Example 1 with ClaimsSecurityContext
use of org.apache.cxf.rt.security.claims.ClaimsSecurityContext in project cxf by apache.
the class ClaimsAuthorizingInterceptorTest method prepareMessage.
private Message prepareMessage(Class<?> cls, String methodName, String roleName, org.apache.cxf.rt.security.claims.Claim... claim) throws Exception {
ClaimCollection claims = new ClaimCollection();
Collections.addAll(claims, claim);
Set<Principal> roles = parseRolesFromClaims(claims, roleName, "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
ClaimsSecurityContext sc = new ClaimsSecurityContext() {
private Principal p = new SimplePrincipal("user");
@Override
public Principal getUserPrincipal() {
return p;
}
@Override
public boolean isUserInRole(String role) {
if (roles == null) {
return false;
}
for (Principal principalRole : roles) {
if (principalRole != p && principalRole.getName().equals(role)) {
return true;
}
}
return false;
}
@Override
public Subject getSubject() {
return null;
}
@Override
public Set<Principal> getUserRoles() {
return roles;
}
@Override
public ClaimCollection getClaims() {
return claims;
}
};
Message m = new MessageImpl();
m.setExchange(new ExchangeImpl());
m.put(SecurityContext.class, sc);
m.put("org.apache.cxf.resource.method", cls.getMethod(methodName, new Class[] {}));
return m;
}
Also used :
Message(org.apache.cxf.message.Message)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
ClaimsSecurityContext(org.apache.cxf.rt.security.claims.ClaimsSecurityContext)
MessageImpl(org.apache.cxf.message.MessageImpl)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
ExchangeImpl(org.apache.cxf.message.ExchangeImpl)
Example 2 with ClaimsSecurityContext
use of org.apache.cxf.rt.security.claims.ClaimsSecurityContext in project cxf by apache.
the class ClaimsAuthorizingInterceptor method handleMessage.
public void handleMessage(Message message) throws Fault {
SecurityContext sc = message.get(SecurityContext.class);
if (!(sc instanceof ClaimsSecurityContext)) {
throw new AccessDeniedException("Security Context is unavailable or unrecognized");
}
Method method = MessageUtils.getTargetMethod(message).orElseThrow(() -> new AccessDeniedException("Method is not available : Unauthorized"));
if (authorize((ClaimsSecurityContext) sc, method)) {
return;
}
throw new AccessDeniedException("Unauthorized");
}
Also used :
AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException)
ClaimsSecurityContext(org.apache.cxf.rt.security.claims.ClaimsSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
Method(java.lang.reflect.Method)
ClaimsSecurityContext(org.apache.cxf.rt.security.claims.ClaimsSecurityContext)
Aggregations
ClaimsSecurityContext (org.apache.cxf.rt.security.claims.ClaimsSecurityContext)2
Method (java.lang.reflect.Method)1
Principal (java.security.Principal)1
SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)1
AccessDeniedException (org.apache.cxf.interceptor.security.AccessDeniedException)1
ExchangeImpl (org.apache.cxf.message.ExchangeImpl)1
Message (org.apache.cxf.message.Message)1
MessageImpl (org.apache.cxf.message.MessageImpl)1
ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)1
SecurityContext (org.apache.cxf.security.SecurityContext)1
