Search in sources :

Example 6 with ClaimsManager

use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.

the class LDAPClaimsTest method testMultiUserBaseDNs.

@org.junit.Test
public void testMultiUserBaseDNs() throws Exception {
    LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandlerMultipleUserBaseDNs");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("claimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    String otherUser = props.getProperty("otherClaimUser");
    Assert.assertNotNull(otherUser, "Property 'otherClaimUser' not configured");
    ClaimCollection requestedClaims = createRequestClaimCollection();
    List<URI> expectedClaims = new ArrayList<>();
    expectedClaims.add(ClaimTypes.FIRSTNAME);
    expectedClaims.add(ClaimTypes.LASTNAME);
    expectedClaims.add(ClaimTypes.EMAILADDRESS);
    // First user
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
    for (ProcessedClaim c : retrievedClaims) {
        if (expectedClaims.contains(c.getClaimType())) {
            expectedClaims.remove(c.getClaimType());
        } else {
            Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
        }
    }
    // Second user
    params.setPrincipal(new CustomTokenPrincipal(otherUser));
    retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    expectedClaims.add(ClaimTypes.FIRSTNAME);
    expectedClaims.add(ClaimTypes.LASTNAME);
    expectedClaims.add(ClaimTypes.EMAILADDRESS);
    Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
    for (ProcessedClaim c : retrievedClaims) {
        if (expectedClaims.contains(c.getClaimType())) {
            expectedClaims.remove(c.getClaimType());
        } else {
            Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
        }
    }
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ArrayList(java.util.ArrayList) LdapClaimsHandler(org.apache.cxf.sts.claims.LdapClaimsHandler) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) URI(java.net.URI) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 7 with ClaimsManager

use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.

the class LDAPClaimsTest method testRetrieveClaimsWithUnsupportedMandatoryClaimType.

@org.junit.Test(expected = STSException.class)
public void testRetrieveClaimsWithUnsupportedMandatoryClaimType() throws Exception {
    LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("claimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    ClaimCollection requestedClaims = createRequestClaimCollection();
    // add unsupported but mandatory claim
    Claim claim = new Claim();
    claim.setClaimType(ClaimTypes.GENDER);
    claim.setOptional(false);
    requestedClaims.add(claim);
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    claimsManager.retrieveClaimValues(requestedClaims, params);
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) LdapClaimsHandler(org.apache.cxf.sts.claims.LdapClaimsHandler) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 8 with ClaimsManager

use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.

the class LDAPClaimsTest method testRetrieveClaims.

@org.junit.Test
public void testRetrieveClaims() throws Exception {
    LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("claimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    ClaimCollection requestedClaims = createRequestClaimCollection();
    List<URI> expectedClaims = new ArrayList<>();
    expectedClaims.add(ClaimTypes.FIRSTNAME);
    expectedClaims.add(ClaimTypes.LASTNAME);
    expectedClaims.add(ClaimTypes.EMAILADDRESS);
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
    for (ProcessedClaim c : retrievedClaims) {
        if (expectedClaims.contains(c.getClaimType())) {
            expectedClaims.remove(c.getClaimType());
        } else {
            Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
        }
    }
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ArrayList(java.util.ArrayList) LdapClaimsHandler(org.apache.cxf.sts.claims.LdapClaimsHandler) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) URI(java.net.URI) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 9 with ClaimsManager

use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.

the class SAMLProviderActAsTest method testSAML2ActAsUsernameTokenClaims.

@org.junit.Test
public void testSAML2ActAsUsernameTokenClaims() throws Exception {
    TokenProvider samlTokenProvider = new SAMLTokenProvider();
    UsernameTokenType usernameToken = new UsernameTokenType();
    AttributedString username = new AttributedString();
    username.setValue("bob");
    usernameToken.setUsername(username);
    JAXBElement<UsernameTokenType> usernameTokenType = new JAXBElement<UsernameTokenType>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken);
    TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, usernameTokenType);
    // Principal must be set in ReceivedToken/ActAs
    providerParameters.getTokenRequirements().getActAs().setPrincipal(new CustomTokenPrincipal(username.getValue()));
    // Add Claims
    ClaimsManager claimsManager = new ClaimsManager();
    ClaimsHandler claimsHandler = new CustomClaimsHandler();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    providerParameters.setClaimsManager(claimsManager);
    ClaimCollection claims = createClaims();
    providerParameters.setRequestedPrimaryClaims(claims);
    assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    // Verify the token
    Element token = (Element) providerResponse.getToken();
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
    Assert.assertEquals("technical-user", assertion.getSubjectName());
    boolean foundActAsAttribute = false;
    for (org.opensaml.saml.saml2.core.AttributeStatement attributeStatement : assertion.getSaml2().getAttributeStatements()) {
        for (org.opensaml.saml.saml2.core.Attribute attribute : attributeStatement.getAttributes()) {
            if ("ActAs".equals(attribute.getName())) {
                for (XMLObject attributeValue : attribute.getAttributeValues()) {
                    Element attributeValueElement = attributeValue.getDOM();
                    String text = attributeValueElement.getTextContent();
                    if (text.contains("bob")) {
                        foundActAsAttribute = true;
                        break;
                    }
                }
            }
        }
    }
    assertTrue(foundActAsAttribute);
    // Check that claims are also present
    String tokenString = DOM2Writer.nodeToString(token);
    assertTrue(tokenString.contains(providerResponse.getTokenId()));
    assertTrue(tokenString.contains(ClaimTypes.EMAILADDRESS.toString()));
    assertTrue(tokenString.contains(ClaimTypes.FIRSTNAME.toString()));
    assertTrue(tokenString.contains(ClaimTypes.LASTNAME.toString()));
}
Also used : ClaimsHandler(org.apache.cxf.sts.claims.ClaimsHandler) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) XMLObject(org.opensaml.core.xml.XMLObject) JAXBElement(javax.xml.bind.JAXBElement) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)

Example 10 with ClaimsManager

use of org.apache.cxf.sts.claims.ClaimsManager in project cxf by apache.

the class ValidateJWTTransformationTest method createSAMLAssertion.

private static Element createSAMLAssertion(String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler) throws WSSecurityException {
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    samlTokenProvider.setAttributeStatementProviders(Collections.singletonList(new ClaimsAttributeStatementProvider()));
    TokenProviderParameters providerParameters = createProviderParameters(tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler);
    // Set the ClaimsManager
    ClaimsManager claimsManager = new ClaimsManager();
    ClaimsHandler claimsHandler = new CustomClaimsHandler();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    providerParameters.setClaimsManager(claimsManager);
    ClaimCollection requestedClaims = new ClaimCollection();
    Claim requestClaim = new Claim();
    requestClaim.setClaimType(ClaimTypes.LASTNAME);
    requestClaim.setOptional(false);
    requestedClaims.add(requestClaim);
    providerParameters.setRequestedSecondaryClaims(requestedClaims);
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    return (Element) providerResponse.getToken();
}
Also used : ClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider) ClaimsHandler(org.apache.cxf.sts.claims.ClaimsHandler) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) Claim(org.apache.cxf.rt.security.claims.Claim) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Aggregations

ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)64 ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)46 ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)38 CustomClaimsHandler (org.apache.cxf.sts.common.CustomClaimsHandler)37 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)36 Claim (org.apache.cxf.rt.security.claims.Claim)33 Element (org.w3c.dom.Element)31 ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)25 ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)25 JAXBElement (javax.xml.bind.JAXBElement)22 ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)21 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)16 StaticClaimsHandler (org.apache.cxf.sts.claims.StaticClaimsHandler)15 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)15 RequestedSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType)15 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)13 LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)12 URI (java.net.URI)11 ArrayList (java.util.ArrayList)11 ClaimsAttributeStatementProvider (org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider)11