Examples with ClaimsType org.apache.cxf.ws.security.sts.provider.model.ClaimsType used on opensource projects

Search in sources :

Example 11 with ClaimsType

use of org.apache.cxf.ws.security.sts.provider.model.ClaimsType in project cxf by apache.

the class JexlIssueSamlClaimsTest method createRequest.

private RequestSecurityTokenType createRequest(Map<String, RealmProperties> realms, Crypto crypto) throws WSSecurityException {
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
    request.getAny().add(tokenType);
    // Add a ClaimsType
    ClaimsType claimsType = new ClaimsType();
    claimsType.setDialect(STSConstants.IDT_NS_05_05);
    Document doc = DOMUtils.getEmptyDocument();
    Element claimType = createClaimsType(doc, ClaimTypes.LASTNAME);
    claimsType.getAny().add(claimType);
    claimType = createClaimsType(doc, ROLE_CLAIM);
    claimsType.getAny().add(claimType);
    JAXBElement<ClaimsType> claimsTypeJaxb = new JAXBElement<>(QNameConstants.CLAIMS, ClaimsType.class, claimsType);
    request.getAny().add(claimsTypeJaxb);
    // request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    // create a SAML Token via the SAMLTokenProvider which contains claims
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey", callbackHandler, realms);
    Document docToken = samlToken.getOwnerDocument();
    samlToken = (Element) docToken.appendChild(samlToken);
    String samlString = DOM2Writer.nodeToString(samlToken);
    assertTrue(samlString.contains("AttributeStatement"));
    assertTrue(samlString.contains("alice"));
    assertTrue(samlString.contains("doe"));
    assertTrue(samlString.contains(ClaimTypes.EMAILADDRESS.toString()));
    assertTrue(samlString.contains(ROLE_CLAIM.toString()));
    assertTrue(samlString.contains("admin"));
    assertTrue(samlString.contains("manager"));
    assertTrue(samlString.contains("user"));
    assertTrue(samlString.contains(SAML2Constants.CONF_BEARER));
    // add SAML token as On-Behalf-Of element
    OnBehalfOfType onbehalfof = new OnBehalfOfType();
    onbehalfof.setAny(samlToken);
    JAXBElement<OnBehalfOfType> onbehalfofType = new JAXBElement<>(QNameConstants.ON_BEHALF_OF, OnBehalfOfType.class, onbehalfof);
    request.getAny().add(onbehalfofType);
    return request;
}
Also used : OnBehalfOfType(org.apache.cxf.ws.security.sts.provider.model.OnBehalfOfType) CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) ClaimsType(org.apache.cxf.ws.security.sts.provider.model.ClaimsType) RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) JAXBElement(javax.xml.bind.JAXBElement) Document(org.w3c.dom.Document)

Example 12 with ClaimsType

use of org.apache.cxf.ws.security.sts.provider.model.ClaimsType in project cxf by apache.

the class ValidateTokenTransformationUnitTest method testValidateSaml2TokenOnBehalfOfSaml2DifferentRealmFederateClaims.

/**
 * Test to successfully validate a SAML 2 Token issued by realm "A" and
 * transform it into a SAML 2 token (realm "B")
 * The relationship type between realm A and B is: FederateClaims
 */
@org.junit.Test
public void testValidateSaml2TokenOnBehalfOfSaml2DifferentRealmFederateClaims() throws Exception {
    TokenValidateOperation validateOperation = new TokenValidateOperation();
    Map<String, RealmProperties> realms = createSamlRealms();
    // Add Token Provider
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    samlTokenProvider.setRealmMap(realms);
    samlTokenProvider.setAttributeStatementProviders(Collections.singletonList(new ClaimsAttributeStatementProvider()));
    validateOperation.setTokenProviders(Collections.singletonList(samlTokenProvider));
    // Add Token Validator
    SAMLTokenValidator samlTokenValidator = new SAMLTokenValidator();
    samlTokenValidator.setSamlRealmCodec(new IssuerSAMLRealmCodec());
    validateOperation.setTokenValidators(Collections.singletonList(samlTokenValidator));
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    validateOperation.setServices(Collections.singletonList(service));
    // Add Relationship list
    Relationship rs = createRelationship();
    // Add STSProperties object
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    STSPropertiesMBean stsProperties = createSTSPropertiesMBean(crypto);
    stsProperties.setRealmParser(new CustomRealmParser());
    stsProperties.setIdentityMapper(new CustomIdentityMapper());
    stsProperties.setRelationships(Collections.singletonList(rs));
    validateOperation.setStsProperties(stsProperties);
    // Set the ClaimsManager
    ClaimsManager claimsManager = new ClaimsManager();
    claimsManager.setClaimHandlers(Collections.singletonList((ClaimsHandler) new CustomClaimsHandler()));
    validateOperation.setClaimsManager(claimsManager);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
    request.getAny().add(tokenType);
    // Add a ClaimsType
    ClaimsType claimsType = new ClaimsType();
    claimsType.setDialect(STSConstants.IDT_NS_05_05);
    Document doc = DOMUtils.createDocument();
    Element claimType = createClaimsType(doc);
    claimsType.getAny().add(claimType);
    JAXBElement<ClaimsType> claimsTypeJaxb = new JAXBElement<ClaimsType>(QNameConstants.CLAIMS, ClaimsType.class, claimsType);
    request.getAny().add(claimsTypeJaxb);
    // request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    // create a SAML Token via the SAMLTokenProvider which contains claims
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey", callbackHandler, realms);
    Document docToken = samlToken.getOwnerDocument();
    samlToken = (Element) docToken.appendChild(samlToken);
    String samlString = DOM2Writer.nodeToString(samlToken);
    assertTrue(samlString.contains("AttributeStatement"));
    assertTrue(samlString.contains("alice"));
    assertTrue(samlString.contains("doe"));
    assertTrue(samlString.contains(SAML2Constants.CONF_BEARER));
    // Add SAML token as ValidateTarget element
    ValidateTargetType validateTarget = new ValidateTargetType();
    validateTarget.setAny(samlToken);
    JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
    request.getAny().add(validateTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    msgCtx.put("url", "https");
    // Validate a token
    RequestSecurityTokenResponseType response = validateOperation.validate(request, null, msgCtx);
    assertTrue(validateResponse(response));
    // Test the generated token.
    Element assertion = null;
    for (Object tokenObject : response.getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    // subject unchanged
    assertTrue(tokenString.contains("alice"));
    // claim changed (to uppercase)
    assertTrue(tokenString.contains("DOE"));
    assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) ServiceMBean(org.apache.cxf.sts.service.ServiceMBean) RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) PasswordString(org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString) AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) StaticService(org.apache.cxf.sts.service.StaticService) Document(org.w3c.dom.Document) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) IssuerSAMLRealmCodec(org.apache.cxf.sts.token.validator.IssuerSAMLRealmCodec) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) RealmProperties(org.apache.cxf.sts.token.realm.RealmProperties) ClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider) ClaimsHandler(org.apache.cxf.sts.claims.ClaimsHandler) CustomClaimsHandler(org.apache.cxf.sts.common.CustomClaimsHandler) ClaimsType(org.apache.cxf.ws.security.sts.provider.model.ClaimsType) JAXBElement(javax.xml.bind.JAXBElement) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) Relationship(org.apache.cxf.sts.token.realm.Relationship) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) ValidateTargetType(org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType) MessageImpl(org.apache.cxf.message.MessageImpl)

Example 13 with ClaimsType

use of org.apache.cxf.ws.security.sts.provider.model.ClaimsType in project cxf by apache.

the class RequestParser method parseTokenRequirements.

/**
 * Parse the Token requirements into the TokenRequirements argument.
 */
private static boolean parseTokenRequirements(JAXBElement<?> jaxbElement, TokenRequirements tokenRequirements, Map<String, Object> messageContext, List<ClaimsParser> claimsParsers) {
    if (QNameConstants.TOKEN_TYPE.equals(jaxbElement.getName())) {
        String tokenType = (String) jaxbElement.getValue();
        tokenRequirements.setTokenType(tokenType);
    } else if (QNameConstants.ON_BEHALF_OF.equals(jaxbElement.getName())) {
        OnBehalfOfType onBehalfOfType = (OnBehalfOfType) jaxbElement.getValue();
        ReceivedToken onBehalfOf = new ReceivedToken(onBehalfOfType.getAny());
        tokenRequirements.setOnBehalfOf(onBehalfOf);
    } else if (QNameConstants.ACT_AS.equals(jaxbElement.getName())) {
        ActAsType actAsType = (ActAsType) jaxbElement.getValue();
        ReceivedToken actAs = new ReceivedToken(actAsType.getAny());
        tokenRequirements.setActAs(actAs);
    } else if (QNameConstants.LIFETIME.equals(jaxbElement.getName())) {
        LifetimeType lifetimeType = (LifetimeType) jaxbElement.getValue();
        Lifetime lifetime = new Lifetime();
        if (lifetimeType.getCreated() != null) {
            lifetime.setCreated(lifetimeType.getCreated().getValue());
        }
        if (lifetimeType.getExpires() != null) {
            lifetime.setExpires(lifetimeType.getExpires().getValue());
        }
        tokenRequirements.setLifetime(lifetime);
    } else if (QNameConstants.VALIDATE_TARGET.equals(jaxbElement.getName())) {
        ValidateTargetType validateTargetType = (ValidateTargetType) jaxbElement.getValue();
        ReceivedToken validateTarget = new ReceivedToken(validateTargetType.getAny());
        if (isTokenReferenced(validateTarget.getToken())) {
            Element target = fetchTokenElementFromReference(validateTarget.getToken(), messageContext);
            validateTarget = new ReceivedToken(target);
        }
        tokenRequirements.setValidateTarget(validateTarget);
    } else if (QNameConstants.CANCEL_TARGET.equals(jaxbElement.getName())) {
        CancelTargetType cancelTargetType = (CancelTargetType) jaxbElement.getValue();
        ReceivedToken cancelTarget = new ReceivedToken(cancelTargetType.getAny());
        if (isTokenReferenced(cancelTarget.getToken())) {
            Element target = fetchTokenElementFromReference(cancelTarget.getToken(), messageContext);
            cancelTarget = new ReceivedToken(target);
        }
        tokenRequirements.setCancelTarget(cancelTarget);
    } else if (QNameConstants.RENEW_TARGET.equals(jaxbElement.getName())) {
        RenewTargetType renewTargetType = (RenewTargetType) jaxbElement.getValue();
        ReceivedToken renewTarget = new ReceivedToken(renewTargetType.getAny());
        if (isTokenReferenced(renewTarget.getToken())) {
            Element target = fetchTokenElementFromReference(renewTarget.getToken(), messageContext);
            renewTarget = new ReceivedToken(target);
        }
        tokenRequirements.setRenewTarget(renewTarget);
    } else if (QNameConstants.CLAIMS.equals(jaxbElement.getName())) {
        ClaimsType claimsType = (ClaimsType) jaxbElement.getValue();
        ClaimCollection requestedClaims = parseClaims(claimsType, claimsParsers);
        tokenRequirements.setPrimaryClaims(requestedClaims);
    } else if (QNameConstants.RENEWING.equals(jaxbElement.getName())) {
        RenewingType renewingType = (RenewingType) jaxbElement.getValue();
        Renewing renewing = new Renewing();
        if (renewingType.isAllow() != null) {
            renewing.setAllowRenewing(renewingType.isAllow());
        }
        if (renewingType.isOK() != null) {
            renewing.setAllowRenewingAfterExpiry(renewingType.isOK());
        }
        tokenRequirements.setRenewing(renewing);
    } else if (QNameConstants.PARTICIPANTS.equals(jaxbElement.getName())) {
        ParticipantsType participantsType = (ParticipantsType) jaxbElement.getValue();
        Participants participants = parseParticipants(participantsType);
        tokenRequirements.setParticipants(participants);
    } else {
        return false;
    }
    return true;
}
Also used : ClaimsType(org.apache.cxf.ws.security.sts.provider.model.ClaimsType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) CancelTargetType(org.apache.cxf.ws.security.sts.provider.model.CancelTargetType) ActAsType(org.apache.cxf.ws.security.sts.provider.model.wstrust14.ActAsType) OnBehalfOfType(org.apache.cxf.ws.security.sts.provider.model.OnBehalfOfType) RenewTargetType(org.apache.cxf.ws.security.sts.provider.model.RenewTargetType) LifetimeType(org.apache.cxf.ws.security.sts.provider.model.LifetimeType) ValidateTargetType(org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType) ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection) RenewingType(org.apache.cxf.ws.security.sts.provider.model.RenewingType) ParticipantsType(org.apache.cxf.ws.security.sts.provider.model.ParticipantsType)

Aggregations

JAXBElement (javax.xml.bind.JAXBElement)13 ClaimsType (org.apache.cxf.ws.security.sts.provider.model.ClaimsType)13 Element (org.w3c.dom.Element)13 Document (org.w3c.dom.Document)12 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)11 ClaimsHandler (org.apache.cxf.sts.claims.ClaimsHandler)9 ClaimsManager (org.apache.cxf.sts.claims.ClaimsManager)9 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)9 RequestedSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType)9 CallbackHandler (javax.security.auth.callback.CallbackHandler)8 CustomClaimsHandler (org.apache.cxf.sts.common.CustomClaimsHandler)8 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)8 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)7 MessageImpl (org.apache.cxf.message.MessageImpl)7 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)7 SAMLTokenValidator (org.apache.cxf.sts.token.validator.SAMLTokenValidator)7 OnBehalfOfType (org.apache.cxf.ws.security.sts.provider.model.OnBehalfOfType)7 Crypto (org.apache.wss4j.common.crypto.Crypto)7 RealmProperties (org.apache.cxf.sts.token.realm.RealmProperties)6 Relationship (org.apache.cxf.sts.token.realm.Relationship)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial