use of org.apache.cxf.rt.security.claims.SAMLClaim in project cxf by apache.
the class ClaimsAuthorizingInterceptor method authorize.
protected boolean authorize(ClaimsSecurityContext sc, Method method) {
List<ClaimBean> list = claims.get(method.getName());
org.apache.cxf.rt.security.claims.ClaimCollection actualClaims = sc.getClaims();
for (ClaimBean claimBean : list) {
org.apache.cxf.rt.security.claims.Claim matchingClaim = null;
for (org.apache.cxf.rt.security.claims.Claim cl : actualClaims) {
if (cl instanceof SAMLClaim) {
// If it's a SAMLClaim the name + nameformat must match what's configured
if (((SAMLClaim) cl).getName().equals(claimBean.getClaim().getClaimType()) && ((SAMLClaim) cl).getNameFormat().equals(claimBean.getClaimFormat())) {
matchingClaim = cl;
break;
}
} else if (cl.getClaimType().equals(claimBean.getClaim().getClaimType())) {
matchingClaim = cl;
break;
}
}
if (matchingClaim == null) {
if (claimBean.getClaimMode() == ClaimMode.STRICT) {
return false;
}
continue;
}
List<Object> claimValues = claimBean.getClaim().getValues();
List<Object> matchingClaimValues = matchingClaim.getValues();
if (claimBean.isMatchAll() && !matchingClaimValues.containsAll(claimValues)) {
return false;
}
boolean matched = false;
for (Object value : matchingClaimValues) {
if (claimValues.contains(value)) {
matched = true;
break;
}
}
if (!matched) {
return false;
}
}
return true;
}
use of org.apache.cxf.rt.security.claims.SAMLClaim in project cxf by apache.
the class SAMLClaimsTest method testSAML2MultipleRoles.
@org.junit.Test
public void testSAML2MultipleRoles() throws Exception {
AttributeBean attributeBean = new AttributeBean();
attributeBean.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
attributeBean.addAttributeValue("employee");
attributeBean.addAttributeValue("boss");
SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean));
// Create the SAML Assertion via the CallbackHandler
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
Document doc = DOMUtils.newDocument();
samlAssertion.toDOM(doc);
ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
assertEquals(claims.getDialect().toString(), "http://schemas.xmlsoap.org/ws/2005/05/identity");
assertEquals(1, claims.size());
// Check Claim values
Claim claim = claims.get(0);
assertEquals(claim.getClaimType(), SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
assertEquals(2, claim.getValues().size());
assertTrue(claim.getValues().contains("employee"));
assertTrue(claim.getValues().contains("boss"));
// Check SAMLClaim values
assertTrue(claim instanceof SAMLClaim);
assertEquals(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, ((SAMLClaim) claim).getName());
assertEquals(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED, ((SAMLClaim) claim).getNameFormat());
// Check roles
Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
assertEquals(2, roles.size());
}
Aggregations