Example 1 with SAMLSecurityContext
use of org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext in project cxf by apache.
the class SecurityContextProviderImpl method getSecurityContext.
public SecurityContext getSecurityContext(Message message, SamlAssertionWrapper wrapper) {
// First check to see if we are allowed to set up a security context
// The SAML Assertion must be signed, or we must explicitly allow unsigned
String allowUnsigned = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, message);
boolean allowUnsignedSamlPrincipals = Boolean.parseBoolean(allowUnsigned);
if (!(wrapper.isSigned() || allowUnsignedSamlPrincipals)) {
return null;
}
ClaimCollection claims = getClaims(wrapper);
Subject subject = getSubject(message, wrapper, claims);
SecurityContext securityContext = doGetSecurityContext(message, subject, claims);
if (securityContext instanceof SAMLSecurityContext) {
Element assertionElement = wrapper.getElement();
((SAMLSecurityContext) securityContext).setAssertionElement(assertionElement);
}
return securityContext;
}
Also used :
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
Element(org.w3c.dom.Element)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
Subject(org.apache.cxf.rs.security.saml.assertion.Subject)
Example 2 with SAMLSecurityContext
use of org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext in project cxf by apache.
the class ClaimsAuthorizingInterceptor method handleMessage.
public void handleMessage(Message message) throws Fault {
SecurityContext sc = message.get(SecurityContext.class);
if (!(sc instanceof SAMLSecurityContext)) {
throw new AccessDeniedException("Security Context is unavailable or unrecognized");
}
Method method = getTargetMethod(message);
if (authorize((SAMLSecurityContext) sc, method)) {
return;
}
throw new AccessDeniedException("Unauthorized");
}
Also used :
AccessDeniedException(org.apache.cxf.interceptor.security.AccessDeniedException)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
Method(java.lang.reflect.Method)
Example 3 with SAMLSecurityContext
use of org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext in project cxf by apache.
the class WSS4JBasicAuthValidator method createSecurityContext.
protected SecurityContext createSecurityContext(Message msg, Credential credential) {
SamlAssertionWrapper samlAssertion = credential.getTransformedToken();
if (samlAssertion == null) {
samlAssertion = credential.getSamlAssertion();
}
if (samlAssertion != null) {
String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
if (roleAttributeName == null || roleAttributeName.length() == 0) {
roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
}
ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
SAMLSecurityContext context = new SAMLSecurityContext(credential.getPrincipal(), roles, claims);
context.setIssuer(SAMLUtils.getIssuer(samlAssertion));
context.setAssertionElement(SAMLUtils.getAssertionElement(samlAssertion));
return context;
}
return createSecurityContext(credential.getPrincipal());
}
Also used :
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
Principal(java.security.Principal)
Example 4 with SAMLSecurityContext
use of org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext in project cxf by apache.
the class AbstractServiceProviderFilter method setSecurityContext.
protected void setSecurityContext(Message m, SamlAssertionWrapper assertionWrapper) {
Subject subject = SAMLUtils.getSubject(m, assertionWrapper);
final String name = subject.getName();
if (name != null) {
String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, m);
if (roleAttributeName == null || roleAttributeName.length() == 0) {
roleAttributeName = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
}
ClaimCollection claims = org.apache.cxf.rt.security.saml.utils.SAMLUtils.getClaims(assertionWrapper);
Set<Principal> roles = org.apache.cxf.rt.security.saml.utils.SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
SAMLSecurityContext context = new SAMLSecurityContext(new SimplePrincipal(name), roles, claims);
context.setIssuer(org.apache.cxf.rt.security.saml.utils.SAMLUtils.getIssuer(assertionWrapper));
context.setAssertionElement(org.apache.cxf.rt.security.saml.utils.SAMLUtils.getAssertionElement(assertionWrapper));
m.put(SecurityContext.class, context);
}
}
Also used :
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
Subject(org.apache.cxf.rs.security.saml.assertion.Subject)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Example 5 with SAMLSecurityContext
use of org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext in project cxf by apache.
the class ClaimsAuthorizingInterceptorTest method prepareMessage.
private Message prepareMessage(Class<?> cls, String methodName, org.apache.cxf.rt.security.claims.Claim... claim) throws Exception {
ClaimCollection claims = new ClaimCollection();
claims.addAll(Arrays.asList(claim));
Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
SecurityContext sc = new SAMLSecurityContext(new SimplePrincipal("user"), roles, claims);
Message m = new MessageImpl();
m.setExchange(new ExchangeImpl());
m.put(SecurityContext.class, sc);
m.put("org.apache.cxf.resource.method", cls.getMethod(methodName, new Class[] {}));
return m;
}
Also used :
Message(org.apache.cxf.message.Message)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
MessageImpl(org.apache.cxf.message.MessageImpl)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
Principal(java.security.Principal)
SimplePrincipal(org.apache.cxf.common.security.SimplePrincipal)
ExchangeImpl(org.apache.cxf.message.ExchangeImpl)
Aggregations
SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)11
Principal (java.security.Principal)9
ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)9
SecurityContext (org.apache.cxf.security.SecurityContext)6
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)4
ArrayList (java.util.ArrayList)2
Set (java.util.Set)2
Subject (javax.security.auth.Subject)2
SimplePrincipal (org.apache.cxf.common.security.SimplePrincipal)2
DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)2
RolePrefixSecurityContextImpl (org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl)2
Subject (org.apache.cxf.rs.security.saml.assertion.Subject)2
Method (java.lang.reflect.Method)1
PublicKey (java.security.PublicKey)1
X509Certificate (java.security.cert.X509Certificate)1
List (java.util.List)1
KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)1
AccessDeniedException (org.apache.cxf.interceptor.security.AccessDeniedException)1
ExchangeImpl (org.apache.cxf.message.ExchangeImpl)1
Message (org.apache.cxf.message.Message)1
