Search in sources :

Example 51 with ClaimsManager

use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.

the class LDAPClaimsTest method testRetrieveRolesForBobInBusinessCategoryWidgets.

@org.junit.Test
public void testRetrieveRolesForBobInBusinessCategoryWidgets() throws Exception {
    LdapGroupClaimsHandler claimsHandler = (LdapGroupClaimsHandler) appContext.getBean("testGroupClaimsHandlerFilter");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("otherClaimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    ClaimCollection requestedClaims = new ClaimCollection();
    Claim claim = new Claim();
    String roleURI = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
    claim.setClaimType(roleURI);
    requestedClaims.add(claim);
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    Assert.assertTrue(retrievedClaims.size() == 1);
    Assert.assertEquals(retrievedClaims.get(0).getClaimType(), roleURI);
    Assert.assertTrue(retrievedClaims.get(0).getValues().size() == 1);
}
Also used : LdapGroupClaimsHandler(org.apache.cxf.sts.claims.LdapGroupClaimsHandler) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 52 with ClaimsManager

use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.

the class LDAPClaimsTest method testRetrieveClaimsWithUnsupportedMandatoryClaimType.

@org.junit.Test(expected = STSException.class)
public void testRetrieveClaimsWithUnsupportedMandatoryClaimType() throws Exception {
    LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("claimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    ClaimCollection requestedClaims = createRequestClaimCollection();
    // add unsupported but mandatory claim
    Claim claim = new Claim();
    claim.setClaimType(ClaimTypes.GENDER);
    claim.setOptional(false);
    requestedClaims.add(claim);
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    claimsManager.retrieveClaimValues(requestedClaims, params);
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) LdapClaimsHandler(org.apache.cxf.sts.claims.LdapClaimsHandler) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 53 with ClaimsManager

use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.

the class LDAPClaimsTest method testRetrieveClaimsWithUnsupportedOptionalClaimType.

@org.junit.Test
public void testRetrieveClaimsWithUnsupportedOptionalClaimType() throws Exception {
    LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("claimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    ClaimCollection requestedClaims = createRequestClaimCollection();
    // add unsupported but optional unsupported claim
    Claim claim = new Claim();
    claim.setClaimType(ClaimTypes.GENDER);
    claim.setOptional(true);
    requestedClaims.add(claim);
    // Gender is not expected to be returned because not supported
    List<String> expectedClaims = new ArrayList<>();
    expectedClaims.add(ClaimTypes.FIRSTNAME.toString());
    expectedClaims.add(ClaimTypes.LASTNAME.toString());
    expectedClaims.add(ClaimTypes.EMAILADDRESS.toString());
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
    for (ProcessedClaim c : retrievedClaims) {
        if (expectedClaims.contains(c.getClaimType())) {
            expectedClaims.remove(c.getClaimType());
        } else {
            Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
        }
    }
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ArrayList(java.util.ArrayList) LdapClaimsHandler(org.apache.cxf.sts.claims.LdapClaimsHandler) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 54 with ClaimsManager

use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.

the class LDAPClaimsTest method testRetrieveRolesForBob.

@org.junit.Test
public void testRetrieveRolesForBob() throws Exception {
    LdapGroupClaimsHandler claimsHandler = (LdapGroupClaimsHandler) appContext.getBean("testGroupClaimsHandlerOtherUsers");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("otherClaimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    ClaimCollection requestedClaims = new ClaimCollection();
    Claim claim = new Claim();
    String roleURI = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
    claim.setClaimType(roleURI);
    requestedClaims.add(claim);
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    Assert.assertTrue(retrievedClaims.size() == 1);
    Assert.assertEquals(retrievedClaims.get(0).getClaimType(), roleURI);
    Assert.assertTrue(retrievedClaims.get(0).getValues().size() == 2);
}
Also used : LdapGroupClaimsHandler(org.apache.cxf.sts.claims.LdapGroupClaimsHandler) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 55 with ClaimsManager

use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.

the class IssueSamlClaimsUnitTest method testCustomClaimDialect.

/**
 * Test custom claim parser and handler.
 */
@org.junit.Test
public void testCustomClaimDialect() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    // Add Token Provider
    addTokenProvider(issueOperation);
    // Add Service
    addService(issueOperation);
    // Add STSProperties object
    addSTSProperties(issueOperation);
    // Set the ClaimsManager
    ClaimsManager claimsManager = new ClaimsManager();
    ClaimsHandler claimsHandler = new CustomClaimsHandler();
    ClaimsParser claimsParser = new CustomClaimParser();
    claimsManager.setClaimParsers(Collections.singletonList(claimsParser));
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    issueOperation.setClaimsManager(claimsManager);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
    request.getAny().add(tokenType);
    Element secondaryParameters = createCustomSecondaryParameters();
    request.getAny().add(secondaryParameters);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    // Mock up message context
    Map<String, Object> msgCtx = setupMessageContext();
    // Issue a token
    List<RequestSecurityTokenResponseType> securityTokenResponse = issueToken(issueOperation, request, new CustomTokenPrincipal("alice"), msgCtx);
    // Test the generated token.
    Element assertion = null;
    for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    assertTrue(tokenString.contains("bob@custom"));
}
Also used : ClaimsHandler(org.apache.cxf.sts.claims.ClaimsHandler) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) JAXBElement(javax.xml.bind.JAXBElement) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) ClaimsParser(org.apache.cxf.sts.claims.ClaimsParser) CustomClaimParser(org.apache.cxf.sts.common.CustomClaimParser) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager)

Aggregations

ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)64 ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)46 ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)38 CustomClaimsHandler (org.apache.cxf.sts.common.CustomClaimsHandler)37 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)36 Claim (org.apache.cxf.rt.security.claims.Claim)33 Element (org.w3c.dom.Element)31 ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)25 ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)25 JAXBElement (javax.xml.bind.JAXBElement)22 ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)21 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)16 StaticClaimsHandler (org.apache.cxf.sts.claims.StaticClaimsHandler)15 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)15 RequestedSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType)15 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)13 LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)12 URI (java.net.URI)11 ArrayList (java.util.ArrayList)11 ClaimsAttributeStatementProvider (org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider)11