Java Code Examples for org.opensaml.core.xml.XMLObject#getDOM()
The following examples show how to use
org.opensaml.core.xml.XMLObject#getDOM() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SamlMessageUtil.java From armeria with Apache License 2.0 | 6 votes |
|
static Element serialize(XMLObject message) {
requireNonNull(message, "message");
if (message.getDOM() != null) {
// Return cached DOM if it exists.
return message.getDOM();
}
final Marshaller marshaller =
XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(message);
if (marshaller == null) {
throw new SamlException("failed to serialize a SAML object into an XML document, " +
"no serializer registered for message object: " +
message.getElementQName());
}
try {
return marshaller.marshall(message);
} catch (MarshallingException e) {
throw new SamlException("failed to serialize a SAML object into an XML document", e);
}
}
Example 2
| Source File: ActAsValidator.java From cxf with Apache License 2.0 | 5 votes |
|
@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
Credential validatedCredential = super.validate(credential, data);
SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
Assertion saml2Assertion = assertion.getSaml2();
if (saml2Assertion == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
// The technical user should be in the Subject
Subject subject = saml2Assertion.getSubject();
if (subject == null || subject.getNameID() == null
|| !subject.getNameID().getValue().contains("www.client.com")) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
for (AttributeStatement statement : attributeStatements) {
List<Attribute> attributes = statement.getAttributes();
for (Attribute attribute : attributes) {
if (!"CustomActAs".equals(attribute.getName()) && !"ActAs".equals(attribute.getName())) {
continue;
}
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if (text.contains("alice") || text.contains("bob")) {
return validatedCredential;
}
}
}
}
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Example 3
| Source File: ClaimsValidator.java From cxf with Apache License 2.0 | 5 votes |
|
private boolean handleSAML1Assertion(
org.opensaml.saml.saml1.core.Assertion assertion
) throws WSSecurityException {
List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements =
assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) {
List<org.opensaml.saml.saml1.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml.saml1.core.Attribute attribute : attributes) {
if (!ClaimTypes.URI_BASE.toString().equals(attribute.getAttributeNamespace())) {
continue;
}
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if (!"admin-user".equals(text)) {
return false;
}
}
}
}
return true;
}
Example 4
| Source File: ClaimsValidator.java From cxf with Apache License 2.0 | 5 votes |
|
private boolean handleSAML2Assertion(
org.opensaml.saml.saml2.core.Assertion assertion
) throws WSSecurityException {
List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements =
assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) {
List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
if (!attribute.getName().startsWith(ClaimTypes.URI_BASE.toString())) {
continue;
}
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if (!"admin-user".equals(text)) {
return false;
}
}
}
}
return true;
}
Example 5
| Source File: StaxClaimsValidator.java From cxf with Apache License 2.0 | 5 votes |
|
private boolean handleSAML1Assertion(
org.opensaml.saml.saml1.core.Assertion assertion
) throws WSSecurityException {
List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements =
assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) {
List<org.opensaml.saml.saml1.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml.saml1.core.Attribute attribute : attributes) {
if (!ClaimTypes.URI_BASE.toString().equals(attribute.getAttributeNamespace())) {
continue;
}
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if (!"admin-user".equals(text)) {
return false;
}
}
}
}
return true;
}
Example 6
| Source File: StaxClaimsValidator.java From cxf with Apache License 2.0 | 5 votes |
|
private boolean handleSAML2Assertion(
org.opensaml.saml.saml2.core.Assertion assertion
) throws WSSecurityException {
List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements =
assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) {
List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
if (!attribute.getName().startsWith(ClaimTypes.URI_BASE.toString())) {
continue;
}
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if (!"admin-user".equals(text)) {
return false;
}
}
}
}
return true;
}
Example 7
| Source File: ClaimsManager.java From cxf with Apache License 2.0 | 5 votes |
|
protected List<ProcessedClaim> parseClaimsInAssertion(org.opensaml.saml.saml2.core.Assertion assertion) {
List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements =
assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest("No attribute statements found");
}
return Collections.emptyList();
}
List<ProcessedClaim> collection = new ArrayList<>();
for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) {
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest("parsing statement: " + statement.getElementQName());
}
List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest("parsing attribute: " + attribute.getName());
}
ProcessedClaim c = new ProcessedClaim();
c.setClaimType(URI.create(attribute.getName()));
c.setIssuer(assertion.getIssuer().getNameQualifier());
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String value = attributeValueElement.getTextContent();
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest(" [" + value + "]");
}
c.addValue(value);
}
collection.add(c);
}
}
return collection;
}
Example 8
| Source File: ClaimsManager.java From cxf with Apache License 2.0 | 4 votes |
|
protected List<ProcessedClaim> parseClaimsInAssertion(org.opensaml.saml.saml1.core.Assertion assertion) {
List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements =
assertion.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest("No attribute statements found");
}
return Collections.emptyList();
}
ProcessedClaimCollection collection = new ProcessedClaimCollection();
for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) {
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest("parsing statement: " + statement.getElementQName());
}
List<org.opensaml.saml.saml1.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml.saml1.core.Attribute attribute : attributes) {
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest("parsing attribute: " + attribute.getAttributeName());
}
ProcessedClaim c = new ProcessedClaim();
c.setIssuer(assertion.getIssuer());
c.setClaimType(URI.create(attribute.getAttributeName()));
try {
c.setClaimType(new URI(attribute.getAttributeName()));
} catch (URISyntaxException e) {
LOG.warning("Invalid attribute name in attributestatement: " + e.getMessage());
continue;
}
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String value = attributeValueElement.getTextContent();
if (LOG.isLoggable(Level.FINEST)) {
LOG.finest(" [" + value + "]");
}
c.addValue(value);
}
collection.add(c);
}
}
return collection;
}
Example 9
| Source File: SAMLProviderActAsTest.java From cxf with Apache License 2.0 | 4 votes |
|
/**
* Create a default Saml1 Bearer Assertion with ActAs from a UsernameToken
*/
@org.junit.Test
public void testDefaultSaml1ActAsUsernameToken() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
UsernameTokenType usernameToken = new UsernameTokenType();
AttributedString username = new AttributedString();
username.setValue("bob");
usernameToken.setUsername(username);
JAXBElement<UsernameTokenType> usernameTokenType =
new JAXBElement<UsernameTokenType>(
QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken
);
TokenProviderParameters providerParameters =
createProviderParameters(
WSS4JConstants.WSS_SAML_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, usernameTokenType
);
//Principal must be set in ReceivedToken/ActAs
providerParameters.getTokenRequirements().getActAs().setPrincipal(
new CustomTokenPrincipal(username.getValue()));
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
// Verify the token
Element token = (Element)providerResponse.getToken();
SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
Assert.assertEquals("technical-user", assertion.getSubjectName());
boolean foundActAsAttribute = false;
for (org.opensaml.saml.saml1.core.AttributeStatement attributeStatement
: assertion.getSaml1().getAttributeStatements()) {
for (org.opensaml.saml.saml1.core.Attribute attribute : attributeStatement.getAttributes()) {
if ("ActAs".equals(attribute.getAttributeName())) {
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if (text.contains("bob")) {
foundActAsAttribute = true;
break;
}
}
}
}
}
assertTrue(foundActAsAttribute);
}
Example 10
| Source File: SAMLProviderActAsTest.java From cxf with Apache License 2.0 | 4 votes |
|
/**
* Create a default Saml2 Bearer Assertion with ActAs from a SAML Assertion
*/
@org.junit.Test
public void testDefaultSaml2ActAsAssertion() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
String user = "bob";
Element saml1Assertion = getSAMLAssertion();
TokenProviderParameters providerParameters =
createProviderParameters(
WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, saml1Assertion
);
//Principal must be set in ReceivedToken/ActAs
providerParameters.getTokenRequirements().getActAs().setPrincipal(
new CustomTokenPrincipal(user));
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
// Verify the token
Element token = (Element)providerResponse.getToken();
SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
Assert.assertEquals("technical-user", assertion.getSubjectName());
boolean foundActAsAttribute = false;
for (org.opensaml.saml.saml2.core.AttributeStatement attributeStatement
: assertion.getSaml2().getAttributeStatements()) {
for (org.opensaml.saml.saml2.core.Attribute attribute : attributeStatement.getAttributes()) {
if ("ActAs".equals(attribute.getName())) {
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if (text.contains("bob")) {
foundActAsAttribute = true;
break;
}
}
}
}
}
assertTrue(foundActAsAttribute);
}
Example 11
| Source File: SAMLProviderActAsTest.java From cxf with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testSAML2ActAsUsernameTokenClaims() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
UsernameTokenType usernameToken = new UsernameTokenType();
AttributedString username = new AttributedString();
username.setValue("bob");
usernameToken.setUsername(username);
JAXBElement<UsernameTokenType> usernameTokenType =
new JAXBElement<UsernameTokenType>(
QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken
);
TokenProviderParameters providerParameters =
createProviderParameters(
WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, usernameTokenType
);
//Principal must be set in ReceivedToken/ActAs
providerParameters.getTokenRequirements().getActAs().setPrincipal(
new CustomTokenPrincipal(username.getValue()));
// Add Claims
ClaimsManager claimsManager = new ClaimsManager();
ClaimsHandler claimsHandler = new CustomClaimsHandler();
claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
providerParameters.setClaimsManager(claimsManager);
ClaimCollection claims = createClaims();
providerParameters.setRequestedPrimaryClaims(claims);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
// Verify the token
Element token = (Element)providerResponse.getToken();
SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
Assert.assertEquals("technical-user", assertion.getSubjectName());
boolean foundActAsAttribute = false;
for (org.opensaml.saml.saml2.core.AttributeStatement attributeStatement
: assertion.getSaml2().getAttributeStatements()) {
for (org.opensaml.saml.saml2.core.Attribute attribute : attributeStatement.getAttributes()) {
if ("ActAs".equals(attribute.getName())) {
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if (text.contains("bob")) {
foundActAsAttribute = true;
break;
}
}
}
}
}
assertTrue(foundActAsAttribute);
// Check that claims are also present
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains(ClaimTypes.EMAILADDRESS.toString()));
assertTrue(tokenString.contains(ClaimTypes.FIRSTNAME.toString()));
assertTrue(tokenString.contains(ClaimTypes.LASTNAME.toString()));
}
Example 12
| Source File: STSAuthenticationProvider.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
protected List<Claim> parseClaimsInAssertion(org.opensaml.saml.saml2.core.Assertion assertion) {
List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion
.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
LOG.debug("No attribute statements found");
return Collections.emptyList();
}
List<Claim> collection = new ArrayList<>();
Map<String, Claim> claimsMap = new HashMap<>();
for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) {
LOG.debug("parsing statement: {}", statement.getElementQName());
List<org.opensaml.saml.saml2.core.Attribute> attributes = statement.getAttributes();
for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
LOG.debug("parsing attribute: {}", attribute.getName());
Claim c = new Claim();
// Workaround for CXF-4484
// Value of Attribute Name not fully qualified
// if NameFormat is http://schemas.xmlsoap.org/ws/2005/05/identity/claims
// but ClaimType value must be fully qualified as Namespace attribute goes away
URI attrName = URI.create(attribute.getName());
if (ClaimTypes.URI_BASE.toString().equals(attribute.getNameFormat())
&& !attrName.isAbsolute()) {
c.setClaimType(URI.create(ClaimTypes.URI_BASE + "/" + attribute.getName()));
} else {
c.setClaimType(URI.create(attribute.getName()));
}
c.setIssuer(assertion.getIssuer().getNameQualifier());
List<String> valueList = new ArrayList<>();
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String value = attributeValueElement.getTextContent();
LOG.debug(" [{}]", value);
valueList.add(value);
}
mergeClaimToMap(claimsMap, c, valueList);
}
}
collection.addAll(claimsMap.values());
return collection;
}
Example 13
| Source File: SAMLTokenValidator.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
protected List<Claim> parseClaimsInAssertion(
org.opensaml.saml.saml1.core.Assertion assertion) {
List<org.opensaml.saml.saml1.core.AttributeStatement> attributeStatements = assertion
.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
LOG.debug("No attribute statements found");
return Collections.emptyList();
}
List<Claim> collection = new ArrayList<>();
Map<String, Claim> claimsMap = new HashMap<>();
for (org.opensaml.saml.saml1.core.AttributeStatement statement : attributeStatements) {
LOG.debug("parsing statement: {}", statement.getElementQName());
List<org.opensaml.saml.saml1.core.Attribute> attributes = statement
.getAttributes();
for (org.opensaml.saml.saml1.core.Attribute attribute : attributes) {
LOG.debug("parsing attribute: {}", attribute.getAttributeName());
Claim c = new Claim();
c.setIssuer(assertion.getIssuer());
if (attribute.getAttributeNamespace() != null) {
URI attrName = parseAttributeName(attribute.getAttributeName());
if (attrName.isAbsolute()) {
// Workaround for CXF-4484
c.setClaimType(attrName);
if (attribute.getAttributeName().startsWith(attribute.getAttributeNamespace())) {
LOG.info("AttributeName fully qualified '" + attribute.getAttributeName()
+ "' but does match with AttributeNamespace '"
+ attribute.getAttributeNamespace() + "'");
} else {
LOG.warn("AttributeName fully qualified '" + attribute.getAttributeName()
+ "' but does NOT match with AttributeNamespace (ignored) '"
+ attribute.getAttributeNamespace() + "'");
}
} else {
if (attribute.getAttributeNamespace().endsWith("/")) {
c.setClaimType(URI.create(attribute.getAttributeNamespace()
+ attrName.toString()));
} else {
c.setClaimType(URI.create(attribute.getAttributeNamespace()
+ "/" + attrName.toString()));
}
}
} else {
c.setClaimType(parseAttributeName(attribute.getAttributeName()));
}
List<String> valueList = new ArrayList<>();
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String value = attributeValueElement.getTextContent();
LOG.debug(" [{}]", value);
valueList.add(value);
}
mergeClaimToMap(claimsMap, c, valueList);
}
}
collection.addAll(claimsMap.values());
return collection;
}
Example 14
| Source File: SAMLTokenValidator.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
protected List<Claim> parseClaimsInAssertion(
org.opensaml.saml.saml2.core.Assertion assertion) {
List<org.opensaml.saml.saml2.core.AttributeStatement> attributeStatements = assertion
.getAttributeStatements();
if (attributeStatements == null || attributeStatements.isEmpty()) {
LOG.debug("No attribute statements found");
return Collections.emptyList();
}
List<Claim> collection = new ArrayList<>();
Map<String, Claim> claimsMap = new HashMap<>();
for (org.opensaml.saml.saml2.core.AttributeStatement statement : attributeStatements) {
LOG.debug("parsing statement: {}", statement.getElementQName());
List<org.opensaml.saml.saml2.core.Attribute> attributes = statement
.getAttributes();
for (org.opensaml.saml.saml2.core.Attribute attribute : attributes) {
LOG.debug("parsing attribute: {}", attribute.getName());
Claim c = new Claim();
// Workaround for CXF-4484
// Value of Attribute Name not fully qualified
// if NameFormat is http://schemas.xmlsoap.org/ws/2005/05/identity/claims
// but ClaimType value must be fully qualified as Namespace attribute goes away
URI attrName = parseAttributeName(attribute.getName());
if (ClaimTypes.URI_BASE.toString().equals(attribute.getNameFormat())
&& !attrName.isAbsolute()) {
c.setClaimType(URI.create(ClaimTypes.URI_BASE + "/" + attrName.toString()));
} else {
c.setClaimType(attrName);
}
c.setIssuer(assertion.getIssuer().getNameQualifier());
List<String> valueList = new ArrayList<>();
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String value = attributeValueElement.getTextContent();
LOG.debug(" [{}]", value);
valueList.add(value);
}
mergeClaimToMap(claimsMap, c, valueList);
}
}
collection.addAll(claimsMap.values());
return collection;
}
