Examples with AttributeStatementBean org.apache.wss4j.common.saml.bean.AttributeStatementBean used on opensource projects

Search in sources :

Example 16 with AttributeStatementBean

use of org.apache.wss4j.common.saml.bean.AttributeStatementBean in project cxf by apache.

the class CustomAttributeStatementProvider method getStatement.

public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
    // Handle Claims
    ClaimsManager claimsManager = providerParameters.getClaimsManager();
    ProcessedClaimCollection retrievedClaims = new ProcessedClaimCollection();
    if (claimsManager != null) {
        ClaimsParameters params = new ClaimsParameters();
        params.setAdditionalProperties(providerParameters.getAdditionalProperties());
        params.setAppliesToAddress(providerParameters.getAppliesToAddress());
        params.setEncryptionProperties(providerParameters.getEncryptionProperties());
        params.setKeyRequirements(providerParameters.getKeyRequirements());
        params.setPrincipal(providerParameters.getPrincipal());
        params.setRealm(providerParameters.getRealm());
        params.setStsProperties(providerParameters.getStsProperties());
        params.setTokenRequirements(providerParameters.getTokenRequirements());
        params.setTokenStore(providerParameters.getTokenStore());
        params.setMessageContext(providerParameters.getMessageContext());
        retrievedClaims = claimsManager.retrieveClaimValues(providerParameters.getRequestedPrimaryClaims(), providerParameters.getRequestedSecondaryClaims(), params);
    }
    if (retrievedClaims == null) {
        return null;
    }
    Iterator<ProcessedClaim> claimIterator = retrievedClaims.iterator();
    if (!claimIterator.hasNext()) {
        return null;
    }
    List<AttributeBean> attributeList = new ArrayList<>();
    String tokenType = providerParameters.getTokenRequirements().getTokenType();
    AttributeStatementBean attrBean = new AttributeStatementBean();
    while (claimIterator.hasNext()) {
        ProcessedClaim claim = claimIterator.next();
        AttributeBean attributeBean = new AttributeBean();
        URI claimType = claim.getClaimType();
        if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
            attributeBean.setQualifiedName(claimType.toString());
            attributeBean.setNameFormat(nameFormat);
        } else {
            String uri = claimType.toString();
            int lastSlash = uri.lastIndexOf("/");
            if (lastSlash == (uri.length() - 1)) {
                uri = uri.substring(0, lastSlash);
                lastSlash = uri.lastIndexOf("/");
            }
            String namespace = uri.substring(0, lastSlash);
            String name = uri.substring(lastSlash + 1, uri.length());
            attributeBean.setSimpleName(name);
            attributeBean.setQualifiedName(namespace);
        }
        attributeBean.setAttributeValues(claim.getValues());
        attributeList.add(attributeBean);
    }
    attrBean.setSamlAttributes(attributeList);
    return attrBean;
}
Also used : AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) ProcessedClaimCollection(org.apache.cxf.sts.claims.ProcessedClaimCollection) ProcessedClaim(org.apache.cxf.sts.claims.ProcessedClaim) ArrayList(java.util.ArrayList) ClaimsManager(org.apache.cxf.sts.claims.ClaimsManager) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) URI(java.net.URI) ClaimsParameters(org.apache.cxf.sts.claims.ClaimsParameters)

Example 17 with AttributeStatementBean

use of org.apache.wss4j.common.saml.bean.AttributeStatementBean in project cxf by apache.

the class SCTSAMLTokenProvider method createCallbackHandler.

public SamlCallbackHandler createCallbackHandler(TokenProviderParameters tokenParameters, byte[] secret, Document doc) throws Exception {
    // Parse the AttributeStatements
    List<AttributeStatementBean> attrBeanList = null;
    if (attributeStatementProviders != null && !attributeStatementProviders.isEmpty()) {
        attrBeanList = new ArrayList<>();
        for (AttributeStatementProvider statementProvider : attributeStatementProviders) {
            AttributeStatementBean statementBean = statementProvider.getStatement(tokenParameters);
            if (statementBean != null) {
                LOG.fine("AttributeStatements" + statementBean.toString() + "returned by AttributeStatementProvider " + statementProvider.getClass().getName());
                attrBeanList.add(statementBean);
            }
        }
    }
    // If no statements, then default to the DefaultAttributeStatementProvider
    if (attrBeanList == null || attrBeanList.isEmpty()) {
        attrBeanList = new ArrayList<>();
        AttributeStatementProvider attributeProvider = new DefaultAttributeStatementProvider();
        AttributeStatementBean attributeBean = attributeProvider.getStatement(tokenParameters);
        attrBeanList.add(attributeBean);
    }
    // Get the Subject and Conditions
    SubjectProviderParameters subjectProviderParameters = new SubjectProviderParameters();
    subjectProviderParameters.setProviderParameters(tokenParameters);
    subjectProviderParameters.setDoc(doc);
    subjectProviderParameters.setSecret(secret);
    subjectProviderParameters.setAttrBeanList(attrBeanList);
    SubjectBean subjectBean = subjectProvider.getSubject(subjectProviderParameters);
    ConditionsBean conditionsBean = conditionsProvider.getConditions(tokenParameters);
    // Set all of the beans on the SamlCallbackHandler
    SamlCallbackHandler handler = new SamlCallbackHandler();
    handler.setTokenProviderParameters(tokenParameters);
    handler.setSubjectBean(subjectBean);
    handler.setConditionsBean(conditionsBean);
    handler.setAttributeBeans(attrBeanList);
    return handler;
}
Also used : SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) SamlCallbackHandler(org.apache.cxf.sts.token.provider.SamlCallbackHandler) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) DefaultAttributeStatementProvider(org.apache.cxf.sts.token.provider.DefaultAttributeStatementProvider) AttributeStatementProvider(org.apache.cxf.sts.token.provider.AttributeStatementProvider) DefaultAttributeStatementProvider(org.apache.cxf.sts.token.provider.DefaultAttributeStatementProvider) SubjectProviderParameters(org.apache.cxf.sts.token.provider.SubjectProviderParameters)

Example 18 with AttributeStatementBean

use of org.apache.wss4j.common.saml.bean.AttributeStatementBean in project cxf by apache.

the class AbstractSAMLCallbackHandler method createAndSetStatement.

/**
 * Note that the SubjectBean parameter should be null for SAML2.0
 */
protected void createAndSetStatement(SubjectBean subjectBean, SAMLCallback callback) {
    if (statement == Statement.AUTHN) {
        AuthenticationStatementBean authBean = new AuthenticationStatementBean();
        if (subjectBean != null) {
            authBean.setSubject(subjectBean);
        }
        if (subjectLocalityIpAddress != null || subjectLocalityDnsAddress != null) {
            SubjectLocalityBean subjectLocality = new SubjectLocalityBean();
            subjectLocality.setIpAddress(subjectLocalityIpAddress);
            subjectLocality.setDnsAddress(subjectLocalityDnsAddress);
            authBean.setSubjectLocality(subjectLocality);
        }
        authBean.setAuthenticationInstant(authnInstant);
        authBean.setSessionNotOnOrAfter(sessionNotOnOrAfter);
        authBean.setAuthenticationMethod("Password");
        callback.setAuthenticationStatementData(Collections.singletonList(authBean));
    } else if (statement == Statement.ATTR) {
        AttributeStatementBean attrBean = new AttributeStatementBean();
        AttributeBean attributeBean = new AttributeBean();
        if (subjectBean != null) {
            attrBean.setSubject(subjectBean);
            attributeBean.setSimpleName("role");
            attributeBean.setQualifiedName("http://custom-ns");
        } else {
            attributeBean.setQualifiedName("role");
        }
        if (customAttributeValues != null) {
            attributeBean.setAttributeValues(customAttributeValues);
        } else {
            attributeBean.addAttributeValue("user");
        }
        attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
        callback.setAttributeStatementData(Collections.singletonList(attrBean));
    } else {
        AuthDecisionStatementBean authzBean = new AuthDecisionStatementBean();
        if (subjectBean != null) {
            authzBean.setSubject(subjectBean);
        }
        ActionBean actionBean = new ActionBean();
        actionBean.setContents("Read");
        authzBean.setActions(Collections.singletonList(actionBean));
        authzBean.setResource("endpoint");
        authzBean.setDecision(AuthDecisionStatementBean.Decision.PERMIT);
        authzBean.setResource(resource);
        callback.setAuthDecisionStatementData(Collections.singletonList(authzBean));
    }
}
Also used : SubjectLocalityBean(org.apache.wss4j.common.saml.bean.SubjectLocalityBean) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) AuthenticationStatementBean(org.apache.wss4j.common.saml.bean.AuthenticationStatementBean) AuthDecisionStatementBean(org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) ActionBean(org.apache.wss4j.common.saml.bean.ActionBean)

Example 19 with AttributeStatementBean

use of org.apache.wss4j.common.saml.bean.AttributeStatementBean in project cxf by apache.

the class SamlCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    Message m = PhaseInterceptorChain.getCurrentMessage();
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (saml2) {
                callback.setSamlVersion(Version.SAML_20);
            } else {
                callback.setSamlVersion(Version.SAML_11);
            }
            callback.setIssuer("https://idp.example.org/SAML2");
            String subjectName = null;
            if (m != null) {
                subjectName = (String) m.getContextualProperty("saml.subject.name");
            }
            if (subjectName == null) {
                subjectName = "uid=sts-client,o=mock-sts.com";
            }
            String subjectQualifier = "www.mock-sts.com";
            if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
                confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    CryptoLoader loader = new CryptoLoader();
                    Crypto crypto = loader.getCrypto(m, SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES);
                    X509Certificate cert = RSSecurityUtils.getCertificates(crypto, RSSecurityUtils.getUserName(m, crypto, SecurityConstants.SIGNATURE_USERNAME))[0];
                    KeyInfoBean keyInfo = new KeyInfoBean();
                    keyInfo.setCertificate(cert);
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new RuntimeException(ex);
                }
            }
            callback.setSubject(subjectBean);
            ConditionsBean conditions = new ConditionsBean();
            AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
            audienceRestriction.setAudienceURIs(Collections.singletonList("https://sp.example.com/SAML2"));
            conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
            callback.setConditions(conditions);
            AuthDecisionStatementBean authDecBean = new AuthDecisionStatementBean();
            authDecBean.setDecision(Decision.INDETERMINATE);
            authDecBean.setResource("https://sp.example.com/SAML2");
            ActionBean actionBean = new ActionBean();
            actionBean.setContents("Read");
            authDecBean.setActions(Collections.singletonList(actionBean));
            callback.setAuthDecisionStatementData(Collections.singletonList(authDecBean));
            AuthenticationStatementBean authBean = new AuthenticationStatementBean();
            authBean.setSubject(subjectBean);
            authBean.setAuthenticationInstant(new DateTime());
            authBean.setSessionIndex("123456");
            // AuthnContextClassRef is not set
            authBean.setAuthenticationMethod("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
            callback.setAuthenticationStatementData(Collections.singletonList(authBean));
            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);
            List<String> roles = null;
            if (m != null) {
                roles = CastUtils.cast((List<?>) m.getContextualProperty("saml.roles"));
            }
            if (roles == null) {
                roles = Collections.singletonList("user");
            }
            List<AttributeBean> claims = new ArrayList<>();
            AttributeBean roleClaim = new AttributeBean();
            roleClaim.setSimpleName("subject-role");
            roleClaim.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
            roleClaim.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
            roleClaim.setAttributeValues(new ArrayList<>(roles));
            claims.add(roleClaim);
            List<String> authMethods = null;
            if (m != null) {
                authMethods = CastUtils.cast((List<?>) m.getContextualProperty("saml.auth"));
            }
            if (authMethods == null) {
                authMethods = Collections.singletonList("password");
            }
            AttributeBean authClaim = new AttributeBean();
            authClaim.setSimpleName("http://claims/authentication");
            authClaim.setQualifiedName("http://claims/authentication");
            authClaim.setNameFormat("http://claims/authentication-format");
            authClaim.setAttributeValues(new ArrayList<>(authMethods));
            claims.add(authClaim);
            attrBean.setSamlAttributes(claims);
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
            callback.setSignatureAlgorithm(signatureAlgorithm);
            callback.setSignatureDigestAlgorithm(digestAlgorithm);
            callback.setSignAssertion(signAssertion);
        }
    }
}
Also used : KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean) Message(org.apache.cxf.message.Message) AuthenticationStatementBean(org.apache.wss4j.common.saml.bean.AuthenticationStatementBean) CryptoLoader(org.apache.cxf.rs.security.common.CryptoLoader) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) ArrayList(java.util.ArrayList) ActionBean(org.apache.wss4j.common.saml.bean.ActionBean) X509Certificate(java.security.cert.X509Certificate) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) DateTime(org.joda.time.DateTime) SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) Crypto(org.apache.wss4j.common.crypto.Crypto) AuthDecisionStatementBean(org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) ArrayList(java.util.ArrayList) List(java.util.List) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean)

Aggregations

AttributeStatementBean (org.apache.wss4j.common.saml.bean.AttributeStatementBean)19 AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)15 SubjectBean (org.apache.wss4j.common.saml.bean.SubjectBean)11 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)10 IOException (java.io.IOException)7 ArrayList (java.util.ArrayList)7 Crypto (org.apache.wss4j.common.crypto.Crypto)7 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)5 AuthDecisionStatementBean (org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean)5 AuthenticationStatementBean (org.apache.wss4j.common.saml.bean.AuthenticationStatementBean)5 KeyInfoBean (org.apache.wss4j.common.saml.bean.KeyInfoBean)5 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)4 ActionBean (org.apache.wss4j.common.saml.bean.ActionBean)4 ConditionsBean (org.apache.wss4j.common.saml.bean.ConditionsBean)4 URI (java.net.URI)2 List (java.util.List)2 Message (org.apache.cxf.message.Message)2 ProcessedClaim (org.apache.cxf.sts.claims.ProcessedClaim)2 ProcessedClaimCollection (org.apache.cxf.sts.claims.ProcessedClaimCollection)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial