Search in sources :

Example 51 with ProcessedClaim

use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.

the class CustomClaimsMapper method mapClaims.

/**
 * transforms the claim values to upper-case
 */
public ProcessedClaimCollection mapClaims(String sourceRealm, ProcessedClaimCollection sourceClaims, String targetRealm, ClaimsParameters parameters) {
    ProcessedClaimCollection targetClaims = new ProcessedClaimCollection();
    for (ProcessedClaim c : sourceClaims) {
        ProcessedClaim nc = new ProcessedClaim();
        nc.setClaimType(c.getClaimType());
        nc.setIssuer(c.getIssuer());
        nc.setOriginalIssuer(c.getOriginalIssuer());
        nc.setPrincipal(c.getPrincipal());
        for (Object s : c.getValues()) {
            if (s instanceof String) {
                nc.addValue(((String) s).toUpperCase());
            }
        }
        targetClaims.add(nc);
    }
    return targetClaims;
}
Also used : ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)

Example 52 with ProcessedClaim

use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.

the class RealmSupportClaimsHandler method retrieveClaimValues.

public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
    if ("A".equals(realm)) {
        Assert.assertEquals("ClaimHandler in realm A. Alice username must be 'alice'", "alice", parameters.getPrincipal().getName());
    }
    if ("B".equals(realm)) {
        Assert.assertEquals("ClaimHandler in realm B. Alice username must be 'ALICE'", "ALICE", parameters.getPrincipal().getName());
    }
    if (supportedRealms != null && !supportedRealms.contains(parameters.getRealm())) {
        Assert.fail("ClaimHandler must not be called. Source realm '" + parameters.getRealm() + "' not in supportedRealm list: " + supportedRealms);
    }
    if (claims != null && !claims.isEmpty()) {
        ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
        for (Claim requestClaim : claims) {
            if (getSupportedClaimTypes().indexOf(requestClaim.getClaimType()) != -1) {
                ProcessedClaim claim = new ProcessedClaim();
                claim.setClaimType(requestClaim.getClaimType());
                claim.addValue("Value_" + requestClaim.getClaimType());
                claimCollection.add(claim);
            }
        }
        return claimCollection;
    }
    return null;
}
Also used : ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim)

Example 53 with ProcessedClaim

use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.

the class CustomClaimsHandler method retrieveClaimValues.

public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
    if (claims != null && !claims.isEmpty()) {
        ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
        List<Object> customContent = parameters.getTokenRequirements().getCustomContent();
        boolean foundContent = false;
        if (customContent != null) {
            for (Object customContentObj : customContent) {
                if (!(customContentObj instanceof Element)) {
                    continue;
                }
                Element customContentElement = (Element) customContentObj;
                Element realm = XMLUtils.findElement(customContentElement, "realm", "http://cxf.apache.org/custom");
                if (realm != null) {
                    String realmStr = realm.getTextContent();
                    if ("custom-realm".equals(realmStr)) {
                        foundContent = true;
                    }
                }
            }
        }
        for (Claim requestClaim : claims) {
            ProcessedClaim claim = new ProcessedClaim();
            claim.setClaimType(requestClaim.getClaimType());
            claim.setIssuer("Test Issuer");
            claim.setOriginalIssuer("Original Issuer");
            if (foundContent) {
                if (ROLE.equals(requestClaim.getClaimType())) {
                    claim.addValue("admin-user");
                } else if (GIVEN_NAME.equals(requestClaim.getClaimType())) {
                    claim.addValue(parameters.getPrincipal().getName());
                } else if (LANGUAGE.equals(requestClaim.getClaimType())) {
                    claim.addValue(parameters.getPrincipal().getName());
                }
            }
            claimCollection.add(claim);
        }
        return claimCollection;
    }
    return null;
}
Also used : ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Element(org.w3c.dom.Element) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim)

Example 54 with ProcessedClaim

use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.

the class CustomAttributeStatementProvider method getStatement.

public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
    // Handle Claims
    ClaimsManager claimsManager = providerParameters.getClaimsManager();
    ProcessedClaimCollection retrievedClaims = new ProcessedClaimCollection();
    if (claimsManager != null) {
        ClaimsParameters params = new ClaimsParameters();
        params.setAdditionalProperties(providerParameters.getAdditionalProperties());
        params.setAppliesToAddress(providerParameters.getAppliesToAddress());
        params.setEncryptionProperties(providerParameters.getEncryptionProperties());
        params.setKeyRequirements(providerParameters.getKeyRequirements());
        params.setPrincipal(providerParameters.getPrincipal());
        params.setRealm(providerParameters.getRealm());
        params.setStsProperties(providerParameters.getStsProperties());
        params.setTokenRequirements(providerParameters.getTokenRequirements());
        params.setTokenStore(providerParameters.getTokenStore());
        params.setMessageContext(providerParameters.getMessageContext());
        retrievedClaims = claimsManager.retrieveClaimValues(providerParameters.getRequestedPrimaryClaims(), providerParameters.getRequestedSecondaryClaims(), params);
    }
    if (retrievedClaims == null) {
        return null;
    }
    Iterator<ProcessedClaim> claimIterator = retrievedClaims.iterator();
    if (!claimIterator.hasNext()) {
        return null;
    }
    List<AttributeBean> attributeList = new ArrayList<>();
    String tokenType = providerParameters.getTokenRequirements().getTokenType();
    AttributeStatementBean attrBean = new AttributeStatementBean();
    while (claimIterator.hasNext()) {
        ProcessedClaim claim = claimIterator.next();
        AttributeBean attributeBean = new AttributeBean();
        String claimType = claim.getClaimType();
        if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
            attributeBean.setQualifiedName(claimType);
            attributeBean.setNameFormat(nameFormat);
        } else {
            String uri = claimType;
            int lastSlash = uri.lastIndexOf('/');
            if (lastSlash == (uri.length() - 1)) {
                uri = uri.substring(0, lastSlash);
                lastSlash = uri.lastIndexOf('/');
            }
            String namespace = uri.substring(0, lastSlash);
            String name = uri.substring(lastSlash + 1, uri.length());
            attributeBean.setSimpleName(name);
            attributeBean.setQualifiedName(namespace);
        }
        attributeBean.setAttributeValues(claim.getValues());
        attributeList.add(attributeBean);
    }
    attrBean.setSamlAttributes(attributeList);
    return attrBean;
}
Also used : AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ArrayList(java.util.ArrayList) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 55 with ProcessedClaim

use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.

the class ClaimUtils method mapValues.

/**
 * Mapping all values from the given claim according to the provided map. Input claims will not be
 * modified. Result claim will be a clone of the provided claims just with different (mapped) claim
 * values.
 *
 * @param processedClaim Claim providing values to be mapped
 * @param mapping Map of old:new mapping values
 * @param keepUnmapped if set to false only values contained in the map will be returned. If set to true,
 *            values not contained in the map will also remain in the returned claim.
 * @return Returns the provided claim with mapped values
 */
public ProcessedClaim mapValues(ProcessedClaim processedClaim, Map<Object, Object> mapping, boolean keepUnmapped) {
    ProcessedClaim resultClaim = null;
    if (processedClaim != null) {
        resultClaim = processedClaim.clone();
        List<Object> values = resultClaim.getValues();
        List<Object> mappedValues = new ArrayList<>();
        if (values == null || mapping == null || mapping.isEmpty()) {
            resultClaim.setValues(mappedValues);
            return resultClaim;
        }
        for (Object value : values) {
            Object newValue = mapping.get(value);
            if (newValue != null) {
                mappedValues.add(newValue);
            } else if (keepUnmapped) {
                mappedValues.add(value);
            }
        }
        resultClaim.setValues(mappedValues);
    }
    return resultClaim;
}
Also used : ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ArrayList(java.util.ArrayList)

Aggregations

ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)57 ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)44 Claim (org.apache.cxf.rt.security.claims.Claim)22 ArrayList (java.util.ArrayList)20 ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)14 ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)13 ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)11 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)11 Test (org.junit.Test)11 LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)10 URI (java.net.URI)9 Principal (java.security.Principal)8 List (java.util.List)3 X500Principal (javax.security.auth.x500.X500Principal)3 lombok.val (lombok.val)3 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)3 GuestPrincipal (ddf.security.principal.GuestPrincipal)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 InputStream (java.io.InputStream)2 URISyntaxException (java.net.URISyntaxException)2