Example 51 with ProcessedClaim
use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.
the class CustomClaimsMapper method mapClaims.
/**
* transforms the claim values to upper-case
*/
public ProcessedClaimCollection mapClaims(String sourceRealm, ProcessedClaimCollection sourceClaims, String targetRealm, ClaimsParameters parameters) {
ProcessedClaimCollection targetClaims = new ProcessedClaimCollection();
for (ProcessedClaim c : sourceClaims) {
ProcessedClaim nc = new ProcessedClaim();
nc.setClaimType(c.getClaimType());
nc.setIssuer(c.getIssuer());
nc.setOriginalIssuer(c.getOriginalIssuer());
nc.setPrincipal(c.getPrincipal());
for (Object s : c.getValues()) {
if (s instanceof String) {
nc.addValue(((String) s).toUpperCase());
}
}
targetClaims.add(nc);
}
return targetClaims;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Example 52 with ProcessedClaim
use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.
the class RealmSupportClaimsHandler method retrieveClaimValues.
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
if ("A".equals(realm)) {
Assert.assertEquals("ClaimHandler in realm A. Alice username must be 'alice'", "alice", parameters.getPrincipal().getName());
}
if ("B".equals(realm)) {
Assert.assertEquals("ClaimHandler in realm B. Alice username must be 'ALICE'", "ALICE", parameters.getPrincipal().getName());
}
if (supportedRealms != null && !supportedRealms.contains(parameters.getRealm())) {
Assert.fail("ClaimHandler must not be called. Source realm '" + parameters.getRealm() + "' not in supportedRealm list: " + supportedRealms);
}
if (claims != null && !claims.isEmpty()) {
ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
for (Claim requestClaim : claims) {
if (getSupportedClaimTypes().indexOf(requestClaim.getClaimType()) != -1) {
ProcessedClaim claim = new ProcessedClaim();
claim.setClaimType(requestClaim.getClaimType());
claim.addValue("Value_" + requestClaim.getClaimType());
claimCollection.add(claim);
}
}
return claimCollection;
}
return null;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
Example 53 with ProcessedClaim
use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.
the class CustomClaimsHandler method retrieveClaimValues.
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
if (claims != null && !claims.isEmpty()) {
ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
List<Object> customContent = parameters.getTokenRequirements().getCustomContent();
boolean foundContent = false;
if (customContent != null) {
for (Object customContentObj : customContent) {
if (!(customContentObj instanceof Element)) {
continue;
}
Element customContentElement = (Element) customContentObj;
Element realm = XMLUtils.findElement(customContentElement, "realm", "http://cxf.apache.org/custom");
if (realm != null) {
String realmStr = realm.getTextContent();
if ("custom-realm".equals(realmStr)) {
foundContent = true;
}
}
}
}
for (Claim requestClaim : claims) {
ProcessedClaim claim = new ProcessedClaim();
claim.setClaimType(requestClaim.getClaimType());
claim.setIssuer("Test Issuer");
claim.setOriginalIssuer("Original Issuer");
if (foundContent) {
if (ROLE.equals(requestClaim.getClaimType())) {
claim.addValue("admin-user");
} else if (GIVEN_NAME.equals(requestClaim.getClaimType())) {
claim.addValue(parameters.getPrincipal().getName());
} else if (LANGUAGE.equals(requestClaim.getClaimType())) {
claim.addValue(parameters.getPrincipal().getName());
}
}
claimCollection.add(claim);
}
return claimCollection;
}
return null;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Element(org.w3c.dom.Element)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
Example 54 with ProcessedClaim
use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.
the class CustomAttributeStatementProvider method getStatement.
public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
// Handle Claims
ClaimsManager claimsManager = providerParameters.getClaimsManager();
ProcessedClaimCollection retrievedClaims = new ProcessedClaimCollection();
if (claimsManager != null) {
ClaimsParameters params = new ClaimsParameters();
params.setAdditionalProperties(providerParameters.getAdditionalProperties());
params.setAppliesToAddress(providerParameters.getAppliesToAddress());
params.setEncryptionProperties(providerParameters.getEncryptionProperties());
params.setKeyRequirements(providerParameters.getKeyRequirements());
params.setPrincipal(providerParameters.getPrincipal());
params.setRealm(providerParameters.getRealm());
params.setStsProperties(providerParameters.getStsProperties());
params.setTokenRequirements(providerParameters.getTokenRequirements());
params.setTokenStore(providerParameters.getTokenStore());
params.setMessageContext(providerParameters.getMessageContext());
retrievedClaims = claimsManager.retrieveClaimValues(providerParameters.getRequestedPrimaryClaims(), providerParameters.getRequestedSecondaryClaims(), params);
}
if (retrievedClaims == null) {
return null;
}
Iterator<ProcessedClaim> claimIterator = retrievedClaims.iterator();
if (!claimIterator.hasNext()) {
return null;
}
List<AttributeBean> attributeList = new ArrayList<>();
String tokenType = providerParameters.getTokenRequirements().getTokenType();
AttributeStatementBean attrBean = new AttributeStatementBean();
while (claimIterator.hasNext()) {
ProcessedClaim claim = claimIterator.next();
AttributeBean attributeBean = new AttributeBean();
String claimType = claim.getClaimType();
if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
attributeBean.setQualifiedName(claimType);
attributeBean.setNameFormat(nameFormat);
} else {
String uri = claimType;
int lastSlash = uri.lastIndexOf('/');
if (lastSlash == (uri.length() - 1)) {
uri = uri.substring(0, lastSlash);
lastSlash = uri.lastIndexOf('/');
}
String namespace = uri.substring(0, lastSlash);
String name = uri.substring(lastSlash + 1, uri.length());
attributeBean.setSimpleName(name);
attributeBean.setQualifiedName(namespace);
}
attributeBean.setAttributeValues(claim.getValues());
attributeList.add(attributeBean);
}
attrBean.setSamlAttributes(attributeList);
return attrBean;
}
Also used :
AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean)
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
ArrayList(java.util.ArrayList)
ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager)
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)
Example 55 with ProcessedClaim
use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.
the class ClaimUtils method mapValues.
/**
* Mapping all values from the given claim according to the provided map. Input claims will not be
* modified. Result claim will be a clone of the provided claims just with different (mapped) claim
* values.
*
* @param processedClaim Claim providing values to be mapped
* @param mapping Map of old:new mapping values
* @param keepUnmapped if set to false only values contained in the map will be returned. If set to true,
* values not contained in the map will also remain in the returned claim.
* @return Returns the provided claim with mapped values
*/
public ProcessedClaim mapValues(ProcessedClaim processedClaim, Map<Object, Object> mapping, boolean keepUnmapped) {
ProcessedClaim resultClaim = null;
if (processedClaim != null) {
resultClaim = processedClaim.clone();
List<Object> values = resultClaim.getValues();
List<Object> mappedValues = new ArrayList<>();
if (values == null || mapping == null || mapping.isEmpty()) {
resultClaim.setValues(mappedValues);
return resultClaim;
}
for (Object value : values) {
Object newValue = mapping.get(value);
if (newValue != null) {
mappedValues.add(newValue);
} else if (keepUnmapped) {
mappedValues.add(value);
}
}
resultClaim.setValues(mappedValues);
}
return resultClaim;
}
Also used :
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
ArrayList(java.util.ArrayList)
Aggregations
ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)57
ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)44
Claim (org.apache.cxf.rt.security.claims.Claim)22
ArrayList (java.util.ArrayList)20
ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)14
ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)13
ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)11
CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)11
Test (org.junit.Test)11
LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)10
URI (java.net.URI)9
Principal (java.security.Principal)8
List (java.util.List)3
X500Principal (javax.security.auth.x500.X500Principal)3
lombok.val (lombok.val)3
TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)3
GuestPrincipal (ddf.security.principal.GuestPrincipal)2
ByteArrayInputStream (java.io.ByteArrayInputStream)2
InputStream (java.io.InputStream)2
URISyntaxException (java.net.URISyntaxException)2
