Package org.apache.cxf.sts.token.realm

Examples of org.apache.cxf.sts.token.realm.Relationship

669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
            String targetRealm = providerParameters.getRealm();
            String sourceRealm = tokenResponse.getTokenRealm();
   
            if (sourceRealm != null && !sourceRealm.equals(targetRealm)) {
                RelationshipResolver relRes = stsProperties.getRelationshipResolver();
                Relationship relationship = null;
                if (relRes != null) {
                    relationship = relRes.resolveRelationship(sourceRealm, targetRealm);
                    if (relationship != null) {
                        tokenResponse.getAdditionalProperties().put(
                                Relationship.class.getName(), relationship);
                    }
                }
                if (relationship == null || relationship.getType().equals(Relationship.FED_TYPE_IDENTITY)) {
                    // federate identity
                    IdentityMapper identityMapper = null;
                    if (relationship == null) {
                        identityMapper = stsProperties.getIdentityMapper();
                    } else {
                        identityMapper = relationship.getIdentityMapper();
                    }
                    if (identityMapper != null) {
                        Principal targetPrincipal =
                            identityMapper.mapPrincipal(sourceRealm, responsePrincipal, targetRealm);
                        validatedToken.setPrincipal(targetPrincipal);
                    } else {
                        LOG.log(Level.SEVERE,
                                "No IdentityMapper configured in STSProperties or Relationship");
                        throw new STSException("Error in providing a token", STSException.REQUEST_FAILED);
                    }
                } else if (relationship.getType().equals(Relationship.FED_TYPE_CLAIMS)) {
                    // federate claims
                    // Claims are transformed at the time when the claims are required to create a token
                    // (ex. ClaimsAttributeStatementProvider)
                    // principal remains unchanged                           
   
                } else  {
                    LOG.log(Level.SEVERE, "Unkown federation type: " + relationship.getType());
                    throw new STSException("Error in providing a token", STSException.BAD_REQUEST);
                }
            }
        }
    }
View Full Code Here
446
447
448
449
450
451
452
453
454
455
456
        addService(issueOperation);
       
        // Add Relationship list
        List<Relationship> relationshipList = new ArrayList<Relationship>();
        Relationship rs = createRelationship();
        relationshipList.add(rs);
       
        // Add STSProperties object
        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
        STSPropertiesMBean stsProperties = createSTSPropertiesMBean(crypto);
View Full Code Here
594
595
596
597
598
599
600
601
602
603
604
605
606
        addService(issueOperation);
       
        // Add Relationship list
        List<Relationship> relationshipList = new ArrayList<Relationship>();
        Relationship rs = createRelationship();
        rs.setType(Relationship.FED_TYPE_IDENTITY);
        rs.setIdentityMapper(new CustomIdentityMapper());
        relationshipList.add(rs);
       
        // Add STSProperties object
        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
        STSPropertiesMBean stsProperties = createSTSPropertiesMBean(crypto);
View Full Code Here
695
696
697
698
699
700
701
702
703
704
705
706
707
        assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
    }
   

    private Relationship createRelationship() {
        Relationship rs = new Relationship();
        ClaimsMapper claimsMapper = new CustomClaimsMapper();
        rs.setClaimsMapper(claimsMapper);
        rs.setSourceRealm("A");
        rs.setTargetRealm("B");
        rs.setType(Relationship.FED_TYPE_CLAIMS);
        return rs;
    }
View Full Code Here
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
            return returnedClaims;
        }
    }
   
    public ClaimCollection retrieveClaimValues(RequestClaimCollection claims, ClaimsParameters parameters) {
        Relationship relationship = null;
        if (parameters.getAdditionalProperties() != null) {
            relationship = (Relationship)parameters.getAdditionalProperties().get(
                    Relationship.class.getName());
        }
       
        if (claims == null || claims.size() == 0) {
            return null;
        }
        if (relationship == null || relationship.getType().equals(Relationship.FED_TYPE_IDENTITY)) {
            // Federate identity. Identity already mapped.
            // Call all configured claims handlers to retrieve the required claims
            if (claimHandlers == null || claimHandlers.size() == 0) {
                return null;
            }
            Principal originalPrincipal = parameters.getPrincipal();
            ClaimCollection returnCollection = new ClaimCollection();
            for (ClaimsHandler handler : claimHandlers) {
               
                RequestClaimCollection supportedClaims =
                    filterHandlerClaims(claims, handler.getSupportedClaimTypes());
                if (supportedClaims.isEmpty()) {
                    continue;
                }
               
                if (handler instanceof RealmSupport) {
                    RealmSupport handlerRealmSupport = (RealmSupport)handler;
                    // Check whether the handler supports the current realm
                    if (handlerRealmSupport.getSupportedRealms() != null
                            && handlerRealmSupport.getSupportedRealms().size() > 0
                            && handlerRealmSupport.getSupportedRealms().indexOf(parameters.getRealm()) == -1) {
                        if (LOG.isLoggable(Level.FINER)) {
                            LOG.finer("Handler '" + handler.getClass().getName() + "' doesn't support"
                                    + " realm '" + parameters.getRealm()  + "'");
                        }
                        continue;
                    }
                   
                    // If handler realm is configured and different from current realm
                    // do an identity mapping
                    if (handlerRealmSupport.getHandlerRealm() != null
                            && !handlerRealmSupport.getHandlerRealm().equalsIgnoreCase(parameters.getRealm())) {
                        Principal targetPrincipal = null;
                        try {
                            if (LOG.isLoggable(Level.FINE)) {
                                LOG.fine("Mapping user '" + parameters.getPrincipal().getName()
                                        + "' [" + parameters.getRealm() + "] to realm '"
                                        + handlerRealmSupport.getHandlerRealm() + "'");
                            }
                            targetPrincipal = doMapping(parameters.getRealm(), parameters.getPrincipal(),
                                    handlerRealmSupport.getHandlerRealm());
                        } catch (Exception ex) {
                            LOG.log(Level.WARNING, "Failed to map user '" + parameters.getPrincipal().getName()
                                    + "' [" + parameters.getRealm() + "] to realm '"
                                    + handlerRealmSupport.getHandlerRealm() + "'", ex);
                            throw new STSException("Failed to map user for claims handler",
                                    STSException.REQUEST_FAILED);
                        }
                       
                        if (targetPrincipal == null) {
                            LOG.log(Level.WARNING, "Null. Failed to map user '" + parameters.getPrincipal().getName()
                                    + "' [" + parameters.getRealm() + "] to realm '"
                                    + handlerRealmSupport.getHandlerRealm() + "'");
                            throw new STSException("Failed to map user for claims handler",
                                    STSException.REQUEST_FAILED);
                        }
                        if (LOG.isLoggable(Level.INFO)) {
                            LOG.info("Principal '" + targetPrincipal.getName()
                                    + "' passed to handler '" + handler.getClass().getName() + "'");
                        }
                        parameters.setPrincipal(targetPrincipal);
                    } else {
                        if (LOG.isLoggable(Level.FINER)) {
                            LOG.finer("Handler '" + handler.getClass().getName() + "' doesn't require"
                                    + " identity mapping '" + parameters.getRealm()  + "'");
                        }
                       
                    }
                }
               
                ClaimCollection claimCollection = null;
                try {
                    claimCollection = handler.retrieveClaimValues(supportedClaims, parameters);
                } catch (RuntimeException ex) {
                    LOG.log(Level.INFO, "Failed retrieving claims from ClaimsHandler "
                            + handler.getClass().getName(), ex);
                    if (this.isStopProcessingOnException()) {
                        throw ex;
                    }
                } finally {
                    // set original principal again, otherwise wrong principal passed to next claim handler in the list
                    // if no mapping required or wrong source principal used for next identity mapping
                    parameters.setPrincipal(originalPrincipal);
                }
               
                if (claimCollection != null && claimCollection.size() != 0) {
                    returnCollection.addAll(claimCollection);
                }
            }
            validateClaimValues(claims, returnCollection);
            return returnCollection;
           
        } else {
            // Federate claims
            ClaimsMapper claimsMapper = relationship.getClaimsMapper();
            if (claimsMapper == null) {
                LOG.log(Level.SEVERE, "ClaimsMapper required to federate claims but not configured.");
                throw new STSException("ClaimsMapper required to federate claims but not configured",
                                       STSException.BAD_REQUEST);
            }
           
            // Get the claims of the received token (only SAML supported)
            // Consider refactoring to use a CallbackHandler and keep ClaimsManager token independent
            AssertionWrapper assertion =
                (AssertionWrapper)parameters.getAdditionalProperties().get(AssertionWrapper.class.getName());
            List<Claim> claimList = null;
            if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
                claimList = this.parseClaimsInAssertion(assertion.getSaml2());
            } else {
                claimList = this.parseClaimsInAssertion(assertion.getSaml1());
            }
            ClaimCollection sourceClaims = new ClaimCollection();
            sourceClaims.addAll(claimList);
           
            ClaimCollection targetClaims = claimsMapper.mapClaims(relationship.getSourceRealm(),
                    sourceClaims, relationship.getTargetRealm(), parameters);
            validateClaimValues(claims, targetClaims);
            return targetClaims;
        }

    }
View Full Code Here
351
352
353
354
355
356
357
358
359
360
361
        service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
        validateOperation.setServices(Collections.singletonList(service));
       
        // Add Relationship list
        List<Relationship> relationshipList = new ArrayList<Relationship>();
        Relationship rs = createRelationship();
        relationshipList.add(rs);
       
        // Add STSProperties object
        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
        STSPropertiesMBean stsProperties = createSTSPropertiesMBean(crypto);
View Full Code Here
575
576
577
578
579
580
581
582
583
584
585
586
587
        service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
        validateOperation.setServices(Collections.singletonList(service));
       
        // Add Relationship list
        List<Relationship> relationshipList = new ArrayList<Relationship>();
        Relationship rs = createRelationship();
        rs.setType(Relationship.FED_TYPE_IDENTITY);
        rs.setIdentityMapper(new CustomIdentityMapper());
        relationshipList.add(rs);
       
        // Add STSProperties object
        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
        STSPropertiesMBean stsProperties = createSTSPropertiesMBean(crypto);
View Full Code Here
690
691
692
693
694
695
696
697
698
699
700
701
702
            }
        };
    }
   
    private Relationship createRelationship() {
        Relationship rs = new Relationship();
        ClaimsMapper claimsMapper = new CustomClaimsMapper();
        rs.setClaimsMapper(claimsMapper);
        rs.setSourceRealm("A");
        rs.setTargetRealm("B");
        rs.setType(Relationship.FED_TYPE_CLAIMS);
        return rs;
    }
View Full Code Here
446
447
448
449
450
451
452
453
454
455
456
        addService(issueOperation);
       
        // Add Relationship list
        List<Relationship> relationshipList = new ArrayList<Relationship>();
        Relationship rs = createRelationship();
        relationshipList.add(rs);
       
        // Add STSProperties object
        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
        STSPropertiesMBean stsProperties = createSTSPropertiesMBean(crypto);
View Full Code Here
594
595
596
597
598
599
600
601
602
603
604
605
606
        addService(issueOperation);
       
        // Add Relationship list
        List<Relationship> relationshipList = new ArrayList<Relationship>();
        Relationship rs = createRelationship();
        rs.setType(Relationship.FED_TYPE_IDENTITY);
        rs.setIdentityMapper(new CustomIdentityMapper());
        relationshipList.add(rs);
       
        // Add STSProperties object
        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
        STSPropertiesMBean stsProperties = createSTSPropertiesMBean(crypto);
View Full Code Here
TOP

Related Classes of org.apache.cxf.sts.token.realm.Relationship

  • org.apache.cxf.sts.claims.ClaimsManager
  • org.apache.cxf.sts.operation.AbstractOperation
  • org.apache.cxf.sts.operation.IssueSamlClaimsUnitTest
  • org.apache.cxf.sts.operation.ValidateTokenTransformationUnitTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.