if (secondaryClaim.getClaimType().equals(claim.getClaimType())) { matchingClaim = secondaryClaim; break; mergedClaims.add(claim); } else { Claim mergedClaim = new Claim(); mergedClaim.setClaimType(claim.getClaimType()); if (claim.getValues() != null && !claim.getValues().isEmpty()) { mergedClaim.setValues(claim.getValues()); if (matchingClaim.getValues() != null && !matchingClaim.getValues().isEmpty()) { LOG.log(Level.WARNING, "Secondary claim value " + matchingClaim.getValues() + " ignored in favour of primary claim value"); } else if (matchingClaim.getValues() != null && !matchingClaim.getValues().isEmpty()) { mergedClaim.setValues(matchingClaim.getValues());
String claimTypeUri = claimType.getAttributeNS(null, "Uri"); String claimTypeOptional = claimType.getAttributeNS(null, "Optional"); Claim requestClaim = new Claim(); try { requestClaim.setClaimType(new URI(claimTypeUri)); } catch (URISyntaxException e) { LOG.log( requestClaim.setOptional(Boolean.parseBoolean(claimTypeOptional)); if (valueNode != null) { if ("Value".equals(valueNode.getLocalName())) { requestClaim.addValue(valueNode.getTextContent().trim()); } else { LOG.warning("Unsupported child element of ClaimValue element "
@Override public boolean equals(Object obj) { if (this == obj) { return true; } if (!(obj instanceof ProcessedClaim)) { return false; } if (!super.equals(obj)) { return false; } ProcessedClaim other = (ProcessedClaim)obj; if (issuer == null) { if (other.issuer != null) { return false; } } else if (!issuer.equals(other.issuer)) { return false; } if (originalIssuer == null) { if (other.originalIssuer != null) { return false; } } else if (!originalIssuer.equals(other.originalIssuer)) { return false; } return true; }
/** * Create a clone of the provided claim. * * @param claim Claim to be cloned. Value cannot be null. */ public Claim(Claim claim) { if (claim == null) { throw new IllegalArgumentException("Claim cannot be null"); } claimType = claim.getClaimType(); optional = claim.isOptional(); values.addAll(claim.getValues()); }
private boolean validateClaimValues(ClaimCollection requestedClaims, ProcessedClaimCollection claims) { for (Claim claim : requestedClaims) { String claimType = claim.getClaimType(); boolean found = false; if (!claim.isOptional()) { for (ProcessedClaim c : claims) { if (c.getClaimType().equals(claimType)) { found = true; break; } } if (!found) { LOG.warning("Mandatory claim not found: " + claim.getClaimType()); throw new STSException("Mandatory claim '" + claim.getClaimType() + "' not found"); } } } return true; }
private ClaimCollection createRequestClaimCollection() { ClaimCollection claims = new ClaimCollection(); Claim claim = new Claim(); claim.setClaimType(ClaimTypes.FIRSTNAME); claim.setOptional(true); claims.add(claim); claim = new Claim(); claim.setClaimType(ClaimTypes.LASTNAME); claim.setOptional(true); claims.add(claim); claim = new Claim(); claim.setClaimType(ClaimTypes.EMAILADDRESS); claim.setOptional(true); claims.add(claim); return claims; }
@org.junit.Test public void testRetrieveRolesForAlice() throws Exception { LdapGroupClaimsHandler claimsHandler = (LdapGroupClaimsHandler)appContext.getBean("testGroupClaimsHandler"); ClaimsManager claimsManager = new ClaimsManager(); claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler)); String user = props.getProperty("claimUser"); Assert.assertNotNull(user, "Property 'claimUser' not configured"); ClaimCollection requestedClaims = new ClaimCollection(); Claim claim = new Claim(); String roleURI = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; claim.setClaimType(roleURI); requestedClaims.add(claim); ClaimsParameters params = new ClaimsParameters(); params.setPrincipal(new CustomTokenPrincipal(user)); ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params); Assert.assertTrue(retrievedClaims.size() == 1); Assert.assertTrue(retrievedClaims.get(0).getClaimType().equals(roleURI)); Assert.assertTrue(retrievedClaims.get(0).getValues().size() == 2); }
private List<ClaimBean> getClaims( Claims claimsAnn, Claim claimAnn) { List<ClaimBean> claimsList = new ArrayList<>(); List<Claim> annClaims = new ArrayList<>(); if (claimsAnn != null) { annClaims.addAll(Arrays.asList(claimsAnn.value())); } else if (claimAnn != null) { annClaims.add(claimAnn); } for (Claim ann : annClaims) { org.apache.cxf.rt.security.claims.Claim claim = new org.apache.cxf.rt.security.claims.Claim(); String claimName = ann.name(); if (nameAliases.containsKey(claimName)) { claimName = nameAliases.get(claimName); } String claimFormat = ann.format(); if (formatAliases.containsKey(claimFormat)) { claimFormat = formatAliases.get(claimFormat); } claim.setClaimType(claimName); for (String value : ann.value()) { claim.addValue(value); } claimsList.add(new ClaimBean(claim, claimFormat, ann.mode(), ann.matchAll())); } return claimsList; }
public JwtTokenSecurityContext(JwtToken jwt, String roleClaim) { principal = new SimplePrincipal(jwt.getClaims().getSubject()); this.token = jwt; if (roleClaim != null && jwt.getClaims().containsProperty(roleClaim)) { roles = new HashSet<>(); String role = jwt.getClaims().getStringProperty(roleClaim).trim(); for (String r : role.split(",")) { roles.add(new SimpleGroup(r)); } } else { roles = Collections.emptySet(); } // Parse JwtToken into ClaimCollection jwt.getClaims().asMap().forEach((String name, Object values) -> { Claim claim = new Claim(); claim.setClaimType(name); if (values instanceof List<?>) { claim.setValues(CastUtils.cast((List<?>)values)); } else { claim.setValues(Collections.singletonList(values)); } claims.add(claim); }); }
private static boolean isClaimOverridden(ClaimBean bean, List<ClaimBean> mClaims) { for (ClaimBean methodBean : mClaims) { if (bean.getClaim().getClaimType().equals(methodBean.getClaim().getClaimType()) && bean.getClaimFormat().equals(methodBean.getClaimFormat())) { return true; } } return false; }
if (cl instanceof SAMLClaim) { if (((SAMLClaim)cl).getName().equals(claimBean.getClaim().getClaimType()) && ((SAMLClaim)cl).getNameFormat().equals(claimBean.getClaimFormat())) { matchingClaim = cl; break; } else if (cl.getClaimType().equals(claimBean.getClaim().getClaimType())) { matchingClaim = cl; break; List<Object> claimValues = claimBean.getClaim().getValues(); List<Object> matchingClaimValues = matchingClaim.getValues(); if (claimBean.isMatchAll() && !matchingClaimValues.containsAll(claimValues)) {
@Override public Claim clone() { try { super.clone(); // Checkstyle requires this call } catch (CloneNotSupportedException e) { e.printStackTrace(); } return new Claim(this); }
/** * Extract roles from the given Claims */ public static Set<Principal> parseRolesFromClaims( ClaimCollection claims, String name, String nameFormat ) { String roleAttributeName = name; if (roleAttributeName == null) { roleAttributeName = SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT; } Set<Principal> roles = new HashSet<>(); for (Claim claim : claims) { if (claim instanceof SAMLClaim && ((SAMLClaim)claim).getName().equals(name) && (nameFormat == null || nameFormat.equals(((SAMLClaim)claim).getNameFormat()))) { for (Object claimValue : claim.getValues()) { if (claimValue instanceof String) { roles.add(new SimpleGroup((String)claimValue)); } } if (claim.getValues().size() > 1) { // Don't search for other attributes with the same name if > 1 claim value break; } } } return roles; }
@Override public int hashCode() { final int prime = 31; int result = super.hashCode(); result = prime * result + ((issuer == null) ? 0 : issuer.hashCode()); result = prime * result + ((originalIssuer == null) ? 0 : originalIssuer.hashCode()); return result; }
@org.junit.Test(expected = STSException.class) public void testRetrieveClaimsWithUnsupportedMandatoryClaimType() throws Exception { LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler"); ClaimsManager claimsManager = new ClaimsManager(); claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler)); String user = props.getProperty("claimUser"); Assert.assertNotNull(user, "Property 'claimUser' not configured"); ClaimCollection requestedClaims = createRequestClaimCollection(); // add unsupported but mandatory claim Claim claim = new Claim(); claim.setClaimType(ClaimTypes.GENDER); claim.setOptional(false); requestedClaims.add(claim); ClaimsParameters params = new ClaimsParameters(); params.setPrincipal(new CustomTokenPrincipal(user)); claimsManager.retrieveClaimValues(requestedClaims, params); }
@org.junit.Test public void testRetrieveRolesForBob() throws Exception { LdapGroupClaimsHandler claimsHandler = (LdapGroupClaimsHandler)appContext.getBean("testGroupClaimsHandlerOtherUsers"); ClaimsManager claimsManager = new ClaimsManager(); claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler)); String user = props.getProperty("otherClaimUser"); Assert.assertNotNull(user, "Property 'claimUser' not configured"); ClaimCollection requestedClaims = new ClaimCollection(); Claim claim = new Claim(); String roleURI = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; claim.setClaimType(roleURI); requestedClaims.add(claim); ClaimsParameters params = new ClaimsParameters(); params.setPrincipal(new CustomTokenPrincipal(user)); ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params); Assert.assertTrue(retrievedClaims.size() == 1); Assert.assertTrue(retrievedClaims.get(0).getClaimType().equals(roleURI)); Assert.assertTrue(retrievedClaims.get(0).getValues().size() == 2); }
private List<ClaimBean> getClaims( Claims claimsAnn, Claim claimAnn) { List<ClaimBean> claimsList = new ArrayList<>(); List<Claim> annClaims = new ArrayList<>(); if (claimsAnn != null) { annClaims.addAll(Arrays.asList(claimsAnn.value())); } else if (claimAnn != null) { annClaims.add(claimAnn); } for (Claim ann : annClaims) { org.apache.cxf.rt.security.claims.Claim claim = new org.apache.cxf.rt.security.claims.Claim(); String claimName = ann.name(); if (nameAliases.containsKey(claimName)) { claimName = nameAliases.get(claimName); } String claimFormat = ann.format(); if (formatAliases.containsKey(claimFormat)) { claimFormat = formatAliases.get(claimFormat); } claim.setClaimType(claimName); for (String value : ann.value()) { claim.addValue(value); } claimsList.add(new ClaimBean(claim, claimFormat, ann.mode(), ann.matchAll())); } return claimsList; }
/** * Create a clone of the provided claim. * * @param claim Claim to be cloned. Value cannot be null. */ public Claim(Claim claim) { if (claim == null) { throw new IllegalArgumentException("Claim cannot be null"); } claimType = claim.getClaimType(); optional = claim.isOptional(); values.addAll(claim.getValues()); }
private static boolean isClaimOverridden(ClaimBean bean, List<ClaimBean> mClaims) { for (ClaimBean methodBean : mClaims) { if (bean.getClaim().getClaimType().equals(methodBean.getClaim().getClaimType()) && bean.getClaimFormat().equals(methodBean.getClaimFormat())) { return true; } } return false; }
if (cl instanceof SAMLClaim) { if (((SAMLClaim)cl).getName().equals(claimBean.getClaim().getClaimType()) && ((SAMLClaim)cl).getNameFormat().equals(claimBean.getClaimFormat())) { matchingClaim = cl; break; } else if (cl.getClaimType().equals(claimBean.getClaim().getClaimType())) { matchingClaim = cl; break; List<Object> claimValues = claimBean.getClaim().getValues(); List<Object> matchingClaimValues = matchingClaim.getValues(); if (claimBean.isMatchAll() && !matchingClaimValues.containsAll(claimValues)) {