Example 96 with ClaimCollection
use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.
the class ClaimsManager method filterHandlerClaims.
private ClaimCollection filterHandlerClaims(ClaimCollection claims, List<String> handlerClaimTypes) {
ClaimCollection supportedClaims = new ClaimCollection();
supportedClaims.setDialect(claims.getDialect());
for (Claim claim : claims) {
if (handlerClaimTypes.contains(claim.getClaimType())) {
supportedClaims.add(claim);
}
}
return supportedClaims;
}
Also used :
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
Claim(org.apache.cxf.rt.security.claims.Claim)
Example 97 with ClaimCollection
use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.
the class ClaimsManager method handleClaims.
private ProcessedClaimCollection handleClaims(ClaimCollection claims, ClaimsParameters parameters) {
ProcessedClaimCollection returnCollection = new ProcessedClaimCollection();
if (claimHandlers == null) {
return returnCollection;
}
Principal originalPrincipal = parameters.getPrincipal();
for (ClaimsHandler handler : claimHandlers) {
ClaimCollection supportedClaims = filterHandlerClaims(claims, handler.getSupportedClaimTypes());
if (supportedClaims.isEmpty()) {
continue;
}
if (isCurrentRealmSupported(handler, parameters)) {
ProcessedClaimCollection claimCollection = null;
try {
claimCollection = handler.retrieveClaimValues(supportedClaims, parameters);
} catch (RuntimeException ex) {
LOG.log(Level.INFO, "Failed retrieving claims from ClaimsHandler " + handler.getClass().getName(), ex);
if (this.isStopProcessingOnException()) {
throw ex;
}
} finally {
// set original principal again, otherwise wrong principal passed to next claim handler in the list
// if no mapping required or wrong source principal used for next identity mapping
parameters.setPrincipal(originalPrincipal);
}
if (claimCollection != null && !claimCollection.isEmpty()) {
returnCollection.addAll(claimCollection);
}
}
}
return returnCollection;
}
Also used :
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
Principal(java.security.Principal)
Example 98 with ClaimCollection
use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.
the class ClaimsManager method mergeClaims.
/**
* This method merges the primary claims with the secondary claims (of the same dialect).
* This facilitates handling claims from a service via wst:SecondaryParameters/wst:Claims
* with any client-specific claims sent in wst:RequestSecurityToken/wst:Claims
*/
private ClaimCollection mergeClaims(ClaimCollection primaryClaims, ClaimCollection secondaryClaims) {
ClaimCollection parsedClaims = new ClaimCollection();
parsedClaims.addAll(secondaryClaims);
// Merge claims
ClaimCollection mergedClaims = new ClaimCollection();
mergedClaims.setDialect(primaryClaims.getDialect());
for (Claim claim : primaryClaims) {
Claim matchingClaim = null;
// Search for a matching claim via the ClaimType URI
for (Claim secondaryClaim : parsedClaims) {
if (secondaryClaim.getClaimType().equals(claim.getClaimType())) {
matchingClaim = secondaryClaim;
break;
}
}
if (matchingClaim == null) {
mergedClaims.add(claim);
} else {
Claim mergedClaim = new Claim();
mergedClaim.setClaimType(claim.getClaimType());
if (claim.getValues() != null && !claim.getValues().isEmpty()) {
mergedClaim.setValues(claim.getValues());
if (matchingClaim.getValues() != null && !matchingClaim.getValues().isEmpty()) {
LOG.log(Level.WARNING, "Secondary claim value " + matchingClaim.getValues() + " ignored in favour of primary claim value");
}
} else if (matchingClaim.getValues() != null && !matchingClaim.getValues().isEmpty()) {
mergedClaim.setValues(matchingClaim.getValues());
}
mergedClaims.add(mergedClaim);
// Remove from parsed Claims
parsedClaims.remove(matchingClaim);
}
}
// Now add in any claims from the parsed claims that weren't merged
mergedClaims.addAll(parsedClaims);
return mergedClaims;
}
Also used :
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
Claim(org.apache.cxf.rt.security.claims.Claim)
Example 99 with ClaimCollection
use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.
the class RequestParser method parseTokenRequirements.
/**
* Parse the Token requirements into the TokenRequirements argument.
*/
private static boolean parseTokenRequirements(JAXBElement<?> jaxbElement, TokenRequirements tokenRequirements, Map<String, Object> messageContext, List<ClaimsParser> claimsParsers) {
if (QNameConstants.TOKEN_TYPE.equals(jaxbElement.getName())) {
String tokenType = (String) jaxbElement.getValue();
tokenRequirements.setTokenType(tokenType);
} else if (QNameConstants.ON_BEHALF_OF.equals(jaxbElement.getName())) {
OnBehalfOfType onBehalfOfType = (OnBehalfOfType) jaxbElement.getValue();
ReceivedToken onBehalfOf = new ReceivedToken(onBehalfOfType.getAny());
tokenRequirements.setOnBehalfOf(onBehalfOf);
} else if (QNameConstants.ACT_AS.equals(jaxbElement.getName())) {
ActAsType actAsType = (ActAsType) jaxbElement.getValue();
ReceivedToken actAs = new ReceivedToken(actAsType.getAny());
tokenRequirements.setActAs(actAs);
} else if (QNameConstants.LIFETIME.equals(jaxbElement.getName())) {
LifetimeType lifetimeType = (LifetimeType) jaxbElement.getValue();
Lifetime lifetime = new Lifetime();
if (lifetimeType.getCreated() != null) {
lifetime.setCreated(lifetimeType.getCreated().getValue());
}
if (lifetimeType.getExpires() != null) {
lifetime.setExpires(lifetimeType.getExpires().getValue());
}
tokenRequirements.setLifetime(lifetime);
} else if (QNameConstants.VALIDATE_TARGET.equals(jaxbElement.getName())) {
ValidateTargetType validateTargetType = (ValidateTargetType) jaxbElement.getValue();
ReceivedToken validateTarget = new ReceivedToken(validateTargetType.getAny());
if (isTokenReferenced(validateTarget.getToken())) {
Element target = fetchTokenElementFromReference(validateTarget.getToken(), messageContext);
validateTarget = new ReceivedToken(target);
}
tokenRequirements.setValidateTarget(validateTarget);
} else if (QNameConstants.CANCEL_TARGET.equals(jaxbElement.getName())) {
CancelTargetType cancelTargetType = (CancelTargetType) jaxbElement.getValue();
ReceivedToken cancelTarget = new ReceivedToken(cancelTargetType.getAny());
if (isTokenReferenced(cancelTarget.getToken())) {
Element target = fetchTokenElementFromReference(cancelTarget.getToken(), messageContext);
cancelTarget = new ReceivedToken(target);
}
tokenRequirements.setCancelTarget(cancelTarget);
} else if (QNameConstants.RENEW_TARGET.equals(jaxbElement.getName())) {
RenewTargetType renewTargetType = (RenewTargetType) jaxbElement.getValue();
ReceivedToken renewTarget = new ReceivedToken(renewTargetType.getAny());
if (isTokenReferenced(renewTarget.getToken())) {
Element target = fetchTokenElementFromReference(renewTarget.getToken(), messageContext);
renewTarget = new ReceivedToken(target);
}
tokenRequirements.setRenewTarget(renewTarget);
} else if (QNameConstants.CLAIMS.equals(jaxbElement.getName())) {
ClaimsType claimsType = (ClaimsType) jaxbElement.getValue();
ClaimCollection requestedClaims = parseClaims(claimsType, claimsParsers);
tokenRequirements.setPrimaryClaims(requestedClaims);
} else if (QNameConstants.RENEWING.equals(jaxbElement.getName())) {
RenewingType renewingType = (RenewingType) jaxbElement.getValue();
Renewing renewing = new Renewing();
if (renewingType.isAllow() != null) {
renewing.setAllowRenewing(renewingType.isAllow());
}
if (renewingType.isOK() != null) {
renewing.setAllowRenewingAfterExpiry(renewingType.isOK());
}
tokenRequirements.setRenewing(renewing);
} else if (QNameConstants.PARTICIPANTS.equals(jaxbElement.getName())) {
ParticipantsType participantsType = (ParticipantsType) jaxbElement.getValue();
Participants participants = parseParticipants(participantsType);
tokenRequirements.setParticipants(participants);
} else {
return false;
}
return true;
}
Also used :
ClaimsType(org.apache.cxf.ws.security.sts.provider.model.ClaimsType)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
CancelTargetType(org.apache.cxf.ws.security.sts.provider.model.CancelTargetType)
ActAsType(org.apache.cxf.ws.security.sts.provider.model.wstrust14.ActAsType)
OnBehalfOfType(org.apache.cxf.ws.security.sts.provider.model.OnBehalfOfType)
RenewTargetType(org.apache.cxf.ws.security.sts.provider.model.RenewTargetType)
LifetimeType(org.apache.cxf.ws.security.sts.provider.model.LifetimeType)
ValidateTargetType(org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
RenewingType(org.apache.cxf.ws.security.sts.provider.model.RenewingType)
ParticipantsType(org.apache.cxf.ws.security.sts.provider.model.ParticipantsType)
Example 100 with ClaimCollection
use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.
the class RequestParser method parseSecondaryParameters.
/**
* Parse the secondaryParameters element. Precedence goes to values that are specified as
* direct children of the RequestSecurityToken element.
* @param secondaryParameters the secondaryParameters element to parse
*/
private void parseSecondaryParameters(Element secondaryParameters, List<ClaimsParser> claimsParsers, TokenRequirements tokenRequirements, KeyRequirements keyRequirements) {
LOG.fine("Found SecondaryParameters element");
Element child = DOMUtils.getFirstElement(secondaryParameters);
while (child != null) {
String localName = child.getLocalName();
String namespace = child.getNamespaceURI();
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("Found " + localName + ": " + child.getTextContent().trim());
}
if (keyRequirements.getKeySize() == 0 && "KeySize".equals(localName) && STSConstants.WST_NS_05_12.equals(namespace)) {
long keySize = Integer.parseInt(child.getTextContent().trim());
keyRequirements.setKeySize(keySize);
} else if (tokenRequirements.getTokenType() == null && "TokenType".equals(localName) && STSConstants.WST_NS_05_12.equals(namespace)) {
String tokenType = child.getTextContent().trim();
tokenRequirements.setTokenType(tokenType);
} else if (keyRequirements.getKeyType() == null && "KeyType".equals(localName) && STSConstants.WST_NS_05_12.equals(namespace)) {
String keyType = child.getTextContent().trim();
keyRequirements.setKeyType(keyType);
} else if ("Claims".equals(localName) && STSConstants.WST_NS_05_12.equals(namespace)) {
ClaimCollection requestedClaims = parseClaims(child, claimsParsers);
tokenRequirements.setSecondaryClaims(requestedClaims);
} else {
LOG.fine("Found unknown element: " + localName + " " + namespace);
}
child = DOMUtils.getNextElement(child);
}
}
Also used :
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
Aggregations
ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)100
Claim (org.apache.cxf.rt.security.claims.Claim)63
ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)46
ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)43
ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)42
ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)31
CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)26
ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)23
Principal (java.security.Principal)22
CustomClaimsHandler (org.apache.cxf.sts.common.CustomClaimsHandler)22
URI (java.net.URI)21
Element (org.w3c.dom.Element)21
StaticClaimsHandler (org.apache.cxf.sts.claims.StaticClaimsHandler)15
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)13
ArrayList (java.util.ArrayList)12
LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)12
JAXBElement (javax.xml.bind.JAXBElement)10
Test (org.junit.Test)10
SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)9
StaticEndpointClaimsHandler (org.apache.cxf.sts.claims.StaticEndpointClaimsHandler)9
