cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1242507 - in /cxf/sandbox/fediz/fediz-idp/src/main/java/org/apache/cxf/fediz/service/idp: IdpSTSClient.java IdpServlet.java
Date Thu, 09 Feb 2012 20:28:52 GMT
Author: owulff
Date: Thu Feb  9 20:28:52 2012
New Revision: 1242507

URL: http://svn.apache.org/viewvc?rev=1242507&view=rev
Log:
Required tokentype can be configured in IdpServlet ws-trust-tokentype init parameter

Modified:
    cxf/sandbox/fediz/fediz-idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
    cxf/sandbox/fediz/fediz-idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java

Modified: cxf/sandbox/fediz/fediz-idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java?rev=1242507&r1=1242506&r2=1242507&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
(original)
+++ cxf/sandbox/fediz/fediz-idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpSTSClient.java
Thu Feb  9 20:28:52 2012
@@ -26,36 +26,37 @@ import org.w3c.dom.Element;
 
 public class IdpSTSClient extends STSClient {
 
-	private static Logger LOG = LoggerFactory.getLogger(IdpSTSClient.class);
-	
-	public IdpSTSClient(Bus b) {
-		super(b);
-	}
+    private static Logger LOG = LoggerFactory.getLogger(IdpSTSClient.class);
+
+    public IdpSTSClient(Bus b) {
+        super(b);
+    }
 
-	
     public String requestSecurityTokenResponse() throws Exception {
         return requestSecurityTokenResponse(null);
     }
 
-    public String requestSecurityTokenResponse(String appliesTo) throws Exception {
+    public String requestSecurityTokenResponse(String appliesTo)
+            throws Exception {
         String action = null;
         if (isSecureConv) {
             action = namespace + "/RST/SCT";
         }
         return requestSecurityTokenResponse(appliesTo, action, "/Issue", null);
     }
-	
-	public String requestSecurityTokenResponse(String appliesTo, String action,
-			String requestType, SecurityToken target) throws Exception {
+
+    public String requestSecurityTokenResponse(String appliesTo, String action,
+            String requestType, SecurityToken target) throws Exception {
         createClient();
         BindingOperationInfo boi = findOperation("/RST/Issue");
 
         client.getRequestContext().putAll(ctx);
         if (action != null) {
-            client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, action);
+            client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
+                    action);
         } else {
-            client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, 
-                                           namespace + "/RST/Issue");
+            client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
+                    namespace + "/RST/Issue");
         }
 
         W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
@@ -64,16 +65,17 @@ public class IdpSTSClient extends STSCli
         if (context != null) {
             writer.writeAttribute(null, "Context", context);
         }
-        
+
         boolean wroteKeySize = false;
         String keyTypeTemplate = null;
         String sptt = null;
-        
+
         if (template != null) {
             if (this.useSecondaryParameters()) {
-                writer.writeStartElement("wst", "SecondaryParameters", namespace);
+                writer.writeStartElement("wst", "SecondaryParameters",
+                        namespace);
             }
-            
+
             Element tl = DOMUtils.getFirstElement(template);
             while (tl != null) {
                 StaxUtils.copy(tl, writer);
@@ -87,7 +89,7 @@ public class IdpSTSClient extends STSCli
                 }
                 tl = DOMUtils.getNextElement(tl);
             }
-            
+
             if (this.useSecondaryParameters()) {
                 writer.writeEndElement();
             }
@@ -97,9 +99,9 @@ public class IdpSTSClient extends STSCli
         if (enableAppliesTo) {
             addAppliesTo(writer, appliesTo);
         }
-        
+
         addClaims(writer);
-        
+
         Element onBehalfOfToken = getOnBehalfOfToken();
         if (onBehalfOfToken != null) {
             writer.writeStartElement("wst", "OnBehalfOf", namespace);
@@ -124,13 +126,15 @@ public class IdpSTSClient extends STSCli
             keySize = 256;
         }
         if (keyTypeTemplate != null && keyTypeTemplate.endsWith("SymmetricKey"))
{
-            requestorEntropy = writeElementsForRSTSymmetricKey(writer, wroteKeySize);
-        } else if (keyTypeTemplate != null && keyTypeTemplate.endsWith("PublicKey"))
{
+            requestorEntropy = writeElementsForRSTSymmetricKey(writer,
+                    wroteKeySize);
+        } else if (keyTypeTemplate != null
+                && keyTypeTemplate.endsWith("PublicKey")) {
             crypto = createCrypto(false);
             cert = getCert(crypto);
             writeElementsForRSTPublicKey(writer, cert);
         }
-        
+
         if (target != null) {
             writer.writeStartElement("wst", "RenewTarget", namespace);
             Element el = target.getUnattachedReference();
@@ -147,24 +151,24 @@ public class IdpSTSClient extends STSCli
             StaxUtils.copy(actAsSecurityToken, writer);
             writer.writeEndElement();
         }
-        
+
         writer.writeEndElement();
 
-		Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument()
-				.getDocumentElement()));
+        Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument()
+                .getDocumentElement()));
 
-		DOMSource rstr = (DOMSource) obj[0];
+        DOMSource rstr = (DOMSource) obj[0];
 
-		StringWriter sw = new StringWriter();
-		try {
-			Transformer t = TransformerFactory.newInstance().newTransformer();
-			t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
-			t.transform(rstr, new StreamResult(sw));
-		} catch (TransformerException te) {
-			LOG.warn("nodeToString Transformer Exception");
-		}
-		return sw.toString();
+        StringWriter sw = new StringWriter();
+        try {
+            Transformer t = TransformerFactory.newInstance().newTransformer();
+            t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+            t.transform(rstr, new StreamResult(sw));
+        } catch (TransformerException te) {
+            LOG.warn("nodeToString Transformer Exception");
+        }
+        return sw.toString();
 
-	}
+    }
 
 }

Modified: cxf/sandbox/fediz/fediz-idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/fediz/fediz-idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java?rev=1242507&r1=1242506&r2=1242507&view=diff
==============================================================================
--- cxf/sandbox/fediz/fediz-idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java
(original)
+++ cxf/sandbox/fediz/fediz-idp/src/main/java/org/apache/cxf/fediz/service/idp/IdpServlet.java
Thu Feb  9 20:28:52 2012
@@ -42,227 +42,259 @@ import org.slf4j.LoggerFactory;
 import org.springframework.context.ApplicationContext;
 import org.w3c.dom.Element;
 
-
 public class IdpServlet extends HttpServlet {
 
-	private static Logger LOG = LoggerFactory.getLogger(IdpServlet.class);
+    private static Logger LOG = LoggerFactory.getLogger(IdpServlet.class);
+
+    public static final String PARAM_ACTION = "wa";
+
+    public static final String ACTION_SIGNIN = "wsignin1.0";
+    public static final String ACTION_SIGNOUT = "wsignout1.0";
+    public static final String ACTION_SIGNOUT_CLEANUP = "wsignoutcleanup1.0";
+
+    public static final String PARAM_WTREALM = "wtrealm";
 
-	public static final String PARAM_ACTION = "wa";
+    public static final String PARAM_WREPLY = "wreply";
 
-	public static final String ACTION_SIGNIN = "wsignin1.0";
-	public static final String ACTION_SIGNOUT = "wsignout1.0";
-	public static final String ACTION_SIGNOUT_CLEANUP = "wsignoutcleanup1.0";
+    public static final String PARAM_WRESULT = "wresult";
 
-	public static final String PARAM_WTREALM = "wtrealm";
-	
-	public static final String PARAM_WREPLY = "wreply";
-	
-	public static final String PARAM_WRESULT = "wresult";
+    public static final String PARAM_WCONTEXT = "wctx";
 
-	public static final String PARAM_WCONTEXT = "wctx";
+    public static final String AUTH_HEADER_NAME = "WWW-Authenticate";
 
-	public static final String AUTH_HEADER_NAME = "WWW-Authenticate";
+    public static final String SERVLET_PARAM_TOKENTYPE = "ws-trust-tokentype";
 
-	/**
+    /**
 	 * 
 	 */
-	private static final long serialVersionUID = -9019993850246851112L;
+    private static final long serialVersionUID = -9019993850246851112L;
 
-	@Override
+    private String tokenType;
+
+    @Override
     public void init() throws ServletException {
-		if (getInitParameter("sts.wsdl.url") == null) {
-			throw new ServletException("Parameter 'sts.wsdl.url' not configured");
-		}
-		if (getInitParameter("sts.wsdl.service") == null) {
-			throw new ServletException("Parameter 'sts.wsdl.service' not configured");
-		}
-		if (getInitParameter("sts.wsdl.endpoint") == null) {
-			throw new ServletException("Parameter 'sts.wsdl.endpoint' not configured");
-		}
+        if (getInitParameter("sts.wsdl.url") == null) {
+            throw new ServletException(
+                    "Parameter 'sts.wsdl.url' not configured");
+        }
+        if (getInitParameter("sts.wsdl.service") == null) {
+            throw new ServletException(
+                    "Parameter 'sts.wsdl.service' not configured");
+        }
+        if (getInitParameter("sts.wsdl.endpoint") == null) {
+            throw new ServletException(
+                    "Parameter 'sts.wsdl.endpoint' not configured");
+        }
+
+        tokenType = getInitParameter(SERVLET_PARAM_TOKENTYPE);
+        if (tokenType != null && tokenType.length() > 0) {
+           LOG.info("Configured Tokentype: " + tokenType);
+        }
 
     }
-	
-	public void doGet(HttpServletRequest request, HttpServletResponse response)
-			throws ServletException, IOException {
-
-		/*
-		if (request.getPathInfo().contains("jsp")) {
-			return;
-		}
-		*/
-				
-		String action = request.getParameter(PARAM_ACTION);
-		String wtrealm = request.getParameter(PARAM_WTREALM);
-		String wctx = request.getParameter(PARAM_WCONTEXT);
-		String wreply = request.getParameter(PARAM_WREPLY);
-
-		if (action == null) {
-			LOG.error("Bad request. HTTP parameter '" + PARAM_ACTION
-					+ "' missing");
-			response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter "
-					+ PARAM_ACTION + " missing");
-			return;
-		}
-		if (action.equals(ACTION_SIGNIN)) {
-			LOG.debug("Sign-In request [" + PARAM_ACTION + "=" + ACTION_SIGNIN
-					+ "] ...");
-
-			if (wtrealm == null || wtrealm.length() == 0) {
-				LOG.error("Bad request. HTTP parameter '" + ACTION_SIGNIN
-						+ "' missing");
-				response.sendError(HttpServletResponse.SC_BAD_REQUEST,
-						"Parameter " + ACTION_SIGNIN + " missing");
-				return;
-			}
-			
-			String wresult = null;
-			String auth = request.getHeader("Authorization");
-			LOG.debug("Authorization header: " + auth);
-			if (auth != null) {
-				String username = null;
-				String password = null;
-
-				try {
-					StringTokenizer st = new StringTokenizer(auth, " ");
-					String authType = st.nextToken();
-					String encoded = st.nextToken();
-
-					if (authType.equalsIgnoreCase("basic")) {
-
-						String decoded = new String(
-								Base64Utility.decode(encoded));
-
-						int colon = decoded.indexOf(':');
-						if (colon < 0) {
-							username = decoded;
-						} else {
-							username = decoded.substring(0, colon);
-							password = decoded.substring(colon + 1, decoded.length());
-						}
-						LOG.debug("Validating user [" + username
-								+ "] and password [" + password + "]");
-						
-						try {
-							wresult = requestSecurityToken(username, password, wtrealm);
-							request.setAttribute("fed." + PARAM_WRESULT, StringEscapeUtils.escapeXml(wresult));
-							if (wctx != null) {
-								request.setAttribute("fed." + PARAM_WCONTEXT, StringEscapeUtils.escapeXml(wctx));
-							}
-							if (wreply == null) {
-								request.setAttribute("fed.action", wtrealm);
-							} else {
-								request.setAttribute("fed.action", wreply);
-							}
-						} catch (Exception ex) {
-							LOG.info("Requesting security token failed", ex);
-							response.sendError(HttpServletResponse.SC_FORBIDDEN,
-							"Requesting security token failed");
-							return;
-						}
-						
-						LOG.debug("Forward to jsp...");
-						//request.getRequestDispatcher("WEB-INF/signinresponse.jsp").forward(request, response);
-						//this.getServletContext().getRequestDispatcher("/WEB-INF/signinresponse.jsp").forward(request,
response);
-						this.getServletContext().getRequestDispatcher("/WEB-INF/signinresponse.jsp").forward(request,
response);
-
-					} else {
-						response.sendError(HttpServletResponse.SC_BAD_REQUEST,
-								"Invalid Authorization header");
-						return;
-					}
-				} catch (Exception ex) {
-					LOG.error("Invalid Authorization header", ex);
-					response.sendError(HttpServletResponse.SC_BAD_REQUEST,
-					"Invalid Authorization header");
-					return;
-				}
-
-			} else {
-				StringBuilder value = new StringBuilder(16);
-				value.append("Basic realm=\"IDP\"");
-				response.setHeader(AUTH_HEADER_NAME, value.toString());
-				response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-				return;
-			}
-		} else {
-			response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter "
-					+ PARAM_ACTION + " with value " + action
-					+ " is not supported");
-			return;
-		}
-	}
-	
-	private String requestSecurityToken(String username, String password, String wtrealm) throws
Exception {
-		try {
-			Bus bus = BusFactory.getDefaultBus();
-			List<String> realmClaims = null;
-			ApplicationContext ctx = (ApplicationContext)bus.getExtension(ApplicationContext.class);
-			try {
-				Map<String,List<String>> realmClaimsMap = (Map<String,List<String>>)ctx.getBean("realm2ClaimsMap");
-				realmClaims = realmClaimsMap.get(wtrealm);
-				if (realmClaims != null && realmClaims.size() > 0) {
-					LOG.debug("claims for realm " + wtrealm);
-					for (String item: realmClaims) {
-						LOG.debug("  " + item);
-					}
-				}
-			} catch (Exception ex) {
-				LOG.error("Failed to read bean 'realm2ClaimsMap'", ex);
-			}
-			
-			
-			//IdpSTSClientWorkaround sts = new IdpSTSClientWorkaround(bus);
-			IdpSTSClient sts = new IdpSTSClient(bus);
-			sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
-			sts.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
-			sts.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
-			
-			sts.setWsdlLocation(getInitParameter("sts.wsdl.url"));
-			sts.setServiceQName(new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", getInitParameter("sts.wsdl.service")));
-			sts.setEndpointQName(new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", getInitParameter("sts.wsdl.endpoint")));
-			sts.getProperties().put(SecurityConstants.USERNAME, username);
-			sts.getProperties().put(SecurityConstants.PASSWORD, password);
-			
-			Element claims = createClaimsElement(realmClaims);
-			if (claims != null) {
-				sts.setClaims(claims);
-			}
-			String rstr = sts.requestSecurityTokenResponse(wtrealm);
-			return rstr;
-		} catch (org.apache.cxf.binding.soap.SoapFault ex) {
-			QName faultCode = ex.getFaultCode();
-			if (faultCode.equals(STSException.FAILED_AUTH)) {
-				LOG.warn("Failed authentication for '" + username + "'");
-			}
-			throw ex;
-		} catch (Exception ex) {
-			ex.printStackTrace();
-			throw ex;
-		}
-	}
-	
-	private Element createClaimsElement(List<String> realmClaims) throws Exception {
-		if (realmClaims == null || realmClaims.size() == 0) return null;
-		
-		W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
-		writer.writeStartElement("wst", "Claims", STSUtils.WST_NS_05_12);
-		writer.writeNamespace("wst", STSUtils.WST_NS_05_12);
-		writer.writeNamespace("ic", "http://schemas.xmlsoap.org/ws/2005/05/identity");
-		writer.writeAttribute("Dialect", "http://schemas.xmlsoap.org/ws/2005/05/identity");
-		
-		if (realmClaims != null && realmClaims.size() > 0) {
-			for (String item: realmClaims) {
-				LOG.debug("claim: " + item);
-				writer.writeStartElement("ic", "ClaimType", "http://schemas.xmlsoap.org/ws/2005/05/identity");
-				writer.writeAttribute("Uri", item);
-				writer.writeEndElement();
-			}
-		}
-		
-		writer.writeEndElement();
-		
-		return writer.getDocument().getDocumentElement();
-	}
 
-}
+    public void doGet(HttpServletRequest request, HttpServletResponse response)
+            throws ServletException, IOException {
+
+        /*
+         * if (request.getPathInfo().contains("jsp")) { return; }
+         */
+
+        String action = request.getParameter(PARAM_ACTION);
+        String wtrealm = request.getParameter(PARAM_WTREALM);
+        String wctx = request.getParameter(PARAM_WCONTEXT);
+        String wreply = request.getParameter(PARAM_WREPLY);
+
+        if (action == null) {
+            LOG.error("Bad request. HTTP parameter '" + PARAM_ACTION
+                    + "' missing");
+            response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter "
+                    + PARAM_ACTION + " missing");
+            return;
+        }
+        if (action.equals(ACTION_SIGNIN)) {
+            LOG.debug("Sign-In request [" + PARAM_ACTION + "=" + ACTION_SIGNIN
+                    + "] ...");
+
+            if (wtrealm == null || wtrealm.length() == 0) {
+                LOG.error("Bad request. HTTP parameter '" + ACTION_SIGNIN
+                        + "' missing");
+                response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+                        "Parameter " + ACTION_SIGNIN + " missing");
+                return;
+            }
+
+            String wresult = null;
+            String auth = request.getHeader("Authorization");
+            LOG.debug("Authorization header: " + auth);
+            if (auth != null) {
+                String username = null;
+                String password = null;
+
+                try {
+                    StringTokenizer st = new StringTokenizer(auth, " ");
+                    String authType = st.nextToken();
+                    String encoded = st.nextToken();
+
+                    if (authType.equalsIgnoreCase("basic")) {
+
+                        String decoded = new String(
+                                Base64Utility.decode(encoded));
+
+                        int colon = decoded.indexOf(':');
+                        if (colon < 0) {
+                            username = decoded;
+                        } else {
+                            username = decoded.substring(0, colon);
+                            password = decoded.substring(colon + 1,
+                                    decoded.length());
+                        }
+                        LOG.debug("Validating user [" + username
+                                + "] and password [" + password + "]");
+
+                        try {
+                            wresult = requestSecurityToken(username, password,
+                                    wtrealm);
+                            request.setAttribute("fed." + PARAM_WRESULT,
+                                    StringEscapeUtils.escapeXml(wresult));
+                            if (wctx != null) {
+                                request.setAttribute("fed." + PARAM_WCONTEXT,
+                                        StringEscapeUtils.escapeXml(wctx));
+                            }
+                            if (wreply == null) {
+                                request.setAttribute("fed.action", wtrealm);
+                            } else {
+                                request.setAttribute("fed.action", wreply);
+                            }
+                        } catch (Exception ex) {
+                            LOG.info("Requesting security token failed", ex);
+                            response.sendError(
+                                    HttpServletResponse.SC_FORBIDDEN,
+                                    "Requesting security token failed");
+                            return;
+                        }
+
+                        LOG.debug("Forward to jsp...");
+                        // request.getRequestDispatcher("WEB-INF/signinresponse.jsp").forward(request,
+                        // response);
+                        // this.getServletContext().getRequestDispatcher("/WEB-INF/signinresponse.jsp").forward(request,
+                        // response);
+                        this.getServletContext()
+                                .getRequestDispatcher(
+                                        "/WEB-INF/signinresponse.jsp")
+                                .forward(request, response);
+
+                    } else {
+                        response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+                                "Invalid Authorization header");
+                        return;
+                    }
+                } catch (Exception ex) {
+                    LOG.error("Invalid Authorization header", ex);
+                    response.sendError(HttpServletResponse.SC_BAD_REQUEST,
+                            "Invalid Authorization header");
+                    return;
+                }
+
+            } else {
+                StringBuilder value = new StringBuilder(16);
+                value.append("Basic realm=\"IDP\"");
+                response.setHeader(AUTH_HEADER_NAME, value.toString());
+                response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                return;
+            }
+        } else {
+            response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter "
+                    + PARAM_ACTION + " with value " + action
+                    + " is not supported");
+            return;
+        }
+    }
 
+    private String requestSecurityToken(String username, String password,
+            String wtrealm) throws Exception {
+        try {
+            Bus bus = BusFactory.getDefaultBus();
+            List<String> realmClaims = null;
+            ApplicationContext ctx = (ApplicationContext) bus
+                    .getExtension(ApplicationContext.class);
+            try {
+                Map<String, List<String>> realmClaimsMap = (Map<String, List<String>>)
ctx
+                        .getBean("realm2ClaimsMap");
+                realmClaims = realmClaimsMap.get(wtrealm);
+                if (realmClaims != null && realmClaims.size() > 0) {
+                    LOG.debug("claims for realm " + wtrealm);
+                    for (String item : realmClaims) {
+                        LOG.debug("  " + item);
+                    }
+                }
+            } catch (Exception ex) {
+                LOG.error("Failed to read bean 'realm2ClaimsMap'", ex);
+            }
+
+            IdpSTSClient sts = new IdpSTSClient(bus);
+            sts.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
+            if (tokenType != null && tokenType.length() > 0) {
+                sts.setTokenType(tokenType);
+            } else {
+                sts.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
+            }
+            sts.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
+
+            sts.setWsdlLocation(getInitParameter("sts.wsdl.url"));
+            sts.setServiceQName(new QName(
+                    "http://docs.oasis-open.org/ws-sx/ws-trust/200512/",
+                    getInitParameter("sts.wsdl.service")));
+            sts.setEndpointQName(new QName(
+                    "http://docs.oasis-open.org/ws-sx/ws-trust/200512/",
+                    getInitParameter("sts.wsdl.endpoint")));
+            sts.getProperties().put(SecurityConstants.USERNAME, username);
+            sts.getProperties().put(SecurityConstants.PASSWORD, password);
+
+            Element claims = createClaimsElement(realmClaims);
+            if (claims != null) {
+                sts.setClaims(claims);
+            }
+            String rstr = sts.requestSecurityTokenResponse(wtrealm);
+            return rstr;
+        } catch (org.apache.cxf.binding.soap.SoapFault ex) {
+            QName faultCode = ex.getFaultCode();
+            if (faultCode.equals(STSException.FAILED_AUTH)) {
+                LOG.warn("Failed authentication for '" + username + "'");
+            }
+            throw ex;
+        } catch (Exception ex) {
+            ex.printStackTrace();
+            throw ex;
+        }
+    }
+
+    private Element createClaimsElement(List<String> realmClaims)
+            throws Exception {
+        if (realmClaims == null || realmClaims.size() == 0)
+            return null;
+
+        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+        writer.writeStartElement("wst", "Claims", STSUtils.WST_NS_05_12);
+        writer.writeNamespace("wst", STSUtils.WST_NS_05_12);
+        writer.writeNamespace("ic",
+                "http://schemas.xmlsoap.org/ws/2005/05/identity");
+        writer.writeAttribute("Dialect",
+                "http://schemas.xmlsoap.org/ws/2005/05/identity");
+
+        if (realmClaims != null && realmClaims.size() > 0) {
+            for (String item : realmClaims) {
+                LOG.debug("claim: " + item);
+                writer.writeStartElement("ic", "ClaimType",
+                        "http://schemas.xmlsoap.org/ws/2005/05/identity");
+                writer.writeAttribute("Uri", item);
+                writer.writeEndElement();
+            }
+        }
+
+        writer.writeEndElement();
+
+        return writer.getDocument().getDocumentElement();
+    }
+
+}



Mime
View raw message