Example 61 with ProcessedClaimCollection
use of org.apache.cxf.sts.claims.ProcessedClaimCollection in project cxf by apache.
the class CustomClaimsHandler method retrieveClaimValues.
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
if (claims != null && !claims.isEmpty()) {
ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
for (Claim requestClaim : claims) {
ProcessedClaim claim = new ProcessedClaim();
claim.setClaimType(requestClaim.getClaimType());
if (ClaimTypes.FIRSTNAME.equals(requestClaim.getClaimType())) {
if (requestClaim instanceof CustomRequestClaim) {
CustomRequestClaim customClaim = (CustomRequestClaim) requestClaim;
String customName = customClaim.getValues().get(0) + "@" + customClaim.getScope();
claim.addValue(customName);
} else {
claim.addValue("alice");
}
} else if (ClaimTypes.LASTNAME.equals(requestClaim.getClaimType())) {
claim.addValue("doe");
} else if (ClaimTypes.EMAILADDRESS.equals(requestClaim.getClaimType())) {
claim.addValue("alice@cxf.apache.org");
} else if (ClaimTypes.STREETADDRESS.equals(requestClaim.getClaimType())) {
claim.addValue("1234 1st Street");
} else if (ClaimTypes.MOBILEPHONE.equals(requestClaim.getClaimType())) {
// Test custom (Integer) attribute value
XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
@SuppressWarnings("unchecked") XMLObjectBuilder<XSInteger> xsIntegerBuilder = (XMLObjectBuilder<XSInteger>) builderFactory.getBuilder(XSInteger.TYPE_NAME);
XSInteger attributeValue = xsIntegerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
attributeValue.setValue(185912592);
claim.addValue(attributeValue);
} else if (ROLE_CLAIM.equals(requestClaim.getClaimType())) {
if (requestClaim.getValues().size() > 0) {
for (Object requestedRole : requestClaim.getValues()) {
if (isUserInRole(parameters.getPrincipal(), requestedRole.toString())) {
claim.addValue(requestedRole);
}
}
if (claim.getValues().isEmpty()) {
continue;
}
} else {
// If no specific role was requested return DUMMY role for user
claim.addValue("DUMMY");
}
}
claimCollection.add(claim);
}
return claimCollection;
}
return null;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
XSInteger(org.opensaml.core.xml.schema.XSInteger)
XMLObjectBuilder(org.opensaml.core.xml.XMLObjectBuilder)
XMLObjectBuilderFactory(org.opensaml.core.xml.XMLObjectBuilderFactory)
CustomRequestClaim(org.apache.cxf.sts.common.CustomClaimParser.CustomRequestClaim)
CustomRequestClaim(org.apache.cxf.sts.common.CustomClaimParser.CustomRequestClaim)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
Example 62 with ProcessedClaimCollection
use of org.apache.cxf.sts.claims.ProcessedClaimCollection in project cxf by apache.
the class RealmSupportClaimsHandler method retrieveClaimValues.
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
if ("A".equals(realm)) {
Assert.assertEquals("ClaimHandler in realm A. Alice username must be 'alice'", "alice", parameters.getPrincipal().getName());
}
if ("B".equals(realm)) {
Assert.assertEquals("ClaimHandler in realm B. Alice username must be 'ALICE'", "ALICE", parameters.getPrincipal().getName());
}
if (supportedRealms != null && !supportedRealms.contains(parameters.getRealm())) {
Assert.fail("ClaimHandler must not be called. Source realm '" + parameters.getRealm() + "' not in supportedRealm list: " + supportedRealms);
}
if (claims != null && !claims.isEmpty()) {
ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
for (Claim requestClaim : claims) {
if (getSupportedClaimTypes().indexOf(requestClaim.getClaimType()) != -1) {
ProcessedClaim claim = new ProcessedClaim();
claim.setClaimType(requestClaim.getClaimType());
claim.addValue("Value_" + requestClaim.getClaimType());
claimCollection.add(claim);
}
}
return claimCollection;
}
return null;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
Example 63 with ProcessedClaimCollection
use of org.apache.cxf.sts.claims.ProcessedClaimCollection in project cxf by apache.
the class CustomClaimsMapper method mapClaims.
/**
* transforms the claim values to upper-case
*/
public ProcessedClaimCollection mapClaims(String sourceRealm, ProcessedClaimCollection sourceClaims, String targetRealm, ClaimsParameters parameters) {
ProcessedClaimCollection targetClaims = new ProcessedClaimCollection();
for (ProcessedClaim c : sourceClaims) {
ProcessedClaim nc = new ProcessedClaim();
nc.setClaimType(c.getClaimType());
nc.setIssuer(c.getIssuer());
nc.setOriginalIssuer(c.getOriginalIssuer());
nc.setPrincipal(c.getPrincipal());
for (Object s : c.getValues()) {
if (s instanceof String) {
nc.addValue(((String) s).toUpperCase());
}
}
targetClaims.add(nc);
}
return targetClaims;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Example 64 with ProcessedClaimCollection
use of org.apache.cxf.sts.claims.ProcessedClaimCollection in project cxf by apache.
the class RealmSupportTest method testIdentityMappingRealmA2B.
@org.junit.Test
public void testIdentityMappingRealmA2B() throws Exception {
ClaimsManager claimsManager = new ClaimsManager();
claimsManager.setIdentityMapper(new CustomIdentityMapper());
RealmSupportClaimsHandler realmAHandler = new RealmSupportClaimsHandler();
realmAHandler.setRealm("A");
realmAHandler.setSupportedClaimTypes(Collections.singletonList(URI.create("Claim-A")));
RealmSupportClaimsHandler realmBHandler = new RealmSupportClaimsHandler();
realmBHandler.setRealm("B");
realmBHandler.setSupportedClaimTypes(Collections.singletonList(URI.create("Claim-B")));
RealmSupportClaimsHandler realmCHandler = new RealmSupportClaimsHandler();
realmCHandler.setRealm("B");
realmCHandler.setSupportedClaimTypes(Collections.singletonList(URI.create("Claim-C")));
List<ClaimsHandler> claimHandlers = new ArrayList<>();
claimHandlers.add(realmAHandler);
claimHandlers.add(realmBHandler);
claimHandlers.add(realmCHandler);
claimsManager.setClaimHandlers(Collections.unmodifiableList(claimHandlers));
ClaimCollection requestedClaims = createClaimCollection();
ClaimsParameters parameters = new ClaimsParameters();
parameters.setRealm("A");
parameters.setPrincipal(new CustomTokenPrincipal("alice"));
ProcessedClaimCollection claims = claimsManager.retrieveClaimValues(requestedClaims, parameters);
Assert.assertEquals("Number of claims incorrect", 3, claims.size());
}
Also used :
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
CustomIdentityMapper(org.apache.cxf.sts.operation.CustomIdentityMapper)
ClaimsHandler(org.apache.cxf.sts.claims.ClaimsHandler)
RealmSupportClaimsHandler(org.apache.cxf.sts.common.RealmSupportClaimsHandler)
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ArrayList(java.util.ArrayList)
ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
RealmSupportClaimsHandler(org.apache.cxf.sts.common.RealmSupportClaimsHandler)
ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)
Example 65 with ProcessedClaimCollection
use of org.apache.cxf.sts.claims.ProcessedClaimCollection in project cxf by apache.
the class CustomClaimsHandler method retrieveClaimValues.
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
if (claims != null && !claims.isEmpty()) {
ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
List<Object> customContent = parameters.getTokenRequirements().getCustomContent();
boolean foundContent = false;
if (customContent != null) {
for (Object customContentObj : customContent) {
if (!(customContentObj instanceof Element)) {
continue;
}
Element customContentElement = (Element) customContentObj;
Element realm = XMLUtils.findElement(customContentElement, "realm", "http://cxf.apache.org/custom");
if (realm != null) {
String realmStr = realm.getTextContent();
if ("custom-realm".equals(realmStr)) {
foundContent = true;
}
}
}
}
for (Claim requestClaim : claims) {
ProcessedClaim claim = new ProcessedClaim();
claim.setClaimType(requestClaim.getClaimType());
claim.setIssuer("Test Issuer");
claim.setOriginalIssuer("Original Issuer");
if (foundContent) {
if (ROLE.equals(requestClaim.getClaimType())) {
claim.addValue("admin-user");
} else if (GIVEN_NAME.equals(requestClaim.getClaimType())) {
claim.addValue(parameters.getPrincipal().getName());
} else if (LANGUAGE.equals(requestClaim.getClaimType())) {
claim.addValue(parameters.getPrincipal().getName());
}
}
claimCollection.add(claim);
}
return claimCollection;
}
return null;
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Element(org.w3c.dom.Element)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
Aggregations
ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)68
ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)40
Test (org.junit.Test)32
ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)30
ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)29
Claim (org.apache.cxf.rt.security.claims.Claim)21
URI (java.net.URI)18
Principal (java.security.Principal)15
ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)14
CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)14
ArrayList (java.util.ArrayList)13
HashMap (java.util.HashMap)5
ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)5
LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)5
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)5
URISyntaxException (java.net.URISyntaxException)4
List (java.util.List)4
X500Principal (javax.security.auth.x500.X500Principal)4
LdapGroupClaimsHandler (org.apache.cxf.sts.claims.LdapGroupClaimsHandler)4
RealmSupportClaimsHandler (org.apache.cxf.sts.common.RealmSupportClaimsHandler)4
