Re: Customizing Conditions in CXF STS

Wed, 28 Nov 2012 16:08:58 -0800 

Hi Guys,
Thanks very much for the guidance.  I have followed your advise and was able
to come up with a solution.  I also want to post some ideas about possible
patches.

I already had a custom SAML Token provider and added custom conditions like
this:

AssertionWrapper assertion = new AssertionWrapper(recievedTokenElement);

//This is my custom method
Conditions conditions = createConditions(recievedTokenElement);
                        
assertion.getSaml2().setConditions(conditions);


The 'createConditions' method is based off the WSS4J SAML2ComponentBuilder. 
To add a delegate to it, I wrote a method:

    private static DelegationRestrictionType
createDelegateRestriction(String nameID) {
        if (delegationRestrictionBuilder == null) {
                delegationRestrictionBuilder =
(SAMLObjectBuilder<DelegationRestrictionType>) 
               
builderFactory.getBuilder(DelegationRestrictionType.TYPE_NAME);         
        }
        if (delegateBuilder == null) {
                delegateBuilder = (SAMLObjectBuilder<Delegate>) 
                builderFactory.getBuilder(Delegate.DEFAULT_ELEMENT_NAME);
        }
       
        DelegationRestrictionType delegateRestriction =
delegationRestrictionBuilder.buildObject();
        
        Delegate delegate = delegateBuilder.buildObject();
        
        DateTime delegateInstant = new DateTime();
        log.debug("Not before time: " +
delegateInstant.toString("yyyy-MM-dd'T'HH:mm:ss.SSSZ"));

        delegate.setDelegationInstant(delegateInstant);
        
        //This 'createNameID' is a function based off the
SAML2ComponentBuilder, but a little stripped down
        NameID testNameID = createNameID(nameID);
        
        delegate.setNameID(testNameID);
        
        delegateRestriction.getDelegates().add(delegate);
        
        return delegateRestriction;
    }

This delegate can then be added to the conditions:

        DelegationRestrictionType delegateRestrictions =
createDelegateRestriction("test");
        conditions.getConditions().add(delegateRestrictions);

To add support for the 'delegate' conditions, the conditionsBean could be
modified to have a String for the delegate NameID or have a complete
subjectBean so the 'createNameID' function in the builder could be used.

>From there, I think the only change would be to the 'createConditions'
method in SAML2ComponentBuilder to add the delegate condition.

I believe a similar approach could be used to support for OneTimeUse and
ProxyRestriction.

I will go ahead and create a JIRA.

Thanks!

Yogesh




--
View this message in context: 
http://cxf.547215.n5.nabble.com/Customizing-Conditions-in-CXF-STS-tp5719270p5719396.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to