Examples with SAMLClaim org.apache.cxf.rt.security.claims.SAMLClaim used on opensource projects

Search in sources :

Example 1 with SAMLClaim

use of org.apache.cxf.rt.security.claims.SAMLClaim in project cxf by apache.

the class SAMLClaimsTest method testSAML2Claims.

@org.junit.Test
public void testSAML2Claims() throws Exception {
    AttributeBean attributeBean = new AttributeBean();
    attributeBean.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
    attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
    attributeBean.addAttributeValue("employee");
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
    samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean));
    // Create the SAML Assertion via the CallbackHandler
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    Document doc = DOMUtils.newDocument();
    samlAssertion.toDOM(doc);
    ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
    assertEquals(claims.getDialect().toString(), "http://schemas.xmlsoap.org/ws/2005/05/identity");
    assertEquals(1, claims.size());
    // Check Claim values
    Claim claim = claims.get(0);
    assertEquals(claim.getClaimType(), SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
    assertEquals(1, claim.getValues().size());
    assertTrue(claim.getValues().contains("employee"));
    // Check SAMLClaim values
    assertTrue(claim instanceof SAMLClaim);
    assertEquals(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, ((SAMLClaim) claim).getName());
    assertEquals(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED, ((SAMLClaim) claim).getNameFormat());
    // Check roles
    Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
    assertEquals(1, roles.size());
    Principal p = roles.iterator().next();
    assertEquals("employee", p.getName());
}
Also used : SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) Document(org.w3c.dom.Document) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim) Claim(org.apache.cxf.rt.security.claims.Claim) Principal(java.security.Principal)

Example 2 with SAMLClaim

use of org.apache.cxf.rt.security.claims.SAMLClaim in project cxf by apache.

the class SAMLClaimsTest method testSAML1Claims.

@org.junit.Test
public void testSAML1Claims() throws Exception {
    AttributeBean attributeBean = new AttributeBean();
    attributeBean.setSimpleName("role");
    attributeBean.setQualifiedName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims");
    attributeBean.addAttributeValue("employee");
    SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(false);
    samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean));
    // Create the SAML Assertion via the CallbackHandler
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
    SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
    Document doc = DOMUtils.newDocument();
    samlAssertion.toDOM(doc);
    ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
    assertEquals(claims.getDialect().toString(), "http://schemas.xmlsoap.org/ws/2005/05/identity");
    assertEquals(1, claims.size());
    // Check Claim values
    Claim claim = claims.get(0);
    assertEquals(claim.getClaimType(), SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
    assertEquals(1, claim.getValues().size());
    assertTrue(claim.getValues().contains("employee"));
    // Check SAMLClaim values
    assertTrue(claim instanceof SAMLClaim);
    assertEquals("role", ((SAMLClaim) claim).getName());
    // Check roles
    Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, "role", null);
    assertEquals(1, roles.size());
    Principal p = roles.iterator().next();
    assertEquals("employee", p.getName());
}
Also used : SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) Document(org.w3c.dom.Document) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim) Claim(org.apache.cxf.rt.security.claims.Claim) Principal(java.security.Principal)

Example 3 with SAMLClaim

use of org.apache.cxf.rt.security.claims.SAMLClaim in project cxf by apache.

the class SAMLUtils method getClaims.

/**
 * Extract Claims from a SAML Assertion
 */
public static ClaimCollection getClaims(SamlAssertionWrapper assertion) {
    ClaimCollection claims = new ClaimCollection();
    if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
        List<AttributeStatement> statements = assertion.getSaml2().getAttributeStatements();
        for (AttributeStatement as : statements) {
            for (Attribute atr : as.getAttributes()) {
                SAMLClaim claim = new SAMLClaim();
                claim.setClaimType(atr.getName());
                claim.setName(atr.getName());
                claim.setNameFormat(atr.getNameFormat());
                claim.setFriendlyName(atr.getFriendlyName());
                for (XMLObject o : atr.getAttributeValues()) {
                    String attrValue = o.getDOM().getTextContent();
                    claim.getValues().add(attrValue);
                }
                claims.add(claim);
            }
        }
    } else {
        List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion.getSaml1().getAttributeStatements();
        for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) {
            for (org.opensaml.saml.saml1.core.Attribute atr : statement.getAttributes()) {
                SAMLClaim claim = new SAMLClaim();
                String claimType = atr.getAttributeName();
                if (atr.getAttributeNamespace() != null) {
                    claimType = atr.getAttributeNamespace() + "/" + claimType;
                }
                claim.setClaimType(claimType);
                claim.setName(atr.getAttributeName());
                claim.setNameFormat(atr.getAttributeNamespace());
                for (XMLObject o : atr.getAttributeValues()) {
                    String attrValue = o.getDOM().getTextContent();
                    claim.getValues().add(attrValue);
                }
                claims.add(claim);
            }
        }
    }
    return claims;
}
Also used : SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim) Attribute(org.opensaml.saml.saml2.core.Attribute) XMLObject(org.opensaml.core.xml.XMLObject) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)

Example 4 with SAMLClaim

use of org.apache.cxf.rt.security.claims.SAMLClaim in project cxf by apache.

the class ClaimsAuthorizingInterceptorTest method createClaim.

private org.apache.cxf.rt.security.claims.Claim createClaim(String name, String format, Object... values) {
    SAMLClaim claim = new SAMLClaim();
    claim.setName(name);
    claim.setNameFormat(format);
    claim.setValues(Arrays.asList(values));
    return claim;
}
Also used : SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim)

Example 5 with SAMLClaim

use of org.apache.cxf.rt.security.claims.SAMLClaim in project cxf by apache.

the class ClaimsAuthorizingInterceptorTest method testUserInRoleAndClaims.

@Test
public void testUserInRoleAndClaims() throws Exception {
    SecureAnnotationsInterceptor in = new SecureAnnotationsInterceptor();
    in.setAnnotationClassName(SecureRole.class.getName());
    in.setSecuredObject(new TestService2());
    Message m = prepareMessage(TestService2.class, "test", createDefaultClaim("admin"), createClaim("a", "b", "c"));
    in.handleMessage(m);
    ClaimsAuthorizingInterceptor in2 = new ClaimsAuthorizingInterceptor();
    SAMLClaim claim = new SAMLClaim();
    claim.setNameFormat("a");
    claim.setName("b");
    claim.addValue("c");
    in2.setClaims(Collections.singletonMap("test", Collections.singletonList(new ClaimBean(claim, "a", null, false))));
    in2.handleMessage(m);
    try {
        in.handleMessage(prepareMessage(TestService2.class, "test", createDefaultClaim("user")));
        fail("AccessDeniedException expected");
    } catch (AccessDeniedException ex) {
    // expected
    }
}
Also used : SAMLClaim(org.apache.cxf.rt.security.claims.SAMLClaim) AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException) Message(org.apache.cxf.message.Message) ClaimBean(org.apache.cxf.rt.security.claims.ClaimBean) SecureAnnotationsInterceptor(org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor) Test(org.junit.Test)

Aggregations

SAMLClaim (org.apache.cxf.rt.security.claims.SAMLClaim)7 ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)4 Principal (java.security.Principal)3 Claim (org.apache.cxf.rt.security.claims.Claim)3 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)3 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)3 AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)3 Document (org.w3c.dom.Document)3 ClaimBean (org.apache.cxf.rt.security.claims.ClaimBean)2 AccessDeniedException (org.apache.cxf.interceptor.security.AccessDeniedException)1 SecureAnnotationsInterceptor (org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor)1 Message (org.apache.cxf.message.Message)1 Test (org.junit.Test)1 XMLObject (org.opensaml.core.xml.XMLObject)1 Attribute (org.opensaml.saml.saml2.core.Attribute)1 AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial