issuedToken.getRequestSecurityTokenTemplate() != null) {
                if (issuedTokenSecurityEvent instanceof SamlTokenSecurityEvent) {
                    SamlTokenSecurityEvent samlTokenSecurityEvent = (SamlTokenSecurityEvent) issuedTokenSecurityEvent;
                    String errorMsg = checkIssuedTokenTemplate(issuedToken.getRequestSecurityTokenTemplate(), samlTokenSecurityEvent);
                    if (errorMsg != null) {
                        setErrorMessage(errorMsg);
                        return false;
                    }
                } else if (issuedTokenSecurityEvent instanceof KerberosTokenSecurityEvent) {
                    KerberosTokenSecurityEvent kerberosTokenSecurityEvent = (KerberosTokenSecurityEvent) issuedTokenSecurityEvent;
                    String errorMsg = checkIssuedTokenTemplate(issuedToken.getRequestSecurityTokenTemplate(), kerberosTokenSecurityEvent);
                    if (errorMsg != null) {
                        setErrorMessage(errorMsg);
                        return false;
                    }
                }
            }
            
            Element claims = issuedToken.getClaims();
            if (claims != null && issuedTokenSecurityEvent instanceof SamlTokenSecurityEvent) {
                String errorMsg = 
                    validateClaims((Element) claims, (SamlTokenSecurityEvent)issuedTokenSecurityEvent);
                if (errorMsg != null) {
                    setErrorMessage(errorMsg);

View Full Code Here

                    NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.ISSUED_TOKEN);
                if (ais.isEmpty()) {
                    return;
                }
                if (isRequestor(message)) {
                    IssuedToken itok = (IssuedToken)ais.iterator().next().getAssertion();
                    
                    SecurityToken tok = retrieveCachedToken(message);
                    if (tok == null) {
                        tok = issueToken(message, aim, itok);
                    } else {

View Full Code Here

        if (ais == null || ais.isEmpty()) {
            return true;
        }
        
        for (AssertionInfo ai : ais) {
            IssuedToken issuedToken = (IssuedToken)ai.getAssertion();
            ai.setAsserted(true);


            if (!isTokenRequired(issuedToken, message)) {
                continue;
            }
            
            if (assertionWrapper == null) {
                ai.setNotAsserted(
                    "The received token does not match the token inclusion requirement"
                );
                continue;
            }


            Element template = issuedToken.getRequestSecurityTokenTemplate();
            if (template != null && !checkIssuedTokenTemplate(template, assertionWrapper)) {
                ai.setNotAsserted("Error in validating the IssuedToken policy");
                continue;
            }
            
            Element claims = issuedToken.getClaims();
            if (claims != null) {
                String dialect = claims.getAttributeNS(null, "Dialect");
                if (claimsValidator.getDialect().equals(dialect)
                    && !claimsValidator.validatePolicy(claims, assertionWrapper)) {
                    ai.setNotAsserted("Error in validating the Claims policy");

View Full Code Here

        if (ais == null || ais.isEmpty()) {
            return true;
        }
        
        for (AssertionInfo ai : ais) {
            IssuedToken issuedToken = (IssuedToken)ai.getAssertion();
            ai.setAsserted(true);


            if (!isTokenRequired(issuedToken, message)) {
                continue;
            }
            if (binarySecurityToken == null) {
                ai.setNotAsserted(
                    "The received token does not match the token inclusion requirement"
                );
                return false;
            }


            Element template = issuedToken.getRequestSecurityTokenTemplate();
            if (template != null && !checkIssuedTokenTemplate(template, binarySecurityToken)) {
                ai.setNotAsserted("Error in validating the IssuedToken policy");
                return false;
            }
        }

View Full Code Here

0 1

TOP

Related Classes of org.apache.wss4j.policy.model.IssuedToken

org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenInInterceptor

org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider$IssuedTokenOutInterceptor

org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler

org.apache.cxf.ws.security.wss4j.policyvalidators.IssuedTokenPolicyValidator

org.apache.neethi.Assertion

org.apache.wss4j.policy.builders.IssuedTokenBuilder

org.apache.wss4j.policy.stax.assertionStates.IssuedTokenAssertionState

org.apache.wss4j.policy.tests.IssuedTokenTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.