Example 21 with OnBehalfOfType
use of org.apache.cxf.ws.security.sts.provider.model.OnBehalfOfType in project cxf by apache.
the class JexlIssueSamlClaimsTest method createRequest.
private RequestSecurityTokenType createRequest(Map<String, RealmProperties> realms, Crypto crypto) throws WSSecurityException {
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType = new JAXBElement<>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
request.getAny().add(tokenType);
// Add a ClaimsType
ClaimsType claimsType = new ClaimsType();
claimsType.setDialect(STSConstants.IDT_NS_05_05);
Document doc = DOMUtils.getEmptyDocument();
Element claimType = createClaimsType(doc, ClaimTypes.LASTNAME);
claimsType.getAny().add(claimType);
claimType = createClaimsType(doc, ROLE_CLAIM);
claimsType.getAny().add(claimType);
JAXBElement<ClaimsType> claimsTypeJaxb = new JAXBElement<>(QNameConstants.CLAIMS, ClaimsType.class, claimsType);
request.getAny().add(claimsTypeJaxb);
// request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
// create a SAML Token via the SAMLTokenProvider which contains claims
CallbackHandler callbackHandler = new PasswordCallbackHandler();
Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey", callbackHandler, realms);
Document docToken = samlToken.getOwnerDocument();
samlToken = (Element) docToken.appendChild(samlToken);
String samlString = DOM2Writer.nodeToString(samlToken);
assertTrue(samlString.contains("AttributeStatement"));
assertTrue(samlString.contains("alice"));
assertTrue(samlString.contains("doe"));
assertTrue(samlString.contains(ClaimTypes.EMAILADDRESS.toString()));
assertTrue(samlString.contains(ROLE_CLAIM.toString()));
assertTrue(samlString.contains("admin"));
assertTrue(samlString.contains("manager"));
assertTrue(samlString.contains("user"));
assertTrue(samlString.contains(SAML2Constants.CONF_BEARER));
// add SAML token as On-Behalf-Of element
OnBehalfOfType onbehalfof = new OnBehalfOfType();
onbehalfof.setAny(samlToken);
JAXBElement<OnBehalfOfType> onbehalfofType = new JAXBElement<>(QNameConstants.ON_BEHALF_OF, OnBehalfOfType.class, onbehalfof);
request.getAny().add(onbehalfofType);
return request;
}
Also used :
OnBehalfOfType(org.apache.cxf.ws.security.sts.provider.model.OnBehalfOfType)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
ClaimsType(org.apache.cxf.ws.security.sts.provider.model.ClaimsType)
RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
JAXBElement(javax.xml.bind.JAXBElement)
Document(org.w3c.dom.Document)
Example 22 with OnBehalfOfType
use of org.apache.cxf.ws.security.sts.provider.model.OnBehalfOfType in project cxf by apache.
the class RequestParser method parseTokenRequirements.
/**
* Parse the Token requirements into the TokenRequirements argument.
*/
private static boolean parseTokenRequirements(JAXBElement<?> jaxbElement, TokenRequirements tokenRequirements, Map<String, Object> messageContext, List<ClaimsParser> claimsParsers) {
if (QNameConstants.TOKEN_TYPE.equals(jaxbElement.getName())) {
String tokenType = (String) jaxbElement.getValue();
tokenRequirements.setTokenType(tokenType);
} else if (QNameConstants.ON_BEHALF_OF.equals(jaxbElement.getName())) {
OnBehalfOfType onBehalfOfType = (OnBehalfOfType) jaxbElement.getValue();
ReceivedToken onBehalfOf = new ReceivedToken(onBehalfOfType.getAny());
tokenRequirements.setOnBehalfOf(onBehalfOf);
} else if (QNameConstants.ACT_AS.equals(jaxbElement.getName())) {
ActAsType actAsType = (ActAsType) jaxbElement.getValue();
ReceivedToken actAs = new ReceivedToken(actAsType.getAny());
tokenRequirements.setActAs(actAs);
} else if (QNameConstants.LIFETIME.equals(jaxbElement.getName())) {
LifetimeType lifetimeType = (LifetimeType) jaxbElement.getValue();
Lifetime lifetime = new Lifetime();
if (lifetimeType.getCreated() != null) {
lifetime.setCreated(lifetimeType.getCreated().getValue());
}
if (lifetimeType.getExpires() != null) {
lifetime.setExpires(lifetimeType.getExpires().getValue());
}
tokenRequirements.setLifetime(lifetime);
} else if (QNameConstants.VALIDATE_TARGET.equals(jaxbElement.getName())) {
ValidateTargetType validateTargetType = (ValidateTargetType) jaxbElement.getValue();
ReceivedToken validateTarget = new ReceivedToken(validateTargetType.getAny());
if (isTokenReferenced(validateTarget.getToken())) {
Element target = fetchTokenElementFromReference(validateTarget.getToken(), messageContext);
validateTarget = new ReceivedToken(target);
}
tokenRequirements.setValidateTarget(validateTarget);
} else if (QNameConstants.CANCEL_TARGET.equals(jaxbElement.getName())) {
CancelTargetType cancelTargetType = (CancelTargetType) jaxbElement.getValue();
ReceivedToken cancelTarget = new ReceivedToken(cancelTargetType.getAny());
if (isTokenReferenced(cancelTarget.getToken())) {
Element target = fetchTokenElementFromReference(cancelTarget.getToken(), messageContext);
cancelTarget = new ReceivedToken(target);
}
tokenRequirements.setCancelTarget(cancelTarget);
} else if (QNameConstants.RENEW_TARGET.equals(jaxbElement.getName())) {
RenewTargetType renewTargetType = (RenewTargetType) jaxbElement.getValue();
ReceivedToken renewTarget = new ReceivedToken(renewTargetType.getAny());
if (isTokenReferenced(renewTarget.getToken())) {
Element target = fetchTokenElementFromReference(renewTarget.getToken(), messageContext);
renewTarget = new ReceivedToken(target);
}
tokenRequirements.setRenewTarget(renewTarget);
} else if (QNameConstants.CLAIMS.equals(jaxbElement.getName())) {
ClaimsType claimsType = (ClaimsType) jaxbElement.getValue();
ClaimCollection requestedClaims = parseClaims(claimsType, claimsParsers);
tokenRequirements.setPrimaryClaims(requestedClaims);
} else if (QNameConstants.RENEWING.equals(jaxbElement.getName())) {
RenewingType renewingType = (RenewingType) jaxbElement.getValue();
Renewing renewing = new Renewing();
if (renewingType.isAllow() != null) {
renewing.setAllowRenewing(renewingType.isAllow());
}
if (renewingType.isOK() != null) {
renewing.setAllowRenewingAfterExpiry(renewingType.isOK());
}
tokenRequirements.setRenewing(renewing);
} else if (QNameConstants.PARTICIPANTS.equals(jaxbElement.getName())) {
ParticipantsType participantsType = (ParticipantsType) jaxbElement.getValue();
Participants participants = parseParticipants(participantsType);
tokenRequirements.setParticipants(participants);
} else {
return false;
}
return true;
}
Also used :
ClaimsType(org.apache.cxf.ws.security.sts.provider.model.ClaimsType)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
CancelTargetType(org.apache.cxf.ws.security.sts.provider.model.CancelTargetType)
ActAsType(org.apache.cxf.ws.security.sts.provider.model.wstrust14.ActAsType)
OnBehalfOfType(org.apache.cxf.ws.security.sts.provider.model.OnBehalfOfType)
RenewTargetType(org.apache.cxf.ws.security.sts.provider.model.RenewTargetType)
LifetimeType(org.apache.cxf.ws.security.sts.provider.model.LifetimeType)
ValidateTargetType(org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
RenewingType(org.apache.cxf.ws.security.sts.provider.model.RenewingType)
ParticipantsType(org.apache.cxf.ws.security.sts.provider.model.ParticipantsType)
Aggregations
JAXBElement (javax.xml.bind.JAXBElement)22
OnBehalfOfType (org.apache.cxf.ws.security.sts.provider.model.OnBehalfOfType)22
PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)21
RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)21
WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)20
MessageImpl (org.apache.cxf.message.MessageImpl)20
STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)20
TokenDelegationHandler (org.apache.cxf.sts.token.delegation.TokenDelegationHandler)20
Crypto (org.apache.wss4j.common.crypto.Crypto)20
Element (org.w3c.dom.Element)20
CallbackHandler (javax.security.auth.callback.CallbackHandler)18
Document (org.w3c.dom.Document)18
SAMLTokenValidator (org.apache.cxf.sts.token.validator.SAMLTokenValidator)17
RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)17
StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)16
ServiceMBean (org.apache.cxf.sts.service.ServiceMBean)16
StaticService (org.apache.cxf.sts.service.StaticService)16
UsernameTokenDelegationHandler (org.apache.cxf.sts.token.delegation.UsernameTokenDelegationHandler)16
AttributedString (org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString)16
PasswordString (org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString)16
