Examples with RolePrefixSecurityContextImpl org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl used on opensource projects

Search in sources :

Example 1 with RolePrefixSecurityContextImpl

use of org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl in project cxf by apache.

the class StaxSecurityContextInInterceptor method doResults.

private void doResults(SoapMessage msg, List<SecurityEvent> incomingSecurityEventList) throws WSSecurityException {
    // Now go through the results in a certain order to set up a security context. Highest priority is first.
    List<Event> desiredSecurityEvents = new ArrayList<>();
    desiredSecurityEvents.add(WSSecurityEventConstants.SAML_TOKEN);
    desiredSecurityEvents.add(WSSecurityEventConstants.USERNAME_TOKEN);
    desiredSecurityEvents.add(WSSecurityEventConstants.KERBEROS_TOKEN);
    desiredSecurityEvents.add(WSSecurityEventConstants.X509Token);
    desiredSecurityEvents.add(WSSecurityEventConstants.KeyValueToken);
    for (Event desiredEvent : desiredSecurityEvents) {
        SubjectAndPrincipalSecurityToken token = null;
        try {
            token = getSubjectPrincipalToken(incomingSecurityEventList, desiredEvent, msg);
        } catch (XMLSecurityException ex) {
        // proceed
        }
        if (token != null) {
            Principal p = token.getPrincipal();
            Subject subject = token.getSubject();
            if (subject != null) {
                String roleClassifier = (String) msg.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER);
                if (roleClassifier != null && !"".equals(roleClassifier)) {
                    String roleClassifierType = (String) msg.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER_TYPE);
                    if (roleClassifierType == null || "".equals(roleClassifierType)) {
                        roleClassifierType = "prefix";
                    }
                    msg.put(SecurityContext.class, new RolePrefixSecurityContextImpl(subject, roleClassifier, roleClassifierType));
                } else {
                    msg.put(SecurityContext.class, new DefaultSecurityContext(subject));
                }
                break;
            } else if (p != null) {
                Object receivedAssertion = null;
                if (desiredEvent == WSSecurityEventConstants.SAML_TOKEN) {
                    String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
                    if (roleAttributeName == null || roleAttributeName.length() == 0) {
                        roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
                    }
                    receivedAssertion = ((SAMLTokenPrincipal) token.getPrincipal()).getToken();
                    if (receivedAssertion != null) {
                        ClaimCollection claims = SAMLUtils.getClaims((SamlAssertionWrapper) receivedAssertion);
                        Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
                        SAMLSecurityContext context = new SAMLSecurityContext(p, roles, claims);
                        msg.put(SecurityContext.class, context);
                    }
                } else {
                    msg.put(SecurityContext.class, createSecurityContext(p));
                }
                break;
            }
        }
    }
}
Also used : DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal) Set(java.util.Set) SubjectAndPrincipalSecurityToken(org.apache.wss4j.stax.securityToken.SubjectAndPrincipalSecurityToken) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) ArrayList(java.util.ArrayList) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) Subject(javax.security.auth.Subject) RolePrefixSecurityContextImpl(org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) SamlTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent) KerberosTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.KerberosTokenSecurityEvent) KeyValueTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.KeyValueTokenSecurityEvent) Event(org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event) SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent) X509TokenSecurityEvent(org.apache.wss4j.stax.securityEvent.X509TokenSecurityEvent) UsernameTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal) Principal(java.security.Principal)

Example 2 with RolePrefixSecurityContextImpl

use of org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl in project cxf by apache.

the class DefaultWSS4JSecurityContextCreator method createSecurityContext.

protected SecurityContext createSecurityContext(SoapMessage msg, boolean useJAASSubject, WSSecurityEngineResult wsResult) {
    final Principal p = (Principal) wsResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
    final Subject subject = (Subject) wsResult.get(WSSecurityEngineResult.TAG_SUBJECT);
    if (subject != null && !(p instanceof KerberosPrincipal) && useJAASSubject) {
        String roleClassifier = (String) msg.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER);
        if (roleClassifier != null && !"".equals(roleClassifier)) {
            String roleClassifierType = (String) msg.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER_TYPE);
            if (roleClassifierType == null || "".equals(roleClassifierType)) {
                roleClassifierType = "prefix";
            }
            return new RolePrefixSecurityContextImpl(subject, roleClassifier, roleClassifierType);
        }
        return new DefaultSecurityContext(p, subject);
    } else if (p != null) {
        boolean utWithCallbacks = MessageUtils.getContextualBoolean(msg, SecurityConstants.VALIDATE_TOKEN, true);
        if (!utWithCallbacks) {
            WSS4JTokenConverter.convertToken(msg, p);
        }
        Object receivedAssertion = wsResult.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
        if (receivedAssertion == null) {
            receivedAssertion = wsResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        }
        if (wsResult.get(WSSecurityEngineResult.TAG_DELEGATION_CREDENTIAL) != null) {
            msg.put(SecurityConstants.DELEGATED_CREDENTIAL, wsResult.get(WSSecurityEngineResult.TAG_DELEGATION_CREDENTIAL));
        }
        if (receivedAssertion instanceof SamlAssertionWrapper) {
            String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
            if (roleAttributeName == null || roleAttributeName.length() == 0) {
                roleAttributeName = WSS4JInInterceptor.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
            }
            ClaimCollection claims = SAMLUtils.getClaims((SamlAssertionWrapper) receivedAssertion);
            Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
            SAMLSecurityContext context = new SAMLSecurityContext(p, roles, claims);
            context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));
            context.setAssertionElement(SAMLUtils.getAssertionElement(receivedAssertion));
            return context;
        }
        return createSecurityContext(p);
    }
    return null;
}
Also used : DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) RolePrefixSecurityContextImpl(org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl) Set(java.util.Set) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Principal(java.security.Principal) Subject(javax.security.auth.Subject)

Aggregations

Principal (java.security.Principal)2 Set (java.util.Set)2 Subject (javax.security.auth.Subject)2 DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)2 RolePrefixSecurityContextImpl (org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl)2 ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)2 SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)2 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)2 ArrayList (java.util.ArrayList)1 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)1 SecurityContext (org.apache.cxf.security.SecurityContext)1 SAMLTokenPrincipal (org.apache.wss4j.common.principal.SAMLTokenPrincipal)1 KerberosTokenSecurityEvent (org.apache.wss4j.stax.securityEvent.KerberosTokenSecurityEvent)1 KeyValueTokenSecurityEvent (org.apache.wss4j.stax.securityEvent.KeyValueTokenSecurityEvent)1 SamlTokenSecurityEvent (org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent)1 UsernameTokenSecurityEvent (org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent)1 X509TokenSecurityEvent (org.apache.wss4j.stax.securityEvent.X509TokenSecurityEvent)1 SubjectAndPrincipalSecurityToken (org.apache.wss4j.stax.securityToken.SubjectAndPrincipalSecurityToken)1 XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)1 SecurityEvent (org.apache.xml.security.stax.securityEvent.SecurityEvent)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial