Java Code Examples for org.apache.wss4j.common.saml.bean.AuthenticationStatementBean

The following examples show how to use org.apache.wss4j.common.saml.bean.AuthenticationStatementBean. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: syncope   Source File: SAML2CallbackHandler.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof SAMLCallback) {
            SAMLCallback samlCallback = (SAMLCallback) callback;
            samlCallback.setSamlVersion(Version.SAML_20);
            samlCallback.setIssuer(issuer);
            if (conditions != null) {
                samlCallback.setConditions(conditions);
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, subjectConfirmationMethod);
            subjectBean.setSubjectConfirmationData(subjectConfirmationData);
            samlCallback.setSubject(subjectBean);
            AuthenticationStatementBean authBean = new AuthenticationStatementBean();
            authBean.setAuthenticationMethod("Password");
            samlCallback.setAuthenticationStatementData(List.of(authBean));
        } else {
            throw new UnsupportedCallbackException(callback, "Unrecognized Callback");
        }
    }
}
 
Example 2
Source Project: cxf   Source File: SamlCallbackHandler.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * For SAML 1.1 default to setting the SubjectBean on the statements if they
 * don't already have a Subject defined.
 */
private void setSubjectOnBeans() {
    if (attributeBeans != null) {
        for (AttributeStatementBean attributeBean : attributeBeans) {
            if (attributeBean.getSubject() == null) {
                attributeBean.setSubject(subjectBean);
            }
        }
    }
    if (authBeans != null) {
        for (AuthenticationStatementBean authBean : authBeans) {
            if (authBean.getSubject() == null) {
                authBean.setSubject(subjectBean);
            }
        }
    }
    if (authDecisionBeans != null) {
        for (AuthDecisionStatementBean authDecisionBean : authDecisionBeans) {
            if (authDecisionBean.getSubject() == null) {
                authDecisionBean.setSubject(subjectBean);
            }
        }
    }

}
 
Example 3
Source Project: cxf   Source File: CustomAuthenticationProvider.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Get an AuthenticationStatementBean using the given parameters.
 */
public AuthenticationStatementBean getStatement(TokenProviderParameters providerParameters) {
    AuthenticationStatementBean authBean = new AuthenticationStatementBean();

    SubjectLocalityBean subjectLocality = new SubjectLocalityBean();
    subjectLocality.setIpAddress("127.0.0.1");
    authBean.setSubjectLocality(subjectLocality);

    if (WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(
            providerParameters.getTokenRequirements().getTokenType())) {
        authBean.setAuthenticationMethod(SAML1Constants.AUTH_METHOD_X509);
    } else {
        authBean.setAuthenticationMethod(SAML2Constants.AUTH_CONTEXT_CLASS_REF_X509);
    }
    return authBean;
}
 
Example 4
Source Project: cxf-fediz   Source File: SAML2CallbackHandler.java    License: Apache License 2.0 6 votes vote down vote up
private void createAndSetStatement(SAMLCallback callback) {
    AuthenticationStatementBean authBean = new AuthenticationStatementBean();
    authBean.setAuthenticationMethod("Password");
    callback.setAuthenticationStatementData(Collections.singletonList(authBean));

    // Add roles for certain users
    List<Object> roles = new ArrayList<>();
    if ("alice".equals(subjectName)) {
        roles.add("boss");
        roles.add("employee");
        roles.add("User");
    } else if ("bob".equals(subjectName)) {
        roles.add("employee");
    }

    if (!roles.isEmpty()) {
        AttributeStatementBean attrBean = new AttributeStatementBean();
        AttributeBean attributeBean = new AttributeBean();
        attributeBean.setQualifiedName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
        attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
        attributeBean.setAttributeValues(roles);

        attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
        callback.setAttributeStatementData(Collections.singletonList(attrBean));
    }
}
 
Example 5
Source Project: cxf-fediz   Source File: SAML2CallbackHandler.java    License: Apache License 2.0 5 votes vote down vote up
private void createAndSetStatement(SAMLCallback callback) {
    AuthenticationStatementBean authBean = new AuthenticationStatementBean();
    authBean.setAuthenticationMethod("Password");
    callback.setAuthenticationStatementData(Collections.singletonList(authBean));

    if (attributeStatements != null && !attributeStatements.isEmpty()) {
        List<AttributeStatementBean> attrStatementBeans = new ArrayList<>();

        for (AttributeStatement attrStatement : attributeStatements) {
            AttributeStatementBean attrStatementBean = new AttributeStatementBean();
            List<AttributeBean> attrBeans = new ArrayList<>();

            for (Attribute attribute : attrStatement.getAttributes()) {
                AttributeBean attributeBean = new AttributeBean();
                attributeBean.setQualifiedName(attribute.getName());
                attributeBean.setNameFormat(attribute.getNameFormat());
                List<Object> attributeValues = new ArrayList<>();
                for (XMLObject attrVal : attribute.getAttributeValues()) {
                    attributeValues.add(attrVal.getDOM().getTextContent());
                }
                attributeBean.setAttributeValues(attributeValues);
                attrBeans.add(attributeBean);
            }
            attrStatementBean.setSamlAttributes(attrBeans);
            attrStatementBeans.add(attrStatementBean);
        }
        callback.setAttributeStatementData(attrStatementBeans);
    }
}
 
Example 6
Source Project: cxf   Source File: SamlCallbackHandler.java    License: Apache License 2.0 4 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    Message m = PhaseInterceptorChain.getCurrentMessage();

    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (saml2) {
                callback.setSamlVersion(Version.SAML_20);
            } else {
                callback.setSamlVersion(Version.SAML_11);
            }
            callback.setIssuer(issuer);

            String subject = m != null ? (String)m.getContextualProperty("saml.subject.name") : null;
            if (subject == null) {
                subject = subjectName;
            }
            String subjectQualifier = "www.mock-sts.com";
            SubjectBean subjectBean =
                new SubjectBean(
                    subject, subjectQualifier, confirmationMethod
                );
            callback.setSubject(subjectBean);

            ConditionsBean conditions = new ConditionsBean();

            AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
            audienceRestriction.setAudienceURIs(Collections.singletonList(audience));
            conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));

            callback.setConditions(conditions);

            AuthDecisionStatementBean authDecBean = new AuthDecisionStatementBean();
            authDecBean.setDecision(Decision.INDETERMINATE);
            authDecBean.setResource("https://sp.example.com/SAML2");
            authDecBean.setSubject(subjectBean);

            ActionBean actionBean = new ActionBean();
            actionBean.setContents("Read");
            authDecBean.setActions(Collections.singletonList(actionBean));
            callback.setAuthDecisionStatementData(Collections.singletonList(authDecBean));

            AuthenticationStatementBean authBean = new AuthenticationStatementBean();
            authBean.setSubject(subjectBean);
            authBean.setAuthenticationInstant(new DateTime());
            authBean.setSessionIndex("123456");
            authBean.setSubject(subjectBean);

            // AuthnContextClassRef is not set
            authBean.setAuthenticationMethod(
                    "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
            callback.setAuthenticationStatementData(
                Collections.singletonList(authBean));

            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);

            List<String> roles = m != null
                ? CastUtils.<String>cast((List<?>)m.getContextualProperty("saml.roles")) : null;
            if (roles == null) {
                roles = Collections.singletonList("user");
            }
            List<AttributeBean> claims = new ArrayList<>();
            AttributeBean roleClaim = new AttributeBean();
            roleClaim.setSimpleName("subject-role");
            roleClaim.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
            roleClaim.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
            roleClaim.setAttributeValues(new ArrayList<>(roles));
            claims.add(roleClaim);

            List<String> authMethods =
                m != null ? CastUtils.<String>cast((List<?>)m.getContextualProperty("saml.auth")) : null;
            if (authMethods == null) {
                authMethods = Collections.singletonList("password");
            }

            AttributeBean authClaim = new AttributeBean();
            authClaim.setSimpleName("http://claims/authentication");
            authClaim.setQualifiedName("http://claims/authentication");
            authClaim.setNameFormat("http://claims/authentication-format");
            authClaim.setAttributeValues(new ArrayList<>(authMethods));
            claims.add(authClaim);

            attrBean.setSamlAttributes(claims);
            callback.setAttributeStatementData(Collections.singletonList(attrBean));

            if (signAssertion) {
                try {
                    Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
                    callback.setIssuerCrypto(crypto);
                    callback.setIssuerKeyName(issuerKeyName);
                    callback.setIssuerKeyPassword(issuerKeyPassword);
                    callback.setSignAssertion(true);
                } catch (WSSecurityException e) {
                    throw new IOException(e);
                }
            }
        }
    }
}
 
Example 7
Source Project: cxf   Source File: SamlCallbackHandler.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * Set the list of AuthenticationStatementBeans.
 */
public void setAuthenticationBeans(List<AuthenticationStatementBean> authBeanList) {
    this.authBeans = authBeanList;
}
 
Example 8
Source Project: cxf   Source File: SubjectProviderParameters.java    License: Apache License 2.0 4 votes vote down vote up
public List<AuthenticationStatementBean> getAuthBeanList() {
    return authBeanList;
}
 
Example 9
Source Project: cxf   Source File: SubjectProviderParameters.java    License: Apache License 2.0 4 votes vote down vote up
public void setAuthBeanList(List<AuthenticationStatementBean> authBeanList) {
    this.authBeanList = authBeanList;
}
 
Example 10
Source Project: cxf   Source File: AbstractSAMLCallbackHandler.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * Note that the SubjectBean parameter should be null for SAML2.0
 */
protected void createAndSetStatement(SubjectBean subjectBean, SAMLCallback callback) {
    if (statement == Statement.AUTHN) {
        AuthenticationStatementBean authBean = new AuthenticationStatementBean();
        if (subjectBean != null) {
            authBean.setSubject(subjectBean);
        }
        if (subjectLocalityIpAddress != null || subjectLocalityDnsAddress != null) {
            SubjectLocalityBean subjectLocality = new SubjectLocalityBean();
            subjectLocality.setIpAddress(subjectLocalityIpAddress);
            subjectLocality.setDnsAddress(subjectLocalityDnsAddress);
            authBean.setSubjectLocality(subjectLocality);
        }
        authBean.setAuthenticationInstant(authnInstant);
        authBean.setSessionNotOnOrAfter(sessionNotOnOrAfter);
        authBean.setAuthenticationMethod("Password");
        callback.setAuthenticationStatementData(Collections.singletonList(authBean));
    } else if (statement == Statement.ATTR) {
        AttributeStatementBean attrBean = new AttributeStatementBean();
        AttributeBean attributeBean = new AttributeBean();
        if (subjectBean != null) {
            attrBean.setSubject(subjectBean);
            attributeBean.setSimpleName("role");
            attributeBean.setQualifiedName("http://custom-ns");
        } else {
            attributeBean.setQualifiedName("role");
        }
        if (customAttributeValues != null) {
            attributeBean.setAttributeValues(customAttributeValues);
        } else {
            attributeBean.addAttributeValue("user");
        }
        attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
        callback.setAttributeStatementData(Collections.singletonList(attrBean));
    } else {
        AuthDecisionStatementBean authzBean = new AuthDecisionStatementBean();
        if (subjectBean != null) {
            authzBean.setSubject(subjectBean);
        }
        ActionBean actionBean = new ActionBean();
        actionBean.setContents("Read");
        authzBean.setActions(Collections.singletonList(actionBean));
        authzBean.setResource("endpoint");
        authzBean.setDecision(AuthDecisionStatementBean.Decision.PERMIT);
        authzBean.setResource(resource);
        callback.setAuthDecisionStatementData(Collections.singletonList(authzBean));
    }
}
 
Example 11
Source Project: cxf   Source File: AuthenticationStatementProvider.java    License: Apache License 2.0 2 votes vote down vote up
/**
 * Get an AuthenticationStatementBean using the given parameters.
 */
AuthenticationStatementBean getStatement(TokenProviderParameters providerParameters);