Author: sergeyb
Date: Tue Sep 6 14:48:08 2011
New Revision: 1165688
URL: http://svn.apache.org/viewvc?rev=1165688&view=rev
Log:
[CXF-3588] Adding missing code
Added:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claim.java
(with props)
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimBean.java
(with props)
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimMode.java
(with props)
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claims.java
(with props)
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptor.java
(with props)
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SAMLSecurityContext.java
(with props)
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java
(with props)
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java
(with props)
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SubjectPrincipal.java
(with props)
Added:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claim.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claim.java?rev=1165688&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claim.java
(added)
+++
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claim.java
Tue Sep 6 14:48:08 2011
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.saml.authorization;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+@Target({ElementType.TYPE, ElementType.METHOD })
+@Retention(RetentionPolicy.RUNTIME)
+public @interface Claim {
+
+ String format() default
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims";;
+ String name() default
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";;
+ String[] value();
+
+ /**
+ * If set to true then all the values of this claim have to be matched
+ */
+ boolean matchAll() default false;
+ /**
+ * If set to ClaimMode.LAX then the match will fail only if the incoming
+ * assertion has the same name and format claim with non-matching values
+ */
+ ClaimMode mode() default ClaimMode.STRICT;
+}
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claim.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claim.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimBean.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimBean.java?rev=1165688&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimBean.java
(added)
+++
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimBean.java
Tue Sep 6 14:48:08 2011
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.authorization;
+
+
+public class ClaimBean {
+ private org.apache.cxf.rs.security.saml.assertion.Claim claim;
+ private ClaimMode claimMode;
+ private boolean matchAll;
+
+ public ClaimBean(org.apache.cxf.rs.security.saml.assertion.Claim claim) {
+ this.claim = claim;
+ }
+
+ public ClaimBean(org.apache.cxf.rs.security.saml.assertion.Claim claim,
+ ClaimMode claimMode,
+ boolean matchAll) {
+ this.claim = claim;
+ this.claimMode = claimMode;
+ this.matchAll = matchAll;
+ }
+
+ public org.apache.cxf.rs.security.saml.assertion.Claim getClaim() {
+ return claim;
+ }
+
+ public boolean isMatchAll() {
+ return matchAll;
+ }
+
+ public ClaimMode getClaimMode() {
+ return claimMode;
+ }
+}
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimBean.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimBean.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimMode.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimMode.java?rev=1165688&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimMode.java
(added)
+++
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimMode.java
Tue Sep 6 14:48:08 2011
@@ -0,0 +1,24 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.authorization;
+
+public enum ClaimMode {
+ STRICT,
+ LAX
+}
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimMode.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimMode.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claims.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claims.java?rev=1165688&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claims.java
(added)
+++
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claims.java
Tue Sep 6 14:48:08 2011
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.saml.authorization;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+
+@Target({ElementType.TYPE, ElementType.METHOD })
+@Retention(RetentionPolicy.RUNTIME)
+public @interface Claims {
+ Claim[] value();
+}
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claims.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/Claims.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptor.java?rev=1165688&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptor.java
(added)
+++
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptor.java
Tue Sep 6 14:48:08 2011
@@ -0,0 +1,230 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.authorization;
+
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.ClassHelper;
+import org.apache.cxf.frontend.MethodDispatcher;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.interceptor.security.AccessDeniedException;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.service.Service;
+import org.apache.cxf.service.model.BindingOperationInfo;
+
+
+public class ClaimsAuthorizingInterceptor extends
AbstractPhaseInterceptor<Message> {
+
+ private static final Logger LOG =
LogUtils.getL7dLogger(ClaimsAuthorizingInterceptor.class);
+
+ private static final Set<String> SKIP_METHODS;
+ static {
+ SKIP_METHODS = new HashSet<String>();
+ SKIP_METHODS.addAll(Arrays.asList(
+ new String[] {"wait", "notify", "notifyAll",
+ "equals", "toString", "hashCode"}));
+ }
+
+ private Map<String, List<ClaimBean>> claims = new HashMap<String,
List<ClaimBean>>();
+ private Map<String, String> nameAliases = Collections.emptyMap();
+ private Map<String, String> formatAliases = Collections.emptyMap();
+
+ public ClaimsAuthorizingInterceptor() {
+ super(Phase.PRE_INVOKE);
+ }
+
+ public void handleMessage(Message message) throws Fault {
+ SecurityContext sc = message.get(SecurityContext.class);
+ if (!(sc instanceof SAMLSecurityContext)) {
+ throw new AccessDeniedException("Security Context is unavailable
or unrecognized");
+ }
+
+ Method method = getTargetMethod(message);
+
+ if (authorize((SAMLSecurityContext)sc, method)) {
+ return;
+ }
+
+ throw new AccessDeniedException("Unauthorized");
+ }
+
+ public void setClaims(Map<String, List<ClaimBean>> claimsMap) {
+ claims.putAll(claimsMap);
+ }
+
+ protected Method getTargetMethod(Message m) {
+ BindingOperationInfo bop =
m.getExchange().get(BindingOperationInfo.class);
+ if (bop != null) {
+ MethodDispatcher md = (MethodDispatcher)
+
m.getExchange().get(Service.class).get(MethodDispatcher.class.getName());
+ return md.getMethod(bop);
+ }
+ Method method = (Method)m.get("org.apache.cxf.resource.method");
+ if (method != null) {
+ return method;
+ }
+ throw new AccessDeniedException("Method is not available :
Unauthorized");
+ }
+
+ protected boolean authorize(SAMLSecurityContext sc, Method method) {
+ List<ClaimBean> list = claims.get(method.getName());
+ org.apache.cxf.rs.security.saml.assertion.Claims actualClaims =
sc.getClaims();
+
+ for (ClaimBean claimBean : list) {
+ org.apache.cxf.rs.security.saml.assertion.Claim claim =
claimBean.getClaim();
+ org.apache.cxf.rs.security.saml.assertion.Claim matchingClaim =
+ actualClaims.findClaimByFormatAndName(claim.getNameFormat(),
claim.getName());
+ if (matchingClaim == null) {
+ if (claimBean.getClaimMode() == ClaimMode.STRICT) {
+ return false;
+ } else {
+ continue;
+ }
+ }
+ List<String> claimValues = claim.getValues();
+ List<String> matchingClaimValues = matchingClaim.getValues();
+ if (claimBean.isMatchAll()
+ && !matchingClaimValues.containsAll(claimValues)) {
+ return false;
+ } else {
+ boolean matched = false;
+ for (String value : matchingClaimValues) {
+ if (claimValues.contains(value)) {
+ matched = true;
+ break;
+ }
+ }
+ if (!matched) {
+ return false;
+ }
+ }
+ }
+ return true;
+ }
+
+ public void setSecuredObject(Object object) {
+ Class<?> cls = ClassHelper.getRealClass(object);
+ findClaims(cls);
+ if (claims.isEmpty()) {
+ LOG.warning("The claims list is empty, the service object is not
protected");
+ }
+ }
+
+ protected void findClaims(Class<?> cls) {
+ if (cls == null || cls == Object.class) {
+ return;
+ }
+ List<ClaimBean> clsClaims =
+ getClaims(cls.getAnnotation(Claims.class),
cls.getAnnotation(Claim.class));
+ for (Method m : cls.getMethods()) {
+ if (SKIP_METHODS.contains(m.getName())) {
+ continue;
+ }
+ List<ClaimBean> methodClaims =
+ getClaims(m.getAnnotation(Claims.class),
m.getAnnotation(Claim.class));
+
+ List<ClaimBean> allClaims = new ArrayList<ClaimBean>(methodClaims);
+ for (ClaimBean bean : clsClaims) {
+ if (isClaimOverridden(bean, methodClaims)) {
+ continue;
+ }
+ allClaims.add(bean);
+ }
+
+ claims.put(m.getName(), allClaims);
+ }
+ if (!claims.isEmpty()) {
+ return;
+ }
+
+ findClaims(cls.getSuperclass());
+
+ if (!claims.isEmpty()) {
+ return;
+ }
+
+ for (Class<?> interfaceCls : cls.getInterfaces()) {
+ findClaims(interfaceCls);
+ }
+ }
+
+ private static boolean isClaimOverridden(ClaimBean bean, List<ClaimBean>
mClaims) {
+ for (ClaimBean methodBean : mClaims) {
+ if
(bean.getClaim().getName().equals(methodBean.getClaim().getName())
+ &&
bean.getClaim().getNameFormat().equals(methodBean.getClaim().getNameFormat())) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private List<ClaimBean> getClaims(
+ Claims claimsAnn, Claim claimAnn) {
+ List<ClaimBean> claimsList = new ArrayList<ClaimBean>();
+
+ List<Claim> annClaims = new ArrayList<Claim>();
+ if (claimsAnn != null) {
+ annClaims.addAll(Arrays.asList(claimsAnn.value()));
+ } else if (claimAnn != null) {
+ annClaims.add(claimAnn);
+ }
+ for (Claim ann : annClaims) {
+ org.apache.cxf.rs.security.saml.assertion.Claim claim =
+ new org.apache.cxf.rs.security.saml.assertion.Claim();
+
+ String claimName = ann.name();
+ if (nameAliases.containsKey(claimName)) {
+ claimName = nameAliases.get(claimName);
+ }
+ String claimFormat = ann.format();
+ if (formatAliases.containsKey(claimFormat)) {
+ claimFormat = formatAliases.get(claimFormat);
+ }
+
+ claim.setName(claimName);
+ claim.setNameFormat(claimFormat);
+ claim.setValues(Arrays.asList(ann.value()));
+
+ claimsList.add(new ClaimBean(claim, ann.mode(), ann.matchAll()));
+ }
+ return claimsList;
+ }
+
+ public void setNameAliases(Map<String, String> nameAliases) {
+ this.nameAliases = nameAliases;
+ }
+
+ public void setFormatAliases(Map<String, String> formatAliases) {
+ this.formatAliases = formatAliases;
+ }
+
+}
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/ClaimsAuthorizingInterceptor.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SAMLSecurityContext.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SAMLSecurityContext.java?rev=1165688&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SAMLSecurityContext.java
(added)
+++
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SAMLSecurityContext.java
Tue Sep 6 14:48:08 2011
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.authorization;
+
+import java.security.Principal;
+import java.util.List;
+
+import org.apache.cxf.rs.security.saml.assertion.Claim;
+import org.apache.cxf.rs.security.saml.assertion.Claims;
+import org.apache.cxf.rs.security.saml.assertion.Subject;
+import org.apache.cxf.security.SecurityContext;
+
+public class SAMLSecurityContext implements SecurityContext {
+
+ private SubjectPrincipal p;
+ private Claims claims;
+ private Claim rolesClaim;
+
+ public SAMLSecurityContext(Subject subject, List<Claim> claims) {
+ this(new SubjectPrincipal(subject), new Claims(claims));
+ }
+
+ public SAMLSecurityContext(SubjectPrincipal p, Claims claims) {
+ this(p, claims, Claim.DEFAULT_ROLE_NAME, Claim.DEFAULT_NAME_FORMAT);
+ }
+
+ public SAMLSecurityContext(SubjectPrincipal p,
+ Claims cs,
+ String roleClaimNameQualifier,
+ String roleClaimNameFormat) {
+ this.p = p;
+ for (Claim c : cs.getClaims()) {
+ if (c.getName().equals(roleClaimNameQualifier)
+ && c.getNameFormat().equals(roleClaimNameFormat)) {
+ rolesClaim = c;
+ break;
+ }
+ }
+ this.claims = cs;
+
+ }
+
+ @Override
+ public Principal getUserPrincipal() {
+ return p;
+ }
+
+ @Override
+ public boolean isUserInRole(String role) {
+ if (rolesClaim == null) {
+ return false;
+ }
+ for (String r : rolesClaim.getValues()) {
+ if (r.equals(role)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ public Claims getClaims() {
+ return claims;
+ }
+}
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SAMLSecurityContext.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SAMLSecurityContext.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java?rev=1165688&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java
(added)
+++
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java
Tue Sep 6 14:48:08 2011
@@ -0,0 +1,27 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.authorization;
+
+import org.apache.cxf.message.Message;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+
+public interface SecurityContextProvider {
+ SecurityContext getSecurityContext(Message message, AssertionWrapper
wrapper);
+}
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProvider.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java?rev=1165688&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java
(added)
+++
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java
Tue Sep 6 14:48:08 2011
@@ -0,0 +1,64 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.authorization;
+
+import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.saml.SAMLUtils;
+import org.apache.cxf.rs.security.saml.assertion.Claim;
+import org.apache.cxf.rs.security.saml.assertion.Claims;
+import org.apache.cxf.rs.security.saml.assertion.Subject;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+
+public class SecurityContextProviderImpl implements SecurityContextProvider {
+
+ private static final String DEFAULT_NAME_ROLE_PROPERTY =
"org.apache.cxf.saml.claims.role";
+ private static final String DEFAULT_NAMEFORMAT_PROPERTY =
"org.apache.cxf.saml.claims.format";
+
+ public SecurityContext getSecurityContext(Message message,
+ AssertionWrapper wrapper) {
+ Claims claims = getClaims(wrapper);
+ Subject subject = getSubject(message, wrapper, claims);
+
+ String defaultName =
(String)message.getContextualProperty(DEFAULT_NAME_ROLE_PROPERTY);
+ String defaultNameFormat =
(String)message.getContextualProperty(DEFAULT_NAMEFORMAT_PROPERTY);
+ SecurityContext sc = new SAMLSecurityContext(new
SubjectPrincipal(subject),
+ claims,
+ defaultName == null ? Claim.DEFAULT_ROLE_NAME : defaultName,
+ defaultNameFormat == null ? Claim.DEFAULT_NAME_FORMAT :
defaultNameFormat);
+ return sc;
+ }
+
+ protected Claims getClaims(AssertionWrapper wrapper) {
+ return SAMLUtils.getClaims(wrapper);
+ }
+
+ protected Subject getSubject(Message message, AssertionWrapper wrapper,
Claims claims) {
+ Subject subj = SAMLUtils.getSubject(message, wrapper);
+ setSubjectPrincipalName(subj, claims);
+ return subj;
+ }
+
+ protected void setSubjectPrincipalName(Subject sub, Claims claims) {
+ // parse/decipher subject name id, or check attributes like
+ // givenName, email, firstName, etc
+
+ // this can be overidden, but consider also introducing dedicated
handlers
+ }
+}
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SecurityContextProviderImpl.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SubjectPrincipal.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SubjectPrincipal.java?rev=1165688&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SubjectPrincipal.java
(added)
+++
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SubjectPrincipal.java
Tue Sep 6 14:48:08 2011
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml.authorization;
+
+import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.rs.security.saml.assertion.Subject;
+
+public class SubjectPrincipal extends SimplePrincipal {
+ private Subject subject;
+ public SubjectPrincipal(Subject subject) {
+ super(subject.getAlternateName() == null ? subject.getName() :
subject.getAlternateName());
+ this.subject = subject;
+ }
+
+ public Subject getSubject() {
+ return subject;
+ }
+}
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SubjectPrincipal.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/authorization/SubjectPrincipal.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
