Examples with Subject org.apache.cxf.rs.security.saml.assertion.Subject used on opensource projects

Search in sources :

Example 1 with Subject

use of org.apache.cxf.rs.security.saml.assertion.Subject in project cxf by apache.

the class SecurityContextProviderImpl method getSecurityContext.

public SecurityContext getSecurityContext(Message message, SamlAssertionWrapper wrapper) {
    // First check to see if we are allowed to set up a security context
    // The SAML Assertion must be signed, or we must explicitly allow unsigned
    String allowUnsigned = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, message);
    boolean allowUnsignedSamlPrincipals = Boolean.parseBoolean(allowUnsigned);
    if (!(wrapper.isSigned() || allowUnsignedSamlPrincipals)) {
        return null;
    }
    ClaimCollection claims = getClaims(wrapper);
    Subject subject = getSubject(message, wrapper, claims);
    SecurityContext securityContext = doGetSecurityContext(message, subject, claims);
    if (securityContext instanceof SAMLSecurityContext) {
        Element assertionElement = wrapper.getElement();
        ((SAMLSecurityContext) securityContext).setAssertionElement(assertionElement);
    }
    return securityContext;
}
Also used : SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) Element(org.w3c.dom.Element) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) Subject(org.apache.cxf.rs.security.saml.assertion.Subject)

Example 2 with Subject

use of org.apache.cxf.rs.security.saml.assertion.Subject in project cxf by apache.

the class Saml2BearerAuthHandler method validateToken.

protected void validateToken(Message message, Element element, String clientId) {
    SamlAssertionWrapper wrapper = toWrapper(element);
    // The common SAML assertion validation:
    // signature, subject confirmation, etc
    super.validateToken(message, wrapper);
    // This is specific to OAuth2 path
    // Introduce SAMLOAuth2Validator to be reused between auth and grant handlers
    Subject subject = SAMLUtils.getSubject(message, wrapper);
    if (subject.getName() == null) {
        throw ExceptionUtils.toNotAuthorizedException(null, null);
    }
    if (clientId != null && !clientId.equals(subject.getName())) {
        // TODO:  Attempt to map client_id to subject.getName()
        throw ExceptionUtils.toNotAuthorizedException(null, null);
    }
    samlOAuthValidator.validate(message, wrapper);
    message.put(OAuthConstants.CLIENT_ID, subject.getName());
}
Also used : SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Subject(org.apache.cxf.rs.security.saml.assertion.Subject)

Example 3 with Subject

use of org.apache.cxf.rs.security.saml.assertion.Subject in project cxf by apache.

the class AbstractServiceProviderFilter method setSecurityContext.

protected void setSecurityContext(Message m, SamlAssertionWrapper assertionWrapper) {
    Subject subject = SAMLUtils.getSubject(m, assertionWrapper);
    final String name = subject.getName();
    if (name != null) {
        String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, m);
        if (roleAttributeName == null || roleAttributeName.length() == 0) {
            roleAttributeName = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
        }
        ClaimCollection claims = org.apache.cxf.rt.security.saml.utils.SAMLUtils.getClaims(assertionWrapper);
        Set<Principal> roles = org.apache.cxf.rt.security.saml.utils.SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
        SAMLSecurityContext context = new SAMLSecurityContext(new SimplePrincipal(name), roles, claims);
        context.setIssuer(org.apache.cxf.rt.security.saml.utils.SAMLUtils.getIssuer(assertionWrapper));
        context.setAssertionElement(org.apache.cxf.rt.security.saml.utils.SAMLUtils.getAssertionElement(assertionWrapper));
        m.put(SecurityContext.class, context);
    }
}
Also used : SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) Subject(org.apache.cxf.rs.security.saml.assertion.Subject) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal) Principal(java.security.Principal) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)

Example 4 with Subject

use of org.apache.cxf.rs.security.saml.assertion.Subject in project cxf by apache.

the class SAMLUtils method getSubject.

public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) {
    if (assertionW.getSaml2() != null) {
        org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject();
        Subject subject = new Subject();
        NameID nameId = s.getNameID();
        subject.setNameQualifier(nameId.getNameQualifier());
        // if format is transient then we may need to use STSClient
        // to request an alternate name from IDP
        subject.setNameFormat(nameId.getFormat());
        subject.setName(nameId.getValue());
        subject.setSpId(nameId.getSPProvidedID());
        subject.setSpQualifier(nameId.getSPNameQualifier());
        return subject;
    } else if (assertionW.getSaml1() != null) {
        org.opensaml.saml.saml1.core.Subject s = getSaml1Subject(assertionW);
        if (s != null) {
            Subject subject = new Subject();
            NameIdentifier nameId = s.getNameIdentifier();
            subject.setNameQualifier(nameId.getNameQualifier());
            // if format is transient then we may need to use STSClient
            // to request an alternate name from IDP
            subject.setNameFormat(nameId.getFormat());
            subject.setName(nameId.getValue());
            return subject;
        }
    }
    return null;
}
Also used : NameID(org.opensaml.saml.saml2.core.NameID) NameIdentifier(org.opensaml.saml.saml1.core.NameIdentifier) Subject(org.apache.cxf.rs.security.saml.assertion.Subject)

Aggregations

Subject (org.apache.cxf.rs.security.saml.assertion.Subject)4 ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)2 SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)2 Principal (java.security.Principal)1 SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)1 SecurityContext (org.apache.cxf.security.SecurityContext)1 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)1 NameIdentifier (org.opensaml.saml.saml1.core.NameIdentifier)1 NameID (org.opensaml.saml.saml2.core.NameID)1 Element (org.w3c.dom.Element)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial