Search in sources :

Example 1 with Audience

use of org.opensaml.saml2.core.Audience in project cxf by apache.

the class SamlOAuthValidator method validateAudience.

private void validateAudience(Message message, Conditions cs) {
    String absoluteAddress = getAbsoluteTargetAddress(message);
    List<AudienceRestriction> restrictions = cs.getAudienceRestrictions();
    for (AudienceRestriction ar : restrictions) {
        List<Audience> audiences = ar.getAudiences();
        for (Audience a : audiences) {
            if (absoluteAddress.equals(a.getAudienceURI())) {
                return;
            }
        }
    }
    throw ExceptionUtils.toNotAuthorizedException(null, null);
}
Also used : AudienceRestriction(org.opensaml.saml.saml2.core.AudienceRestriction) Audience(org.opensaml.saml.saml2.core.Audience)

Example 2 with Audience

use of org.opensaml.saml2.core.Audience in project MaxKey by dromara.

the class ConditionsGenerator method builderAudienceRestriction.

public AudienceRestriction builderAudienceRestriction(String audienceUrl) {
    AudienceRestriction audienceRestriction = new AudienceRestrictionBuilder().buildObject();
    Audience audience = new AudienceBuilder().buildObject();
    audience.setAudienceURI(audienceUrl);
    audienceRestriction.getAudiences().add(audience);
    logger.debug("Audience URL " + audienceUrl);
    return audienceRestriction;
}
Also used : AudienceRestriction(org.opensaml.saml2.core.AudienceRestriction) AudienceRestrictionBuilder(org.opensaml.saml2.core.impl.AudienceRestrictionBuilder) Audience(org.opensaml.saml2.core.Audience) AudienceBuilder(org.opensaml.saml2.core.impl.AudienceBuilder)

Example 3 with Audience

use of org.opensaml.saml2.core.Audience in project cloud-pipeline by epam.

the class SAMLProxyFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    if (!urlMatches(request)) {
        filterChain.doFilter(request, response);
        return;
    }
    List<ExternalServiceEndpoint> externalServices = preferenceManager.getPreference(SYSTEM_EXTERNAL_SERVICES_ENDPOINTS);
    if (CollectionUtils.isEmpty(externalServices)) {
        LOGGER.warn(messageHelper.getMessage(MessageConstants.ERROR_PROXY_SECURITY_CONFIG_MISSING));
    } else {
        String samlResponse = request.getParameter("SAMLResponse");
        if (StringUtils.isNotBlank(samlResponse)) {
            try {
                Response decoded = CustomSamlClient.decodeSamlResponse(samlResponse);
                String audience = ListUtils.emptyIfNull(decoded.getAssertions()).stream().findFirst().map(Assertion::getConditions).map(conditions -> ListUtils.emptyIfNull(conditions.getAudienceRestrictions()).stream().findFirst()).flatMap(Function.identity()).map(audienceRestriction -> ListUtils.emptyIfNull(audienceRestriction.getAudiences()).stream().findFirst()).flatMap(Function.identity()).map(Audience::getAudienceURI).orElse(StringUtils.EMPTY);
                LOGGER.debug("Received SAMLResponse for audience: {}", audience);
                Optional<ExternalServiceEndpoint> endpointOpt = externalServices.stream().filter(e -> !StringUtils.EMPTY.equals(audience) && e.getEndpointId().equals(audience)).findFirst();
                if (endpointOpt.isPresent()) {
                    authenticate(samlResponse, decoded, audience, endpointOpt.get());
                }
            } catch (SAMLException e) {
                LOGGER.warn(e.getMessage(), e);
            }
        }
    }
    filterChain.doFilter(request, response);
}
Also used : Response(org.opensaml.saml2.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) SamlResponse(com.coveo.saml.SamlResponse) FilterChain(javax.servlet.FilterChain) UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) ServletException(javax.servlet.ServletException) MessageConstants(com.epam.pipeline.common.MessageConstants) LoggerFactory(org.slf4j.LoggerFactory) SYSTEM_EXTERNAL_SERVICES_ENDPOINTS(com.epam.pipeline.manager.preference.SystemPreferences.SYSTEM_EXTERNAL_SERVICES_ENDPOINTS) Autowired(org.springframework.beans.factory.annotation.Autowired) OncePerRequestFilter(org.springframework.web.filter.OncePerRequestFilter) StringUtils(org.apache.commons.lang3.StringUtils) Function(java.util.function.Function) CollectionUtils(org.apache.commons.collections4.CollectionUtils) HttpServletRequest(javax.servlet.http.HttpServletRequest) UserContext(com.epam.pipeline.security.UserContext) MessageHelper(com.epam.pipeline.common.MessageHelper) Response(org.opensaml.saml2.core.Response) ListUtils(org.apache.commons.collections4.ListUtils) AntPathMatcher(org.springframework.util.AntPathMatcher) Assertion(org.opensaml.saml2.core.Assertion) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) PipelineUser(com.epam.pipeline.entity.user.PipelineUser) SAMLException(org.opensaml.common.SAMLException) Audience(org.opensaml.saml2.core.Audience) PreferenceManager(com.epam.pipeline.manager.preference.PreferenceManager) Logger(org.slf4j.Logger) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) ExternalServiceEndpoint(com.epam.pipeline.security.ExternalServiceEndpoint) File(java.io.File) SamlResponse(com.coveo.saml.SamlResponse) List(java.util.List) UserManager(com.epam.pipeline.manager.user.UserManager) Optional(java.util.Optional) FileReader(java.io.FileReader) Assertion(org.opensaml.saml2.core.Assertion) SAMLException(org.opensaml.common.SAMLException) ExternalServiceEndpoint(com.epam.pipeline.security.ExternalServiceEndpoint)

Aggregations

Audience (org.opensaml.saml2.core.Audience)2 SamlResponse (com.coveo.saml.SamlResponse)1 MessageConstants (com.epam.pipeline.common.MessageConstants)1 MessageHelper (com.epam.pipeline.common.MessageHelper)1 PipelineUser (com.epam.pipeline.entity.user.PipelineUser)1 PreferenceManager (com.epam.pipeline.manager.preference.PreferenceManager)1 SYSTEM_EXTERNAL_SERVICES_ENDPOINTS (com.epam.pipeline.manager.preference.SystemPreferences.SYSTEM_EXTERNAL_SERVICES_ENDPOINTS)1 UserManager (com.epam.pipeline.manager.user.UserManager)1 ExternalServiceEndpoint (com.epam.pipeline.security.ExternalServiceEndpoint)1 UserContext (com.epam.pipeline.security.UserContext)1 File (java.io.File)1 FileReader (java.io.FileReader)1 IOException (java.io.IOException)1 List (java.util.List)1 Optional (java.util.Optional)1 Function (java.util.function.Function)1 FilterChain (javax.servlet.FilterChain)1 ServletException (javax.servlet.ServletException)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1