/** * Create a ClaimCollection from a DOM Element */ private ClaimCollection parseClaims(Element claimsElement, List<ClaimsParser> claimsParsers) { String dialectAttr = null; ClaimCollection requestedClaims = new ClaimCollection(); try { dialectAttr = claimsElement.getAttributeNS(null, "Dialect"); if (dialectAttr != null && !"".equals(dialectAttr)) { requestedClaims.setDialect(new URI(dialectAttr)); } } catch (URISyntaxException e1) { LOG.log( Level.WARNING, "Cannot create URI from the given Dialect attribute value " + dialectAttr, e1 ); } Element childClaimType = DOMUtils.getFirstElement(claimsElement); while (childClaimType != null) { Claim requestClaim = parseChildClaimType(childClaimType, dialectAttr, claimsParsers); if (requestClaim != null) { requestedClaims.add(requestClaim); } childClaimType = DOMUtils.getNextElement(childClaimType); } return requestedClaims; }
ClaimCollection primaryClaims, ClaimCollection secondaryClaims ) { ClaimCollection parsedClaims = new ClaimCollection(); parsedClaims.addAll(secondaryClaims); ClaimCollection mergedClaims = new ClaimCollection(); mergedClaims.setDialect(primaryClaims.getDialect()); mergedClaims.add(claim); } else { Claim mergedClaim = new Claim(); mergedClaim.setValues(matchingClaim.getValues()); mergedClaims.add(mergedClaim); parsedClaims.remove(matchingClaim); mergedClaims.addAll(parsedClaims);
protected void addClaims(XMLStreamWriter writer) throws Exception { Object claimsToSerialize = claims; if (claimsToSerialize == null && claimsCallbackHandler != null) { ClaimsCallback callback = new ClaimsCallback(message); claimsCallbackHandler.handle(new Callback[]{callback}); claimsToSerialize = callback.getClaims(); } if (claimsToSerialize instanceof Element) { StaxUtils.copy((Element)claimsToSerialize, writer); } else if (claimsToSerialize instanceof ClaimCollection) { ClaimCollection claimCollection = (ClaimCollection)claims; claimCollection.serialize(writer, "wst", namespace); } }
private ClaimCollection filterHandlerClaims(ClaimCollection claims, List<String> handlerClaimTypes) { ClaimCollection supportedClaims = new ClaimCollection(); supportedClaims.setDialect(claims.getDialect()); for (Claim claim : claims) { if (handlerClaimTypes.contains(claim.getClaimType())) { supportedClaims.add(claim); } } return supportedClaims; }
private ClaimCollection createRequestClaimCollection() { ClaimCollection claims = new ClaimCollection(); Claim claim = new Claim(); claim.setClaimType(ClaimTypes.FIRSTNAME); claim.setOptional(true); claims.add(claim); claim = new Claim(); claim.setClaimType(ClaimTypes.LASTNAME); claim.setOptional(true); claims.add(claim); claim = new Claim(); claim.setClaimType(ClaimTypes.EMAILADDRESS); claim.setOptional(true); claims.add(claim); return claims; }
public JwtTokenSecurityContext(JwtToken jwt, String roleClaim) { principal = new SimplePrincipal(jwt.getClaims().getSubject()); this.token = jwt; if (roleClaim != null && jwt.getClaims().containsProperty(roleClaim)) { roles = new HashSet<>(); String role = jwt.getClaims().getStringProperty(roleClaim).trim(); for (String r : role.split(",")) { roles.add(new SimpleGroup(r)); } } else { roles = Collections.emptySet(); } // Parse JwtToken into ClaimCollection jwt.getClaims().asMap().forEach((String name, Object values) -> { Claim claim = new Claim(); claim.setClaimType(name); if (values instanceof List<?>) { claim.setValues(CastUtils.cast((List<?>)values)); } else { claim.setValues(Collections.singletonList(values)); } claims.add(claim); }); }
if (supportedClaims.isEmpty()) { continue;
if (primaryClaims.getDialect() != null && primaryClaims.getDialect().equals(secondaryClaims.getDialect())) {
ClaimCollection claims = new ClaimCollection(); claims.add(claim); claims.add(claim);
private ClaimCollection filterHandlerClaims(ClaimCollection claims, List<String> handlerClaimTypes) { ClaimCollection supportedClaims = new ClaimCollection(); supportedClaims.setDialect(claims.getDialect()); for (Claim claim : claims) { if (handlerClaimTypes.contains(claim.getClaimType())) { supportedClaims.add(claim); } } return supportedClaims; }
claim.setClaimType("http://custom/x509"); claim.setOptional(true); requestedClaims.add(claim);
if (supportedClaims.isEmpty()) { continue;
if (primaryClaims.getDialect() != null && primaryClaims.getDialect().equals(secondaryClaims.getDialect())) {
@org.junit.Test public void testRetrieveRolesForAlice() throws Exception { LdapGroupClaimsHandler claimsHandler = (LdapGroupClaimsHandler)appContext.getBean("testGroupClaimsHandler"); ClaimsManager claimsManager = new ClaimsManager(); claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler)); String user = props.getProperty("claimUser"); Assert.assertNotNull(user, "Property 'claimUser' not configured"); ClaimCollection requestedClaims = new ClaimCollection(); Claim claim = new Claim(); String roleURI = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; claim.setClaimType(roleURI); requestedClaims.add(claim); ClaimsParameters params = new ClaimsParameters(); params.setPrincipal(new CustomTokenPrincipal(user)); ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params); Assert.assertTrue(retrievedClaims.size() == 1); Assert.assertTrue(retrievedClaims.get(0).getClaimType().equals(roleURI)); Assert.assertTrue(retrievedClaims.get(0).getValues().size() == 2); }
/** * Create a ClaimCollection from a JAXB ClaimsType object */ private static ClaimCollection parseClaims( ClaimsType claimsType, List<ClaimsParser> claimsParsers ) { String dialectAttr = null; ClaimCollection requestedClaims = new ClaimCollection(); try { dialectAttr = claimsType.getDialect(); if (dialectAttr != null && !"".equals(dialectAttr)) { requestedClaims.setDialect(new URI(dialectAttr)); } } catch (URISyntaxException e1) { LOG.log( Level.WARNING, "Cannot create URI from the given Dialect attribute value " + dialectAttr, e1 ); } for (Object claim : claimsType.getAny()) { if (claim instanceof Element) { Claim requestClaim = parseChildClaimType((Element)claim, dialectAttr, claimsParsers); if (requestClaim != null) { requestedClaims.add(requestClaim); } } } return requestedClaims; }
ClaimCollection primaryClaims, ClaimCollection secondaryClaims ) { ClaimCollection parsedClaims = new ClaimCollection(); parsedClaims.addAll(secondaryClaims); ClaimCollection mergedClaims = new ClaimCollection(); mergedClaims.setDialect(primaryClaims.getDialect()); mergedClaims.add(claim); } else { Claim mergedClaim = new Claim(); mergedClaim.setValues(matchingClaim.getValues()); mergedClaims.add(mergedClaim); parsedClaims.remove(matchingClaim); mergedClaims.addAll(parsedClaims);
claim.setClaimType(ClaimTypes.GENDER); claim.setOptional(true); requestedClaims.add(claim);
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) { if (claims == null || claims.isEmpty()) { return null;
protected void addClaims(XMLStreamWriter writer) throws Exception { Object claimsToSerialize = claims; if (claimsToSerialize == null && claimsCallbackHandler != null) { ClaimsCallback callback = new ClaimsCallback(message); claimsCallbackHandler.handle(new Callback[]{callback}); claimsToSerialize = callback.getClaims(); } if (claimsToSerialize instanceof Element) { StaxUtils.copy((Element)claimsToSerialize, writer); } else if (claimsToSerialize instanceof ClaimCollection) { ClaimCollection claimCollection = (ClaimCollection)claims; claimCollection.serialize(writer, "wst", namespace); } }
@org.junit.Test public void testRetrieveRolesForBob() throws Exception { LdapGroupClaimsHandler claimsHandler = (LdapGroupClaimsHandler)appContext.getBean("testGroupClaimsHandlerOtherUsers"); ClaimsManager claimsManager = new ClaimsManager(); claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler)); String user = props.getProperty("otherClaimUser"); Assert.assertNotNull(user, "Property 'claimUser' not configured"); ClaimCollection requestedClaims = new ClaimCollection(); Claim claim = new Claim(); String roleURI = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; claim.setClaimType(roleURI); requestedClaims.add(claim); ClaimsParameters params = new ClaimsParameters(); params.setPrincipal(new CustomTokenPrincipal(user)); ProcessedClaimCollection retrievedClaims = claimsManager.retrieveClaimValues(requestedClaims, params); Assert.assertTrue(retrievedClaims.size() == 1); Assert.assertTrue(retrievedClaims.get(0).getClaimType().equals(roleURI)); Assert.assertTrue(retrievedClaims.get(0).getValues().size() == 2); }