Examples of org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType

• org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType

  Java class for XACMLAuthzDecisionStatementType complex type.

  The following schema fragment specifies the expected content contained within this class.

   <complexType name="XACMLAuthzDecisionStatementType"> <complexContent> <extension base="{urn:oasis:names:tc:SAML:2.0:assertion}StatementAbstractType"> <sequence> <element ref="{urn:oasis:names:tc:xacml:2.0:context:schema:os}Response"/> <element ref="{urn:oasis:names:tc:xacml:2.0:context:schema:os}Request" minOccurs="0"/> </sequence> </extension> </complexContent> </complexType> 

    * @param roleName
    * @return
    */
   public static AttributeType createAttributeForRole(String roleName)
   {
      AttributeType att = assertionObjectFactory.createAttributeType();
      att.setFriendlyName("role");
      att.setName("role");
      att.setNameFormat(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_BASIC.get());

      //rolename
      att.getAttributeValue().add(roleName);

      return att;
   }

    * @return
    */
   public static AttributeStatementType createAttributeStatement(String attributeValue)
   {
      AttributeStatementType attribStatement = assertionObjectFactory.createAttributeStatementType();
      AttributeType att = assertionObjectFactory.createAttributeType();
      JAXBElement<Object> attValue = assertionObjectFactory.createAttributeValue(attributeValue);
      att.getAttributeValue().add(attValue);
      attribStatement.getAttributeOrEncryptedAttribute().add(att);
      return attribStatement;
   }

         {
            //Deal with the X500 Profile of SAML2
            attrStatement = JBossSAMLBaseFactory.createAttributeStatement();
            i++;
         }
         AttributeType att = getX500Attribute();

         Object value = attributes.get(key);

         if(AttributeConstants.EMAIL_ADDRESS.equals(key))
         {
            att.setFriendlyName(X500SAMLProfileConstants.EMAIL_ADDRESS.getFriendlyName());
            att.setName(X500SAMLProfileConstants.EMAIL_ADDRESS.get());
         }
         else if(AttributeConstants.EMPLOYEE_NUMBER.equals(key))
         {
            att.setFriendlyName(X500SAMLProfileConstants.EMPLOYEE_NUMBER.getFriendlyName());
            att.setName(X500SAMLProfileConstants.EMPLOYEE_NUMBER.get());
         }
         else if(AttributeConstants.GIVEN_NAME.equals(key))
         {
            att.setFriendlyName(X500SAMLProfileConstants.GIVENNAME.getFriendlyName());
            att.setName(X500SAMLProfileConstants.GIVENNAME.get());
         }
         else if(AttributeConstants.TELEPHONE.equals(key))
         {
            att.setFriendlyName(X500SAMLProfileConstants.TELEPHONE.getFriendlyName());
            att.setName(X500SAMLProfileConstants.TELEPHONE.get());
         }
         att.getAttributeValue().add(value);
         attrStatement.getAttributeOrEncryptedAttribute().add(att);
      }
      return attrStatement;
   }

      return attrStatement;
   }

   private static AttributeType getX500Attribute()
   {
      AttributeType att = factory.createAttributeType();
      att.getOtherAttributes().put(X500_QNAME, "LDAP");

      att.setNameFormat(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get());
      return att;
   }

    */
   private void issueToken(WSTrustRequestContext context, String assertionID) throws WSTrustException
   {
      // lifetime and audience restrictions.
      Lifetime lifetime = context.getRequestSecurityToken().getLifetime();
      AudienceRestrictionType restriction = null;
      AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
      if (appliesTo != null)
         restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo));
      ConditionsType conditions = SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(),
            restriction);

      Lifetime lifetime = context.getRequestSecurityToken().getLifetime();
      AudienceRestrictionType restriction = null;
      AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
      if (appliesTo != null)
         restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo));
      ConditionsType conditions = SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(),
            restriction);

      // TODO: implement support for the other confirmation methods.
      String confirmationMethod = SAMLUtil.SAML2_BEARER_URI;
      SubjectConfirmationType subjectConfirmation = SAMLAssertionFactory.createSubjectConfirmation(null,

   {
      XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
      if(issueInstant == null)
         throw new IssueInstantMissingException("assertion does not have issue instant");
      XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis);
      ConditionsType conditionsType = JBossSAMLBaseFactory.getObjectFactory().createConditionsType();
      conditionsType.setNotBefore(issueInstant);
      conditionsType.setNotOnOrAfter(assertionValidityLength);

      assertion.setConditions(conditionsType);
   }

    * @throws ConfigurationException
    */
   public static boolean hasExpired(AssertionType assertion) throws ConfigurationException
   {
      //Check for validity of assertion
      ConditionsType conditionsType = assertion.getConditions();
      if(conditionsType != null)
      {
         XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
         XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
         XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
         if(trace) log.trace("Now="+now.toXMLFormat() + " ::notBefore="+notBefore.toXMLFormat()
               + "::notOnOrAfter="+notOnOrAfter);
         return !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter);
      }
      //TODO: if conditions do not exist, assume the assertion to be everlasting?

            Element encAssertion = XMLEncryptionUtil.encryptElementInDocument(responseDoc,
                            publicKey, sk, keyLength, assertionQName, true);


            EncryptedElementType eet = saml2Response.getEncryptedAssertion(DocumentUtil.getNodeAsStream(encAssertion));
            responseType.getAssertionOrEncryptedAssertion().set(0, eet);
         }
         catch (MalformedURLException e)
         {
            // TODO Auto-generated catch block

      try
      {
         SAML2Response saml2Response = new SAML2Response();
         PrivateKey privateKey = keyManager.getSigningKey();

         EncryptedElementType myEET = (EncryptedElementType) responseType.getAssertionOrEncryptedAssertion().get(0);
         Document eetDoc = saml2Response.convert(myEET);

         Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(eetDoc,privateKey);

         //Let us use the encrypted doc element to decrypt it