/** * Extract roles from the given Claims */ public static Set<Principal> parseRolesFromClaims( ClaimCollection claims, String name, String nameFormat ) { String roleAttributeName = name; if (roleAttributeName == null) { roleAttributeName = SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT; } Set<Principal> roles = new HashSet<>(); for (Claim claim : claims) { if (claim instanceof SAMLClaim && ((SAMLClaim)claim).getName().equals(name) && (nameFormat == null || nameFormat.equals(((SAMLClaim)claim).getNameFormat()))) { for (Object claimValue : claim.getValues()) { if (claimValue instanceof String) { roles.add(new SimpleGroup((String)claimValue)); } } if (claim.getValues().size() > 1) { // Don't search for other attributes with the same name if > 1 claim value break; } } } return roles; }
/** * Return the set of User/Principal roles from the token. * @param principal the Principal associated with the token * @param subject the JAAS Subject associated with a successful validation of the token * @param token The JWTToken * @return the set of User/Principal roles from the token. */ public Set<Principal> parseRolesFromToken( Principal principal, Subject subject, JwtToken token ) { if (subject != null && useJaasSubject) { return super.parseRolesFromSubject(principal, subject); } Set<Principal> roles = null; if (roleClaim != null && token != null && token.getClaims().containsProperty(roleClaim)) { roles = new HashSet<>(); String role = token.getClaims().getStringProperty(roleClaim).trim(); for (String r : role.split(",")) { roles.add(new SimpleGroup(r)); } } else { roles = Collections.emptySet(); } return roles; }
/** * Return the set of User/Principal roles from the token. * @param principal the Principal associated with the token * @param subject the JAAS Subject associated with a successful validation of the token * @param token The JWTToken * @return the set of User/Principal roles from the token. */ public Set<Principal> parseRolesFromToken( Principal principal, Subject subject, JwtToken token ) { if (subject != null && useJaasSubject) { return super.parseRolesFromSubject(principal, subject); } Set<Principal> roles = null; if (roleClaim != null && token != null && token.getClaims().containsProperty(roleClaim)) { roles = new HashSet<>(); String role = token.getClaims().getStringProperty(roleClaim).trim(); for (String r : role.split(",")) { roles.add(new SimpleGroup(r)); } } else { roles = Collections.emptySet(); } return roles; }
protected Subject createSubject(String name, String password, boolean isDigest, String nonce, String created) throws SecurityException { Subject subject = new Subject(); // delegate to the external security system if possible // authenticate the user somehow subject.getPrincipals().add(new SimplePrincipal(name)); // add roles this user is in String roleName = "Alice".equals(name) ? "developers" : "pms"; subject.getPrincipals().add(new SimpleGroup(roleName, name)); subject.setReadOnly(); return subject; }
@Override protected Subject createSubject(String name, String password, boolean isDigest, String nonce, String created) throws SecurityException { Subject subject = new Subject(); // delegate to the external security system if possible String roleName = "Alice".equals(name) ? "developers" : "pms"; subject.getPrincipals().add(new SimplePrincipal(name)); subject.getPrincipals().add(new SimpleGroup(roleName, name)); subject.setReadOnly(); return subject; }
public int hashCode() { return getName().hashCode() + 37 * members.hashCode(); } }
@Override public boolean login() throws LoginException { NameCallback nameCallback = new NameCallback("User"); PasswordCallback passwordCallback = new PasswordCallback("Password", false); Callback[] callbacks = new Callback[] {nameCallback, passwordCallback}; try { this.callbackHandler.handle(callbacks); } catch (IOException | UnsupportedCallbackException e) { throw new LoginException(e.getMessage()); } String userName = nameCallback.getName(); String password = new String(passwordCallback.getPassword()); if (!TESTUSER.equals(userName)) { throw new LoginException("wrong username"); } if (!TESTPASS.equals(password)) { throw new LoginException("wrong password"); } subject.getPrincipals().add(new SimplePrincipal(userName)); subject.getPrincipals().add(new SimpleGroup(TESTGROUP)); return true; }
public int hashCode() { return getName().hashCode() + 37 * members.hashCode(); } }
protected Subject createSubject(String name, String password, boolean isDigest, String nonce, String created) throws SecurityException { Subject subject = new Subject(); // delegate to the external security system if possible // authenticate the user somehow subject.getPrincipals().add(new SimplePrincipal(name)); // add roles this user is in String roleName = "Alice".equals(name) ? "developers" : "pms"; String expectedPassword = "Alice".equals(name) ? "ecilA" : UsernameToken.doPasswordDigest(nonce, created, "invalid-password"); if (!password.equals(expectedPassword)) { throw new SecurityException("Wrong Password"); } subject.getPrincipals().add(new SimpleGroup(roleName, name)); subject.setReadOnly(); return subject; }
public int hashCode() { return getName().hashCode() + 37 * members.hashCode(); } }
@SuppressWarnings("unchecked") @Override public <T extends UsernameSecurityToken & InboundSecurityToken> T validate( UsernameTokenType usernameTokenType, TokenContext tokenContext) throws WSSecurityException { UsernameSecurityTokenImpl token = super.</*fake @see above*/UsernameSecurityTokenImpl>validate(usernameTokenType, tokenContext); Subject subject = new Subject(); subject.getPrincipals().add(token.getPrincipal()); if ("Alice".equals(token.getUsername())) { subject.getPrincipals().add(new SimpleGroup("manager", token.getUsername())); } subject.getPrincipals().add(new SimpleGroup("worker", token.getUsername())); token.setSubject(subject); return (T)token; } }
public int hashCode() { return getName().hashCode() + 37 * members.hashCode(); } }
public JwtTokenSecurityContext(JwtToken jwt, String roleClaim) { principal = new SimplePrincipal(jwt.getClaims().getSubject()); this.token = jwt; if (roleClaim != null && jwt.getClaims().containsProperty(roleClaim)) { roles = new HashSet<>(); String role = jwt.getClaims().getStringProperty(roleClaim).trim(); for (String r : role.split(",")) { roles.add(new SimpleGroup(r)); } } else { roles = Collections.emptySet(); } // Parse JwtToken into ClaimCollection jwt.getClaims().asMap().forEach((String name, Object values) -> { Claim claim = new Claim(); claim.setClaimType(name); if (values instanceof List<?>) { claim.setValues(CastUtils.cast((List<?>)values)); } else { claim.setValues(Collections.singletonList(values)); } claims.add(claim); }); }
public int hashCode() { return getName().hashCode() + 37 * members.hashCode(); } }
public Credential validate(Credential credential, RequestData data) throws WSSecurityException { Credential cred = super.validate(credential, data); UsernameToken ut = credential.getUsernametoken(); WSUsernameTokenPrincipalImpl principal = new WSUsernameTokenPrincipalImpl(ut.getName(), ut.isHashed()); principal.setCreatedTime(ut.getCreated()); principal.setNonce(principal.getNonce()); principal.setPassword(ut.getPassword()); principal.setPasswordType(ut.getPasswordType()); Subject subject = new Subject(); subject.getPrincipals().add(principal); if ("Alice".equals(ut.getName())) { subject.getPrincipals().add(new SimpleGroup("manager", ut.getName())); } subject.getPrincipals().add(new SimpleGroup("worker", ut.getName())); cred.setSubject(subject); return cred; } }