public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
Credential validatedCredential = super.validate(credential, data);
SamlAssertionWrapper transformedToken = validatedCredential.getTransformedToken();
if (transformedToken == null
|| transformedToken.getSaml2() == null
|| !"DoubleItSTSIssuer".equals(transformedToken.getIssuerString())) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE);
}
return validatedCredential;
}
public int doubleIt(int numberToDouble) {
//
// Get the transformed SAML Assertion from the STS and check it
//
MessageContext context = wsc.getMessageContext();
final List<WSHandlerResult> handlerResults =
CastUtils.cast((List<?>) context.get(WSHandlerConstants.RECV_RESULTS));
WSSecurityEngineResult actionResult =
WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.UT);
SamlAssertionWrapper assertion =
(SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
Assert.assertTrue(assertion != null && "DoubleItSTSIssuer".equals(assertion.getIssuerString()));
return numberToDouble * 2;
}
// CHECKSTYLE:OFF
@org.junit.Test
public void testSAMLinWSSecToOtherRealm() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = IssueUnitTest.class.getResource("cxf-client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
CallbackHandler callbackHandler = new CommonCallbackHandler();
// Create SAML token
Element samlToken =
createSAMLAssertion(
WSConstants.WSS_SAML2_TOKEN_TYPE,
crypto,
"mystskey",
callbackHandler,
null,
"alice",
"a-issuer");
String id = null;
QName elName = DOMUtils.getElementQName(samlToken);
if (elName.equals(new QName(WSConstants.SAML_NS, "Assertion"))
&& samlToken.hasAttributeNS(null, "AssertionID")) {
id = samlToken.getAttributeNS(null, "AssertionID");
} else if (elName.equals(new QName(WSConstants.SAML2_NS, "Assertion"))
&& samlToken.hasAttributeNS(null, "ID")) {
id = samlToken.getAttributeNS(null, "ID");
}
if (id == null) {
id = samlToken.getAttributeNS(WSConstants.WSU_NS, "Id");
}
SecurityToken wstoken = new SecurityToken(id, samlToken, null, null);
Map<String, Object> properties = new HashMap<String, Object>();
properties.put(SecurityConstants.TOKEN, wstoken);
properties.put(SecurityConstants.TOKEN_ID, wstoken.getId());
// Get a token
SecurityToken token =
requestSecurityToken(
SAML2_TOKEN_TYPE,
BEARER_KEYTYPE,
null,
bus,
DEFAULT_ADDRESS,
null,
properties,
"b-issuer",
"Transport_SAML_Port");
/*
SecurityToken token =
requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, null,
bus, DEFAULT_ADDRESS, null, properties, "b-issuer", null);
*/
assertTrue(SAML2_TOKEN_TYPE.equals(token.getTokenType()));
assertTrue(token.getToken() != null);
List<WSSecurityEngineResult> results = processToken(token);
assertTrue(results != null && results.size() == 1);
SamlAssertionWrapper assertion =
(SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertTrue(assertion != null);
assertTrue(assertion.isSigned());
List<String> methods = assertion.getConfirmationMethods();
String confirmMethod = null;
if (methods != null && methods.size() > 0) {
confirmMethod = methods.get(0);
}
assertTrue(confirmMethod.contains("bearer"));
assertTrue("b-issuer".equals(assertion.getIssuerString()));
String subjectName = assertion.getSaml2().getSubject().getNameID().getValue();
assertTrue("Subject must be ALICE instead of " + subjectName, "ALICE".equals(subjectName));
}