Examples with ClaimCollection org.apache.cxf.rt.security.claims.ClaimCollection used on opensource projects

Search in sources :

Example 21 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class AbstractSTSClient method addClaims.

protected void addClaims(XMLStreamWriter writer) throws Exception {
    Object claimsToSerialize = claims;
    if (claimsToSerialize == null && claimsCallbackHandler != null) {
        ClaimsCallback callback = new ClaimsCallback(message);
        claimsCallbackHandler.handle(new Callback[] { callback });
        claimsToSerialize = callback.getClaims();
    }
    if (claimsToSerialize instanceof Element) {
        StaxUtils.copy((Element) claimsToSerialize, writer);
    } else if (claimsToSerialize instanceof ClaimCollection) {
        ClaimCollection claimCollection = (ClaimCollection) claims;
        claimCollection.serialize(writer, "wst", namespace);
    }
}
Also used : ClaimsCallback(org.apache.cxf.ws.security.trust.claims.ClaimsCallback) ExtensibilityElement(javax.wsdl.extensions.ExtensibilityElement) Element(org.w3c.dom.Element) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)

Example 22 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class STSLoginModule method getRoles.

private Set<Principal> getRoles(Message msg, Credential credential) {
    SamlAssertionWrapper samlAssertion = credential.getTransformedToken();
    if (samlAssertion == null) {
        samlAssertion = credential.getSamlAssertion();
    }
    if (samlAssertion != null) {
        String roleAttributeName = null;
        if (msg != null) {
            roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
        }
        if (roleAttributeName == null || roleAttributeName.length() == 0) {
            roleAttributeName = WSS4JInInterceptor.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
        }
        ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
        return SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
    }
    return Collections.emptySet();
}
Also used : SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)

Example 23 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class AbstractOperation method createTokenProviderParameters.

/**
 * Create a TokenProviderParameters object
 */
protected TokenProviderParameters createTokenProviderParameters(RequestRequirements requestRequirements, Principal principal, Map<String, Object> messageContext) {
    TokenProviderParameters providerParameters = new TokenProviderParameters();
    providerParameters.setStsProperties(stsProperties);
    providerParameters.setPrincipal(principal);
    providerParameters.setMessageContext(messageContext);
    providerParameters.setTokenStore(getTokenStore());
    providerParameters.setEncryptToken(encryptIssuedToken);
    KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
    TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
    providerParameters.setKeyRequirements(keyRequirements);
    providerParameters.setTokenRequirements(tokenRequirements);
    // Extract AppliesTo
    String address = extractAddressFromAppliesTo(tokenRequirements.getAppliesTo());
    if (LOG.isLoggable(Level.FINE)) {
        LOG.fine("The AppliesTo address that has been received is: " + address);
    }
    providerParameters.setAppliesToAddress(address);
    // Get the realm of the request
    if (stsProperties.getRealmParser() != null) {
        RealmParser realmParser = stsProperties.getRealmParser();
        String realm = realmParser.parseRealm(messageContext);
        providerParameters.setRealm(realm);
    }
    // Set the requested Claims
    ClaimCollection claims = tokenRequirements.getPrimaryClaims();
    providerParameters.setRequestedPrimaryClaims(claims);
    claims = tokenRequirements.getSecondaryClaims();
    providerParameters.setRequestedSecondaryClaims(claims);
    EncryptionProperties encryptionProperties = stsProperties.getEncryptionProperties();
    if (address != null) {
        boolean foundService = false;
        // Get the stored Service object corresponding to the Service endpoint
        if (services != null) {
            for (ServiceMBean service : services) {
                if (service.isAddressInEndpoints(address)) {
                    EncryptionProperties svcEncryptionProperties = service.getEncryptionProperties();
                    if (svcEncryptionProperties != null) {
                        encryptionProperties = svcEncryptionProperties;
                    }
                    if (tokenRequirements.getTokenType() == null) {
                        String tokenType = service.getTokenType();
                        tokenRequirements.setTokenType(tokenType);
                        LOG.fine("Using default token type of: " + tokenType);
                    }
                    if (keyRequirements.getKeyType() == null) {
                        String keyType = service.getKeyType();
                        keyRequirements.setKeyType(keyType);
                        LOG.fine("Using default key type of: " + keyType);
                    }
                    foundService = true;
                    break;
                }
            }
        }
        if (!foundService) {
            String msg = "No service corresponding to " + address + " is known. Check 'services' property configuration in SecurityTokenServiceProvider";
            LOG.log(Level.SEVERE, msg);
            throw new STSException(msg, STSException.REQUEST_FAILED);
        }
    }
    providerParameters.setEncryptionProperties(encryptionProperties);
    return providerParameters;
}
Also used : RealmParser(org.apache.cxf.sts.RealmParser) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) ServiceMBean(org.apache.cxf.sts.service.ServiceMBean) STSException(org.apache.cxf.ws.security.sts.provider.STSException) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 24 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class SAMLClaimsTest method testSAML1Claims.

@org.junit.Test
public void testSAML1Claims() throws Exception {
    AttributeBean attributeBean = new AttributeBean();
    attributeBean.setSimpleName("role");
    attributeBean.setQualifiedName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims");
    attributeBean.addAttributeValue("employee");
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(false);
    samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean));
    // Create the SAML Assertion via the CallbackHandler
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    Document doc = DOMUtils.newDocument();
    samlAssertion.toDOM(doc);
    ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
    assertEquals(claims.getDialect().toString(), "http://schemas.xmlsoap.org/ws/2005/05/identity");
    assertEquals(1, claims.size());
    // Check Claim values
    Claim claim = claims.get(0);
    assertEquals(claim.getClaimType(), SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
    assertEquals(1, claim.getValues().size());
    assertTrue(claim.getValues().contains("employee"));
    // Check SAMLClaim values
    assertTrue(claim instanceof SAMLClaim);
    assertEquals("role", ((SAMLClaim) claim).getName());
    // Check roles
    Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, "role", null);
    assertEquals(1, roles.size());
    Principal p = roles.iterator().next();
    assertEquals("employee", p.getName());
}
Also used : SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) Document(org.w3c.dom.Document) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim) Claim(org.apache.cxf.rt.security.claims.Claim) Principal(java.security.Principal)

Example 25 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class SAMLUtils method getClaims.

/**
 * Extract Claims from a SAML Assertion
 */
public static ClaimCollection getClaims(SamlAssertionWrapper assertion) {
    ClaimCollection claims = new ClaimCollection();
    if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
        List<AttributeStatement> statements = assertion.getSaml2().getAttributeStatements();
        for (AttributeStatement as : statements) {
            for (Attribute atr : as.getAttributes()) {
                SAMLClaim claim = new SAMLClaim();
                claim.setClaimType(atr.getName());
                claim.setName(atr.getName());
                claim.setNameFormat(atr.getNameFormat());
                claim.setFriendlyName(atr.getFriendlyName());
                for (XMLObject o : atr.getAttributeValues()) {
                    String attrValue = o.getDOM().getTextContent();
                    claim.getValues().add(attrValue);
                }
                claims.add(claim);
            }
        }
    } else {
        List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion.getSaml1().getAttributeStatements();
        for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) {
            for (org.opensaml.saml.saml1.core.Attribute atr : statement.getAttributes()) {
                SAMLClaim claim = new SAMLClaim();
                String claimType = atr.getAttributeName();
                if (atr.getAttributeNamespace() != null) {
                    claimType = atr.getAttributeNamespace() + "/" + claimType;
                }
                claim.setClaimType(claimType);
                claim.setName(atr.getAttributeName());
                claim.setNameFormat(atr.getAttributeNamespace());
                for (XMLObject o : atr.getAttributeValues()) {
                    String attrValue = o.getDOM().getTextContent();
                    claim.getValues().add(attrValue);
                }
                claims.add(claim);
            }
        }
    }
    return claims;
}
Also used : SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim) Attribute(org.opensaml.saml.saml2.core.Attribute) XMLObject(org.opensaml.core.xml.XMLObject) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)

Aggregations

ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)100 Claim (org.apache.cxf.rt.security.claims.Claim)63 ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)46 ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)43 ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)42 ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)31 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)26 ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)23 Principal (java.security.Principal)22 CustomClaimsHandler (org.apache.cxf.sts.common.CustomClaimsHandler)22 URI (java.net.URI)21 Element (org.w3c.dom.Element)21 StaticClaimsHandler (org.apache.cxf.sts.claims.StaticClaimsHandler)15 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)13 ArrayList (java.util.ArrayList)12 LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)12 JAXBElement (javax.xml.bind.JAXBElement)10 Test (org.junit.Test)10 SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)9 StaticEndpointClaimsHandler (org.apache.cxf.sts.claims.StaticEndpointClaimsHandler)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial