Examples with SAMLClaim org.apache.cxf.rt.security.saml.claims.SAMLClaim used on opensource projects

Search in sources :

Example 1 with SAMLClaim

use of org.apache.cxf.rt.security.saml.claims.SAMLClaim in project cxf by apache.

the class ClaimsAuthorizingInterceptor method authorize.

protected boolean authorize(SAMLSecurityContext sc, Method method) {
    List<ClaimBean> list = claims.get(method.getName());
    org.apache.cxf.rt.security.claims.ClaimCollection actualClaims = sc.getClaims();
    for (ClaimBean claimBean : list) {
        org.apache.cxf.rt.security.claims.Claim claim = claimBean.getClaim();
        org.apache.cxf.rt.security.claims.Claim matchingClaim = null;
        for (org.apache.cxf.rt.security.claims.Claim cl : actualClaims) {
            if (cl instanceof SAMLClaim && ((SAMLClaim) cl).getName().equals(((SAMLClaim) claim).getName()) && ((SAMLClaim) cl).getNameFormat().equals(((SAMLClaim) claim).getNameFormat())) {
                matchingClaim = cl;
                break;
            }
        }
        if (matchingClaim == null) {
            if (claimBean.getClaimMode() == ClaimMode.STRICT) {
                return false;
            }
            continue;
        }
        List<Object> claimValues = claim.getValues();
        List<Object> matchingClaimValues = matchingClaim.getValues();
        if (claimBean.isMatchAll() && !matchingClaimValues.containsAll(claimValues)) {
            return false;
        }
        boolean matched = false;
        for (Object value : matchingClaimValues) {
            if (claimValues.contains(value)) {
                matched = true;
                break;
            }
        }
        if (!matched) {
            return false;
        }
    }
    return true;
}
Also used : SAMLClaim(org.apache.cxf.rt.security.saml.claims.SAMLClaim) ClaimBean(org.apache.cxf.rt.security.saml.claims.ClaimBean)

Example 2 with SAMLClaim

use of org.apache.cxf.rt.security.saml.claims.SAMLClaim in project cxf by apache.

the class ClaimsAuthorizingInterceptor method getClaims.

private List<ClaimBean> getClaims(Claims claimsAnn, Claim claimAnn) {
    List<ClaimBean> claimsList = new ArrayList<>();
    List<Claim> annClaims = new ArrayList<>();
    if (claimsAnn != null) {
        annClaims.addAll(Arrays.asList(claimsAnn.value()));
    } else if (claimAnn != null) {
        annClaims.add(claimAnn);
    }
    for (Claim ann : annClaims) {
        SAMLClaim claim = new SAMLClaim();
        String claimName = ann.name();
        if (nameAliases.containsKey(claimName)) {
            claimName = nameAliases.get(claimName);
        }
        String claimFormat = ann.format();
        if (formatAliases.containsKey(claimFormat)) {
            claimFormat = formatAliases.get(claimFormat);
        }
        claim.setName(claimName);
        claim.setNameFormat(claimFormat);
        for (String value : ann.value()) {
            claim.addValue(value);
        }
        claimsList.add(new ClaimBean(claim, ann.mode(), ann.matchAll()));
    }
    return claimsList;
}
Also used : SAMLClaim(org.apache.cxf.rt.security.saml.claims.SAMLClaim) ArrayList(java.util.ArrayList) ClaimBean(org.apache.cxf.rt.security.saml.claims.ClaimBean) Claim(org.apache.cxf.security.claims.authorization.Claim) SAMLClaim(org.apache.cxf.rt.security.saml.claims.SAMLClaim)

Example 3 with SAMLClaim

use of org.apache.cxf.rt.security.saml.claims.SAMLClaim in project cxf by apache.

the class SAMLUtils method parseRolesFromClaims.

/**
 * Extract roles from the given Claims
 */
public static Set<Principal> parseRolesFromClaims(ClaimCollection claims, String name, String nameFormat) {
    String roleAttributeName = name;
    if (roleAttributeName == null) {
        roleAttributeName = SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT;
    }
    Set<Principal> roles = new HashSet<>();
    for (Claim claim : claims) {
        if (claim instanceof SAMLClaim && ((SAMLClaim) claim).getName().equals(name) && (nameFormat == null || nameFormat.equals(((SAMLClaim) claim).getNameFormat()))) {
            for (Object claimValue : claim.getValues()) {
                if (claimValue instanceof String) {
                    roles.add(new SimpleGroup((String) claimValue));
                }
            }
            if (claim.getValues().size() > 1) {
                // Don't search for other attributes with the same name if > 1 claim value
                break;
            }
        }
    }
    return roles;
}
Also used : SAMLClaim(org.apache.cxf.rt.security.saml.claims.SAMLClaim) SimpleGroup(org.apache.cxf.common.security.SimpleGroup) XMLObject(org.opensaml.core.xml.XMLObject) Principal(java.security.Principal) SAMLClaim(org.apache.cxf.rt.security.saml.claims.SAMLClaim) Claim(org.apache.cxf.rt.security.claims.Claim) HashSet(java.util.HashSet)

Example 4 with SAMLClaim

use of org.apache.cxf.rt.security.saml.claims.SAMLClaim in project cxf by apache.

the class SAMLUtils method getClaims.

/**
 * Extract Claims from a SAML Assertion
 */
public static ClaimCollection getClaims(SamlAssertionWrapper assertion) {
    ClaimCollection claims = new ClaimCollection();
    if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
        List<AttributeStatement> statements = assertion.getSaml2().getAttributeStatements();
        for (AttributeStatement as : statements) {
            for (Attribute atr : as.getAttributes()) {
                SAMLClaim claim = new SAMLClaim();
                claim.setClaimType(URI.create(atr.getName()));
                claim.setName(atr.getName());
                claim.setNameFormat(atr.getNameFormat());
                claim.setFriendlyName(atr.getFriendlyName());
                for (XMLObject o : atr.getAttributeValues()) {
                    String attrValue = o.getDOM().getTextContent();
                    claim.getValues().add(attrValue);
                }
                claims.add(claim);
            }
        }
    } else {
        List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion.getSaml1().getAttributeStatements();
        for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) {
            for (org.opensaml.saml.saml1.core.Attribute atr : statement.getAttributes()) {
                SAMLClaim claim = new SAMLClaim();
                String claimType = atr.getAttributeName();
                if (atr.getAttributeNamespace() != null) {
                    claimType = atr.getAttributeNamespace() + "/" + claimType;
                }
                claim.setClaimType(URI.create(claimType));
                claim.setName(atr.getAttributeName());
                claim.setNameFormat(atr.getAttributeNamespace());
                for (XMLObject o : atr.getAttributeValues()) {
                    String attrValue = o.getDOM().getTextContent();
                    claim.getValues().add(attrValue);
                }
                claims.add(claim);
            }
        }
    }
    return claims;
}
Also used : SAMLClaim(org.apache.cxf.rt.security.saml.claims.SAMLClaim) Attribute(org.opensaml.saml.saml2.core.Attribute) XMLObject(org.opensaml.core.xml.XMLObject) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)

Example 5 with SAMLClaim

use of org.apache.cxf.rt.security.saml.claims.SAMLClaim in project cxf by apache.

the class ClaimsAuthorizingInterceptorTest method createClaim.

private org.apache.cxf.rt.security.claims.Claim createClaim(String name, String format, Object... values) {
    SAMLClaim claim = new SAMLClaim();
    claim.setName(name);
    claim.setNameFormat(format);
    claim.setValues(Arrays.asList(values));
    return claim;
}
Also used : SAMLClaim(org.apache.cxf.rt.security.saml.claims.SAMLClaim)

Aggregations

SAMLClaim (org.apache.cxf.rt.security.saml.claims.SAMLClaim)5 ClaimBean (org.apache.cxf.rt.security.saml.claims.ClaimBean)2 XMLObject (org.opensaml.core.xml.XMLObject)2 Principal (java.security.Principal)1 ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1 SimpleGroup (org.apache.cxf.common.security.SimpleGroup)1 Claim (org.apache.cxf.rt.security.claims.Claim)1 ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)1 Claim (org.apache.cxf.security.claims.authorization.Claim)1 Attribute (org.opensaml.saml.saml2.core.Attribute)1 AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial