Examples with SamlSecurityToken org.apache.wss4j.stax.securityToken.SamlSecurityToken used on opensource projects

Example 1 with SamlSecurityToken

use of org.apache.wss4j.stax.securityToken.SamlSecurityToken in project cxf by apache.

the class CustomStaxSamlValidator method validate.

@SuppressWarnings("unchecked")
@Override
public <T extends SamlSecurityToken & InboundSecurityToken> T validate(final SamlAssertionWrapper samlAssertionWrapper, final InboundSecurityToken subjectSecurityToken, final TokenContext tokenContext) throws WSSecurityException {
    // jdk 1.6 compiler bug? http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6302954
    // type parameters of <T>T cannot be determined; no unique maximal instance exists for type variable T with
    // upper bounds org.apache.wss4j.stax.securityToken.SamlSecurityToken,
    // org.apache.wss4j.stax.securityToken.SamlSecurityToken,
    // org.apache.xml.security.stax.ext.securityToken.InboundSecurityToken
    // works fine on jdk 1.7
    final SamlSecurityToken token = super.</*fake @see above*/
    SamlSecurityTokenImpl>validate(samlAssertionWrapper, subjectSecurityToken, tokenContext);
    // 
    if (!"www.example.com".equals(samlAssertionWrapper.getIssuerString())) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    if (requireSAML1Assertion && samlAssertionWrapper.getSaml1() == null) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    } else if (!requireSAML1Assertion && samlAssertionWrapper.getSaml2() == null) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    String confirmationMethod = samlAssertionWrapper.getConfirmationMethods().get(0);
    if (confirmationMethod == null) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    if (requireSenderVouches && !OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    } else if (!requireSenderVouches && !OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    return (T) token;
}

Example 2 with SamlSecurityToken

use of org.apache.wss4j.stax.securityToken.SamlSecurityToken in project cxf by apache.

the class TokenIssueOperation method fetchSAMLAssertionFromWSSecuritySAMLToken.

/**
 * Method to fetch SAML assertion from the WS-Security header
 */
private static SamlAssertionWrapper fetchSAMLAssertionFromWSSecuritySAMLToken(Map<String, Object> messageContext) {
    final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) messageContext.get(WSHandlerConstants.RECV_RESULTS));
    // Try DOM results first
    if (handlerResults != null && !handlerResults.isEmpty()) {
        WSHandlerResult handlerResult = handlerResults.get(0);
        List<WSSecurityEngineResult> engineResults = handlerResult.getResults();
        for (WSSecurityEngineResult engineResult : engineResults) {
            Object token = engineResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
            if (token instanceof SamlAssertionWrapper) {
                return (SamlAssertionWrapper) token;
            }
        }
    }
    // Now try steaming results
    try {
        org.apache.xml.security.stax.securityToken.SecurityToken securityToken = findInboundSecurityToken(WSSecurityEventConstants.SAML_TOKEN, messageContext);
        if (securityToken instanceof SamlSecurityToken && ((SamlSecurityToken) securityToken).getSamlAssertionWrapper() != null) {
            return ((SamlSecurityToken) securityToken).getSamlAssertionWrapper();
        }
    } catch (XMLSecurityException e) {
        LOG.log(Level.FINE, e.getMessage(), e);
        return null;
    }
    return null;
}