23 Şubat 2016 Salı

Retrieving Saml Token With CXF STSClient

in these days I have been working on some security topics like OAuth2 and SAML.

Somehow we need a custom security so  I started to look for a way to retrieve SAML token from ADFS server. 

The following code part is retrieving security token but it is not recommended by even myself.

Add dependency of CXF;

          <dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-bundle</artifactId>
<version>3.0.0-milestone2</version>
</dependency>

Test Class ;

public class Runny {

public static void main(String[] args) throws Exception{
CXFBusFactory bf = new CXFBusFactory();  
Bus bus = bf.createBus();
STSClient client = new STSClient(bus);
Map<String, Object> stsprop = client.getProperties(); 
 stsprop.put("ws-security.username","alice"); 
          stsprop.put("ws-security.callback-handler","com.cxf.sample.ClientCallbackHandler"); 
          stsprop.put("ws-security.encryption.properties","clientKeystore.properties"); 
          stsprop.put("ws-security.encryption.username","mystskey"); 
          stsprop.put("ws-security.sts.token.username","myclientkey"); 
          stsprop.put("ws-security.sts.token.properties","clientKeystore.properties"); 
          stsprop.put("ws-security.sts.token.usecert","true"); 
          stsprop.put(SecurityConstants.IS_BSP_COMPLIANT, "false"); 
        
        
        client.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
        client.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}UT_Port");
client.setLocation("https://{your adfs server}/adfs/services/trust/13/usernamemixed");
client.setSoap12();
client.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
client.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
client.setEnableAppliesTo(true);
client.setEnableLifetime(true);
client.setAllowRenewing(false);
client.setClaims(createClaims());
client.getOutInterceptors().add(new MyInterceptor(Phase.SETUP ));
SecurityToken requestSecurityToken = client.requestSecurityToken("http://${servername}:8280/services/securedEcho.securedEchoHttpSoap12Endpoint");
System.out.println("requestSecurityToken:" + requestSecurityToken);
}
private static Element createClaims() {
        Document doc = DOMUtils.createDocument();
        Element claimsElement = 
            doc.createElementNS("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "Claims");
        claimsElement.setAttributeNS(null, "Dialect", "http://wso2.org/claims");
        Element claimType = 
            doc.createElementNS("http://schemas.xmlsoap.org/ws/2005/05/identity", "ClaimType");
        claimType.setAttributeNS(null, "Uri", "http://wso2.org/claims/givenname");
        claimsElement.appendChild(claimType);
        return claimsElement;
    }

// Add SAML Security headers to  request.
static class MyInterceptor extends AbstractSoapInterceptor {

public MyInterceptor(String p) {
super(p);
// TODO Auto-generated constructor stub
}

public void handleMessage(SoapMessage soapMessage) throws Fault {
DocumentBuilder builder = null;
try {
builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
} catch (ParserConfigurationException e) {
e.printStackTrace();
}
Document doc = builder.newDocument();
 
Element action = doc.createElementNS("http://www.w3.org/2005/08/addressing","Action");
action.setAttributeNS("http://www.w3.org/2003/05/soap-envelope","mustUnderstand", "1");
action.setTextContent("http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue");
Header actionHeader = new Header(new QName("http://www.w3.org/2005/08/addressing"),
action);
soapMessage.getHeaders().add(actionHeader);
 
Element messageID = doc.createElementNS("http://www.w3.org/2005/08/addressing","MessageID");
messageID.setTextContent("urn:uuid:16bf093a-264c-45ef-8fa3-117ca6594a8b");
Header messageIDHeader = new Header(new QName("http://www.w3.org/2005/08/addressing"),
messageID);
soapMessage.getHeaders().add(messageIDHeader);
 
Element activityId = doc.createElementNS("http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics","ActivityId");
activityId.setAttribute("CorrelationId", "306f5c7d-9570-422e-afef-57db2accea71");
activityId.setTextContent("b9fdcdac-1284-4210-8baf-01f0e8a835ab");
Header activityIdHeader = new Header(new QName("http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics"),
activityId);
soapMessage.getHeaders().add(activityIdHeader);
 
Element to = doc.createElementNS("http://www.w3.org/2005/08/addressing","To");
to.setAttributeNS("http://www.w3.org/2003/05/soap-envelope","mustUnderstand", "1");
to.setTextContent("https://${fully_qualified_name}/adfs/services/trust/13/usernamemixed");
Header toHeader = new Header(new QName("http://www.w3.org/2005/08/addressing"),
to);
soapMessage.getHeaders().add(toHeader);
 
Element security = doc.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Security");
security.setAttributeNS("http://www.w3.org/2003/05/soap-envelope","mustUnderstand", "1");
Header securityHeader = new Header(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"),
security);
 
 
Element usernameToken = doc.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","UsernameToken");
 
Element username = doc.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Username");
username.setTextContent("bankanet\\iernas");
Element password = doc.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd","Password");
password.setAttribute("Type", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
password.setTextContent("Enfo3501");
 
usernameToken.appendChild(username);
usernameToken.appendChild(password);
 
security.appendChild(usernameToken);
 
soapMessage.getHeaders().add(securityHeader);

//                       remove renewing node, ADFS doesn't like it..
DOMSource dSource = ((DOMSource)soapMessage.getContent(List.class).get(0));
Node renewal = dSource.getNode().getFirstChild().getNextSibling().getNextSibling().getNextSibling().getNextSibling().getNextSibling().getNextSibling();
dSource.getNode().removeChild(renewal);
 
//                       change namespace of ApplyTo 
ElementNSImpl elementNSImpl = ((ElementNSImpl)dSource.getNode().getFirstChild().getNextSibling());
elementNSImpl.setAttribute("xmlns:wsp","http://schemas.xmlsoap.org/ws/2004/09/policy");
Field f1;
try {
f1 = elementNSImpl.getClass().getDeclaredField("namespaceURI");
f1.setAccessible(true);
f1.set(elementNSImpl, "http://schemas.xmlsoap.org/ws/2004/09/policy");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
 
 
 
 
System.out.println("111");
}
}
}

Hiç yorum yok:

Yorum Gönder