Example 56 with XMLObject
use of org.opensaml.core.xml.XMLObject in project cxf by apache.
the class StaxClaimsValidator method handleSAML1Assertion.
private boolean handleSAML1Assertion(org.opensaml.saml.saml1.core.Assertion assertion) throws WSSecurityException {
List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) {
List<org.opensaml.saml.saml1.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml.saml1.core.Attribute attribute : attributes) {
if (!ClaimTypes.URI_BASE.toString().equals(attribute.getAttributeNamespace())) {
continue;
}
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if (!"admin-user".equals(text)) {
return false;
}
}
}
}
return true;
}
Also used :
Element(org.w3c.dom.Element)
XMLObject(org.opensaml.core.xml.XMLObject)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 57 with XMLObject
use of org.opensaml.core.xml.XMLObject in project cxf by apache.
the class ClaimsValidator method handleSAML2Assertion.
private boolean handleSAML2Assertion(org.opensaml.saml.saml2.core.Assertion assertion) throws WSSecurityException {
List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) {
List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
if (!attribute.getName().startsWith(ClaimTypes.URI_BASE.toString())) {
continue;
}
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if (!"admin-user".equals(text)) {
return false;
}
}
}
}
return true;
}
Also used :
Element(org.w3c.dom.Element)
XMLObject(org.opensaml.core.xml.XMLObject)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 58 with XMLObject
use of org.opensaml.core.xml.XMLObject in project cxf by apache.
the class ClaimsValidator method handleSAML1Assertion.
private boolean handleSAML1Assertion(org.opensaml.saml.saml1.core.Assertion assertion) throws WSSecurityException {
List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) {
List<org.opensaml.saml.saml1.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml.saml1.core.Attribute attribute : attributes) {
if (!ClaimTypes.URI_BASE.toString().equals(attribute.getAttributeNamespace())) {
continue;
}
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if (!"admin-user".equals(text)) {
return false;
}
}
}
}
return true;
}
Also used :
Element(org.w3c.dom.Element)
XMLObject(org.opensaml.core.xml.XMLObject)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 59 with XMLObject
use of org.opensaml.core.xml.XMLObject in project cxf by apache.
the class ClaimsManager method parseClaimsInAssertion.
protected List<ProcessedClaim> parseClaimsInAssertion(org.opensaml.saml.saml2.core.Assertion assertion) {
List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest("No attribute statements found");
}
return Collections.emptyList();
}
List<ProcessedClaim> collection = new ArrayList<>();
for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) {
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest("parsing statement: " + statement.getElementQName());
}
List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest("parsing attribute: " + attribute.getName());
}
ProcessedClaim c = new ProcessedClaim();
c.setClaimType(URI.create(attribute.getName()));
c.setIssuer(assertion.getIssuer().getNameQualifier());
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String value = attributeValueElement.getTextContent();
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest(" [" + value + "]");
}
c.addValue(value);
}
collection.add(c);
}
}
return collection;
}Example 60 with XMLObject
use of org.opensaml.core.xml.XMLObject in project cxf by apache.
the class ClaimsManager method parseClaimsInAssertion.
protected List<ProcessedClaim> parseClaimsInAssertion(org.opensaml.saml.saml1.core.Assertion assertion) {
List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest("No attribute statements found");
}
return Collections.emptyList();
}
ProcessedClaimCollection collection = new ProcessedClaimCollection();
for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) {
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest("parsing statement: " + statement.getElementQName());
}
List<org.opensaml.saml.saml1.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml.saml1.core.Attribute attribute : attributes) {
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest("parsing attribute: " + attribute.getAttributeName());
}
ProcessedClaim c = new ProcessedClaim();
c.setIssuer(assertion.getIssuer());
c.setClaimType(URI.create(attribute.getAttributeName()));
try {
c.setClaimType(new URI(attribute.getAttributeName()));
} catch (URISyntaxException e) {
LOG.warning("Invalid attribute name in attributestatement: " + e.getMessage());
continue;
}
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String value = attributeValueElement.getTextContent();
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest(" [" + value + "]");
}
c.addValue(value);
}
collection.add(c);
}
}
return collection;
}
Also used :
Element(org.w3c.dom.Element)
XMLObject(org.opensaml.core.xml.XMLObject)
URISyntaxException(java.net.URISyntaxException)
URI(java.net.URI)
Aggregations
XMLObject (org.opensaml.core.xml.XMLObject)68
Element (org.w3c.dom.Element)27
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)21
Document (org.w3c.dom.Document)21
ByteArrayInputStream (java.io.ByteArrayInputStream)19
Attribute (org.opensaml.saml.saml2.core.Attribute)14
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)10
IOException (java.io.IOException)9
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)9
ArrayList (java.util.ArrayList)8
Test (org.junit.Test)8
XSString (org.opensaml.core.xml.schema.XSString)7
Assertion (org.opensaml.saml.saml2.core.Assertion)7
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)7
HashMap (java.util.HashMap)6
List (java.util.List)6
XMLStreamException (javax.xml.stream.XMLStreamException)6
InputStream (java.io.InputStream)5
InputStreamReader (java.io.InputStreamReader)5
LogoutSecurityException (ddf.security.samlp.LogoutSecurityException)4
