Example 66 with ProcessedClaimCollection
use of org.apache.cxf.sts.claims.ProcessedClaimCollection in project cxf by apache.
the class CustomAttributeStatementProvider method getStatement.
public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
// Handle Claims
ClaimsManager claimsManager = providerParameters.getClaimsManager();
ProcessedClaimCollection retrievedClaims = new ProcessedClaimCollection();
if (claimsManager != null) {
ClaimsParameters params = new ClaimsParameters();
params.setAdditionalProperties(providerParameters.getAdditionalProperties());
params.setAppliesToAddress(providerParameters.getAppliesToAddress());
params.setEncryptionProperties(providerParameters.getEncryptionProperties());
params.setKeyRequirements(providerParameters.getKeyRequirements());
params.setPrincipal(providerParameters.getPrincipal());
params.setRealm(providerParameters.getRealm());
params.setStsProperties(providerParameters.getStsProperties());
params.setTokenRequirements(providerParameters.getTokenRequirements());
params.setTokenStore(providerParameters.getTokenStore());
params.setMessageContext(providerParameters.getMessageContext());
retrievedClaims = claimsManager.retrieveClaimValues(providerParameters.getRequestedPrimaryClaims(), providerParameters.getRequestedSecondaryClaims(), params);
}
if (retrievedClaims == null) {
return null;
}
Iterator<ProcessedClaim> claimIterator = retrievedClaims.iterator();
if (!claimIterator.hasNext()) {
return null;
}
List<AttributeBean> attributeList = new ArrayList<>();
String tokenType = providerParameters.getTokenRequirements().getTokenType();
AttributeStatementBean attrBean = new AttributeStatementBean();
while (claimIterator.hasNext()) {
ProcessedClaim claim = claimIterator.next();
AttributeBean attributeBean = new AttributeBean();
URI claimType = claim.getClaimType();
if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
attributeBean.setQualifiedName(claimType.toString());
attributeBean.setNameFormat(nameFormat);
} else {
String uri = claimType.toString();
int lastSlash = uri.lastIndexOf("/");
if (lastSlash == (uri.length() - 1)) {
uri = uri.substring(0, lastSlash);
lastSlash = uri.lastIndexOf("/");
}
String namespace = uri.substring(0, lastSlash);
String name = uri.substring(lastSlash + 1, uri.length());
attributeBean.setSimpleName(name);
attributeBean.setQualifiedName(namespace);
}
attributeBean.setAttributeValues(claim.getValues());
attributeList.add(attributeBean);
}
attrBean.setSamlAttributes(attributeList);
return attrBean;
}
Also used :
AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean)
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
ArrayList(java.util.ArrayList)
ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager)
AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)
URI(java.net.URI)
ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)
Example 67 with ProcessedClaimCollection
use of org.apache.cxf.sts.claims.ProcessedClaimCollection in project cxf by apache.
the class LDAPClaimsTest method testRetrieveRolesForBob.
@org.junit.Test
public void testRetrieveRolesForBob() throws Exception {
LdapGroupClaimsHandler claimsHandler = (LdapGroupClaimsHandler) appContext.getBean("testGroupClaimsHandlerOtherUsers");
ClaimsManager claimsManager = new ClaimsManager();
claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
String user = props.getProperty("otherClaimUser");
Assert.assertNotNull(user, "Property 'claimUser' not configured");
ClaimCollection requestedClaims = new ClaimCollection();
Claim claim = new Claim();
URI roleURI = URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
claim.setClaimType(roleURI);
requestedClaims.add(claim);
ClaimsParameters params = new ClaimsParameters();
params.setPrincipal(new CustomTokenPrincipal(user));
ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
Assert.assertTrue(retrievedClaims.size() == 1);
Assert.assertTrue(retrievedClaims.get(0).getClaimType().equals(roleURI));
Assert.assertTrue(retrievedClaims.get(0).getValues().size() == 2);
}
Also used :
LdapGroupClaimsHandler(org.apache.cxf.sts.claims.LdapGroupClaimsHandler)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
URI(java.net.URI)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)
Example 68 with ProcessedClaimCollection
use of org.apache.cxf.sts.claims.ProcessedClaimCollection in project cxf by apache.
the class LDAPClaimsTest method testRetrieveBinaryClaims.
@org.junit.Test
public void testRetrieveBinaryClaims() throws Exception {
LdapClaimsHandler claimsHandler = (LdapClaimsHandler) appContext.getBean("testClaimsHandler");
ClaimsManager claimsManager = new ClaimsManager();
claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
String user = props.getProperty("binaryClaimUser");
Assert.assertNotNull(user, "Property 'binaryClaimUser' not configured");
ClaimCollection requestedClaims = createRequestClaimCollection();
// Ask for the (binary) cert as well
Claim claim = new Claim();
claim.setClaimType(URI.create("http://custom/x509"));
claim.setOptional(true);
requestedClaims.add(claim);
List<URI> expectedClaims = new ArrayList<>();
expectedClaims.add(ClaimTypes.FIRSTNAME);
expectedClaims.add(ClaimTypes.LASTNAME);
expectedClaims.add(ClaimTypes.EMAILADDRESS);
expectedClaims.add(URI.create("http://custom/x509"));
ClaimsParameters params = new ClaimsParameters();
params.setPrincipal(new CustomTokenPrincipal(user));
ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params);
Assert.assertTrue("Retrieved number of claims [" + retrievedClaims.size() + "] doesn't match with expected [" + expectedClaims.size() + "]", retrievedClaims.size() == expectedClaims.size());
boolean foundCert = false;
for (ProcessedClaim c : retrievedClaims) {
if (URI.create("http://custom/x509").equals(c.getClaimType())) {
foundCert = true;
Assert.assertTrue(c.getValues().get(0) instanceof byte[]);
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
InputStream in = new ByteArrayInputStream((byte[]) c.getValues().get(0));
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(in);
Assert.assertTrue(cert != null);
}
}
Assert.assertTrue(foundCert);
}
Also used :
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
ArrayList(java.util.ArrayList)
LdapClaimsHandler(org.apache.cxf.sts.claims.LdapClaimsHandler)
URI(java.net.URI)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection)
ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim)
Claim(org.apache.cxf.rt.security.claims.Claim)
Aggregations
ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)68
ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)40
Test (org.junit.Test)32
ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)30
ClaimsParameters (org.apache.cxf.sts.claims.ClaimsParameters)29
Claim (org.apache.cxf.rt.security.claims.Claim)21
URI (java.net.URI)18
Principal (java.security.Principal)15
ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)14
CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)14
ArrayList (java.util.ArrayList)13
HashMap (java.util.HashMap)5
ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)5
LdapClaimsHandler (org.apache.cxf.sts.claims.LdapClaimsHandler)5
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)5
URISyntaxException (java.net.URISyntaxException)4
List (java.util.List)4
X500Principal (javax.security.auth.x500.X500Principal)4
LdapGroupClaimsHandler (org.apache.cxf.sts.claims.LdapGroupClaimsHandler)4
RealmSupportClaimsHandler (org.apache.cxf.sts.common.RealmSupportClaimsHandler)4
