Example 1 with CombinedClaimsAttributeStatementProvider
use of org.apache.cxf.sts.claims.CombinedClaimsAttributeStatementProvider in project cxf by apache.
the class SAMLTokenProvider method createCallbackHandler.
public SamlCallbackHandler createCallbackHandler(TokenProviderParameters tokenParameters, byte[] secret, RealmProperties samlRealm, Document doc) throws Exception {
boolean statementAdded = false;
// Parse the AttributeStatements
List<AttributeStatementBean> attrBeanList = null;
if (attributeStatementProviders != null && !attributeStatementProviders.isEmpty()) {
attrBeanList = new ArrayList<>();
for (AttributeStatementProvider statementProvider : attributeStatementProviders) {
AttributeStatementBean statementBean = statementProvider.getStatement(tokenParameters);
if (statementBean != null) {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("AttributeStatements " + statementBean.toString() + " returned by AttributeStatementProvider " + statementProvider.getClass().getName());
}
attrBeanList.add(statementBean);
statementAdded = true;
}
}
}
// Parse the AuthenticationStatements
List<AuthenticationStatementBean> authBeanList = null;
if (authenticationStatementProviders != null && !authenticationStatementProviders.isEmpty()) {
authBeanList = new ArrayList<>();
for (AuthenticationStatementProvider statementProvider : authenticationStatementProviders) {
AuthenticationStatementBean statementBean = statementProvider.getStatement(tokenParameters);
if (statementBean != null) {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("AuthenticationStatement " + statementBean.toString() + " returned by AuthenticationStatementProvider " + statementProvider.getClass().getName());
}
authBeanList.add(statementBean);
statementAdded = true;
}
}
}
// Parse the AuthDecisionStatements
List<AuthDecisionStatementBean> authDecisionBeanList = null;
if (authDecisionStatementProviders != null && !authDecisionStatementProviders.isEmpty()) {
authDecisionBeanList = new ArrayList<>();
for (AuthDecisionStatementProvider statementProvider : authDecisionStatementProviders) {
AuthDecisionStatementBean statementBean = statementProvider.getStatement(tokenParameters);
if (statementBean != null) {
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("AuthDecisionStatement " + statementBean.toString() + " returned by AuthDecisionStatementProvider " + statementProvider.getClass().getName());
}
authDecisionBeanList.add(statementBean);
statementAdded = true;
}
}
}
// Also handle "ActAs" via the ActAsAttributeStatementProvider
if (!statementAdded) {
attrBeanList = new ArrayList<>();
AttributeStatementProvider attributeProvider;
if (combineClaimAttributes) {
attributeProvider = new CombinedClaimsAttributeStatementProvider();
} else {
attributeProvider = new ClaimsAttributeStatementProvider();
}
AttributeStatementBean attributeBean = attributeProvider.getStatement(tokenParameters);
if (attributeBean != null && attributeBean.getSamlAttributes() != null && !attributeBean.getSamlAttributes().isEmpty()) {
attrBeanList.add(attributeBean);
} else {
attributeProvider = new DefaultAttributeStatementProvider();
attributeBean = attributeProvider.getStatement(tokenParameters);
attrBeanList.add(attributeBean);
}
attributeProvider = new ActAsAttributeStatementProvider();
attributeBean = attributeProvider.getStatement(tokenParameters);
if (attributeBean != null && attributeBean.getSamlAttributes() != null && !attributeBean.getSamlAttributes().isEmpty()) {
attrBeanList.add(attributeBean);
}
}
// Get the Subject and Conditions
SubjectProviderParameters subjectProviderParameters = new SubjectProviderParameters();
subjectProviderParameters.setProviderParameters(tokenParameters);
subjectProviderParameters.setDoc(doc);
subjectProviderParameters.setSecret(secret);
subjectProviderParameters.setAttrBeanList(attrBeanList);
subjectProviderParameters.setAuthBeanList(authBeanList);
subjectProviderParameters.setAuthDecisionBeanList(authDecisionBeanList);
SubjectBean subjectBean = subjectProvider.getSubject(subjectProviderParameters);
ConditionsBean conditionsBean = conditionsProvider.getConditions(tokenParameters);
// Set all of the beans on the SamlCallbackHandler
SamlCallbackHandler handler = new SamlCallbackHandler();
handler.setTokenProviderParameters(tokenParameters);
handler.setSubjectBean(subjectBean);
handler.setConditionsBean(conditionsBean);
handler.setAttributeBeans(attrBeanList);
handler.setAuthenticationBeans(authBeanList);
handler.setAuthDecisionStatementBeans(authDecisionBeanList);
if (samlRealm != null) {
handler.setIssuer(samlRealm.getIssuer());
}
return handler;
}
Also used :
ClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider)
CombinedClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.CombinedClaimsAttributeStatementProvider)
AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean)
AuthenticationStatementBean(org.apache.wss4j.common.saml.bean.AuthenticationStatementBean)
CombinedClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.CombinedClaimsAttributeStatementProvider)
ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean)
ClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider)
CombinedClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.CombinedClaimsAttributeStatementProvider)
SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean)
AuthDecisionStatementBean(org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean)
Aggregations
ClaimsAttributeStatementProvider (org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider)1
CombinedClaimsAttributeStatementProvider (org.apache.cxf.sts.claims.CombinedClaimsAttributeStatementProvider)1
AttributeStatementBean (org.apache.wss4j.common.saml.bean.AttributeStatementBean)1
AuthDecisionStatementBean (org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean)1
AuthenticationStatementBean (org.apache.wss4j.common.saml.bean.AuthenticationStatementBean)1
ConditionsBean (org.apache.wss4j.common.saml.bean.ConditionsBean)1
SubjectBean (org.apache.wss4j.common.saml.bean.SubjectBean)1
