Examples with CustomClaimsHandler org.apache.cxf.sts.common.CustomClaimsHandler used on opensource projects

Search in sources :

Example 1 with CustomClaimsHandler

use of org.apache.cxf.sts.common.CustomClaimsHandler in project cxf by apache.

the class SAMLProviderActAsTest method testSAML2ActAsUsernameTokenClaims.

@org.junit.Test
public void testSAML2ActAsUsernameTokenClaims() throws Exception {
    TokenProvider samlTokenProvider = new SAMLTokenProvider();
    UsernameTokenType usernameToken = new UsernameTokenType();
    AttributedString username = new AttributedString();
    username.setValue("bob");
    usernameToken.setUsername(username);
    JAXBElement<UsernameTokenType> usernameTokenType = new JAXBElement<UsernameTokenType>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken);
    TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, usernameTokenType);
    // Principal must be set in ReceivedToken/ActAs
    providerParameters.getTokenRequirements().getActAs().setPrincipal(new CustomTokenPrincipal(username.getValue()));
    // Add Claims
    ClaimsManager claimsManager = new ClaimsManager();
    ClaimsHandler claimsHandler = new CustomClaimsHandler();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    providerParameters.setClaimsManager(claimsManager);
    ClaimCollection claims = createClaims();
    providerParameters.setRequestedPrimaryClaims(claims);
    assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    // Verify the token
    Element token = (Element) providerResponse.getToken();
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
    Assert.assertEquals("technical-user", assertion.getSubjectName());
    boolean foundActAsAttribute = false;
    for (org.opensaml.saml.saml2.core.AttributeStatement attributeStatement : assertion.getSaml2().getAttributeStatements()) {
        for (org.opensaml.saml.saml2.core.Attribute attribute : attributeStatement.getAttributes()) {
            if ("ActAs".equals(attribute.getName())) {
                for (XMLObject attributeValue : attribute.getAttributeValues()) {
                    Element attributeValueElement = attributeValue.getDOM();
                    String text = attributeValueElement.getTextContent();
                    if (text.contains("bob")) {
                        foundActAsAttribute = true;
                        break;
                    }
                }
            }
        }
    }
    assertTrue(foundActAsAttribute);
    // Check that claims are also present
    String tokenString = DOM2Writer.nodeToString(token);
    assertTrue(tokenString.contains(providerResponse.getTokenId()));
    assertTrue(tokenString.contains(ClaimTypes.EMAILADDRESS.toString()));
    assertTrue(tokenString.contains(ClaimTypes.FIRSTNAME.toString()));
    assertTrue(tokenString.contains(ClaimTypes.LASTNAME.toString()));
}
Also used : ClaimsHandler(org.apache.cxf.sts.claims.ClaimsHandler) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) XMLObject(org.opensaml.core.xml.XMLObject) JAXBElement(javax.xml.bind.JAXBElement) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)

Example 2 with CustomClaimsHandler

use of org.apache.cxf.sts.common.CustomClaimsHandler in project cxf by apache.

the class ValidateJWTTransformationTest method createSAMLAssertion.

private static Element createSAMLAssertion(String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler) throws WSSecurityException {
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    samlTokenProvider.setAttributeStatementProviders(Collections.singletonList(new ClaimsAttributeStatementProvider()));
    TokenProviderParameters providerParameters = createProviderParameters(tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler);
    // Set the ClaimsManager
    ClaimsManager claimsManager = new ClaimsManager();
    ClaimsHandler claimsHandler = new CustomClaimsHandler();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    providerParameters.setClaimsManager(claimsManager);
    ClaimCollection requestedClaims = new ClaimCollection();
    Claim requestClaim = new Claim();
    requestClaim.setClaimType(ClaimTypes.LASTNAME);
    requestClaim.setOptional(false);
    requestedClaims.add(requestClaim);
    providerParameters.setRequestedSecondaryClaims(requestedClaims);
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    return (Element) providerResponse.getToken();
}
Also used : ClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider) ClaimsHandler(org.apache.cxf.sts.claims.ClaimsHandler) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) Claim(org.apache.cxf.rt.security.claims.Claim) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 3 with CustomClaimsHandler

use of org.apache.cxf.sts.common.CustomClaimsHandler in project cxf by apache.

the class JexlIssueSamlClaimsTest method createSAMLAssertion.

/*
     * Mock up an SAML assertion element
     */
private Element createSAMLAssertion(String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, Map<String, RealmProperties> realms) throws WSSecurityException {
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    samlTokenProvider.setRealmMap(realms);
    List<AttributeStatementProvider> customProviderList = Collections.singletonList(new ClaimsAttributeStatementProvider());
    samlTokenProvider.setAttributeStatementProviders(customProviderList);
    TokenProviderParameters providerParameters = createProviderParameters(tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler);
    if (realms != null) {
        providerParameters.setRealm("A");
    }
    // Set the ClaimsManager
    ClaimsManager claimsManager = new ClaimsManager();
    ClaimsHandler claimsHandler = new CustomClaimsHandler();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    providerParameters.setClaimsManager(claimsManager);
    ClaimCollection requestedClaims = new ClaimCollection();
    Claim requestClaim = new Claim();
    requestClaim.setClaimType(ClaimTypes.LASTNAME);
    requestClaim.setOptional(true);
    requestedClaims.add(requestClaim);
    requestClaim = new Claim();
    requestClaim.setClaimType(ROLE_CLAIM);
    requestClaim.addValue("admin");
    requestClaim.addValue("manager");
    requestClaim.addValue("user");
    requestClaim.setOptional(false);
    requestedClaims.add(requestClaim);
    requestClaim = new Claim();
    requestClaim.setClaimType(ClaimTypes.EMAILADDRESS);
    requestClaim.setOptional(false);
    requestedClaims.add(requestClaim);
    providerParameters.setRequestedSecondaryClaims(requestedClaims);
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    return (Element) providerResponse.getToken();
}
Also used : ClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider) ClaimsHandler(org.apache.cxf.sts.claims.ClaimsHandler) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) ClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider) AttributeStatementProvider(org.apache.cxf.sts.token.provider.AttributeStatementProvider) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) Claim(org.apache.cxf.rt.security.claims.Claim) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 4 with CustomClaimsHandler

use of org.apache.cxf.sts.common.CustomClaimsHandler in project cxf by apache.

the class IssueSamlClaimsUnitTest method testIssueSaml1Token.

/**
 * Test to successfully issue a Saml 1.1 token.
 */
@org.junit.Test
public void testIssueSaml1Token() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    addTokenProvider(issueOperation);
    addService(issueOperation);
    addSTSProperties(issueOperation);
    // Set the ClaimsManager
    ClaimsManager claimsManager = new ClaimsManager();
    ClaimsHandler claimsHandler = new CustomClaimsHandler();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    issueOperation.setClaimsManager(claimsManager);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML_TOKEN_TYPE);
    request.getAny().add(tokenType);
    Element secondaryParameters = createSecondaryParameters();
    request.getAny().add(secondaryParameters);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    Map<String, Object> msgCtx = setupMessageContext();
    List<RequestSecurityTokenResponseType> securityTokenResponse = issueToken(issueOperation, request, new CustomTokenPrincipal("alice"), msgCtx);
    // Test the generated token.
    Element assertion = null;
    for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML1Constants.CONF_BEARER));
    assertTrue(tokenString.contains(ClaimTypes.LASTNAME.toString()));
    assertTrue(tokenString.contains(ROLE_CLAIM.toString()));
    assertTrue(tokenString.contains("administrator"));
}
Also used : ClaimsHandler(org.apache.cxf.sts.claims.ClaimsHandler) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) JAXBElement(javax.xml.bind.JAXBElement) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager)

Example 5 with CustomClaimsHandler

use of org.apache.cxf.sts.common.CustomClaimsHandler in project cxf by apache.

the class IssueSamlClaimsUnitTest method createSAMLAssertion.

/*
     * Mock up an SAML assertion element
     */
private Element createSAMLAssertion(String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, Map<String, RealmProperties> realms) throws WSSecurityException {
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    samlTokenProvider.setRealmMap(realms);
    samlTokenProvider.setAttributeStatementProviders(Collections.singletonList(new ClaimsAttributeStatementProvider()));
    TokenProviderParameters providerParameters = createProviderParameters(tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler);
    if (realms != null) {
        providerParameters.setRealm("A");
    }
    // Set the ClaimsManager
    ClaimsManager claimsManager = new ClaimsManager();
    ClaimsHandler claimsHandler = new CustomClaimsHandler();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    providerParameters.setClaimsManager(claimsManager);
    ClaimCollection requestedClaims = new ClaimCollection();
    Claim requestClaim = new Claim();
    requestClaim.setClaimType(ClaimTypes.LASTNAME);
    requestClaim.setOptional(false);
    requestedClaims.add(requestClaim);
    providerParameters.setRequestedSecondaryClaims(requestedClaims);
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    return (Element) providerResponse.getToken();
}
Also used : ClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider) ClaimsHandler(org.apache.cxf.sts.claims.ClaimsHandler) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) Claim(org.apache.cxf.rt.security.claims.Claim) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Aggregations

ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)33 ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)33 CustomClaimsHandler (org.apache.cxf.sts.common.CustomClaimsHandler)33 Element (org.w3c.dom.Element)28 JAXBElement (javax.xml.bind.JAXBElement)21 ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)18 Claim (org.apache.cxf.rt.security.claims.Claim)15 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)15 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)14 RequestedSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType)14 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)12 StaticClaimsHandler (org.apache.cxf.sts.claims.StaticClaimsHandler)11 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)11 ClaimsAttributeStatementProvider (org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider)10 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)9 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)9 JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)9 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)8 MessageImpl (org.apache.cxf.message.MessageImpl)8 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial