use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.
the class CustomAttributeProvider method getStatement.
/**
* Get an AttributeStatementBean using the given parameters.
*/
public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
List<AttributeBean> attributeList = new ArrayList<>();
TokenRequirements tokenRequirements = providerParameters.getTokenRequirements();
String tokenType = tokenRequirements.getTokenType();
// Handle Claims
ProcessedClaimCollection retrievedClaims = ClaimsUtils.processClaims(providerParameters);
AttributeStatementBean attrBean = new AttributeStatementBean();
Iterator<ProcessedClaim> claimIterator = retrievedClaims.iterator();
if (!claimIterator.hasNext()) {
// If no Claims have been processed then create a default attribute
AttributeBean attributeBean = createDefaultAttribute(tokenType);
attributeList.add(attributeBean);
}
while (claimIterator.hasNext()) {
ProcessedClaim claim = claimIterator.next();
AttributeBean attributeBean = createAttributeFromClaim(claim, tokenType);
attributeList.add(attributeBean);
}
ReceivedToken onBehalfOf = tokenRequirements.getOnBehalfOf();
ReceivedToken actAs = tokenRequirements.getActAs();
try {
if (onBehalfOf != null) {
AttributeBean parameterBean = handleAdditionalParameters(false, onBehalfOf.getToken(), tokenType);
if (!parameterBean.getAttributeValues().isEmpty()) {
attributeList.add(parameterBean);
}
}
if (actAs != null) {
AttributeBean parameterBean = handleAdditionalParameters(true, actAs.getToken(), tokenType);
if (!parameterBean.getAttributeValues().isEmpty()) {
attributeList.add(parameterBean);
}
}
} catch (WSSecurityException ex) {
throw new STSException(ex.getMessage(), ex);
}
attrBean.setSamlAttributes(attributeList);
return attrBean;
}
use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.
the class CustomUserClaimsHandler method retrieveClaimValues.
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
if (claims != null && !claims.isEmpty()) {
ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
for (Claim requestClaim : claims) {
ProcessedClaim claim = new ProcessedClaim();
claim.setClaimType(requestClaim.getClaimType());
if (ClaimTypes.FIRSTNAME.equals(requestClaim.getClaimType())) {
if (parameters.getPrincipal().getName().equalsIgnoreCase("alice")) {
claim.addValue("aliceClaim");
} else if (parameters.getPrincipal().getName().equalsIgnoreCase("bob")) {
claim.addValue("bobClaim");
}
}
claimCollection.add(claim);
}
return claimCollection;
}
return null;
}
use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.
the class CustomClaimsHandler method retrieveClaimValues.
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
if (claims != null && !claims.isEmpty()) {
ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
for (Claim requestClaim : claims) {
ProcessedClaim claim = new ProcessedClaim();
claim.setClaimType(requestClaim.getClaimType());
claim.setIssuer("Test Issuer");
claim.setOriginalIssuer("Original Issuer");
if (ROLE.equals(requestClaim.getClaimType())) {
if ("alice".equals(parameters.getPrincipal().getName())) {
claim.addValue("admin-user");
} else {
claim.addValue("ordinary-user");
}
} else if (GIVEN_NAME.equals(requestClaim.getClaimType())) {
claim.addValue(parameters.getPrincipal().getName());
} else if (LANGUAGE.equals(requestClaim.getClaimType())) {
claim.addValue(parameters.getPrincipal().getName());
}
claimCollection.add(claim);
}
return claimCollection;
}
return null;
}
use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.
the class LDAPClaimsTest method testRetrieveClaimsUsingLDAPLookup.
@org.junit.Test
public void testRetrieveClaimsUsingLDAPLookup() throws Exception {
LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
ClaimsManager claimsManager = new ClaimsManager();
claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
ClaimCollection requestedClaims = createRequestClaimCollection();
List<URI> expectedClaims = new ArrayList<>();
expectedClaims.add(ClaimTypes.FIRSTNAME);
expectedClaims.add(ClaimTypes.LASTNAME);
expectedClaims.add(ClaimTypes.EMAILADDRESS);
ClaimsParameters params = new ClaimsParameters();
params.setPrincipal(new CustomTokenPrincipal("cn=alice,ou=users,dc=example,dc=com"));
ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
for (ProcessedClaim c : retrievedClaims) {
if (expectedClaims.contains(c.getClaimType())) {
expectedClaims.remove(c.getClaimType());
} else {
Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
}
}
}
use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.
the class LDAPClaimsTest method testRetrieveClaimsWithUnsupportedOptionalClaimType.
@org.junit.Test
public void testRetrieveClaimsWithUnsupportedOptionalClaimType() throws Exception {
LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
ClaimsManager claimsManager = new ClaimsManager();
claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
String user = props.getProperty("claimUser");
Assert.assertNotNull(user, "Property 'claimUser' not configured");
ClaimCollection requestedClaims = createRequestClaimCollection();
// add unsupported but optional unsupported claim
Claim claim = new Claim();
claim.setClaimType(ClaimTypes.GENDER);
claim.setOptional(true);
requestedClaims.add(claim);
// Gender is not expected to be returned because not supported
List<URI> expectedClaims = new ArrayList<>();
expectedClaims.add(ClaimTypes.FIRSTNAME);
expectedClaims.add(ClaimTypes.LASTNAME);
expectedClaims.add(ClaimTypes.EMAILADDRESS);
ClaimsParameters params = new ClaimsParameters();
params.setPrincipal(new CustomTokenPrincipal(user));
ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
for (ProcessedClaim c : retrievedClaims) {
if (expectedClaims.contains(c.getClaimType())) {
expectedClaims.remove(c.getClaimType());
} else {
Assert.assertTrue("Claim '" + c.getClaimType() + "' not requested", false);
}
}
}
Aggregations