Example 1 with ClaimBean
use of org.apache.cxf.rt.security.claims.ClaimBean in project cxf by apache.
the class ClaimsAuthorizingInterceptorTest method testUserInRoleAndClaims.
@Test
public void testUserInRoleAndClaims() throws Exception {
SecureAnnotationsInterceptor in = new SecureAnnotationsInterceptor();
in.setAnnotationClassName(SecureRole.class.getName());
in.setSecuredObject(new TestService2());
Message m = prepareMessage(TestService2.class, "test", createDefaultClaim("admin"), createClaim("a", "b", "c"));
in.handleMessage(m);
ClaimsAuthorizingInterceptor in2 = new ClaimsAuthorizingInterceptor();
SAMLClaim claim = new SAMLClaim();
claim.setNameFormat("a");
claim.setName("b");
claim.addValue("c");
in2.setClaims(Collections.singletonMap("test", Collections.singletonList(new ClaimBean(claim, "a", null, false))));
in2.handleMessage(m);
try {
in.handleMessage(prepareMessage(TestService2.class, "test", createDefaultClaim("user")));
fail("AccessDeniedException expected");
} catch (AccessDeniedException ex) {
// expected
}
}
Also used :
SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim)
AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException)
Message(org.apache.cxf.message.Message)
ClaimBean(org.apache.cxf.rt.security.claims.ClaimBean)
SecureAnnotationsInterceptor(org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor)
Test(org.junit.Test)
Example 2 with ClaimBean
use of org.apache.cxf.rt.security.claims.ClaimBean in project cxf by apache.
the class ClaimsAuthorizingInterceptor method getClaims.
private List<ClaimBean> getClaims(Claims claimsAnn, Claim claimAnn) {
List<ClaimBean> claimsList = new ArrayList<>();
final List<Claim> annClaims;
if (claimsAnn != null) {
annClaims = Arrays.asList(claimsAnn.value());
} else if (claimAnn != null) {
annClaims = Collections.singletonList(claimAnn);
} else {
annClaims = Collections.emptyList();
}
for (Claim ann : annClaims) {
org.apache.cxf.rt.security.claims.Claim claim = new org.apache.cxf.rt.security.claims.Claim();
String claimName = ann.name();
if (nameAliases.containsKey(claimName)) {
claimName = nameAliases.get(claimName);
}
String claimFormat = ann.format();
if (formatAliases.containsKey(claimFormat)) {
claimFormat = formatAliases.get(claimFormat);
}
claim.setClaimType(claimName);
for (String value : ann.value()) {
claim.addValue(value);
}
claimsList.add(new ClaimBean(claim, claimFormat, ann.mode(), ann.matchAll()));
}
return claimsList;
}Example 3 with ClaimBean
use of org.apache.cxf.rt.security.claims.ClaimBean in project cxf by apache.
the class ClaimsAuthorizingInterceptor method findClaims.
protected void findClaims(Class<?> cls) {
if (cls == null || cls == Object.class) {
return;
}
List<ClaimBean> clsClaims = getClaims(cls.getAnnotation(Claims.class), cls.getAnnotation(Claim.class));
for (Method m : cls.getMethods()) {
if (SKIP_METHODS.contains(m.getName())) {
continue;
}
List<ClaimBean> methodClaims = getClaims(m.getAnnotation(Claims.class), m.getAnnotation(Claim.class));
List<ClaimBean> allClaims = new ArrayList<>(methodClaims);
for (ClaimBean bean : clsClaims) {
if (isClaimOverridden(bean, methodClaims)) {
continue;
}
allClaims.add(bean);
}
claims.put(m.getName(), allClaims);
}
if (!claims.isEmpty()) {
return;
}
findClaims(cls.getSuperclass());
if (!claims.isEmpty()) {
return;
}
for (Class<?> interfaceCls : cls.getInterfaces()) {
findClaims(interfaceCls);
}
}
Also used :
Claims(org.apache.cxf.security.claims.authorization.Claims)
ArrayList(java.util.ArrayList)
Method(java.lang.reflect.Method)
ClaimBean(org.apache.cxf.rt.security.claims.ClaimBean)
Claim(org.apache.cxf.security.claims.authorization.Claim)
SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim)
Example 4 with ClaimBean
use of org.apache.cxf.rt.security.claims.ClaimBean in project cxf by apache.
the class ClaimsAuthorizingInterceptor method authorize.
protected boolean authorize(ClaimsSecurityContext sc, Method method) {
List<ClaimBean> list = claims.get(method.getName());
org.apache.cxf.rt.security.claims.ClaimCollection actualClaims = sc.getClaims();
for (ClaimBean claimBean : list) {
org.apache.cxf.rt.security.claims.Claim matchingClaim = null;
for (org.apache.cxf.rt.security.claims.Claim cl : actualClaims) {
if (cl instanceof SAMLClaim) {
// If it's a SAMLClaim the name + nameformat must match what's configured
if (((SAMLClaim) cl).getName().equals(claimBean.getClaim().getClaimType()) && ((SAMLClaim) cl).getNameFormat().equals(claimBean.getClaimFormat())) {
matchingClaim = cl;
break;
}
} else if (cl.getClaimType().equals(claimBean.getClaim().getClaimType())) {
matchingClaim = cl;
break;
}
}
if (matchingClaim == null) {
if (claimBean.getClaimMode() == ClaimMode.STRICT) {
return false;
}
continue;
}
List<Object> claimValues = claimBean.getClaim().getValues();
List<Object> matchingClaimValues = matchingClaim.getValues();
if (claimBean.isMatchAll() && !matchingClaimValues.containsAll(claimValues)) {
return false;
}
boolean matched = false;
for (Object value : matchingClaimValues) {
if (claimValues.contains(value)) {
matched = true;
break;
}
}
if (!matched) {
return false;
}
}
return true;
}Aggregations
ClaimBean (org.apache.cxf.rt.security.claims.ClaimBean)4
SAMLClaim (org.apache.cxf.rt.security.claims.SAMLClaim)4
ArrayList (java.util.ArrayList)2
Claim (org.apache.cxf.security.claims.authorization.Claim)2
Method (java.lang.reflect.Method)1
AccessDeniedException (org.apache.cxf.interceptor.security.AccessDeniedException)1
SecureAnnotationsInterceptor (org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor)1
Message (org.apache.cxf.message.Message)1
Claims (org.apache.cxf.security.claims.authorization.Claims)1
Test (org.junit.Test)1
