Example 1 with SubjectAndPrincipalSecurityToken
use of org.apache.wss4j.stax.securityToken.SubjectAndPrincipalSecurityToken in project cxf by apache.
the class StaxSecurityContextInInterceptor method doResults.
private void doResults(SoapMessage msg, List<SecurityEvent> incomingSecurityEventList) throws WSSecurityException {
// Now go through the results in a certain order to set up a security context. Highest priority is first.
List<Event> desiredSecurityEvents = new ArrayList<>();
desiredSecurityEvents.add(WSSecurityEventConstants.SAML_TOKEN);
desiredSecurityEvents.add(WSSecurityEventConstants.USERNAME_TOKEN);
desiredSecurityEvents.add(WSSecurityEventConstants.KERBEROS_TOKEN);
desiredSecurityEvents.add(WSSecurityEventConstants.X509Token);
desiredSecurityEvents.add(WSSecurityEventConstants.KeyValueToken);
for (Event desiredEvent : desiredSecurityEvents) {
SubjectAndPrincipalSecurityToken token = null;
try {
token = getSubjectPrincipalToken(incomingSecurityEventList, desiredEvent, msg);
} catch (XMLSecurityException ex) {
// proceed
}
if (token != null) {
Principal p = token.getPrincipal();
Subject subject = token.getSubject();
if (subject != null) {
String roleClassifier = (String) msg.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER);
if (roleClassifier != null && !"".equals(roleClassifier)) {
String roleClassifierType = (String) msg.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER_TYPE);
if (roleClassifierType == null || "".equals(roleClassifierType)) {
roleClassifierType = "prefix";
}
msg.put(SecurityContext.class, new RolePrefixSecurityContextImpl(subject, roleClassifier, roleClassifierType));
} else {
msg.put(SecurityContext.class, new DefaultSecurityContext(subject));
}
break;
} else if (p != null) {
if (desiredEvent == WSSecurityEventConstants.SAML_TOKEN) {
String roleAttributeName = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_ROLE_ATTRIBUTENAME, msg);
if (roleAttributeName == null || roleAttributeName.length() == 0) {
roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
}
Object receivedAssertion = ((SAMLTokenPrincipal) token.getPrincipal()).getToken();
if (receivedAssertion != null) {
ClaimCollection claims = SAMLUtils.getClaims((SamlAssertionWrapper) receivedAssertion);
Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
SAMLSecurityContext context = new SAMLSecurityContext(p, roles, claims);
msg.put(SecurityContext.class, context);
}
} else {
msg.put(SecurityContext.class, createSecurityContext(p));
}
break;
}
}
}
}
Also used :
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
Set(java.util.Set)
SubjectAndPrincipalSecurityToken(org.apache.wss4j.stax.securityToken.SubjectAndPrincipalSecurityToken)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
ArrayList(java.util.ArrayList)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
Subject(javax.security.auth.Subject)
RolePrefixSecurityContextImpl(org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl)
SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)
DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
SamlTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent)
KerberosTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.KerberosTokenSecurityEvent)
KeyValueTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.KeyValueTokenSecurityEvent)
Event(org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
X509TokenSecurityEvent(org.apache.wss4j.stax.securityEvent.X509TokenSecurityEvent)
UsernameTokenSecurityEvent(org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent)
ClaimCollection(org.apache.cxf.rt.security.claims.ClaimCollection)
SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal)
Principal(java.security.Principal)
Aggregations
Principal (java.security.Principal)1
ArrayList (java.util.ArrayList)1
Set (java.util.Set)1
Subject (javax.security.auth.Subject)1
DefaultSecurityContext (org.apache.cxf.interceptor.security.DefaultSecurityContext)1
RolePrefixSecurityContextImpl (org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl)1
ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)1
SAMLSecurityContext (org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext)1
SecurityContext (org.apache.cxf.security.SecurityContext)1
SAMLTokenPrincipal (org.apache.wss4j.common.principal.SAMLTokenPrincipal)1
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)1
KerberosTokenSecurityEvent (org.apache.wss4j.stax.securityEvent.KerberosTokenSecurityEvent)1
KeyValueTokenSecurityEvent (org.apache.wss4j.stax.securityEvent.KeyValueTokenSecurityEvent)1
SamlTokenSecurityEvent (org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent)1
UsernameTokenSecurityEvent (org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent)1
X509TokenSecurityEvent (org.apache.wss4j.stax.securityEvent.X509TokenSecurityEvent)1
SubjectAndPrincipalSecurityToken (org.apache.wss4j.stax.securityToken.SubjectAndPrincipalSecurityToken)1
XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)1
SecurityEvent (org.apache.xml.security.stax.securityEvent.SecurityEvent)1
Event (org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event)1
