Search in sources :

Example 11 with ProcessedClaim

use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.

the class CustomAttributeProvider method getStatement.

/**
 * Get an AttributeStatementBean using the given parameters.
 */
public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
    List<AttributeBean> attributeList = new ArrayList<>();
    TokenRequirements tokenRequirements = providerParameters.getTokenRequirements();
    String tokenType = tokenRequirements.getTokenType();
    // Handle Claims
    ProcessedClaimCollection retrievedClaims = ClaimsUtils.processClaims(providerParameters);
    AttributeStatementBean attrBean = new AttributeStatementBean();
    Iterator<ProcessedClaim> claimIterator = retrievedClaims.iterator();
    if (!claimIterator.hasNext()) {
        // If no Claims have been processed then create a default attribute
        AttributeBean attributeBean = createDefaultAttribute(tokenType);
        attributeList.add(attributeBean);
    }
    while (claimIterator.hasNext()) {
        ProcessedClaim claim = claimIterator.next();
        AttributeBean attributeBean = createAttributeFromClaim(claim, tokenType);
        attributeList.add(attributeBean);
    }
    ReceivedToken onBehalfOf = tokenRequirements.getOnBehalfOf();
    ReceivedToken actAs = tokenRequirements.getActAs();
    try {
        if (onBehalfOf != null) {
            AttributeBean parameterBean = handleAdditionalParameters(false, onBehalfOf.getToken(), tokenType);
            if (!parameterBean.getAttributeValues().isEmpty()) {
                attributeList.add(parameterBean);
            }
        }
        if (actAs != null) {
            AttributeBean parameterBean = handleAdditionalParameters(true, actAs.getToken(), tokenType);
            if (!parameterBean.getAttributeValues().isEmpty()) {
                attributeList.add(parameterBean);
            }
        }
    } catch (WSSecurityException ex) {
        throw new STSException(ex.getMessage(), ex);
    }
    attrBean.setSamlAttributes(attributeList);
    return attrBean;
}
Also used : AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ArrayList(java.util.ArrayList) STSException(org.apache.cxf.ws.security.sts.provider.STSException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)

Example 12 with ProcessedClaim

use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.

the class CustomUserClaimsHandler method retrieveClaimValues.

public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
    if (claims != null && !claims.isEmpty()) {
        ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
        for (Claim requestClaim : claims) {
            ProcessedClaim claim = new ProcessedClaim();
            claim.setClaimType(requestClaim.getClaimType());
            if (ClaimTypes.FIRSTNAME.equals(requestClaim.getClaimType())) {
                if (parameters.getPrincipal().getName().equalsIgnoreCase("alice")) {
                    claim.addValue("aliceClaim");
                } else if (parameters.getPrincipal().getName().equalsIgnoreCase("bob")) {
                    claim.addValue("bobClaim");
                }
            }
            claimCollection.add(claim);
        }
        return claimCollection;
    }
    return null;
}
Also used : ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim)

Example 13 with ProcessedClaim

use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.

the class CustomClaimsHandler method retrieveClaimValues.

public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
    if (claims != null && !claims.isEmpty()) {
        ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
        for (Claim requestClaim : claims) {
            ProcessedClaim claim = new ProcessedClaim();
            claim.setClaimType(requestClaim.getClaimType());
            claim.setIssuer("Test Issuer");
            claim.setOriginalIssuer("Original Issuer");
            if (ROLE.equals(requestClaim.getClaimType())) {
                if ("alice".equals(parameters.getPrincipal().getName())) {
                    claim.addValue("admin-user");
                } else {
                    claim.addValue("ordinary-user");
                }
            } else if (GIVEN_NAME.equals(requestClaim.getClaimType())) {
                claim.addValue(parameters.getPrincipal().getName());
            } else if (LANGUAGE.equals(requestClaim.getClaimType())) {
                claim.addValue(parameters.getPrincipal().getName());
            }
            claimCollection.add(claim);
        }
        return claimCollection;
    }
    return null;
}
Also used : ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim)

Example 14 with ProcessedClaim

use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.

the class LDAPClaimsTest method testRetrieveClaimsUsingLDAPLookup.

@org.junit.Test
public void testRetrieveClaimsUsingLDAPLookup() throws Exception {
    LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    ClaimCollection requestedClaims = createRequestClaimCollection();
    List<URI> expectedClaims = new ArrayList<>();
    expectedClaims.add(ClaimTypes.FIRSTNAME);
    expectedClaims.add(ClaimTypes.LASTNAME);
    expectedClaims.add(ClaimTypes.EMAILADDRESS);
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal("cn=alice,ou=users,dc=example,dc=com"));
    ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
    for (ProcessedClaim c : retrievedClaims) {
        if (expectedClaims.contains(c.getClaimType())) {
            expectedClaims.remove(c.getClaimType());
        } else {
            Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
        }
    }
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ArrayList(java.util.ArrayList) LdapClaimsHandler(org.apache.cxf.sts.claims.LdapClaimsHandler) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) URI(java.net.URI) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 15 with ProcessedClaim

use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.

the class LDAPClaimsTest method testRetrieveClaimsWithUnsupportedOptionalClaimType.

@org.junit.Test
public void testRetrieveClaimsWithUnsupportedOptionalClaimType() throws Exception {
    LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    String user = props.getProperty("claimUser");
    Assert.assertNotNull(user, "Property 'claimUser' not configured");
    ClaimCollection requestedClaims = createRequestClaimCollection();
    // add unsupported but optional unsupported claim
    Claim claim = new Claim();
    claim.setClaimType(ClaimTypes.GENDER);
    claim.setOptional(true);
    requestedClaims.add(claim);
    // Gender is not expected to be returned because not supported
    List<URI> expectedClaims = new ArrayList<>();
    expectedClaims.add(ClaimTypes.FIRSTNAME);
    expectedClaims.add(ClaimTypes.LASTNAME);
    expectedClaims.add(ClaimTypes.EMAILADDRESS);
    ClaimsParameters params = new ClaimsParameters();
    params.setPrincipal(new CustomTokenPrincipal(user));
    ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
    Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
    for (ProcessedClaim c : retrievedClaims) {
        if (expectedClaims.contains(c.getClaimType())) {
            expectedClaims.remove(c.getClaimType());
        } else {
            Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
        }
    }
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ArrayList(java.util.ArrayList) LdapClaimsHandler(org.apache.cxf.sts.claims.LdapClaimsHandler) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) URI(java.net.URI) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) Claim(org.apache.cxf.rt.security.claims.Claim) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Aggregations

ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)46 ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)35 ArrayList (java.util.ArrayList)15 Claim (org.apache.cxf.rt.security.claims.Claim)12 Test (org.junit.Test)12 URI (java.net.URI)11 ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)9 ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)8 ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)6 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)6 Principal (java.security.Principal)5 LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)5 List (java.util.List)4 X500Principal (javax.security.auth.x500.X500Principal)3 Connection (org.forgerock.opendj.ldap.Connection)3 BindResult (org.forgerock.opendj.ldap.responses.BindResult)3 SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)3 ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)3 GuestPrincipal (ddf.security.principal.GuestPrincipal)2 AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)2