Example 21 with ProcessedClaim
use of org.apache.cxf.sts.claims.ProcessedClaim in project ddf by codice.
the class PropertyFileClaimsHandler method retrieveClaimValues.
@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
Principal principal = parameters.getPrincipal();
boolean needsRoleClaim = false;
for (Claim claim : claims) {
if (roleClaimType.equals(claim.getClaimType().toString())) {
needsRoleClaim = true;
} else {
LOGGER.debug("Unsupported claim: {}", claim.getClaimType());
}
}
String user = getUser(principal);
if (user == null) {
LOGGER.info("Could not determine user name, possible authentication error. Returning no claims.");
return claimsColl;
}
if (needsRoleClaim) {
String userAttributes = userMapping.get(user);
if (userAttributes != null) {
String[] attributes = userAttributes.split(",");
ProcessedClaim c = new ProcessedClaim();
c.setClaimType(getSupportedClaimTypes().get(0));
c.setPrincipal(principal);
for (int i = 1; i < attributes.length; i++) {
c.addValue(attributes[i]);
}
claimsColl.add(c);
}
}
return claimsColl;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
X500Principal(javax.security.auth.x500.X500Principal)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Principal(java.security.Principal)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
Example 22 with ProcessedClaim
use of org.apache.cxf.sts.claims.ProcessedClaim in project ddf by codice.
the class TestAttributeFileClaimsHandler method testRetrieveClaimValuesAdmin.
@Test
public void testRetrieveClaimValuesAdmin() {
ProcessedClaimCollection processedClaims = attributeFileClaimsHandler.retrieveClaimValues(claimCollection, adminClaimsParameters);
assertThat(processedClaims.size(), is(2));
for (ProcessedClaim processedClaim : processedClaims) {
if (processedClaim.getClaimType().toString().equals("test")) {
assertThat(processedClaim.getValues().size(), is(1));
assertThat(processedClaim.getValues().get(0), is("testValue"));
} else if (processedClaim.getClaimType().toString().equals("test1")) {
assertThat(processedClaim.getValues().size(), is(3));
assertTrue(processedClaim.getValues().contains("testing1"));
assertTrue(processedClaim.getValues().contains("testing2"));
assertTrue(processedClaim.getValues().contains("testing3"));
}
}
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Test(org.junit.Test)
Example 23 with ProcessedClaim
use of org.apache.cxf.sts.claims.ProcessedClaim in project ddf by codice.
the class GuestClaimsHandler method retrieveClaimValues.
@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
Principal principal = parameters.getPrincipal();
for (Claim claim : claims) {
URI claimType = claim.getClaimType();
List<String> value = claimsMap.get(claimType);
if (value != null) {
ProcessedClaim c = new ProcessedClaim();
c.setClaimType(claimType);
c.setPrincipal(principal);
for (String val : value) {
c.addValue(val);
}
claimsColl.add(c);
}
}
if (principal != null && principal instanceof GuestPrincipal) {
String ipAddress = ((GuestPrincipal) principal).getAddress();
if (ipAddress != null) {
try {
ProcessedClaim ipClaim = new ProcessedClaim();
ipClaim.setClaimType(new URI(IP_ADDRESS_CLAIMS_KEY));
ipClaim.setPrincipal(principal);
ipClaim.addValue(ipAddress);
claimsColl.add(ipClaim);
} catch (URISyntaxException e) {
LOGGER.info("Claims mapping cannot be converted to a URI. Ip claim will be excluded", e);
}
}
}
return claimsColl;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
GuestPrincipal(ddf.security.principal.GuestPrincipal)
URISyntaxException(java.net.URISyntaxException)
URI(java.net.URI)
GuestPrincipal(ddf.security.principal.GuestPrincipal)
Principal(java.security.Principal)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
Example 24 with ProcessedClaim
use of org.apache.cxf.sts.claims.ProcessedClaim in project ddf by codice.
the class GuestClaimsHandlerTest method testRetrieveClaims.
@Test
public void testRetrieveClaims() throws URISyntaxException {
GuestClaimsHandler claimsHandler = new GuestClaimsHandler();
claimsHandler.setAttributes(Arrays.asList("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier=Guest", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress=Guest@guest.com|someguy@somesite.com|somedude@cool.com", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname=Guest"));
ClaimCollection requestClaims = new ClaimCollection();
Claim requestClaim = new Claim();
URI nameURI = new URI("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier");
requestClaim.setClaimType(nameURI);
requestClaims.add(requestClaim);
requestClaim = new Claim();
URI emailURI = new URI("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress");
requestClaim.setClaimType(emailURI);
requestClaims.add(requestClaim);
requestClaim = new Claim();
URI fooURI = new URI("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/foobar");
requestClaim.setClaimType(fooURI);
requestClaim.setOptional(true);
requestClaims.add(requestClaim);
ClaimsParameters claimsParameters = new ClaimsParameters();
claimsParameters.setPrincipal(new GuestPrincipal("127.0.0.1"));
List<URI> supportedClaims = claimsHandler.getSupportedClaimTypes();
assertEquals(3, supportedClaims.size());
ProcessedClaimCollection claimsCollection = claimsHandler.retrieveClaimValues(requestClaims, claimsParameters);
assertEquals(3, claimsCollection.size());
for (ProcessedClaim claim : claimsCollection) {
if (claim.getClaimType().equals(nameURI)) {
assertEquals(1, claim.getValues().size());
assertEquals("Guest", claim.getValues().get(0));
} else if (claim.getClaimType().equals(emailURI)) {
assertEquals(3, claim.getValues().size());
List<Object> values = claim.getValues();
assertEquals("Guest@guest.com", values.get(0));
assertEquals("someguy@somesite.com", values.get(1));
assertEquals("somedude@cool.com", values.get(2));
} else if (claim.getClaimType().equals("IpAddress")) {
assertEquals("127.0.0.1", claim.getValues().get(0));
}
assertFalse(claim.getClaimType().equals(fooURI));
}
claimsParameters = new ClaimsParameters();
claimsCollection = claimsHandler.retrieveClaimValues(requestClaims, claimsParameters);
assertEquals(2, claimsCollection.size());
claimsParameters = new ClaimsParameters();
claimsParameters.setPrincipal(new CustomTokenPrincipal("SomeValue"));
claimsCollection = claimsHandler.retrieveClaimValues(requestClaims, claimsParameters);
assertEquals(2, claimsCollection.size());
}
Also used :
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
GuestPrincipal(ddf.security.principal.GuestPrincipal)
List(java.util.List)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
URI(java.net.URI)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)
Test(org.junit.Test)
Example 25 with ProcessedClaim
use of org.apache.cxf.sts.claims.ProcessedClaim in project ddf by codice.
the class RoleClaimsHandler method retrieveClaimValues.
@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
String[] attributes = { groupNameAttribute, memberNameAttribute };
ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
Connection connection = null;
try {
Principal principal = parameters.getPrincipal();
String user = AttributeMapLoader.getUser(principal);
if (user == null) {
LOGGER.info("Could not determine user name, possible authentication error. Returning no claims.");
return new ProcessedClaimCollection();
}
connection = connectionFactory.getConnection();
if (connection != null) {
BindRequest request = BindMethodChooser.selectBindMethod(bindMethod, bindUserDN, bindUserCredentials, kerberosRealm, kdcAddress);
BindResult bindResult = connection.bind(request);
String membershipValue = user;
AndFilter filter;
ConnectionEntryReader entryReader;
if (!membershipUserAttribute.equals(loginUserAttribute)) {
String baseDN = AttributeMapLoader.getBaseDN(principal, userBaseDn, overrideCertDn);
filter = new AndFilter();
filter.and(new EqualsFilter(this.getLoginUserAttribute(), user));
entryReader = connection.search(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), membershipUserAttribute);
while (entryReader.hasNext()) {
SearchResultEntry entry = entryReader.readEntry();
Attribute attr = entry.getAttribute(membershipUserAttribute);
if (attr != null) {
for (ByteString value : attr) {
membershipValue = value.toString();
}
}
}
}
filter = new AndFilter();
String userBaseDN = AttributeMapLoader.getBaseDN(principal, getUserBaseDn(), overrideCertDn);
filter.and(new EqualsFilter("objectClass", getObjectClass())).and(new EqualsFilter(getMemberNameAttribute(), getMembershipUserAttribute() + "=" + membershipValue + "," + userBaseDN));
if (bindResult.isSuccess()) {
LOGGER.trace("Executing ldap search with base dn of {} and filter of {}", groupBaseDn, filter.toString());
entryReader = connection.search(groupBaseDn, SearchScope.WHOLE_SUBTREE, filter.toString(), attributes);
SearchResultEntry entry;
while (entryReader.hasNext()) {
entry = entryReader.readEntry();
Attribute attr = entry.getAttribute(groupNameAttribute);
if (attr == null) {
LOGGER.trace("Claim '{}' is null", roleClaimType);
} else {
ProcessedClaim c = new ProcessedClaim();
c.setClaimType(getRoleURI());
c.setPrincipal(principal);
for (ByteString value : attr) {
String itemValue = value.toString();
c.addValue(itemValue);
}
claimsColl.add(c);
}
}
} else {
LOGGER.info("LDAP Connection failed.");
}
}
} catch (LdapException e) {
LOGGER.info("Cannot connect to server, therefore unable to set role claims. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information.");
LOGGER.debug("Cannot connect to server, therefore unable to set role claims.", e);
} catch (SearchResultReferenceIOException e) {
LOGGER.info("Unable to set role claims. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information.");
LOGGER.debug("Unable to set role claims.", e);
} finally {
if (connection != null) {
connection.close();
}
}
return claimsColl;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
Attribute(org.forgerock.opendj.ldap.Attribute)
ByteString(org.forgerock.opendj.ldap.ByteString)
Connection(org.forgerock.opendj.ldap.Connection)
BindRequest(org.forgerock.opendj.ldap.requests.BindRequest)
ByteString(org.forgerock.opendj.ldap.ByteString)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
AndFilter(org.springframework.ldap.filter.AndFilter)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
BindResult(org.forgerock.opendj.ldap.responses.BindResult)
EqualsFilter(org.springframework.ldap.filter.EqualsFilter)
LdapException(org.forgerock.opendj.ldap.LdapException)
Principal(java.security.Principal)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Aggregations
ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)46
ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)35
ArrayList (java.util.ArrayList)15
Claim (org.apache.cxf.rt.security.claims.Claim)12
Test (org.junit.Test)12
URI (java.net.URI)11
ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)9
ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)8
ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)6
CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)6
Principal (java.security.Principal)5
LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)5
List (java.util.List)4
X500Principal (javax.security.auth.x500.X500Principal)3
Connection (org.forgerock.opendj.ldap.Connection)3
BindResult (org.forgerock.opendj.ldap.responses.BindResult)3
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)3
ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)3
GuestPrincipal (ddf.security.principal.GuestPrincipal)2
AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)2
