Search in sources :

Example 1 with ProcessedClaim

use of org.apache.cxf.sts.claims.ProcessedClaim in project ddf by codice.

the class AttributeFileClaimsHandler method retrieveClaimValues.

@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claimCollection, ClaimsParameters claimsParameters) {
    ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
    Principal principal = claimsParameters.getPrincipal();
    if (principal == null) {
        return claimsColl;
    }
    String name;
    if (principal instanceof X500Principal) {
        name = SubjectUtils.getCommonName((X500Principal) principal);
    } else {
        name = principal.getName();
    }
    Object user = json.get(name);
    Map userMap = null;
    if (user != null) {
        if (user instanceof Map) {
            userMap = (Map) user;
        }
    } else {
        Set<Map.Entry<String, Object>> entries = json.entrySet();
        for (Map.Entry<String, Object> entry : entries) {
            String key = entry.getKey();
            Pattern pattern = Pattern.compile(key);
            Matcher matcher = pattern.matcher(principal.getName());
            if (matcher.matches()) {
                userMap = (Map) entry.getValue();
                break;
            }
        }
    }
    if (userMap == null) {
        return claimsColl;
    }
    for (Claim claim : claimCollection) {
        Object attributeValue = userMap.get(claim.getClaimType().toString());
        ProcessedClaim c = new ProcessedClaim();
        c.setClaimType(claim.getClaimType());
        c.setPrincipal(principal);
        if (attributeValue instanceof List) {
            ((List) attributeValue).forEach(c::addValue);
            claimsColl.add(c);
        } else if (attributeValue instanceof String) {
            c.addValue(attributeValue);
            claimsColl.add(c);
        }
    }
    return claimsColl;
}
Also used : Pattern(java.util.regex.Pattern) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) Matcher(java.util.regex.Matcher) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) X500Principal(javax.security.auth.x500.X500Principal) ArrayList(java.util.ArrayList) List(java.util.List) Map(java.util.Map) X500Principal(javax.security.auth.x500.X500Principal) Principal(java.security.Principal) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim)

Example 2 with ProcessedClaim

use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.

the class LDAPClaimsTest method testRetrieveClaimsUsingLDAPLookup.

@org.junit.Test
public void testRetrieveClaimsUsingLDAPLookup() throws Exception {
    LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    ClaimCollection requestedClaims = createRequestClaimCollection();
    List<URI> expectedClaims = new ArrayList<>();
    expectedClaims.add(ClaimTypes.FIRSTNAME);
    expectedClaims.add(ClaimTypes.LASTNAME);
    expectedClaims.add(ClaimTypes.EMAILADDRESS);
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal("cn=alice,ou=users,dc=example,dc=com"));
    ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
    for (ProcessedClaim c : retrievedClaims) {
        if (expectedClaims.contains(c.getClaimType())) {
            expectedClaims.remove(c.getClaimType());
        } else {
            Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
        }
    }
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ArrayList(java.util.ArrayList) LdapClaimsHandler(org.apache.cxf.sts.claims.LdapClaimsHandler) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) URI(java.net.URI) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 3 with ProcessedClaim

use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.

the class LDAPClaimsTest method testRetrieveClaimsWithUnsupportedOptionalClaimType.

@org.junit.Test
public void testRetrieveClaimsWithUnsupportedOptionalClaimType() throws Exception {
    LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("claimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    ClaimCollection requestedClaims = createRequestClaimCollection();
    // add unsupported but optional unsupported claim
    Claim claim = new Claim();
    claim.setClaimType(ClaimTypes.GENDER);
    claim.setOptional(true);
    requestedClaims.add(claim);
    // Gender is not expected to be returned because not supported
    List<URI> expectedClaims = new ArrayList<>();
    expectedClaims.add(ClaimTypes.FIRSTNAME);
    expectedClaims.add(ClaimTypes.LASTNAME);
    expectedClaims.add(ClaimTypes.EMAILADDRESS);
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
    for (ProcessedClaim c : retrievedClaims) {
        if (expectedClaims.contains(c.getClaimType())) {
            expectedClaims.remove(c.getClaimType());
        } else {
            Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
        }
    }
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ArrayList(java.util.ArrayList) LdapClaimsHandler(org.apache.cxf.sts.claims.LdapClaimsHandler) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) URI(java.net.URI) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 4 with ProcessedClaim

use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.

the class LDAPClaimsTest method testMultiUserBaseDNs.

@org.junit.Test
public void testMultiUserBaseDNs() throws Exception {
    LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandlerMultipleUserBaseDNs");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("claimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    String otherUser = props.getProperty("otherClaimUser");
    Assert.assertNotNull(otherUser, "Property 'otherClaimUser' not configured");
    ClaimCollection requestedClaims = createRequestClaimCollection();
    List<URI> expectedClaims = new ArrayList<>();
    expectedClaims.add(ClaimTypes.FIRSTNAME);
    expectedClaims.add(ClaimTypes.LASTNAME);
    expectedClaims.add(ClaimTypes.EMAILADDRESS);
    // First user
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
    for (ProcessedClaim c : retrievedClaims) {
        if (expectedClaims.contains(c.getClaimType())) {
            expectedClaims.remove(c.getClaimType());
        } else {
            Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
        }
    }
    // Second user
    params.setPrincipal(new CustomTokenPrincipal(otherUser));
    retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    expectedClaims.add(ClaimTypes.FIRSTNAME);
    expectedClaims.add(ClaimTypes.LASTNAME);
    expectedClaims.add(ClaimTypes.EMAILADDRESS);
    Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
    for (ProcessedClaim c : retrievedClaims) {
        if (expectedClaims.contains(c.getClaimType())) {
            expectedClaims.remove(c.getClaimType());
        } else {
            Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
        }
    }
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ArrayList(java.util.ArrayList) LdapClaimsHandler(org.apache.cxf.sts.claims.LdapClaimsHandler) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) URI(java.net.URI) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 5 with ProcessedClaim

use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.

the class LDAPClaimsTest method testRetrieveClaims.

@org.junit.Test
public void testRetrieveClaims() throws Exception {
    LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("claimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    ClaimCollection requestedClaims = createRequestClaimCollection();
    List<URI> expectedClaims = new ArrayList<>();
    expectedClaims.add(ClaimTypes.FIRSTNAME);
    expectedClaims.add(ClaimTypes.LASTNAME);
    expectedClaims.add(ClaimTypes.EMAILADDRESS);
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
    for (ProcessedClaim c : retrievedClaims) {
        if (expectedClaims.contains(c.getClaimType())) {
            expectedClaims.remove(c.getClaimType());
        } else {
            Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
        }
    }
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ArrayList(java.util.ArrayList) LdapClaimsHandler(org.apache.cxf.sts.claims.LdapClaimsHandler) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) URI(java.net.URI) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Aggregations

ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)57 ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)44 Claim (org.apache.cxf.rt.security.claims.Claim)22 ArrayList (java.util.ArrayList)20 ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)14 ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)13 ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)11 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)11 Test (org.junit.Test)11 LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)10 URI (java.net.URI)9 Principal (java.security.Principal)8 List (java.util.List)3 X500Principal (javax.security.auth.x500.X500Principal)3 lombok.val (lombok.val)3 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)3 GuestPrincipal (ddf.security.principal.GuestPrincipal)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 InputStream (java.io.InputStream)2 URISyntaxException (java.net.URISyntaxException)2