use of org.opensaml.saml2.core.Audience in project cxf by apache.
the class SamlOAuthValidator method validateAudience.
private void validateAudience(Message message, Conditions cs) {
String absoluteAddress = getAbsoluteTargetAddress(message);
List<AudienceRestriction> restrictions = cs.getAudienceRestrictions();
for (AudienceRestriction ar : restrictions) {
List<Audience> audiences = ar.getAudiences();
for (Audience a : audiences) {
if (absoluteAddress.equals(a.getAudienceURI())) {
return;
}
}
}
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
use of org.opensaml.saml2.core.Audience in project MaxKey by dromara.
the class ConditionsGenerator method builderAudienceRestriction.
public AudienceRestriction builderAudienceRestriction(String audienceUrl) {
AudienceRestriction audienceRestriction = new AudienceRestrictionBuilder().buildObject();
Audience audience = new AudienceBuilder().buildObject();
audience.setAudienceURI(audienceUrl);
audienceRestriction.getAudiences().add(audience);
logger.debug("Audience URL " + audienceUrl);
return audienceRestriction;
}
use of org.opensaml.saml2.core.Audience in project cloud-pipeline by epam.
the class SAMLProxyFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
if (!urlMatches(request)) {
filterChain.doFilter(request, response);
return;
}
List<ExternalServiceEndpoint> externalServices = preferenceManager.getPreference(SYSTEM_EXTERNAL_SERVICES_ENDPOINTS);
if (CollectionUtils.isEmpty(externalServices)) {
LOGGER.warn(messageHelper.getMessage(MessageConstants.ERROR_PROXY_SECURITY_CONFIG_MISSING));
} else {
String samlResponse = request.getParameter("SAMLResponse");
if (StringUtils.isNotBlank(samlResponse)) {
try {
Response decoded = CustomSamlClient.decodeSamlResponse(samlResponse);
String audience = ListUtils.emptyIfNull(decoded.getAssertions()).stream().findFirst().map(Assertion::getConditions).map(conditions -> ListUtils.emptyIfNull(conditions.getAudienceRestrictions()).stream().findFirst()).flatMap(Function.identity()).map(audienceRestriction -> ListUtils.emptyIfNull(audienceRestriction.getAudiences()).stream().findFirst()).flatMap(Function.identity()).map(Audience::getAudienceURI).orElse(StringUtils.EMPTY);
LOGGER.debug("Received SAMLResponse for audience: {}", audience);
Optional<ExternalServiceEndpoint> endpointOpt = externalServices.stream().filter(e -> !StringUtils.EMPTY.equals(audience) && e.getEndpointId().equals(audience)).findFirst();
if (endpointOpt.isPresent()) {
authenticate(samlResponse, decoded, audience, endpointOpt.get());
}
} catch (SAMLException e) {
LOGGER.warn(e.getMessage(), e);
}
}
}
filterChain.doFilter(request, response);
}
Aggregations