use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.
the class LDAPClaimsTest method testMultiUserBaseDNs.
@org.junit.Test
public void testMultiUserBaseDNs() throws Exception {
LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandlerMultipleUserBaseDNs");
ClaimsManager claimsManager = new ClaimsManager();
claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
String user = props.getProperty("claimUser");
Assert.assertNotNull(user, "Property 'claimUser' not configured");
String otherUser = props.getProperty("otherClaimUser");
Assert.assertNotNull(otherUser, "Property 'otherClaimUser' not configured");
ClaimCollection requestedClaims = createRequestClaimCollection();
List<URI> expectedClaims = new ArrayList<>();
expectedClaims.add(ClaimTypes.FIRSTNAME);
expectedClaims.add(ClaimTypes.LASTNAME);
expectedClaims.add(ClaimTypes.EMAILADDRESS);
// First user
ClaimsParameters params = new ClaimsParameters();
params.setPrincipal(new CustomTokenPrincipal(user));
ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
for (ProcessedClaim c : retrievedClaims) {
if (expectedClaims.contains(c.getClaimType())) {
expectedClaims.remove(c.getClaimType());
} else {
Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
}
}
// Second user
params.setPrincipal(new CustomTokenPrincipal(otherUser));
retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
expectedClaims.add(ClaimTypes.FIRSTNAME);
expectedClaims.add(ClaimTypes.LASTNAME);
expectedClaims.add(ClaimTypes.EMAILADDRESS);
Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
for (ProcessedClaim c : retrievedClaims) {
if (expectedClaims.contains(c.getClaimType())) {
expectedClaims.remove(c.getClaimType());
} else {
Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
}
}
}
use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.
the class LDAPClaimsTest method testRetrieveClaimsWithUnsupportedMandatoryClaimType.
@org.junit.Test(expected = STSException.class)
public void testRetrieveClaimsWithUnsupportedMandatoryClaimType() throws Exception {
LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
ClaimsManager claimsManager = new ClaimsManager();
claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
String user = props.getProperty("claimUser");
Assert.assertNotNull(user, "Property 'claimUser' not configured");
ClaimCollection requestedClaims = createRequestClaimCollection();
// add unsupported but mandatory claim
Claim claim = new Claim();
claim.setClaimType(ClaimTypes.GENDER);
claim.setOptional(false);
requestedClaims.add(claim);
ClaimsParameters params = new ClaimsParameters();
params.setPrincipal(new CustomTokenPrincipal(user));
claimsManager.retrieveClaimValues(requestedClaims, params);
}
use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.
the class LDAPClaimsTest method testRetrieveClaims.
@org.junit.Test
public void testRetrieveClaims() throws Exception {
LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
ClaimsManager claimsManager = new ClaimsManager();
claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
String user = props.getProperty("claimUser");
Assert.assertNotNull(user, "Property 'claimUser' not configured");
ClaimCollection requestedClaims = createRequestClaimCollection();
List<URI> expectedClaims = new ArrayList<>();
expectedClaims.add(ClaimTypes.FIRSTNAME);
expectedClaims.add(ClaimTypes.LASTNAME);
expectedClaims.add(ClaimTypes.EMAILADDRESS);
ClaimsParameters params = new ClaimsParameters();
params.setPrincipal(new CustomTokenPrincipal(user));
ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
for (ProcessedClaim c : retrievedClaims) {
if (expectedClaims.contains(c.getClaimType())) {
expectedClaims.remove(c.getClaimType());
} else {
Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
}
}
}
use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.
the class SAMLProviderActAsTest method testSAML2ActAsUsernameTokenClaims.
@org.junit.Test
public void testSAML2ActAsUsernameTokenClaims() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
UsernameTokenType usernameToken = new UsernameTokenType();
AttributedString username = new AttributedString();
username.setValue("bob");
usernameToken.setUsername(username);
JAXBElement<UsernameTokenType> usernameTokenType = new JAXBElement<UsernameTokenType>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken);
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, usernameTokenType);
// Principal must be set in ReceivedToken/ActAs
providerParameters.getTokenRequirements().getActAs().setPrincipal(new CustomTokenPrincipal(username.getValue()));
// Add Claims
ClaimsManager claimsManager = new ClaimsManager();
ClaimsHandler claimsHandler = new CustomClaimsHandler();
claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
providerParameters.setClaimsManager(claimsManager);
ClaimCollection claims = createClaims();
providerParameters.setRequestedPrimaryClaims(claims);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
// Verify the token
Element token = (Element) providerResponse.getToken();
SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
Assert.assertEquals("technical-user", assertion.getSubjectName());
boolean foundActAsAttribute = false;
for (org.opensaml.saml.saml2.core.AttributeStatement attributeStatement : assertion.getSaml2().getAttributeStatements()) {
for (org.opensaml.saml.saml2.core.Attribute attribute : attributeStatement.getAttributes()) {
if ("ActAs".equals(attribute.getName())) {
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if (text.contains("bob")) {
foundActAsAttribute = true;
break;
}
}
}
}
}
assertTrue(foundActAsAttribute);
// Check that claims are also present
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains(ClaimTypes.EMAILADDRESS.toString()));
assertTrue(tokenString.contains(ClaimTypes.FIRSTNAME.toString()));
assertTrue(tokenString.contains(ClaimTypes.LASTNAME.toString()));
}
use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.
the class ValidateJWTTransformationTest method createSAMLAssertion.
private static Element createSAMLAssertion(String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler) throws WSSecurityException {
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
samlTokenProvider.setAttributeStatementProviders(Collections.singletonList(new ClaimsAttributeStatementProvider()));
TokenProviderParameters providerParameters = createProviderParameters(tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler);
// Set the ClaimsManager
ClaimsManager claimsManager = new ClaimsManager();
ClaimsHandler claimsHandler = new CustomClaimsHandler();
claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
providerParameters.setClaimsManager(claimsManager);
ClaimCollection requestedClaims = new ClaimCollection();
Claim requestClaim = new Claim();
requestClaim.setClaimType(ClaimTypes.LASTNAME);
requestClaim.setOptional(false);
requestedClaims.add(requestClaim);
providerParameters.setRequestedSecondaryClaims(requestedClaims);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
return (Element) providerResponse.getToken();
}
Aggregations