Examples with AttributeValue org.opensaml.saml.saml2.core.AttributeValue used on opensource projects
Example 11 with AttributeValue
use of org.opensaml.saml.saml2.core.AttributeValue in project verify-hub by alphagov.
the class VerifiedAttributesLoggerTest method shouldLogSurnameNameHistory.
@Test
public void shouldLogSurnameNameHistory() throws Exception {
AttributeValue surnameAttributeValue = new PersonNameAttributeValueBuilder().withFrom(DateTime.parse("2000-12-31")).withVerified(true).build();
Attribute surnameAttribute = new AttributeBuilder().buildObject();
surnameAttribute.setName(IdaConstants.Attributes_1_1.Surname.NAME);
surnameAttribute.getAttributeValues().add(surnameAttributeValue);
List<Attribute> attributes = aMatchingDatasetAttributeStatement_1_1().withSurname(surnameAttribute).build().getAttributes();
AttributeStatementLogData actual = mapper.readValue(formatAttributes("any-issuer", LEVEL_2, attributes), AttributeStatementLogData.class);
Map<String, List<VerifiedAttributeLogData>> attributesMap = actual.getAttributes();
assertThat(attributesMap.get(IdaConstants.Attributes_1_1.Surname.NAME)).isEqualTo(ImmutableList.of(new VerifiedAttributeLogData(true, null)));
}
Also used :
AttributeValue(org.opensaml.saml.saml2.core.AttributeValue)
AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder)
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatementLogData(uk.gov.ida.hub.samlengine.logging.data.AttributeStatementLogData)
PersonNameAttributeValueBuilder(uk.gov.ida.saml.core.test.builders.PersonNameAttributeValueBuilder)
List(java.util.List)
ImmutableList(com.google.common.collect.ImmutableList)
VerifiedAttributeLogData(uk.gov.ida.hub.samlengine.logging.data.VerifiedAttributeLogData)
Test(org.junit.Test)
Example 12 with AttributeValue
use of org.opensaml.saml.saml2.core.AttributeValue in project verify-hub by alphagov.
the class VerifiedAttributesLoggerTest method shouldLogCurrentAddressHistory.
@Test
public void shouldLogCurrentAddressHistory() throws Exception {
AttributeValue currentAddressAttributeValue = new AddressAttributeValueBuilder_1_1().withFrom(DateTime.now().minusYears(1)).withVerified(true).build();
Attribute currentAddressAttribute = new AttributeBuilder().buildObject();
currentAddressAttribute.setName(IdaConstants.Attributes_1_1.CurrentAddress.NAME);
currentAddressAttribute.getAttributeValues().add(currentAddressAttributeValue);
List<Attribute> attributes = aMatchingDatasetAttributeStatement_1_1().withCurrentAddress(currentAddressAttribute).build().getAttributes();
AttributeStatementLogData actual = mapper.readValue(formatAttributes("any-issuer", LEVEL_2, attributes), AttributeStatementLogData.class);
Map<String, List<VerifiedAttributeLogData>> attributesMap = actual.getAttributes();
assertThat(attributesMap.get(IdaConstants.Attributes_1_1.CurrentAddress.NAME)).isEqualTo(ImmutableList.of(new VerifiedAttributeLogData(true, null)));
}
Also used :
AttributeValue(org.opensaml.saml.saml2.core.AttributeValue)
AddressAttributeValueBuilder_1_1(uk.gov.ida.saml.core.test.builders.AddressAttributeValueBuilder_1_1)
AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder)
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatementLogData(uk.gov.ida.hub.samlengine.logging.data.AttributeStatementLogData)
List(java.util.List)
ImmutableList(com.google.common.collect.ImmutableList)
VerifiedAttributeLogData(uk.gov.ida.hub.samlengine.logging.data.VerifiedAttributeLogData)
Test(org.junit.Test)
Example 13 with AttributeValue
use of org.opensaml.saml.saml2.core.AttributeValue in project cxf by apache.
the class ActAsValidator method validate.
@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
Credential validatedCredential = super.validate(credential, data);
SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
Assertion saml2Assertion = assertion.getSaml2();
if (saml2Assertion == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// The technical user should be in the Subject
Subject subject = saml2Assertion.getSubject();
if (subject == null || subject.getNameID() == null || !subject.getNameID().getValue().contains("www.client.com")) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
for (AttributeStatement statement : attributeStatements) {
List<Attribute> attributes = statement.getAttributes();
for (Attribute attribute : attributes) {
if (!"CustomActAs".equals(attribute.getName()) && !"ActAs".equals(attribute.getName())) {
continue;
}
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if (text.contains("alice") || text.contains("bob")) {
return validatedCredential;
}
}
}
}
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Also used :
Credential(org.apache.wss4j.dom.validate.Credential)
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Element(org.w3c.dom.Element)
Assertion(org.opensaml.saml.saml2.core.Assertion)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
XMLObject(org.opensaml.core.xml.XMLObject)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Subject(org.opensaml.saml.saml2.core.Subject)
Example 14 with AttributeValue
use of org.opensaml.saml.saml2.core.AttributeValue in project OpenAM by OpenRock.
the class XACMLPrivilegeUtils method getResourceNamesFromMatches.
static Set<String> getResourceNamesFromMatches(List<Match> matches) {
if (matches == null) {
return null;
}
Set<String> resourceNames = new HashSet<String>();
for (Match match : matches) {
String matchId = match.getMatchId();
if ((matchId != null) && matchId.indexOf(":resource-match:") != -1) {
AttributeValue attributeValue = match.getAttributeValue();
if (attributeValue != null) {
List<Object> contentList = attributeValue.getContent();
if ((contentList != null) && !contentList.isEmpty()) {
// FIXME: log a warning if more than one element
Object obj = contentList.get(0);
resourceNames.add(obj.toString());
}
}
}
}
return resourceNames;
}
Also used :
AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue)
JSONObject(org.json.JSONObject)
HashSet(java.util.HashSet)
Match(com.sun.identity.entitlement.xacml3.core.Match)
Example 15 with AttributeValue
use of org.opensaml.saml.saml2.core.AttributeValue in project OpenAM by OpenRock.
the class XACMLSchemaFactory method resourceAttributeToAdviceExpression.
/**
* Convert one {@link com.sun.identity.entitlement.ResourceAttribute} object into an
* {@link com.sun.identity.entitlement.xacml3.core.AdviceExpression} object.
*
* @param resourceAttribute The resource attribute
* @return the advice expression
* @throws com.sun.identity.entitlement.EntitlementException on JSON conversion errors
*/
public AdviceExpression resourceAttributeToAdviceExpression(ResourceAttribute resourceAttribute) throws EntitlementException {
// A pseudo-urn to use for advice/attribute id
final String adviceId = XACMLConstants.JSON_RESOURCE_ATTRIBUTE_ADVICE_ID + ":" + resourceAttribute.getClass().getName();
AdviceExpression result = new AdviceExpression();
AttributeValue attributeValue = factory.createAttributeValue();
attributeValue.setDataType(XACMLConstants.XS_STRING);
// We bypass much of the grief of conversion by getting JSON to do the heavy lifting for us.
attributeValue.getContent().add(resourceAttributeUtil.toJSON(resourceAttribute));
JAXBElement<AttributeValue> jaxbElement = factory.createAttributeValue(attributeValue);
AttributeAssignmentExpression attributeAssignmentExpression = factory.createAttributeAssignmentExpression();
attributeAssignmentExpression.setExpression(jaxbElement);
attributeAssignmentExpression.setAttributeId(adviceId + ":" + resourceAttribute.getPropertyName());
result.getAttributeAssignmentExpression().add(attributeAssignmentExpression);
// Resource Attributes are returned on successful policy decisions
result.setAppliesTo(EffectType.PERMIT);
// Set an AdviceId to be in strict compliance with the schema
result.setAdviceId(adviceId);
return result;
}
Also used :
AdviceExpression(com.sun.identity.entitlement.xacml3.core.AdviceExpression)
AttributeValue(com.sun.identity.entitlement.xacml3.core.AttributeValue)
AttributeAssignmentExpression(com.sun.identity.entitlement.xacml3.core.AttributeAssignmentExpression)
Aggregations
AttributeValue (com.sun.identity.entitlement.xacml3.core.AttributeValue)20
Match (com.sun.identity.entitlement.xacml3.core.Match)10
JSONObject (org.json.JSONObject)9
AttributeDesignator (com.sun.identity.entitlement.xacml3.core.AttributeDesignator)7
List (java.util.List)7
Attribute (org.opensaml.saml.saml2.core.Attribute)7
ImmutableList (com.google.common.collect.ImmutableList)6
Test (org.junit.Test)6
AttributeValue (org.opensaml.saml.saml2.core.AttributeValue)6
AttributeBuilder (org.opensaml.saml.saml2.core.impl.AttributeBuilder)6
AttributeStatementLogData (uk.gov.ida.hub.samlengine.logging.data.AttributeStatementLogData)6
VerifiedAttributeLogData (uk.gov.ida.hub.samlengine.logging.data.VerifiedAttributeLogData)6
AnyOf (com.sun.identity.entitlement.xacml3.core.AnyOf)5
JAXBElement (javax.xml.bind.JAXBElement)5
EntitlementCondition (com.sun.identity.entitlement.EntitlementCondition)4
Condition (com.sun.identity.entitlement.xacml3.core.Condition)4
Rule (com.sun.identity.entitlement.xacml3.core.Rule)4
HashSet (java.util.HashSet)4
AllOf (com.sun.identity.entitlement.xacml3.core.AllOf)3
Apply (com.sun.identity.entitlement.xacml3.core.Apply)3
