Search in sources :

Example 1 with CombinedClaimsAttributeStatementProvider

use of org.apache.cxf.sts.claims.CombinedClaimsAttributeStatementProvider in project cxf by apache.

the class SAMLTokenProvider method createCallbackHandler.

public SamlCallbackHandler createCallbackHandler(TokenProviderParameters tokenParameters, byte[] secret, RealmProperties samlRealm, Document doc) throws Exception {
    boolean statementAdded = false;
    // Parse the AttributeStatements
    List<AttributeStatementBean> attrBeanList = null;
    if (attributeStatementProviders != null && !attributeStatementProviders.isEmpty()) {
        attrBeanList = new ArrayList<>();
        for (AttributeStatementProvider statementProvider : attributeStatementProviders) {
            AttributeStatementBean statementBean = statementProvider.getStatement(tokenParameters);
            if (statementBean != null) {
                if (LOG.isLoggable(Level.FINE)) {
                    LOG.fine("AttributeStatements " + statementBean.toString() + " returned by AttributeStatementProvider " + statementProvider.getClass().getName());
                }
                attrBeanList.add(statementBean);
                statementAdded = true;
            }
        }
    }
    // Parse the AuthenticationStatements
    List<AuthenticationStatementBean> authBeanList = null;
    if (authenticationStatementProviders != null && !authenticationStatementProviders.isEmpty()) {
        authBeanList = new ArrayList<>();
        for (AuthenticationStatementProvider statementProvider : authenticationStatementProviders) {
            AuthenticationStatementBean statementBean = statementProvider.getStatement(tokenParameters);
            if (statementBean != null) {
                if (LOG.isLoggable(Level.FINE)) {
                    LOG.fine("AuthenticationStatement " + statementBean.toString() + " returned by AuthenticationStatementProvider " + statementProvider.getClass().getName());
                }
                authBeanList.add(statementBean);
                statementAdded = true;
            }
        }
    }
    // Parse the AuthDecisionStatements
    List<AuthDecisionStatementBean> authDecisionBeanList = null;
    if (authDecisionStatementProviders != null && !authDecisionStatementProviders.isEmpty()) {
        authDecisionBeanList = new ArrayList<>();
        for (AuthDecisionStatementProvider statementProvider : authDecisionStatementProviders) {
            AuthDecisionStatementBean statementBean = statementProvider.getStatement(tokenParameters);
            if (statementBean != null) {
                if (LOG.isLoggable(Level.FINE)) {
                    LOG.fine("AuthDecisionStatement " + statementBean.toString() + " returned by AuthDecisionStatementProvider " + statementProvider.getClass().getName());
                }
                authDecisionBeanList.add(statementBean);
                statementAdded = true;
            }
        }
    }
    // Also handle "ActAs" via the ActAsAttributeStatementProvider
    if (!statementAdded) {
        attrBeanList = new ArrayList<>();
        AttributeStatementProvider attributeProvider;
        if (combineClaimAttributes) {
            attributeProvider = new CombinedClaimsAttributeStatementProvider();
        } else {
            attributeProvider = new ClaimsAttributeStatementProvider();
        }
        AttributeStatementBean attributeBean = attributeProvider.getStatement(tokenParameters);
        if (attributeBean != null && attributeBean.getSamlAttributes() != null && !attributeBean.getSamlAttributes().isEmpty()) {
            attrBeanList.add(attributeBean);
        } else {
            attributeProvider = new DefaultAttributeStatementProvider();
            attributeBean = attributeProvider.getStatement(tokenParameters);
            attrBeanList.add(attributeBean);
        }
        attributeProvider = new ActAsAttributeStatementProvider();
        attributeBean = attributeProvider.getStatement(tokenParameters);
        if (attributeBean != null && attributeBean.getSamlAttributes() != null && !attributeBean.getSamlAttributes().isEmpty()) {
            attrBeanList.add(attributeBean);
        }
    }
    // Get the Subject and Conditions
    SubjectProviderParameters subjectProviderParameters = new SubjectProviderParameters();
    subjectProviderParameters.setProviderParameters(tokenParameters);
    subjectProviderParameters.setDoc(doc);
    subjectProviderParameters.setSecret(secret);
    subjectProviderParameters.setAttrBeanList(attrBeanList);
    subjectProviderParameters.setAuthBeanList(authBeanList);
    subjectProviderParameters.setAuthDecisionBeanList(authDecisionBeanList);
    SubjectBean subjectBean = subjectProvider.getSubject(subjectProviderParameters);
    ConditionsBean conditionsBean = conditionsProvider.getConditions(tokenParameters);
    // Set all of the beans on the SamlCallbackHandler
    SamlCallbackHandler handler = new SamlCallbackHandler();
    handler.setTokenProviderParameters(tokenParameters);
    handler.setSubjectBean(subjectBean);
    handler.setConditionsBean(conditionsBean);
    handler.setAttributeBeans(attrBeanList);
    handler.setAuthenticationBeans(authBeanList);
    handler.setAuthDecisionStatementBeans(authDecisionBeanList);
    if (samlRealm != null) {
        handler.setIssuer(samlRealm.getIssuer());
    }
    return handler;
}
Also used : ClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider) CombinedClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.CombinedClaimsAttributeStatementProvider) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) AuthenticationStatementBean(org.apache.wss4j.common.saml.bean.AuthenticationStatementBean) CombinedClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.CombinedClaimsAttributeStatementProvider) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) ClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider) CombinedClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.CombinedClaimsAttributeStatementProvider) SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) AuthDecisionStatementBean(org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean)

Aggregations

ClaimsAttributeStatementProvider (org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider)1 CombinedClaimsAttributeStatementProvider (org.apache.cxf.sts.claims.CombinedClaimsAttributeStatementProvider)1 AttributeStatementBean (org.apache.wss4j.common.saml.bean.AttributeStatementBean)1 AuthDecisionStatementBean (org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean)1 AuthenticationStatementBean (org.apache.wss4j.common.saml.bean.AuthenticationStatementBean)1 ConditionsBean (org.apache.wss4j.common.saml.bean.ConditionsBean)1 SubjectBean (org.apache.wss4j.common.saml.bean.SubjectBean)1