Examples with ClaimCollection org.apache.cxf.rt.security.claims.ClaimCollection used on opensource projects

Search in sources :

Example 86 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class CustomWSS4JSecurityContextCreator method createSecurityContext.

/**
 * Create a SecurityContext and store it on the SoapMessage parameter
 */
public void createSecurityContext(SoapMessage msg, WSHandlerResult handlerResult) {
    Map<Integer, List<WSSecurityEngineResult>> actionResults = handlerResult.getActionResults();
    Principal asymmetricPrincipal = null;
    // Get Asymmetric Signature action
    List<WSSecurityEngineResult> foundResults = actionResults.get(WSConstants.SIGN);
    if (foundResults != null && !foundResults.isEmpty()) {
        for (WSSecurityEngineResult result : foundResults) {
            PublicKey publickey = (PublicKey) result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
            X509Certificate cert = (X509Certificate) result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
            if (publickey == null && cert == null) {
                continue;
            }
            SecurityContext context = createSecurityContext(msg, true, result);
            if (context != null && context.getUserPrincipal() != null) {
                asymmetricPrincipal = context.getUserPrincipal();
                break;
            }
        }
    }
    // We must have an asymmetric principal
    if (asymmetricPrincipal == null) {
        return;
    }
    // Get signed SAML action
    SAMLSecurityContext context = null;
    foundResults = actionResults.get(WSConstants.ST_SIGNED);
    if (foundResults != null && !foundResults.isEmpty()) {
        for (WSSecurityEngineResult result : foundResults) {
            Object receivedAssertion = result.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
            if (receivedAssertion == null) {
                receivedAssertion = result.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
            }
            if (receivedAssertion instanceof SamlAssertionWrapper) {
                String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
                if (roleAttributeName == null || roleAttributeName.length() == 0) {
                    roleAttributeName = WSS4JInInterceptor.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
                }
                ClaimCollection claims = SAMLUtils.getClaims((SamlAssertionWrapper) receivedAssertion);
                Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
                context = new SAMLSecurityContext(asymmetricPrincipal, roles, claims);
                context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));
                context.setAssertionElement(SAMLUtils.getAssertionElement(receivedAssertion));
                break;
            }
        }
    }
    if (context != null) {
        msg.put(SecurityContext.class, context);
    }
}
Also used : PublicKey(java.security.PublicKey) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) X509Certificate(java.security.cert.X509Certificate) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) List(java.util.List) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) Principal(java.security.Principal)

Example 87 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class LDAPClaimsTest method testRetrieveRolesForAlice.

@org.junit.Test
public void testRetrieveRolesForAlice() throws Exception {
    LdapGroupClaimsHandler claimsHandler = (LdapGroupClaimsHandler) appContext.getBean("testGroupClaimsHandler");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("claimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    ClaimCollection requestedClaims = new ClaimCollection();
    Claim claim = new Claim();
    String roleURI = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
    claim.setClaimType(roleURI);
    requestedClaims.add(claim);
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    Assert.assertTrue(retrievedClaims.size() == 1);
    Assert.assertEquals(retrievedClaims.get(0).getClaimType(), roleURI);
    Assert.assertTrue(retrievedClaims.get(0).getValues().size() == 2);
}
Also used : LdapGroupClaimsHandler(org.apache.cxf.sts.claims.LdapGroupClaimsHandler) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 88 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class LDAPClaimsTest method testRetrieveRolesForBobInBusinessCategoryWidgets.

@org.junit.Test
public void testRetrieveRolesForBobInBusinessCategoryWidgets() throws Exception {
    LdapGroupClaimsHandler claimsHandler = (LdapGroupClaimsHandler) appContext.getBean("testGroupClaimsHandlerFilter");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("otherClaimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    ClaimCollection requestedClaims = new ClaimCollection();
    Claim claim = new Claim();
    String roleURI = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
    claim.setClaimType(roleURI);
    requestedClaims.add(claim);
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    Assert.assertTrue(retrievedClaims.size() == 1);
    Assert.assertEquals(retrievedClaims.get(0).getClaimType(), roleURI);
    Assert.assertTrue(retrievedClaims.get(0).getValues().size() == 1);
}
Also used : LdapGroupClaimsHandler(org.apache.cxf.sts.claims.LdapGroupClaimsHandler) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 89 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class LDAPClaimsTest method testRetrieveClaimsWithUnsupportedMandatoryClaimType.

@org.junit.Test(expected = STSException.class)
public void testRetrieveClaimsWithUnsupportedMandatoryClaimType() throws Exception {
    LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("claimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    ClaimCollection requestedClaims = createRequestClaimCollection();
    // add unsupported but mandatory claim
    Claim claim = new Claim();
    claim.setClaimType(ClaimTypes.GENDER);
    claim.setOptional(false);
    requestedClaims.add(claim);
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    claimsManager.retrieveClaimValues(requestedClaims, params);
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) LdapClaimsHandler(org.apache.cxf.sts.claims.LdapClaimsHandler) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 90 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class LDAPClaimsTest method testRetrieveClaimsWithUnsupportedOptionalClaimType.

@org.junit.Test
public void testRetrieveClaimsWithUnsupportedOptionalClaimType() throws Exception {
    LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("claimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    ClaimCollection requestedClaims = createRequestClaimCollection();
    // add unsupported but optional unsupported claim
    Claim claim = new Claim();
    claim.setClaimType(ClaimTypes.GENDER);
    claim.setOptional(true);
    requestedClaims.add(claim);
    // Gender is not expected to be returned because not supported
    List<String> expectedClaims = new ArrayList<>();
    expectedClaims.add(ClaimTypes.FIRSTNAME.toString());
    expectedClaims.add(ClaimTypes.LASTNAME.toString());
    expectedClaims.add(ClaimTypes.EMAILADDRESS.toString());
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
    for (ProcessedClaim c : retrievedClaims) {
        if (expectedClaims.contains(c.getClaimType())) {
            expectedClaims.remove(c.getClaimType());
        } else {
            Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
        }
    }
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ArrayList(java.util.ArrayList) LdapClaimsHandler(org.apache.cxf.sts.claims.LdapClaimsHandler) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Aggregations

ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)100 Claim (org.apache.cxf.rt.security.claims.Claim)63 ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)46 ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)43 ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)42 ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)31 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)26 ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)23 Principal (java.security.Principal)22 CustomClaimsHandler (org.apache.cxf.sts.common.CustomClaimsHandler)22 URI (java.net.URI)21 Element (org.w3c.dom.Element)21 StaticClaimsHandler (org.apache.cxf.sts.claims.StaticClaimsHandler)15 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)13 ArrayList (java.util.ArrayList)12 LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)12 JAXBElement (javax.xml.bind.JAXBElement)10 Test (org.junit.Test)10 SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)9 StaticEndpointClaimsHandler (org.apache.cxf.sts.claims.StaticEndpointClaimsHandler)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial