Examples with ClaimCollection org.apache.cxf.rt.security.claims.ClaimCollection used on opensource projects

Search in sources :

Example 91 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class LDAPClaimsTest method createRequestClaimCollection.

private ClaimCollection createRequestClaimCollection() {
    ClaimCollection claims = new ClaimCollection();
    Claim claim = new Claim();
    claim.setClaimType(ClaimTypes.FIRSTNAME);
    claim.setOptional(true);
    claims.add(claim);
    claim = new Claim();
    claim.setClaimType(ClaimTypes.LASTNAME);
    claim.setOptional(true);
    claims.add(claim);
    claim = new Claim();
    claim.setClaimType(ClaimTypes.EMAILADDRESS);
    claim.setOptional(true);
    claims.add(claim);
    return claims;
}
Also used : ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim)

Example 92 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class LDAPClaimsTest method testRetrieveRolesForBob.

@org.junit.Test
public void testRetrieveRolesForBob() throws Exception {
    LdapGroupClaimsHandler claimsHandler = (LdapGroupClaimsHandler) appContext.getBean("testGroupClaimsHandlerOtherUsers");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("otherClaimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    ClaimCollection requestedClaims = new ClaimCollection();
    Claim claim = new Claim();
    String roleURI = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
    claim.setClaimType(roleURI);
    requestedClaims.add(claim);
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    Assert.assertTrue(retrievedClaims.size() == 1);
    Assert.assertEquals(retrievedClaims.get(0).getClaimType(), roleURI);
    Assert.assertTrue(retrievedClaims.get(0).getValues().size() == 2);
}
Also used : LdapGroupClaimsHandler(org.apache.cxf.sts.claims.LdapGroupClaimsHandler) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 93 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class StaxSecurityContextInInterceptor method doResults.

private void doResults(SoapMessage msg, List<SecurityEvent> incomingSecurityEventList) throws WSSecurityException {
    // Now go through the results in a certain order to set up a security context. Highest priority is first.
    List<Event> desiredSecurityEvents = new ArrayList<>();
    desiredSecurityEvents.add(WSSecurityEventConstants.SAML_TOKEN);
    desiredSecurityEvents.add(WSSecurityEventConstants.USERNAME_TOKEN);
    desiredSecurityEvents.add(WSSecurityEventConstants.KERBEROS_TOKEN);
    desiredSecurityEvents.add(WSSecurityEventConstants.X509Token);
    desiredSecurityEvents.add(WSSecurityEventConstants.KeyValueToken);
    for (Event desiredEvent : desiredSecurityEvents) {
        SubjectAndPrincipalSecurityToken token = null;
        try {
            token = getSubjectPrincipalToken(incomingSecurityEventList, desiredEvent, msg);
        } catch (XMLSecurityException ex) {
        // proceed
        }
        if (token != null) {
            Principal p = token.getPrincipal();
            Subject subject = token.getSubject();
            if (subject != null) {
                String roleClassifier = (String) msg.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER);
                if (roleClassifier != null && !"".equals(roleClassifier)) {
                    String roleClassifierType = (String) msg.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER_TYPE);
                    if (roleClassifierType == null || "".equals(roleClassifierType)) {
                        roleClassifierType = "prefix";
                    }
                    msg.put(SecurityContext.class, new RolePrefixSecurityContextImpl(subject, roleClassifier, roleClassifierType));
                } else {
                    msg.put(SecurityContext.class, new DefaultSecurityContext(subject));
                }
                break;
            } else if (p != null) {
                if (desiredEvent == WSSecurityEventConstants.SAML_TOKEN) {
                    String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
                    if (roleAttributeName == null || roleAttributeName.length() == 0) {
                        roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
                    }
                    Object receivedAssertion = ((SAMLTokenPrincipal) token.getPrincipal()).getToken();
                    if (receivedAssertion != null) {
                        ClaimCollection claims = SAMLUtils.getClaims((SamlAssertionWrapper) receivedAssertion);
                        Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
                        SAMLSecurityContext context = new SAMLSecurityContext(p, roles, claims);
                        msg.put(SecurityContext.class, context);
                    }
                } else {
                    msg.put(SecurityContext.class, createSecurityContext(p));
                }
                break;
            }
        }
    }
}
Also used : DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) Set(java.util.Set) SubjectAndPrincipalSecurityToken(org.apache.wss4j.stax.securityToken.SubjectAndPrincipalSecurityToken) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) ArrayList(java.util.ArrayList) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) Subject(javax.security.auth.Subject) RolePrefixSecurityContextImpl(org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) SamlTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent) KerberosTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.KerberosTokenSecurityEvent) KeyValueTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.KeyValueTokenSecurityEvent) Event(org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event) SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent) X509TokenSecurityEvent(org.apache.wss4j.stax.securityEvent.X509TokenSecurityEvent) UsernameTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal) Principal(java.security.Principal)

Example 94 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class DefaultWSS4JSecurityContextCreator method createSecurityContext.

protected SecurityContext createSecurityContext(SoapMessage msg, boolean useJAASSubject, WSSecurityEngineResult wsResult) {
    final Principal p = (Principal) wsResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
    final Subject subject = (Subject) wsResult.get(WSSecurityEngineResult.TAG_SUBJECT);
    if (subject != null && !(p instanceof KerberosPrincipal) && useJAASSubject) {
        String roleClassifier = (String) msg.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER);
        if (roleClassifier != null && !"".equals(roleClassifier)) {
            String roleClassifierType = (String) msg.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER_TYPE);
            if (roleClassifierType == null || "".equals(roleClassifierType)) {
                roleClassifierType = "prefix";
            }
            return new RolePrefixSecurityContextImpl(subject, roleClassifier, roleClassifierType);
        }
        return new DefaultSecurityContext(p, subject);
    } else if (p != null) {
        boolean utWithCallbacks = MessageUtils.getContextualBoolean(msg, SecurityConstants.VALIDATE_TOKEN, true);
        if (!utWithCallbacks) {
            WSS4JTokenConverter.convertToken(msg, p);
        }
        Object receivedAssertion = wsResult.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
        if (receivedAssertion == null) {
            receivedAssertion = wsResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        }
        if (wsResult.get(WSSecurityEngineResult.TAG_DELEGATION_CREDENTIAL) != null) {
            msg.put(SecurityConstants.DELEGATED_CREDENTIAL, wsResult.get(WSSecurityEngineResult.TAG_DELEGATION_CREDENTIAL));
        }
        if (receivedAssertion instanceof SamlAssertionWrapper) {
            String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
            if (roleAttributeName == null || roleAttributeName.length() == 0) {
                roleAttributeName = WSS4JInInterceptor.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
            }
            ClaimCollection claims = SAMLUtils.getClaims((SamlAssertionWrapper) receivedAssertion);
            Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
            SAMLSecurityContext context = new SAMLSecurityContext(p, roles, claims);
            context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));
            context.setAssertionElement(SAMLUtils.getAssertionElement(receivedAssertion));
            return context;
        }
        return createSecurityContext(p);
    }
    return null;
}
Also used : DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) RolePrefixSecurityContextImpl(org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl) Set(java.util.Set) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) Principal(java.security.Principal) Subject(javax.security.auth.Subject)

Example 95 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class UsernameTokenInterceptor method createSecurityContext.

private SecurityContext createSecurityContext(Message msg, SamlAssertionWrapper samlAssertion) {
    String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
    if (roleAttributeName == null || roleAttributeName.length() == 0) {
        roleAttributeName = WSS4JInInterceptor.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
    }
    ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
    Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
    SAMLSecurityContext context = new SAMLSecurityContext(new SAMLTokenPrincipalImpl(samlAssertion), roles, claims);
    context.setIssuer(SAMLUtils.getIssuer(samlAssertion));
    context.setAssertionElement(SAMLUtils.getAssertionElement(samlAssertion));
    return context;
}
Also used : SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) SAMLTokenPrincipalImpl(org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl) Principal(java.security.Principal) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)

Aggregations

ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)100 Claim (org.apache.cxf.rt.security.claims.Claim)63 ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)46 ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)43 ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)42 ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)31 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)26 ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)23 Principal (java.security.Principal)22 CustomClaimsHandler (org.apache.cxf.sts.common.CustomClaimsHandler)22 URI (java.net.URI)21 Element (org.w3c.dom.Element)21 StaticClaimsHandler (org.apache.cxf.sts.claims.StaticClaimsHandler)15 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)13 ArrayList (java.util.ArrayList)12 LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)12 JAXBElement (javax.xml.bind.JAXBElement)10 Test (org.junit.Test)10 SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)9 StaticEndpointClaimsHandler (org.apache.cxf.sts.claims.StaticEndpointClaimsHandler)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial