Java Code Examples for org.apache.wss4j.common.saml.SAMLCallback#setAttributeStatementData()
The following examples show how to use
org.apache.wss4j.common.saml.SAMLCallback#setAttributeStatementData() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SAML2CallbackHandler.java From cxf-fediz with Apache License 2.0 | 6 votes |
|
private void createAndSetStatement(SAMLCallback callback) {
AuthenticationStatementBean authBean = new AuthenticationStatementBean();
authBean.setAuthenticationMethod("Password");
callback.setAuthenticationStatementData(Collections.singletonList(authBean));
// Add roles for certain users
List<Object> roles = new ArrayList<>();
if ("alice".equals(subjectName)) {
roles.add("boss");
roles.add("employee");
roles.add("User");
} else if ("bob".equals(subjectName)) {
roles.add("employee");
}
if (!roles.isEmpty()) {
AttributeStatementBean attrBean = new AttributeStatementBean();
AttributeBean attributeBean = new AttributeBean();
attributeBean.setQualifiedName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
attributeBean.setAttributeValues(roles);
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
}
}
Example 2
| Source File: AbstractTrustedIdpOAuth2ProtocolHandler.java From cxf-fediz with Apache License 2.0 | 6 votes |
|
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof SAMLCallback) {
SAMLCallback samlCallback = (SAMLCallback) callback;
// Set the Subject
if (subjectBean != null) {
samlCallback.setSubject(subjectBean);
}
samlCallback.setSamlVersion(Version.SAML_20);
// Set the issuer
samlCallback.setIssuer(issuer);
// Set the conditions
samlCallback.setConditions(conditionsBean);
// Set the attributes
if (attrBean != null) {
samlCallback.setAttributeStatementData(Collections.singletonList(attrBean));
}
}
}
}
Example 3
| Source File: Saml2CallbackHandler.java From cxf with Apache License 2.0 | 5 votes |
|
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback callback = (SAMLCallback) callbacks[i];
callback.setSamlVersion(Version.SAML_20);
callback.setIssuer("sts");
String subjectName = "uid=alice";
String confirmationMethod = SAML2Constants.CONF_BEARER;
SubjectBean subjectBean =
new SubjectBean(subjectName, null, confirmationMethod);
callback.setSubject(subjectBean);
AttributeStatementBean attrBean = new AttributeStatementBean();
if (subjectBean != null) {
attrBean.setSubject(subjectBean);
}
AttributeBean attributeBean = new AttributeBean();
attributeBean.setQualifiedName("role");
attributeBean.addAttributeValue("user");
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
}
}
}
Example 4
| Source File: Saml2CallbackHandler.java From cxf with Apache License 2.0 | 5 votes |
|
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback callback = (SAMLCallback) callbacks[i];
callback.setSamlVersion(Version.SAML_20);
callback.setIssuer("intermediary");
String subjectName = "uid=" + principal.getName();
String confirmationMethod = SAML2Constants.CONF_SENDER_VOUCHES;
SubjectBean subjectBean =
new SubjectBean(subjectName, null, confirmationMethod);
callback.setSubject(subjectBean);
AttributeStatementBean attrBean = new AttributeStatementBean();
if (subjectBean != null) {
attrBean.setSubject(subjectBean);
}
AttributeBean attributeBean = new AttributeBean();
attributeBean.setQualifiedName("role");
attributeBean.addAttributeValue("user");
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
try {
String file = "serviceKeystore.properties";
Crypto crypto = CryptoFactory.getInstance(file);
callback.setIssuerCrypto(crypto);
callback.setIssuerKeyName("myservicekey");
callback.setIssuerKeyPassword("skpass");
callback.setSignAssertion(true);
} catch (WSSecurityException e) {
throw new IOException(e);
}
}
}
}
Example 5
| Source File: SamlCallbackHandler.java From cxf with Apache License 2.0 | 5 votes |
|
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback callback = (SAMLCallback) callbacks[i];
if (saml2) {
callback.setSamlVersion(Version.SAML_20);
} else {
callback.setSamlVersion(Version.SAML_11);
}
callback.setIssuer("sts");
String subjectName = "uid=sts-client,o=mock-sts.com";
String subjectQualifier = "www.mock-sts.com";
if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
}
SubjectBean subjectBean =
new SubjectBean(
subjectName, subjectQualifier, confirmationMethod
);
callback.setSubject(subjectBean);
if (attributes != null) {
AttributeStatementBean attrBean = new AttributeStatementBean();
attrBean.setSubject(subjectBean);
attrBean.setSamlAttributes(attributes);
callback.setAttributeStatementData(Collections.singletonList(attrBean));
}
}
}
}
Example 6
| Source File: SAML2CallbackHandler.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
private void createAndSetStatement(SAMLCallback callback) {
AuthenticationStatementBean authBean = new AuthenticationStatementBean();
authBean.setAuthenticationMethod("Password");
callback.setAuthenticationStatementData(Collections.singletonList(authBean));
if (attributeStatements != null && !attributeStatements.isEmpty()) {
List<AttributeStatementBean> attrStatementBeans = new ArrayList<>();
for (AttributeStatement attrStatement : attributeStatements) {
AttributeStatementBean attrStatementBean = new AttributeStatementBean();
List<AttributeBean> attrBeans = new ArrayList<>();
for (Attribute attribute : attrStatement.getAttributes()) {
AttributeBean attributeBean = new AttributeBean();
attributeBean.setQualifiedName(attribute.getName());
attributeBean.setNameFormat(attribute.getNameFormat());
List<Object> attributeValues = new ArrayList<>();
for (XMLObject attrVal : attribute.getAttributeValues()) {
attributeValues.add(attrVal.getDOM().getTextContent());
}
attributeBean.setAttributeValues(attributeValues);
attrBeans.add(attributeBean);
}
attrStatementBean.setSamlAttributes(attrBeans);
attrStatementBeans.add(attrStatementBean);
}
callback.setAttributeStatementData(attrStatementBeans);
}
}
Example 7
| Source File: SamlCallbackHandler.java From cxf with Apache License 2.0 | 4 votes |
|
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback callback = (SAMLCallback) callbacks[i];
if (saml2) {
callback.setSamlVersion(Version.SAML_20);
} else {
callback.setSamlVersion(Version.SAML_11);
}
if (conditions != null) {
callback.setConditions(conditions);
}
callback.setIssuer("sts");
String subjectName = "uid=sts-client,o=mock-sts.com";
String subjectQualifier = "www.mock-sts.com";
if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
}
SubjectBean subjectBean =
new SubjectBean(
subjectName, subjectQualifier, confirmationMethod
);
if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)
|| SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
try {
KeyInfoBean keyInfo = createKeyInfo();
subjectBean.setKeyInfo(keyInfo);
} catch (Exception ex) {
throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
}
}
callback.setSubject(subjectBean);
AttributeStatementBean attrBean = new AttributeStatementBean();
attrBean.setSubject(subjectBean);
AttributeBean attributeBean = new AttributeBean();
if (saml2) {
attributeBean.setQualifiedName("subject-role");
} else {
attributeBean.setSimpleName("subject-role");
attributeBean.setQualifiedName("http://custom-ns");
}
attributeBean.addAttributeValue("system-user");
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
callback.setSignatureAlgorithm(signatureAlgorithm);
callback.setSignatureDigestAlgorithm(digestAlgorithm);
try {
Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
callback.setIssuerCrypto(crypto);
callback.setIssuerKeyName(cryptoAlias);
callback.setIssuerKeyPassword(cryptoPassword);
callback.setSignAssertion(signAssertion);
} catch (WSSecurityException e) {
throw new IOException(e);
}
}
}
}
Example 8
| Source File: SamlCallbackHandler.java From cxf with Apache License 2.0 | 4 votes |
|
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
Message m = PhaseInterceptorChain.getCurrentMessage();
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback callback = (SAMLCallback) callbacks[i];
if (saml2) {
callback.setSamlVersion(Version.SAML_20);
} else {
callback.setSamlVersion(Version.SAML_11);
}
callback.setIssuer(issuer);
String subject = m != null ? (String)m.getContextualProperty("saml.subject.name") : null;
if (subject == null) {
subject = subjectName;
}
String subjectQualifier = "www.mock-sts.com";
SubjectBean subjectBean =
new SubjectBean(
subject, subjectQualifier, confirmationMethod
);
callback.setSubject(subjectBean);
ConditionsBean conditions = new ConditionsBean();
AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
audienceRestriction.setAudienceURIs(Collections.singletonList(audience));
conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
callback.setConditions(conditions);
AuthDecisionStatementBean authDecBean = new AuthDecisionStatementBean();
authDecBean.setDecision(Decision.INDETERMINATE);
authDecBean.setResource("https://sp.example.com/SAML2");
authDecBean.setSubject(subjectBean);
ActionBean actionBean = new ActionBean();
actionBean.setContents("Read");
authDecBean.setActions(Collections.singletonList(actionBean));
callback.setAuthDecisionStatementData(Collections.singletonList(authDecBean));
AuthenticationStatementBean authBean = new AuthenticationStatementBean();
authBean.setSubject(subjectBean);
authBean.setAuthenticationInstant(new DateTime());
authBean.setSessionIndex("123456");
authBean.setSubject(subjectBean);
// AuthnContextClassRef is not set
authBean.setAuthenticationMethod(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
callback.setAuthenticationStatementData(
Collections.singletonList(authBean));
AttributeStatementBean attrBean = new AttributeStatementBean();
attrBean.setSubject(subjectBean);
List<String> roles = m != null
? CastUtils.<String>cast((List<?>)m.getContextualProperty("saml.roles")) : null;
if (roles == null) {
roles = Collections.singletonList("user");
}
List<AttributeBean> claims = new ArrayList<>();
AttributeBean roleClaim = new AttributeBean();
roleClaim.setSimpleName("subject-role");
roleClaim.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
roleClaim.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
roleClaim.setAttributeValues(new ArrayList<>(roles));
claims.add(roleClaim);
List<String> authMethods =
m != null ? CastUtils.<String>cast((List<?>)m.getContextualProperty("saml.auth")) : null;
if (authMethods == null) {
authMethods = Collections.singletonList("password");
}
AttributeBean authClaim = new AttributeBean();
authClaim.setSimpleName("http://claims/authentication");
authClaim.setQualifiedName("http://claims/authentication");
authClaim.setNameFormat("http://claims/authentication-format");
authClaim.setAttributeValues(new ArrayList<>(authMethods));
claims.add(authClaim);
attrBean.setSamlAttributes(claims);
callback.setAttributeStatementData(Collections.singletonList(attrBean));
if (signAssertion) {
try {
Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
callback.setIssuerCrypto(crypto);
callback.setIssuerKeyName(issuerKeyName);
callback.setIssuerKeyPassword(issuerKeyPassword);
callback.setSignAssertion(true);
} catch (WSSecurityException e) {
throw new IOException(e);
}
}
}
}
}
Example 9
| Source File: SamlCallbackHandler.java From cxf with Apache License 2.0 | 4 votes |
|
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback callback = (SAMLCallback) callbacks[i];
if (!saml2) {
callback.setSamlVersion(Version.SAML_11);
}
callback.setIssuer("sts");
String subjectName = "uid=sts-client,o=mock-sts.com";
String subjectQualifier = "www.mock-sts.com";
String subjectConfMethod = confirmationMethod;
if (subjectConfMethod == null && !saml2) {
subjectConfMethod = SAML1Constants.CONF_BEARER;
} else if (subjectConfMethod == null && saml2) {
subjectConfMethod = SAML2Constants.CONF_BEARER;
}
SubjectBean subjectBean =
new SubjectBean(
subjectName, subjectQualifier, subjectConfMethod
);
if (SAML2Constants.CONF_HOLDER_KEY.equals(subjectConfMethod)
|| SAML1Constants.CONF_HOLDER_KEY.equals(subjectConfMethod)) {
try {
KeyInfoBean keyInfo = createKeyInfo();
subjectBean.setKeyInfo(keyInfo);
} catch (Exception ex) {
throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
}
}
callback.setSubject(subjectBean);
AttributeStatementBean attrBean = new AttributeStatementBean();
attrBean.setSubject(subjectBean);
AttributeBean attributeBean = new AttributeBean();
if (saml2) {
attributeBean.setQualifiedName("subject-role");
} else {
attributeBean.setSimpleName("subject-role");
attributeBean.setQualifiedName("http://custom-ns");
}
attributeBean.addAttributeValue("system-user");
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
try {
String file = "alice.properties";
Crypto crypto = CryptoFactory.getInstance(file);
callback.setIssuerCrypto(crypto);
callback.setIssuerKeyName("alice");
callback.setIssuerKeyPassword("password");
callback.setSignAssertion(signed);
} catch (WSSecurityException e) {
throw new IOException(e);
}
}
}
}
Example 10
| Source File: SamlCallbackHandler.java From cxf with Apache License 2.0 | 4 votes |
|
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback callback = (SAMLCallback) callbacks[i];
if (saml2) {
callback.setSamlVersion(Version.SAML_20);
} else {
callback.setSamlVersion(Version.SAML_11);
}
if (conditions != null) {
callback.setConditions(conditions);
}
callback.setIssuer("sts");
String subjectName = "uid=sts-client,o=mock-sts.com";
String subjectQualifier = "www.mock-sts.com";
if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
}
SubjectBean subjectBean =
new SubjectBean(
subjectName, subjectQualifier, confirmationMethod
);
if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)
|| SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
try {
KeyInfoBean keyInfo = createKeyInfo();
subjectBean.setKeyInfo(keyInfo);
} catch (Exception ex) {
throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
}
}
callback.setSubject(subjectBean);
AttributeStatementBean attrBean = new AttributeStatementBean();
attrBean.setSubject(subjectBean);
AttributeBean attributeBean = new AttributeBean();
if (saml2) {
attributeBean.setQualifiedName("subject-role");
} else {
attributeBean.setSimpleName("subject-role");
attributeBean.setQualifiedName("http://custom-ns");
}
attributeBean.addAttributeValue("system-user");
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
callback.setSignatureAlgorithm(signatureAlgorithm);
callback.setSignatureDigestAlgorithm(digestAlgorithm);
try {
Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
callback.setIssuerCrypto(crypto);
callback.setIssuerKeyName(cryptoAlias);
callback.setIssuerKeyPassword(cryptoPassword);
callback.setSignAssertion(signAssertion);
} catch (WSSecurityException e) {
throw new IOException(e);
}
}
}
}
Example 11
| Source File: SamlCallbackHandler.java From cxf with Apache License 2.0 | 4 votes |
|
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof SAMLCallback) {
SAMLCallback samlCallback = (SAMLCallback) callback;
// Set the Subject
if (subjectBean != null) {
samlCallback.setSubject(subjectBean);
}
// Set the token Type.
TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
String tokenType = tokenRequirements.getTokenType();
boolean saml1 = false;
if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
|| WSS4JConstants.SAML_NS.equals(tokenType)) {
samlCallback.setSamlVersion(Version.SAML_11);
saml1 = true;
setSubjectOnBeans();
} else {
samlCallback.setSamlVersion(Version.SAML_20);
}
// Set the issuer
if (issuer == null) {
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
samlCallback.setIssuer(stsProperties.getIssuer());
} else {
samlCallback.setIssuer(issuer);
}
// Set the statements
boolean statementAdded = false;
if (attributeBeans != null && !attributeBeans.isEmpty()) {
samlCallback.setAttributeStatementData(attributeBeans);
statementAdded = true;
}
if (authBeans != null && !authBeans.isEmpty()) {
samlCallback.setAuthenticationStatementData(authBeans);
statementAdded = true;
}
if (authDecisionBeans != null && !authDecisionBeans.isEmpty()) {
samlCallback.setAuthDecisionStatementData(authDecisionBeans);
statementAdded = true;
}
// If SAML 1.1 we *must* add a Statement
if (saml1 && !statementAdded) {
AttributeStatementBean defaultStatement =
new DefaultAttributeStatementProvider().getStatement(tokenParameters);
defaultStatement.setSubject(subjectBean);
samlCallback.setAttributeStatementData(Collections.singletonList(defaultStatement));
}
// Set the conditions
samlCallback.setConditions(conditionsBean);
}
}
}
Example 12
| Source File: AbstractSAMLCallbackHandler.java From cxf with Apache License 2.0 | 4 votes |
|
/**
* Note that the SubjectBean parameter should be null for SAML2.0
*/
protected void createAndSetStatement(SubjectBean subjectBean, SAMLCallback callback) {
if (statement == Statement.AUTHN) {
AuthenticationStatementBean authBean = new AuthenticationStatementBean();
if (subjectBean != null) {
authBean.setSubject(subjectBean);
}
if (subjectLocalityIpAddress != null || subjectLocalityDnsAddress != null) {
SubjectLocalityBean subjectLocality = new SubjectLocalityBean();
subjectLocality.setIpAddress(subjectLocalityIpAddress);
subjectLocality.setDnsAddress(subjectLocalityDnsAddress);
authBean.setSubjectLocality(subjectLocality);
}
authBean.setAuthenticationInstant(authnInstant);
authBean.setSessionNotOnOrAfter(sessionNotOnOrAfter);
authBean.setAuthenticationMethod("Password");
callback.setAuthenticationStatementData(Collections.singletonList(authBean));
} else if (statement == Statement.ATTR) {
AttributeStatementBean attrBean = new AttributeStatementBean();
AttributeBean attributeBean = new AttributeBean();
if (subjectBean != null) {
attrBean.setSubject(subjectBean);
attributeBean.setSimpleName("role");
attributeBean.setQualifiedName("http://custom-ns");
} else {
attributeBean.setQualifiedName("role");
}
if (customAttributeValues != null) {
attributeBean.setAttributeValues(customAttributeValues);
} else {
attributeBean.addAttributeValue("user");
}
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
} else {
AuthDecisionStatementBean authzBean = new AuthDecisionStatementBean();
if (subjectBean != null) {
authzBean.setSubject(subjectBean);
}
ActionBean actionBean = new ActionBean();
actionBean.setContents("Read");
authzBean.setActions(Collections.singletonList(actionBean));
authzBean.setResource("endpoint");
authzBean.setDecision(AuthDecisionStatementBean.Decision.PERMIT);
authzBean.setResource(resource);
callback.setAuthDecisionStatementData(Collections.singletonList(authzBean));
}
}
