Search in sources :

Example 1 with ClaimsSecurityContext

use of org.apache.cxf.rt.security.claims.ClaimsSecurityContext in project cxf by apache.

the class ClaimsAuthorizingInterceptorTest method prepareMessage.

private Message prepareMessage(Class<?> cls, String methodName, String roleName, org.apache.cxf.rt.security.claims.Claim... claim) throws Exception {
    ClaimCollection claims = new ClaimCollection();
    Collections.addAll(claims, claim);
    Set<Principal> roles = parseRolesFromClaims(claims, roleName, "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
    ClaimsSecurityContext sc = new ClaimsSecurityContext() {

        private Principal p = new SimplePrincipal("user");

        @Override
        public Principal getUserPrincipal() {
            return p;
        }

        @Override
        public boolean isUserInRole(String role) {
            if (roles == null) {
                return false;
            }
            for (Principal principalRole : roles) {
                if (principalRole != p && principalRole.getName().equals(role)) {
                    return true;
                }
            }
            return false;
        }

        @Override
        public Subject getSubject() {
            return null;
        }

        @Override
        public Set<Principal> getUserRoles() {
            return roles;
        }

        @Override
        public ClaimCollection getClaims() {
            return claims;
        }
    };
    Message m = new MessageImpl();
    m.setExchange(new ExchangeImpl());
    m.put(SecurityContext.class, sc);
    m.put("org.apache.cxf.resource.method", cls.getMethod(methodName, new Class[] {}));
    return m;
}
Also used : Message(org.apache.cxf.message.Message) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ClaimsSecurityContext(org.apache.cxf.rt.security.claims.ClaimsSecurityContext) MessageImpl(org.apache.cxf.message.MessageImpl) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal) Principal(java.security.Principal) SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal) ExchangeImpl(org.apache.cxf.message.ExchangeImpl)

Example 2 with ClaimsSecurityContext

use of org.apache.cxf.rt.security.claims.ClaimsSecurityContext in project cxf by apache.

the class ClaimsAuthorizingInterceptor method handleMessage.

public void handleMessage(Message message) throws Fault {
    SecurityContext sc = message.get(SecurityContext.class);
    if (!(sc instanceof ClaimsSecurityContext)) {
        throw new AccessDeniedException("Security Context is unavailable or unrecognized");
    }
    Method method = MessageUtils.getTargetMethod(message).orElseThrow(() -> new AccessDeniedException("Method is not available : Unauthorized"));
    if (authorize((ClaimsSecurityContext) sc, method)) {
        return;
    }
    throw new AccessDeniedException("Unauthorized");
}
Also used : AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException) ClaimsSecurityContext(org.apache.cxf.rt.security.claims.ClaimsSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) Method(java.lang.reflect.Method) ClaimsSecurityContext(org.apache.cxf.rt.security.claims.ClaimsSecurityContext)

Aggregations

ClaimsSecurityContext (org.apache.cxf.rt.security.claims.ClaimsSecurityContext)2 Method (java.lang.reflect.Method)1 Principal (java.security.Principal)1 SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)1 AccessDeniedException (org.apache.cxf.interceptor.security.AccessDeniedException)1 ExchangeImpl (org.apache.cxf.message.ExchangeImpl)1 Message (org.apache.cxf.message.Message)1 MessageImpl (org.apache.cxf.message.MessageImpl)1 ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)1 SecurityContext (org.apache.cxf.security.SecurityContext)1