Example 46 with ProcessedClaimCollection
use of org.apache.cxf.sts.claims.ProcessedClaimCollection in project ddf by codice.
the class RoleClaimsHandler method retrieveClaimValues.
@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
String[] attributes = { groupNameAttribute, memberNameAttribute };
ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
Connection connection = null;
try {
Principal principal = parameters.getPrincipal();
String user = AttributeMapLoader.getUser(principal);
if (user == null) {
LOGGER.info("Could not determine user name, possible authentication error. Returning no claims.");
return new ProcessedClaimCollection();
}
connection = connectionFactory.getConnection();
if (connection != null) {
BindRequest request = BindMethodChooser.selectBindMethod(bindMethod, bindUserDN, bindUserCredentials, kerberosRealm, kdcAddress);
BindResult bindResult = connection.bind(request);
String membershipValue = user;
AndFilter filter;
ConnectionEntryReader entryReader;
if (!membershipUserAttribute.equals(loginUserAttribute)) {
String baseDN = AttributeMapLoader.getBaseDN(principal, userBaseDn, overrideCertDn);
filter = new AndFilter();
filter.and(new EqualsFilter(this.getLoginUserAttribute(), user));
entryReader = connection.search(baseDN, SearchScope.WHOLE_SUBTREE, filter.toString(), membershipUserAttribute);
while (entryReader.hasNext()) {
SearchResultEntry entry = entryReader.readEntry();
Attribute attr = entry.getAttribute(membershipUserAttribute);
if (attr != null) {
for (ByteString value : attr) {
membershipValue = value.toString();
}
}
}
}
filter = new AndFilter();
String userBaseDN = AttributeMapLoader.getBaseDN(principal, getUserBaseDn(), overrideCertDn);
filter.and(new EqualsFilter("objectClass", getObjectClass())).and(new EqualsFilter(getMemberNameAttribute(), getMembershipUserAttribute() + "=" + membershipValue + "," + userBaseDN));
if (bindResult.isSuccess()) {
LOGGER.trace("Executing ldap search with base dn of {} and filter of {}", groupBaseDn, filter.toString());
entryReader = connection.search(groupBaseDn, SearchScope.WHOLE_SUBTREE, filter.toString(), attributes);
SearchResultEntry entry;
while (entryReader.hasNext()) {
entry = entryReader.readEntry();
Attribute attr = entry.getAttribute(groupNameAttribute);
if (attr == null) {
LOGGER.trace("Claim '{}' is null", roleClaimType);
} else {
ProcessedClaim c = new ProcessedClaim();
c.setClaimType(getRoleURI());
c.setPrincipal(principal);
for (ByteString value : attr) {
String itemValue = value.toString();
c.addValue(itemValue);
}
claimsColl.add(c);
}
}
} else {
LOGGER.info("LDAP Connection failed.");
}
}
} catch (LdapException e) {
LOGGER.info("Cannot connect to server, therefore unable to set role claims. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information.");
LOGGER.debug("Cannot connect to server, therefore unable to set role claims.", e);
} catch (SearchResultReferenceIOException e) {
LOGGER.info("Unable to set role claims. Set log level for \"ddf.security.sts.claimsHandler\" to DEBUG for more information.");
LOGGER.debug("Unable to set role claims.", e);
} finally {
if (connection != null) {
connection.close();
}
}
return claimsColl;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
Attribute(org.forgerock.opendj.ldap.Attribute)
ByteString(org.forgerock.opendj.ldap.ByteString)
Connection(org.forgerock.opendj.ldap.Connection)
BindRequest(org.forgerock.opendj.ldap.requests.BindRequest)
ByteString(org.forgerock.opendj.ldap.ByteString)
SearchResultReferenceIOException(org.forgerock.opendj.ldap.SearchResultReferenceIOException)
AndFilter(org.springframework.ldap.filter.AndFilter)
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
BindResult(org.forgerock.opendj.ldap.responses.BindResult)
EqualsFilter(org.springframework.ldap.filter.EqualsFilter)
LdapException(org.forgerock.opendj.ldap.LdapException)
Principal(java.security.Principal)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 47 with ProcessedClaimCollection
use of org.apache.cxf.sts.claims.ProcessedClaimCollection in project ddf by codice.
the class TestPropertyFileClaimsHandler method testRetrieveClaimValues.
@Test
public void testRetrieveClaimValues() {
PropertyFileClaimsHandler propertyFileClaimsHandler = new PropertyFileClaimsHandler();
propertyFileClaimsHandler.setPropertyFileLocation("/users.properties");
propertyFileClaimsHandler.setRoleClaimType("http://myroletype");
ClaimCollection claimCollection = new ClaimCollection();
Claim claim = new Claim();
try {
claim.setClaimType(new URI("http://myroletype"));
} catch (URISyntaxException e) {
fail("Could not create URI");
}
claimCollection.add(claim);
ClaimsParameters claimsParameters = mock(ClaimsParameters.class);
Principal principal = mock(Principal.class);
when(principal.getName()).thenReturn("admin");
when(claimsParameters.getPrincipal()).thenReturn(principal);
ProcessedClaimCollection processedClaimCollection = propertyFileClaimsHandler.retrieveClaimValues(claimCollection, claimsParameters);
assertEquals(1, processedClaimCollection.size());
assertEquals(4, processedClaimCollection.get(0).getValues().size());
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
URISyntaxException(java.net.URISyntaxException)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
URI(java.net.URI)
Claim(org.apache.cxf.rt.security.claims.Claim)
X500Principal(javax.security.auth.x500.X500Principal)
KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal)
Principal(java.security.Principal)
ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)
Test(org.junit.Test)
Example 48 with ProcessedClaimCollection
use of org.apache.cxf.sts.claims.ProcessedClaimCollection in project ddf by codice.
the class TestPropertyFileClaimsHandler method testRetrieveClaimsValuesNullPrincipal.
@Test
public void testRetrieveClaimsValuesNullPrincipal() {
PropertyFileClaimsHandler claimsHandler = new PropertyFileClaimsHandler();
ClaimsParameters claimsParameters = new ClaimsParameters();
ClaimCollection claimCollection = new ClaimCollection();
ProcessedClaimCollection processedClaims = claimsHandler.retrieveClaimValues(claimCollection, claimsParameters);
Assert.assertThat(processedClaims.size(), CoreMatchers.is(equalTo(0)));
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)
Test(org.junit.Test)
Example 49 with ProcessedClaimCollection
use of org.apache.cxf.sts.claims.ProcessedClaimCollection in project ddf by codice.
the class AttributeQueryClaimsHandler method retrieveClaimValues.
/**
* Retrieves claims from the external attribute store.
*
* @param claims The collection of claims.
* @return The collection of claims or an empty collection if there are no security claims.
* @throws URISyntaxException
*/
@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
Principal principal = parameters.getPrincipal();
if (principal == null) {
return claimCollection;
}
String nameId = getNameId(principal);
try {
if (!StringUtils.isEmpty(nameId)) {
ProcessedClaimCollection securityClaimCollection = getAttributes(nameId);
// If security claim collection came back empty, return an empty claim collection.
if (!CollectionUtils.isEmpty(securityClaimCollection)) {
claimCollection.addAll(securityClaimCollection);
}
}
} catch (URISyntaxException e) {
LOGGER.info(ERROR_RETRIEVING_ATTRIBUTES + "Set log level to DEBUG for more information.", externalAttributeStoreUrl, nameId);
LOGGER.debug(ERROR_RETRIEVING_ATTRIBUTES, externalAttributeStoreUrl, nameId, e);
}
return claimCollection;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
URISyntaxException(java.net.URISyntaxException)
Principal(java.security.Principal)
Example 50 with ProcessedClaimCollection
use of org.apache.cxf.sts.claims.ProcessedClaimCollection in project ddf by codice.
the class CertificateClaimsHandler method retrieveClaimValues.
@Override
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
Principal principal = parameters.getPrincipal();
Map<String, Object> additionalProperties = parameters.getAdditionalProperties();
if (additionalProperties != null && (additionalProperties.containsKey(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI) || additionalProperties.containsKey(SubjectUtils.COUNTRY_CLAIM_URI))) {
for (Claim claim : claims) {
URI claimType = claim.getClaimType();
if (emailClaim.equals(claimType.toString())) {
buildClaim(claimsColl, principal, claimType, additionalProperties.get(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI));
} else if (countryClaim.equals(claimType.toString())) {
buildClaim(claimsColl, principal, claimType, additionalProperties.get(SubjectUtils.COUNTRY_CLAIM_URI));
}
}
}
return claimsColl;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
URI(java.net.URI)
Principal(java.security.Principal)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
Aggregations
ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)68
ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)40
Test (org.junit.Test)32
ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)30
ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)29
Claim (org.apache.cxf.rt.security.claims.Claim)21
URI (java.net.URI)18
Principal (java.security.Principal)15
ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)14
CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)14
ArrayList (java.util.ArrayList)13
HashMap (java.util.HashMap)5
ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)5
LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)5
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)5
URISyntaxException (java.net.URISyntaxException)4
List (java.util.List)4
X500Principal (javax.security.auth.x500.X500Principal)4
LdapGroupClaimsHandler (org.apache.cxf.sts.claims.LdapGroupClaimsHandler)4
RealmSupportClaimsHandler (org.apache.cxf.sts.common.RealmSupportClaimsHandler)4
