cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/5] cxf git commit: Allow setting the security context up with a SAML 1.1 assertion
Date Fri, 27 Nov 2015 13:55:26 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 1b70246e7 -> b7ba15d4b


Allow setting the security context up with a SAML 1.1 assertion

Conflicts:
	rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/becdcd18
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/becdcd18
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/becdcd18

Branch: refs/heads/3.0.x-fixes
Commit: becdcd183a1abc06a79058f96032a7080c84d6a2
Parents: 1b70246
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Nov 27 11:21:32 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Nov 27 13:06:07 2015 +0000

----------------------------------------------------------------------
 .../apache/cxf/rs/security/saml/SAMLUtils.java  | 61 ++++++++++++++++++++
 1 file changed, 61 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/becdcd18/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
index af7ca2a..1622718 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
@@ -37,7 +37,16 @@ import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+<<<<<<< HEAD
 import org.opensaml.saml2.core.NameID;
+=======
+import org.opensaml.saml.saml1.core.AttributeStatement;
+import org.opensaml.saml.saml1.core.AuthenticationStatement;
+import org.opensaml.saml.saml1.core.AuthorizationDecisionStatement;
+import org.opensaml.saml.saml1.core.NameIdentifier;
+import org.opensaml.saml.saml1.core.Statement;
+import org.opensaml.saml.saml2.core.NameID;
+>>>>>>> e81610d... Allow setting the security context up with a SAML
1.1 assertion
 
 public final class SAMLUtils {
     private static final Logger LOG = 
@@ -48,6 +57,7 @@ public final class SAMLUtils {
     }
     
     public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) {
+<<<<<<< HEAD
         org.opensaml.saml2.core.Subject s = assertionW.getSaml2().getSubject();
         Subject subject = new Subject();
         NameID nameId = s.getNameID();
@@ -60,6 +70,57 @@ public final class SAMLUtils {
         subject.setSpId(nameId.getSPProvidedID());
         subject.setSpQualifier(nameId.getSPNameQualifier());
         return subject;
+=======
+        if (assertionW.getSaml2() != null) {
+            org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject();
+            Subject subject = new Subject();
+            NameID nameId = s.getNameID();
+            subject.setNameQualifier(nameId.getNameQualifier());
+            // if format is transient then we may need to use STSClient
+            // to request an alternate name from IDP
+            subject.setNameFormat(nameId.getFormat());
+            
+            subject.setName(nameId.getValue());
+            subject.setSpId(nameId.getSPProvidedID());
+            subject.setSpQualifier(nameId.getSPNameQualifier());
+            return subject;
+        } else if (assertionW.getSaml1() != null) {
+            org.opensaml.saml.saml1.core.Subject s = getSaml1Subject(assertionW);
+            if (s != null) {
+                Subject subject = new Subject();
+                NameIdentifier nameId = s.getNameIdentifier();
+                subject.setNameQualifier(nameId.getNameQualifier());
+                // if format is transient then we may need to use STSClient
+                // to request an alternate name from IDP
+                subject.setNameFormat(nameId.getFormat());
+                
+                subject.setName(nameId.getValue());
+                return subject;
+            }
+        }
+        return null;
+    }
+    
+    private static org.opensaml.saml.saml1.core.Subject getSaml1Subject(SamlAssertionWrapper
assertionW) {
+        for (Statement stmt : ((org.opensaml.saml.saml1.core.Assertion)assertionW.getSaml1()).getStatements())
{
+            org.opensaml.saml.saml1.core.Subject samlSubject = null;
+            if (stmt instanceof AttributeStatement) {
+                AttributeStatement attrStmt = (AttributeStatement) stmt;
+                samlSubject = attrStmt.getSubject();
+            } else if (stmt instanceof AuthenticationStatement) {
+                AuthenticationStatement authStmt = (AuthenticationStatement) stmt;
+                samlSubject = authStmt.getSubject();
+            } else {
+                AuthorizationDecisionStatement authzStmt = 
+                    (AuthorizationDecisionStatement)stmt;
+                samlSubject = authzStmt.getSubject();
+            }
+            if (samlSubject != null) {
+                return samlSubject;
+            }
+        }
+        return null;
+>>>>>>> e81610d... Allow setting the security context up with a SAML
1.1 assertion
     }
     
     public static SamlAssertionWrapper createAssertion(Message message) throws Fault {


Mime
View raw message