Examples with AttributeStatementBean org.apache.wss4j.common.saml.bean.AttributeStatementBean used on opensource projects

Search in sources :

Example 11 with AttributeStatementBean

use of org.apache.wss4j.common.saml.bean.AttributeStatementBean in project cxf by apache.

the class SamlCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (saml2) {
                callback.setSamlVersion(Version.SAML_20);
            } else {
                callback.setSamlVersion(Version.SAML_11);
            }
            if (conditions != null) {
                callback.setConditions(conditions);
            }
            callback.setIssuer("sts");
            String subjectName = "uid=sts-client,o=mock-sts.com";
            String subjectQualifier = "www.mock-sts.com";
            if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
                confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);
            AttributeBean attributeBean = new AttributeBean();
            if (saml2) {
                attributeBean.setQualifiedName("subject-role");
            } else {
                attributeBean.setSimpleName("subject-role");
                attributeBean.setQualifiedName("http://custom-ns");
            }
            attributeBean.addAttributeValue("system-user");
            attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
            callback.setSignatureAlgorithm(signatureAlgorithm);
            callback.setSignatureDigestAlgorithm(digestAlgorithm);
            try {
                Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
                callback.setIssuerCrypto(crypto);
                callback.setIssuerKeyName(cryptoAlias);
                callback.setIssuerKeyPassword(cryptoPassword);
                callback.setSignAssertion(signAssertion);
            } catch (WSSecurityException e) {
                throw new IOException(e);
            }
        }
    }
}
Also used : SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 12 with AttributeStatementBean

use of org.apache.wss4j.common.saml.bean.AttributeStatementBean in project cxf by apache.

the class SamlRoleCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (saml2) {
                callback.setSamlVersion(Version.SAML_20);
            } else {
                callback.setSamlVersion(Version.SAML_11);
            }
            callback.setIssuer("sts");
            String subjectName = "uid=sts-client,o=mock-sts.com";
            String subjectQualifier = "www.mock-sts.com";
            if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
                confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);
            AttributeBean attributeBean = new AttributeBean();
            attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
            if (saml2) {
                attributeBean.setQualifiedName(ROLE_URI);
                attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
            } else {
                String uri = ROLE_URI.toString();
                int lastSlash = uri.lastIndexOf("/");
                if (lastSlash == (uri.length() - 1)) {
                    uri = uri.substring(0, lastSlash);
                    lastSlash = uri.lastIndexOf("/");
                }
                String namespace = uri.substring(0, lastSlash);
                String name = uri.substring(lastSlash + 1, uri.length());
                attributeBean.setSimpleName(name);
                attributeBean.setQualifiedName(namespace);
            }
            attributeBean.addAttributeValue(roleName);
            attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
            try {
                Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
                callback.setIssuerCrypto(crypto);
                callback.setIssuerKeyName(cryptoAlias);
                callback.setIssuerKeyPassword(cryptoPassword);
                callback.setSignAssertion(signAssertion);
            } catch (Exception ex) {
                throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
            }
        }
    }
}
Also used : SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) IOException(java.io.IOException) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException)

Example 13 with AttributeStatementBean

use of org.apache.wss4j.common.saml.bean.AttributeStatementBean in project cxf by apache.

the class ActAsAttributeStatementProvider method getStatement.

/**
 * Get an AttributeStatementBean using the given parameters.
 */
public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
    AttributeStatementBean attrBean = new AttributeStatementBean();
    TokenRequirements tokenRequirements = providerParameters.getTokenRequirements();
    ReceivedToken actAs = tokenRequirements.getActAs();
    try {
        if (actAs != null) {
            List<AttributeBean> attributeList = new ArrayList<>();
            String tokenType = tokenRequirements.getTokenType();
            AttributeBean parameterBean = handleAdditionalParameters(actAs.getToken(), tokenType);
            if (!parameterBean.getAttributeValues().isEmpty()) {
                attributeList.add(parameterBean);
            }
            attrBean.setSamlAttributes(attributeList);
        }
    } catch (WSSecurityException ex) {
        throw new STSException(ex.getMessage(), ex);
    }
    return attrBean;
}
Also used : AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) ArrayList(java.util.ArrayList) STSException(org.apache.cxf.ws.security.sts.provider.STSException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)

Example 14 with AttributeStatementBean

use of org.apache.wss4j.common.saml.bean.AttributeStatementBean in project cxf by apache.

the class SAMLTokenProvider method createCallbackHandler.

public SamlCallbackHandler createCallbackHandler(TokenProviderParameters tokenParameters, byte[] secret, RealmProperties samlRealm, Document doc) throws Exception {
    boolean statementAdded = false;
    // Parse the AttributeStatements
    List<AttributeStatementBean> attrBeanList = null;
    if (attributeStatementProviders != null && !attributeStatementProviders.isEmpty()) {
        attrBeanList = new ArrayList<>();
        for (AttributeStatementProvider statementProvider : attributeStatementProviders) {
            AttributeStatementBean statementBean = statementProvider.getStatement(tokenParameters);
            if (statementBean != null) {
                if (LOG.isLoggable(Level.FINE)) {
                    LOG.fine("AttributeStatements " + statementBean.toString() + " returned by AttributeStatementProvider " + statementProvider.getClass().getName());
                }
                attrBeanList.add(statementBean);
                statementAdded = true;
            }
        }
    }
    // Parse the AuthenticationStatements
    List<AuthenticationStatementBean> authBeanList = null;
    if (authenticationStatementProviders != null && !authenticationStatementProviders.isEmpty()) {
        authBeanList = new ArrayList<>();
        for (AuthenticationStatementProvider statementProvider : authenticationStatementProviders) {
            AuthenticationStatementBean statementBean = statementProvider.getStatement(tokenParameters);
            if (statementBean != null) {
                if (LOG.isLoggable(Level.FINE)) {
                    LOG.fine("AuthenticationStatement " + statementBean.toString() + " returned by AuthenticationStatementProvider " + statementProvider.getClass().getName());
                }
                authBeanList.add(statementBean);
                statementAdded = true;
            }
        }
    }
    // Parse the AuthDecisionStatements
    List<AuthDecisionStatementBean> authDecisionBeanList = null;
    if (authDecisionStatementProviders != null && !authDecisionStatementProviders.isEmpty()) {
        authDecisionBeanList = new ArrayList<>();
        for (AuthDecisionStatementProvider statementProvider : authDecisionStatementProviders) {
            AuthDecisionStatementBean statementBean = statementProvider.getStatement(tokenParameters);
            if (statementBean != null) {
                if (LOG.isLoggable(Level.FINE)) {
                    LOG.fine("AuthDecisionStatement " + statementBean.toString() + " returned by AuthDecisionStatementProvider " + statementProvider.getClass().getName());
                }
                authDecisionBeanList.add(statementBean);
                statementAdded = true;
            }
        }
    }
    // Also handle "ActAs" via the ActAsAttributeStatementProvider
    if (!statementAdded) {
        attrBeanList = new ArrayList<>();
        AttributeStatementProvider attributeProvider = new ClaimsAttributeStatementProvider();
        AttributeStatementBean attributeBean = attributeProvider.getStatement(tokenParameters);
        if (attributeBean != null && attributeBean.getSamlAttributes() != null && !attributeBean.getSamlAttributes().isEmpty()) {
            attrBeanList.add(attributeBean);
        } else {
            attributeProvider = new DefaultAttributeStatementProvider();
            attributeBean = attributeProvider.getStatement(tokenParameters);
            attrBeanList.add(attributeBean);
        }
        attributeProvider = new ActAsAttributeStatementProvider();
        attributeBean = attributeProvider.getStatement(tokenParameters);
        if (attributeBean != null && attributeBean.getSamlAttributes() != null && !attributeBean.getSamlAttributes().isEmpty()) {
            attrBeanList.add(attributeBean);
        }
    }
    // Get the Subject and Conditions
    SubjectProviderParameters subjectProviderParameters = new SubjectProviderParameters();
    subjectProviderParameters.setProviderParameters(tokenParameters);
    subjectProviderParameters.setDoc(doc);
    subjectProviderParameters.setSecret(secret);
    subjectProviderParameters.setAttrBeanList(attrBeanList);
    subjectProviderParameters.setAuthBeanList(authBeanList);
    subjectProviderParameters.setAuthDecisionBeanList(authDecisionBeanList);
    SubjectBean subjectBean = subjectProvider.getSubject(subjectProviderParameters);
    ConditionsBean conditionsBean = conditionsProvider.getConditions(tokenParameters);
    // Set all of the beans on the SamlCallbackHandler
    SamlCallbackHandler handler = new SamlCallbackHandler();
    handler.setTokenProviderParameters(tokenParameters);
    handler.setSubjectBean(subjectBean);
    handler.setConditionsBean(conditionsBean);
    handler.setAttributeBeans(attrBeanList);
    handler.setAuthenticationBeans(authBeanList);
    handler.setAuthDecisionStatementBeans(authDecisionBeanList);
    if (samlRealm != null) {
        handler.setIssuer(samlRealm.getIssuer());
    }
    return handler;
}
Also used : ClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) AuthenticationStatementBean(org.apache.wss4j.common.saml.bean.AuthenticationStatementBean) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) ClaimsAttributeStatementProvider(org.apache.cxf.sts.claims.ClaimsAttributeStatementProvider) SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) AuthDecisionStatementBean(org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean)

Example 15 with AttributeStatementBean

use of org.apache.wss4j.common.saml.bean.AttributeStatementBean in project cxf by apache.

the class ClaimsAttributeStatementProvider method getStatement.

public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
    // Handle Claims
    ProcessedClaimCollection retrievedClaims = ClaimsUtils.processClaims(providerParameters);
    if (retrievedClaims == null) {
        return null;
    }
    Iterator<ProcessedClaim> claimIterator = retrievedClaims.iterator();
    if (!claimIterator.hasNext()) {
        return null;
    }
    List<AttributeBean> attributeList = new ArrayList<>();
    String tokenType = providerParameters.getTokenRequirements().getTokenType();
    AttributeStatementBean attrBean = new AttributeStatementBean();
    while (claimIterator.hasNext()) {
        ProcessedClaim claim = claimIterator.next();
        AttributeBean attributeBean = new AttributeBean();
        URI claimType = claim.getClaimType();
        if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
            attributeBean.setQualifiedName(claimType.toString());
            attributeBean.setNameFormat(nameFormat);
        } else {
            String uri = claimType.toString();
            int lastSlash = uri.lastIndexOf("/");
            if (lastSlash == (uri.length() - 1)) {
                uri = uri.substring(0, lastSlash);
                lastSlash = uri.lastIndexOf("/");
            }
            String namespace = uri.substring(0, lastSlash);
            String name = uri.substring(lastSlash + 1, uri.length());
            attributeBean.setSimpleName(name);
            attributeBean.setQualifiedName(namespace);
        }
        attributeBean.setAttributeValues(claim.getValues());
        attributeList.add(attributeBean);
    }
    attrBean.setSamlAttributes(attributeList);
    return attrBean;
}
Also used : AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) ArrayList(java.util.ArrayList) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) URI(java.net.URI)

Aggregations

AttributeStatementBean (org.apache.wss4j.common.saml.bean.AttributeStatementBean)19 AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)15 SubjectBean (org.apache.wss4j.common.saml.bean.SubjectBean)11 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)10 IOException (java.io.IOException)7 ArrayList (java.util.ArrayList)7 Crypto (org.apache.wss4j.common.crypto.Crypto)7 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)5 AuthDecisionStatementBean (org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean)5 AuthenticationStatementBean (org.apache.wss4j.common.saml.bean.AuthenticationStatementBean)5 KeyInfoBean (org.apache.wss4j.common.saml.bean.KeyInfoBean)5 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)4 ActionBean (org.apache.wss4j.common.saml.bean.ActionBean)4 ConditionsBean (org.apache.wss4j.common.saml.bean.ConditionsBean)4 URI (java.net.URI)2 List (java.util.List)2 Message (org.apache.cxf.message.Message)2 ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)2 ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial