Hi Gina
This is really strange and I'm wondering why the principal is different in the
filter than in the servlet. Can you reproduce that with the fediz helloworld
example?
>>>
Principal p = request.getUserPrincipal();
System.out.println("Principal is not instance of
FederationPrincipal:" + p.getName());
>>>
BTW, your code snippet is a little bit confusing as you always log that the
principal is not instance of federation principal.
Thanks
Oli
------
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
________________________________________
From: Sergey Beryozkin [[email protected]]
Sent: 12 September 2012 17:25
To: [email protected]
Subject: Re: Accessing FederationPrincipal from a Filter in Fediz Plugin
I believe this is to be done at CXF endpoint level.
We have authorizing interceptors which can use SAML assertions and
claims to get users authorized. This is supported for JAX-RS but the
interceptors have been moved to a common module for WS-based endpoint to
use them too, it is not there yet but will be in time
Sergey
On 12/09/12 16:10, Gina Choi wrote:
>
> In my case, after user is authenticated based on claims in Assertion token,
> we make some kind of authorization decision. So, I need to access claims
> through FederationPrincipal(the most simpler) or token
> SecurityTokenThreadLocal.getToken(). While we have access to
> SecurityTokenThreadLocal.getToken() anywhere in our java class,
> FederationPrincipal seems have limitation.
>
> 1. Is there anyway to access FederationPrincipal anywhere in Java class?
> 2. If not, I have to think of following solution.
>
> Element token = SecurityTokenThreadLocal.getToken();
> AssertionWrapper assertion = new AssertionWrapper(token);
>
> But second line give me trouble. I am working on a time critical production
> integration. I am very much appreciate any ideas.
>
> javax.servlet.ServletException: An error occurred:
> org.opensaml.samlext.saml2mdattr.impl.EntityAttributesBuilder cannot be cast
> to org.opensaml.xml.XMLObjectBuilder
>
> org.exist.http.urlrewrite.XQueryURLRewrite.doFilter(XQueryURLRewrite.java:374)
> com.sdl.cd.livecontent.sso.LCFilter.doFilter(LCFilter.java:157)
>
> org.apache.cxf.fediz.example.FederationFilter.doFilter(FederationFilter.java:62)
>
> root cause
>
> java.lang.ClassCastException:
> org.opensaml.samlext.saml2mdattr.impl.EntityAttributesBuilder cannot be cast
> to org.opensaml.xml.XMLObjectBuilder
>
> org.opensaml.xml.XMLConfigurator.initializeObjectProviders(XMLConfigurator.java:235)
> org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:181)
> org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:165)
> org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:142)
>
> org.apache.ws.security.saml.ext.OpenSAMLBootstrap.initializeXMLTooling(OpenSAMLBootstrap.java:99)
>
> org.apache.ws.security.saml.ext.OpenSAMLBootstrap.bootstrap(OpenSAMLBootstrap.java:80)
>
> org.apache.ws.security.saml.ext.OpenSAMLUtil.initSamlEngine(OpenSAMLUtil.java:61)
>
> org.apache.ws.security.saml.ext.AssertionWrapper.<init>(AssertionWrapper.java:155)
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Accessing-FederationPrincipal-from-a-Filter-in-Fediz-Plugin-tp5713804p5713863.html
> Sent from the cxf-user mailing list archive at Nabble.com.
