Example 1 with XACMLAuthzDecisionQueryType
use of org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType in project cxf by apache.
the class SamlRequestComponentBuilder method createAuthzDecisionQuery.
@SuppressWarnings("unchecked")
public static XACMLAuthzDecisionQueryType createAuthzDecisionQuery(boolean inputContextOnly, boolean returnContext, String issuerValue, RequestType request, String namespace) {
if (xacmlAuthzDecisionQueryTypeBuilder == null) {
xacmlAuthzDecisionQueryTypeBuilder = (XACMLObjectBuilder<XACMLAuthzDecisionQueryType>) builderFactory.getBuilder(XACMLAuthzDecisionQueryType.DEFAULT_ELEMENT_NAME_XACML20);
}
XACMLAuthzDecisionQueryType authzQuery = xacmlAuthzDecisionQueryTypeBuilder.buildObject(namespace, XACMLAuthzDecisionQueryType.DEFAULT_ELEMENT_LOCAL_NAME, SAMLProfileConstants.SAML20XACMLPROTOCOL_PREFIX);
authzQuery.setID("_" + UUID.randomUUID().toString());
authzQuery.setVersion(SAMLVersion.VERSION_20);
authzQuery.setIssueInstant(new DateTime());
authzQuery.setInputContextOnly(Boolean.valueOf(inputContextOnly));
authzQuery.setReturnContext(Boolean.valueOf(returnContext));
if (issuerValue != null) {
Issuer issuer = createIssuer(issuerValue);
authzQuery.setIssuer(issuer);
}
authzQuery.setRequest(request);
return authzQuery;
}
Also used :
XACMLAuthzDecisionQueryType(org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType)
Issuer(org.opensaml.saml.saml2.core.Issuer)
DateTime(org.joda.time.DateTime)
Example 2 with XACMLAuthzDecisionQueryType
use of org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType in project cxf by apache.
the class SamlRequestComponentBuilderTest method testCreateXACMLSamlAuthzQueryRequest.
@org.junit.Test
public void testCreateXACMLSamlAuthzQueryRequest() throws Exception {
Document doc = docBuilder.newDocument();
//
// Create XACML request
//
// Subject
AttributeValueType subjectIdAttributeValue = RequestComponentBuilder.createAttributeValueType("alice-user@apache.org");
AttributeType subjectIdAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.SUBJECT_ID, XACMLConstants.RFC_822_NAME, null, Collections.singletonList(subjectIdAttributeValue));
AttributeValueType subjectGroupAttributeValue = RequestComponentBuilder.createAttributeValueType("manager");
AttributeType subjectGroupAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.SUBJECT_ROLE, XACMLConstants.XS_ANY_URI, "admin-user@apache.org", Collections.singletonList(subjectGroupAttributeValue));
List<AttributeType> attributes = new ArrayList<>();
attributes.add(subjectIdAttribute);
attributes.add(subjectGroupAttribute);
SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
// Resource
AttributeValueType resourceAttributeValue = RequestComponentBuilder.createAttributeValueType("{http://www.example.org/contract/DoubleIt}DoubleIt");
AttributeType resourceAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.RESOURCE_ID, XACMLConstants.XS_STRING, null, Collections.singletonList(resourceAttributeValue));
attributes.clear();
attributes.add(resourceAttribute);
ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
// Action
AttributeValueType actionAttributeValue = RequestComponentBuilder.createAttributeValueType("execute");
AttributeType actionAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.ACTION_ID, XACMLConstants.XS_STRING, null, Collections.singletonList(actionAttributeValue));
attributes.clear();
attributes.add(actionAttribute);
ActionType action = RequestComponentBuilder.createActionType(attributes);
// Request
RequestType request = RequestComponentBuilder.createRequestType(Collections.singletonList(subject), Collections.singletonList(resource), action, null);
//
// Create SAML wrapper
//
XACMLAuthzDecisionQueryType authzQuery = SamlRequestComponentBuilder.createAuthzDecisionQuery("Issuer", request, SAMLProfileConstants.SAML20XACML20P_NS);
Element policyElement = OpenSAMLUtil.toDom(authzQuery, doc);
// String outputString = DOM2Writer.nodeToString(policyElement);
assertNotNull(policyElement);
}
Also used :
SubjectType(org.opensaml.xacml.ctx.SubjectType)
ActionType(org.opensaml.xacml.ctx.ActionType)
XACMLAuthzDecisionQueryType(org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType)
AttributeValueType(org.opensaml.xacml.ctx.AttributeValueType)
AttributeType(org.opensaml.xacml.ctx.AttributeType)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
ResourceType(org.opensaml.xacml.ctx.ResourceType)
Document(org.w3c.dom.Document)
RequestType(org.opensaml.xacml.ctx.RequestType)
Aggregations
XACMLAuthzDecisionQueryType (org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType)2
ArrayList (java.util.ArrayList)1
DateTime (org.joda.time.DateTime)1
Issuer (org.opensaml.saml.saml2.core.Issuer)1
ActionType (org.opensaml.xacml.ctx.ActionType)1
AttributeType (org.opensaml.xacml.ctx.AttributeType)1
AttributeValueType (org.opensaml.xacml.ctx.AttributeValueType)1
RequestType (org.opensaml.xacml.ctx.RequestType)1
ResourceType (org.opensaml.xacml.ctx.ResourceType)1
SubjectType (org.opensaml.xacml.ctx.SubjectType)1
Document (org.w3c.dom.Document)1
Element (org.w3c.dom.Element)1
