Examples with ClaimCollection org.apache.cxf.rt.security.claims.ClaimCollection used on opensource projects

Search in sources :

Example 26 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class SAMLClaimsTest method testSAML2Claims.

@org.junit.Test
public void testSAML2Claims() throws Exception {
    AttributeBean attributeBean = new AttributeBean();
    attributeBean.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
    attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
    attributeBean.addAttributeValue("employee");
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
    samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean));
    // Create the SAML Assertion via the CallbackHandler
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    Document doc = DOMUtils.newDocument();
    samlAssertion.toDOM(doc);
    ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
    assertEquals(claims.getDialect().toString(), "http://schemas.xmlsoap.org/ws/2005/05/identity");
    assertEquals(1, claims.size());
    // Check Claim values
    Claim claim = claims.get(0);
    assertEquals(claim.getClaimType(), SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
    assertEquals(1, claim.getValues().size());
    assertTrue(claim.getValues().contains("employee"));
    // Check SAMLClaim values
    assertTrue(claim instanceof SAMLClaim);
    assertEquals(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, ((SAMLClaim) claim).getName());
    assertEquals(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED, ((SAMLClaim) claim).getNameFormat());
    // Check roles
    Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
    assertEquals(1, roles.size());
    Principal p = roles.iterator().next();
    assertEquals("employee", p.getName());
}
Also used : SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) Document(org.w3c.dom.Document) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim) Claim(org.apache.cxf.rt.security.claims.Claim) Principal(java.security.Principal)

Example 27 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class WSS4JBasicAuthValidator method createSecurityContext.

protected SecurityContext createSecurityContext(Message msg, Credential credential) {
    SamlAssertionWrapper samlAssertion = credential.getTransformedToken();
    if (samlAssertion == null) {
        samlAssertion = credential.getSamlAssertion();
    }
    if (samlAssertion != null) {
        String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
        if (roleAttributeName == null || roleAttributeName.length() == 0) {
            roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
        }
        ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
        Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
        SAMLSecurityContext context = new SAMLSecurityContext(credential.getPrincipal(), roles, claims);
        context.setIssuer(SAMLUtils.getIssuer(samlAssertion));
        context.setAssertionElement(SAMLUtils.getAssertionElement(samlAssertion));
        return context;
    }
    return createSecurityContext(credential.getPrincipal());
}
Also used : SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) Principal(java.security.Principal)

Example 28 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class SAMLProviderActAsTest method createClaims.

/**
 * Create a set of parsed Claims
 */
private ClaimCollection createClaims() {
    ClaimCollection claims = new ClaimCollection();
    Claim claim = new Claim();
    claim.setClaimType(ClaimTypes.FIRSTNAME);
    claims.add(claim);
    claim = new Claim();
    claim.setClaimType(ClaimTypes.LASTNAME);
    claims.add(claim);
    claim = new Claim();
    claim.setClaimType(ClaimTypes.EMAILADDRESS);
    claims.add(claim);
    return claims;
}
Also used : ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) Claim(org.apache.cxf.rt.security.claims.Claim)

Example 29 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class SAMLProviderActAsTest method testSAML2ActAsUsernameTokenClaims.

@org.junit.Test
public void testSAML2ActAsUsernameTokenClaims() throws Exception {
    TokenProvider samlTokenProvider = new SAMLTokenProvider();
    UsernameTokenType usernameToken = new UsernameTokenType();
    AttributedString username = new AttributedString();
    username.setValue("bob");
    usernameToken.setUsername(username);
    JAXBElement<UsernameTokenType> usernameTokenType = new JAXBElement<UsernameTokenType>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken);
    TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, usernameTokenType);
    // Principal must be set in ReceivedToken/ActAs
    providerParameters.getTokenRequirements().getActAs().setPrincipal(new CustomTokenPrincipal(username.getValue()));
    // Add Claims
    ClaimsManager claimsManager = new ClaimsManager();
    ClaimsHandler claimsHandler = new CustomClaimsHandler();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    providerParameters.setClaimsManager(claimsManager);
    ClaimCollection claims = createClaims();
    providerParameters.setRequestedPrimaryClaims(claims);
    assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    // Verify the token
    Element token = (Element) providerResponse.getToken();
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
    Assert.assertEquals("technical-user", assertion.getSubjectName());
    boolean foundActAsAttribute = false;
    for (org.opensaml.saml.saml2.core.AttributeStatement attributeStatement : assertion.getSaml2().getAttributeStatements()) {
        for (org.opensaml.saml.saml2.core.Attribute attribute : attributeStatement.getAttributes()) {
            if ("ActAs".equals(attribute.getName())) {
                for (XMLObject attributeValue : attribute.getAttributeValues()) {
                    Element attributeValueElement = attributeValue.getDOM();
                    String text = attributeValueElement.getTextContent();
                    if (text.contains("bob")) {
                        foundActAsAttribute = true;
                        break;
                    }
                }
            }
        }
    }
    assertTrue(foundActAsAttribute);
    // Check that claims are also present
    String tokenString = DOM2Writer.nodeToString(token);
    assertTrue(tokenString.contains(providerResponse.getTokenId()));
    assertTrue(tokenString.contains(ClaimTypes.EMAILADDRESS.toString()));
    assertTrue(tokenString.contains(ClaimTypes.FIRSTNAME.toString()));
    assertTrue(tokenString.contains(ClaimTypes.LASTNAME.toString()));
}
Also used : ClaimsHandler(org.apache.cxf.sts.claims.ClaimsHandler) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) XMLObject(org.opensaml.core.xml.XMLObject) JAXBElement(javax.xml.bind.JAXBElement) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)

Example 30 with ClaimCollection

use of org.apache.cxf.rt.security.claims.ClaimCollection in project cxf by apache.

the class ValidateJWTTransformationTest method createSAMLAssertion.

private static Element createSAMLAssertion(String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler) throws WSSecurityException {
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    samlTokenProvider.setAttributeStatementProviders(Collections.singletonList(new ClaimsAttributeStatementProvider()));
    TokenProviderParameters providerParameters = createProviderParameters(tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler);
    // Set the ClaimsManager
    ClaimsManager claimsManager = new ClaimsManager();
    ClaimsHandler claimsHandler = new CustomClaimsHandler();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    providerParameters.setClaimsManager(claimsManager);
    ClaimCollection requestedClaims = new ClaimCollection();
    Claim requestClaim = new Claim();
    requestClaim.setClaimType(ClaimTypes.LASTNAME);
    requestClaim.setOptional(false);
    requestedClaims.add(requestClaim);
    providerParameters.setRequestedSecondaryClaims(requestedClaims);
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    return (Element) providerResponse.getToken();
}
Also used : ClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider) ClaimsHandler(org.apache.cxf.sts.claims.ClaimsHandler) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) Claim(org.apache.cxf.rt.security.claims.Claim) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Aggregations

ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)100 Claim (org.apache.cxf.rt.security.claims.Claim)63 ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)46 ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)43 ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)42 ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)31 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)26 ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)23 Principal (java.security.Principal)22 CustomClaimsHandler (org.apache.cxf.sts.common.CustomClaimsHandler)22 URI (java.net.URI)21 Element (org.w3c.dom.Element)21 StaticClaimsHandler (org.apache.cxf.sts.claims.StaticClaimsHandler)15 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)13 ArrayList (java.util.ArrayList)12 LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)12 JAXBElement (javax.xml.bind.JAXBElement)10 Test (org.junit.Test)10 SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)9 StaticEndpointClaimsHandler (org.apache.cxf.sts.claims.StaticEndpointClaimsHandler)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial