Example 41 with ProcessedClaim
use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.
the class CustomClaimsHandler method retrieveClaimValues.
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
if (claims != null && !claims.isEmpty()) {
ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
for (Claim requestClaim : claims) {
ProcessedClaim claim = new ProcessedClaim();
claim.setClaimType(requestClaim.getClaimType());
if (ClaimTypes.FIRSTNAME.equals(requestClaim.getClaimType())) {
if (requestClaim instanceof CustomRequestClaim) {
CustomRequestClaim customClaim = (CustomRequestClaim) requestClaim;
String customName = customClaim.getValues().get(0) + "@" + customClaim.getScope();
claim.addValue(customName);
} else {
claim.addValue("alice");
}
} else if (ClaimTypes.LASTNAME.equals(requestClaim.getClaimType())) {
claim.addValue("doe");
} else if (ClaimTypes.EMAILADDRESS.equals(requestClaim.getClaimType())) {
claim.addValue("alice@cxf.apache.org");
} else if (ClaimTypes.STREETADDRESS.equals(requestClaim.getClaimType())) {
claim.addValue("1234 1st Street");
} else if (ClaimTypes.MOBILEPHONE.equals(requestClaim.getClaimType())) {
// Test custom (Integer) attribute value
XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
@SuppressWarnings("unchecked") XMLObjectBuilder<XSInteger> xsIntegerBuilder = (XMLObjectBuilder<XSInteger>) builderFactory.getBuilder(XSInteger.TYPE_NAME);
XSInteger attributeValue = xsIntegerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
attributeValue.setValue(185912592);
claim.addValue(attributeValue);
} else if (ROLE_CLAIM.equals(requestClaim.getClaimType())) {
if (requestClaim.getValues().size() > 0) {
for (Object requestedRole : requestClaim.getValues()) {
if (isUserInRole(parameters.getPrincipal(), requestedRole.toString())) {
claim.addValue(requestedRole);
}
}
if (claim.getValues().isEmpty()) {
continue;
}
} else {
// If no specific role was requested return DUMMY role for user
claim.addValue("DUMMY");
}
}
claimCollection.add(claim);
}
return claimCollection;
}
return null;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
XSInteger(org.opensaml.core.xml.schema.XSInteger)
XMLObjectBuilder(org.opensaml.core.xml.XMLObjectBuilder)
XMLObjectBuilderFactory(org.opensaml.core.xml.XMLObjectBuilderFactory)
CustomRequestClaim(org.apache.cxf.sts.common.CustomClaimParser.CustomRequestClaim)
CustomRequestClaim(org.apache.cxf.sts.common.CustomClaimParser.CustomRequestClaim)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
Example 42 with ProcessedClaim
use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.
the class RealmSupportClaimsHandler method retrieveClaimValues.
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
if ("A".equals(realm)) {
Assert.assertEquals("ClaimHandler in realm A. Alice username must be 'alice'", "alice", parameters.getPrincipal().getName());
}
if ("B".equals(realm)) {
Assert.assertEquals("ClaimHandler in realm B. Alice username must be 'ALICE'", "ALICE", parameters.getPrincipal().getName());
}
if (supportedRealms != null && !supportedRealms.contains(parameters.getRealm())) {
Assert.fail("ClaimHandler must not be called. Source realm '" + parameters.getRealm() + "' not in supportedRealm list: " + supportedRealms);
}
if (claims != null && !claims.isEmpty()) {
ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
for (Claim requestClaim : claims) {
if (getSupportedClaimTypes().indexOf(requestClaim.getClaimType()) != -1) {
ProcessedClaim claim = new ProcessedClaim();
claim.setClaimType(requestClaim.getClaimType());
claim.addValue("Value_" + requestClaim.getClaimType());
claimCollection.add(claim);
}
}
return claimCollection;
}
return null;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
Example 43 with ProcessedClaim
use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.
the class CustomClaimsMapper method mapClaims.
/**
* transforms the claim values to upper-case
*/
public ProcessedClaimCollection mapClaims(String sourceRealm, ProcessedClaimCollection sourceClaims, String targetRealm, ClaimsParameters parameters) {
ProcessedClaimCollection targetClaims = new ProcessedClaimCollection();
for (ProcessedClaim c : sourceClaims) {
ProcessedClaim nc = new ProcessedClaim();
nc.setClaimType(c.getClaimType());
nc.setIssuer(c.getIssuer());
nc.setOriginalIssuer(c.getOriginalIssuer());
nc.setPrincipal(c.getPrincipal());
for (Object s : c.getValues()) {
if (s instanceof String) {
nc.addValue(((String) s).toUpperCase());
}
}
targetClaims.add(nc);
}
return targetClaims;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Example 44 with ProcessedClaim
use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.
the class CustomClaimsHandler method retrieveClaimValues.
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
if (claims != null && !claims.isEmpty()) {
ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
List<Object> customContent = parameters.getTokenRequirements().getCustomContent();
boolean foundContent = false;
if (customContent != null) {
for (Object customContentObj : customContent) {
if (!(customContentObj instanceof Element)) {
continue;
}
Element customContentElement = (Element) customContentObj;
Element realm = XMLUtils.findElement(customContentElement, "realm", "http://cxf.apache.org/custom");
if (realm != null) {
String realmStr = realm.getTextContent();
if ("custom-realm".equals(realmStr)) {
foundContent = true;
}
}
}
}
for (Claim requestClaim : claims) {
ProcessedClaim claim = new ProcessedClaim();
claim.setClaimType(requestClaim.getClaimType());
claim.setIssuer("Test Issuer");
claim.setOriginalIssuer("Original Issuer");
if (foundContent) {
if (ROLE.equals(requestClaim.getClaimType())) {
claim.addValue("admin-user");
} else if (GIVEN_NAME.equals(requestClaim.getClaimType())) {
claim.addValue(parameters.getPrincipal().getName());
} else if (LANGUAGE.equals(requestClaim.getClaimType())) {
claim.addValue(parameters.getPrincipal().getName());
}
}
claimCollection.add(claim);
}
return claimCollection;
}
return null;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Element(org.w3c.dom.Element)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
Example 45 with ProcessedClaim
use of org.apache.cxf.sts.claims.ProcessedClaim in project cxf by apache.
the class CustomAttributeStatementProvider method getStatement.
public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
// Handle Claims
ClaimsManager claimsManager = providerParameters.getClaimsManager();
ProcessedClaimCollection retrievedClaims = new ProcessedClaimCollection();
if (claimsManager != null) {
ClaimsParameters params = new ClaimsParameters();
params.setAdditionalProperties(providerParameters.getAdditionalProperties());
params.setAppliesToAddress(providerParameters.getAppliesToAddress());
params.setEncryptionProperties(providerParameters.getEncryptionProperties());
params.setKeyRequirements(providerParameters.getKeyRequirements());
params.setPrincipal(providerParameters.getPrincipal());
params.setRealm(providerParameters.getRealm());
params.setStsProperties(providerParameters.getStsProperties());
params.setTokenRequirements(providerParameters.getTokenRequirements());
params.setTokenStore(providerParameters.getTokenStore());
params.setMessageContext(providerParameters.getMessageContext());
retrievedClaims = claimsManager.retrieveClaimValues(providerParameters.getRequestedPrimaryClaims(), providerParameters.getRequestedSecondaryClaims(), params);
}
if (retrievedClaims == null) {
return null;
}
Iterator<ProcessedClaim> claimIterator = retrievedClaims.iterator();
if (!claimIterator.hasNext()) {
return null;
}
List<AttributeBean> attributeList = new ArrayList<>();
String tokenType = providerParameters.getTokenRequirements().getTokenType();
AttributeStatementBean attrBean = new AttributeStatementBean();
while (claimIterator.hasNext()) {
ProcessedClaim claim = claimIterator.next();
AttributeBean attributeBean = new AttributeBean();
URI claimType = claim.getClaimType();
if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
attributeBean.setQualifiedName(claimType.toString());
attributeBean.setNameFormat(nameFormat);
} else {
String uri = claimType.toString();
int lastSlash = uri.lastIndexOf("/");
if (lastSlash == (uri.length() - 1)) {
uri = uri.substring(0, lastSlash);
lastSlash = uri.lastIndexOf("/");
}
String namespace = uri.substring(0, lastSlash);
String name = uri.substring(lastSlash + 1, uri.length());
attributeBean.setSimpleName(name);
attributeBean.setQualifiedName(namespace);
}
attributeBean.setAttributeValues(claim.getValues());
attributeList.add(attributeBean);
}
attrBean.setSamlAttributes(attributeList);
return attrBean;
}
Also used :
AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean)
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
ArrayList(java.util.ArrayList)
ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager)
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
URI(java.net.URI)
ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)
Aggregations
ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)46
ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)35
ArrayList (java.util.ArrayList)15
Claim (org.apache.cxf.rt.security.claims.Claim)12
Test (org.junit.Test)12
URI (java.net.URI)11
ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)9
ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)8
ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)6
CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)6
Principal (java.security.Principal)5
LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)5
List (java.util.List)4
X500Principal (javax.security.auth.x500.X500Principal)3
Connection (org.forgerock.opendj.ldap.Connection)3
BindResult (org.forgerock.opendj.ldap.responses.BindResult)3
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)3
ConnectionEntryReader (org.forgerock.opendj.ldif.ConnectionEntryReader)3
GuestPrincipal (ddf.security.principal.GuestPrincipal)2
AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)2
