cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Set up the SecurityContext with roles with SAML SSO
Date Wed, 26 Mar 2014 15:41:41 GMT
Repository: cxf
Updated Branches:
  refs/heads/master f4e85ce1f -> 0048c8fa2


Set up the SecurityContext with roles with SAML SSO


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0048c8fa
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0048c8fa
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0048c8fa

Branch: refs/heads/master
Commit: 0048c8fa2ccfe00fd8243544e1948133604563b5
Parents: f4e85ce
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Mar 26 15:40:55 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Mar 26 15:41:30 2014 +0000

----------------------------------------------------------------------
 .../saml/sso/AbstractServiceProviderFilter.java | 31 +++++++++++++-------
 1 file changed, 20 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/0048c8fa/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
index 5718558..2d4ec04 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
@@ -25,6 +25,7 @@ import java.net.URLEncoder;
 import java.security.Principal;
 import java.util.Map;
 import java.util.ResourceBundle;
+import java.util.Set;
 import java.util.UUID;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -38,7 +39,6 @@ import javax.ws.rs.core.UriBuilder;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-
 import org.apache.cxf.common.i18n.BundleUtils;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.security.SimplePrincipal;
@@ -51,8 +51,11 @@ import org.apache.cxf.rs.security.saml.SAMLUtils;
 import org.apache.cxf.rs.security.saml.assertion.Subject;
 import org.apache.cxf.rs.security.saml.sso.state.RequestState;
 import org.apache.cxf.rs.security.saml.sso.state.ResponseState;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
+import org.apache.cxf.rt.security.saml.SAMLSecurityContext;
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.staxutils.StaxUtils;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.opensaml.saml2.core.AuthnRequest;
@@ -181,17 +184,23 @@ public abstract class AbstractServiceProviderFilter extends AbstractSSOSpHandler
         final String name = subject.getName();
         
         if (name != null) {
-            final SecurityContext sc = new SecurityContext() {
-
-                public Principal getUserPrincipal() {
-                    return new SimplePrincipal(name);
-                }
+            String roleAttributeName = 
+                (String)m.getContextualProperty(SecurityConstants.SAML_ROLE_ATTRIBUTENAME);
+            if (roleAttributeName == null || roleAttributeName.length() == 0) {
+                roleAttributeName = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
+            }
+            ClaimCollection claims = 
+                org.apache.cxf.rt.security.saml.SAMLUtils.getClaims(assertionWrapper);
+            Set<Principal> roles = 
+                org.apache.cxf.rt.security.saml.SAMLUtils.parseRolesFromClaims(
+                    claims, roleAttributeName, null);
 
-                public boolean isUserInRole(String role) {
-                    return false;
-                }
-            };
-            m.put(SecurityContext.class, sc);
+            SAMLSecurityContext context = 
+                new SAMLSecurityContext(new SimplePrincipal(name), roles, claims);
+            context.setIssuer(org.apache.cxf.rt.security.saml.SAMLUtils.getIssuer(assertionWrapper));
+            context.setAssertionElement(
+                org.apache.cxf.rt.security.saml.SAMLUtils.getAssertionElement(assertionWrapper));
+            m.put(SecurityContext.class, context);
         }
     }
     


Mime
View raw message