cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/3] cxf git commit: Allow setting the security context up with a SAML 1.1 assertion
Date Fri, 27 Nov 2015 13:05:43 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 06383eeb3 -> 6b355293a


Allow setting the security context up with a SAML 1.1 assertion


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e81610d0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e81610d0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e81610d0

Branch: refs/heads/3.1.x-fixes
Commit: e81610d0c3518b6387c18a7ddb5d7363b36fdd07
Parents: 06383ee
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Nov 27 11:21:32 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Nov 27 12:44:09 2015 +0000

----------------------------------------------------------------------
 .../apache/cxf/rs/security/saml/SAMLUtils.java  | 66 ++++++++++++++++----
 1 file changed, 54 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e81610d0/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
index 60c755d..b9aa742 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/SAMLUtils.java
@@ -40,6 +40,11 @@ import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.opensaml.saml.saml1.core.AttributeStatement;
+import org.opensaml.saml.saml1.core.AuthenticationStatement;
+import org.opensaml.saml.saml1.core.AuthorizationDecisionStatement;
+import org.opensaml.saml.saml1.core.NameIdentifier;
+import org.opensaml.saml.saml1.core.Statement;
 import org.opensaml.saml.saml2.core.NameID;
 
 public final class SAMLUtils {
@@ -51,18 +56,55 @@ public final class SAMLUtils {
     }
     
     public static Subject getSubject(Message message, SamlAssertionWrapper assertionW) {
-        org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject();
-        Subject subject = new Subject();
-        NameID nameId = s.getNameID();
-        subject.setNameQualifier(nameId.getNameQualifier());
-        // if format is transient then we may need to use STSClient
-        // to request an alternate name from IDP
-        subject.setNameFormat(nameId.getFormat());
-        
-        subject.setName(nameId.getValue());
-        subject.setSpId(nameId.getSPProvidedID());
-        subject.setSpQualifier(nameId.getSPNameQualifier());
-        return subject;
+        if (assertionW.getSaml2() != null) {
+            org.opensaml.saml.saml2.core.Subject s = assertionW.getSaml2().getSubject();
+            Subject subject = new Subject();
+            NameID nameId = s.getNameID();
+            subject.setNameQualifier(nameId.getNameQualifier());
+            // if format is transient then we may need to use STSClient
+            // to request an alternate name from IDP
+            subject.setNameFormat(nameId.getFormat());
+            
+            subject.setName(nameId.getValue());
+            subject.setSpId(nameId.getSPProvidedID());
+            subject.setSpQualifier(nameId.getSPNameQualifier());
+            return subject;
+        } else if (assertionW.getSaml1() != null) {
+            org.opensaml.saml.saml1.core.Subject s = getSaml1Subject(assertionW);
+            if (s != null) {
+                Subject subject = new Subject();
+                NameIdentifier nameId = s.getNameIdentifier();
+                subject.setNameQualifier(nameId.getNameQualifier());
+                // if format is transient then we may need to use STSClient
+                // to request an alternate name from IDP
+                subject.setNameFormat(nameId.getFormat());
+                
+                subject.setName(nameId.getValue());
+                return subject;
+            }
+        }
+        return null;
+    }
+    
+    private static org.opensaml.saml.saml1.core.Subject getSaml1Subject(SamlAssertionWrapper
assertionW) {
+        for (Statement stmt : ((org.opensaml.saml.saml1.core.Assertion)assertionW.getSaml1()).getStatements())
{
+            org.opensaml.saml.saml1.core.Subject samlSubject = null;
+            if (stmt instanceof AttributeStatement) {
+                AttributeStatement attrStmt = (AttributeStatement) stmt;
+                samlSubject = attrStmt.getSubject();
+            } else if (stmt instanceof AuthenticationStatement) {
+                AuthenticationStatement authStmt = (AuthenticationStatement) stmt;
+                samlSubject = authStmt.getSubject();
+            } else {
+                AuthorizationDecisionStatement authzStmt = 
+                    (AuthorizationDecisionStatement)stmt;
+                samlSubject = authzStmt.getSubject();
+            }
+            if (samlSubject != null) {
+                return samlSubject;
+            }
+        }
+        return null;
     }
     
     public static SamlAssertionWrapper createAssertion(Message message) throws Fault {


Mime
View raw message