Apache CXF API

org.apache.cxf.sts.token.validator
Class DefaultSAMLRoleParser

java.lang.Object
  extended by org.apache.cxf.sts.token.validator.DefaultSAMLRoleParser
All Implemented Interfaces:
SAMLRoleParser

public class DefaultSAMLRoleParser
extends Object
implements SAMLRoleParser

A default implementation to extract roles from a SAML Assertion


Field Summary
static String SAML_ROLE_ATTRIBUTENAME_DEFAULT
          This configuration tag specifies the default attribute name where the roles are present The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".
 
Constructor Summary
DefaultSAMLRoleParser()
           
 
Method Summary
 String getRoleAttributeName()
           
 String getRoleClassifier()
           
 String getRoleClassifierType()
           
 boolean isUseJaasSubject()
           
 Set<Principal> parseRolesFromAssertion(Principal principal, Subject subject, org.apache.wss4j.common.saml.SamlAssertionWrapper assertion)
          Return the set of User/Principal roles from the Assertion.
 void setRoleAttributeName(String roleAttributeName)
          Set the attribute URI of the SAML AttributeStatement where the role information is stored.
 void setRoleClassifier(String roleClassifier)
          Set the Subject Role Classifier to use.
 void setRoleClassifierType(String roleClassifierType)
          Set the Subject Role Classifier Type to use.
 void setUseJaasSubject(boolean useJaasSubject)
          Whether to get roles from the JAAS Subject (if not null) returned from SAML Assertion Validation or not.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SAML_ROLE_ATTRIBUTENAME_DEFAULT

public static final String SAML_ROLE_ATTRIBUTENAME_DEFAULT
This configuration tag specifies the default attribute name where the roles are present The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".

See Also:
Constant Field Values
Constructor Detail

DefaultSAMLRoleParser

public DefaultSAMLRoleParser()
Method Detail

parseRolesFromAssertion

public Set<Principal> parseRolesFromAssertion(Principal principal,
                                              Subject subject,
                                              org.apache.wss4j.common.saml.SamlAssertionWrapper assertion)
Return the set of User/Principal roles from the Assertion.

Specified by:
parseRolesFromAssertion in interface SAMLRoleParser
Parameters:
principal - the Principal associated with the Assertion
subject - the JAAS Subject associated with a successful validation of the Assertion
assertion - The Assertion object
Returns:
the set of User/Principal roles from the Assertion.

isUseJaasSubject

public boolean isUseJaasSubject()

setUseJaasSubject

public void setUseJaasSubject(boolean useJaasSubject)
Whether to get roles from the JAAS Subject (if not null) returned from SAML Assertion Validation or not. The default is true.

Parameters:
useJaasSubject - whether to get roles from the JAAS Subject or not

getRoleClassifier

public String getRoleClassifier()

setRoleClassifier

public void setRoleClassifier(String roleClassifier)
Set the Subject Role Classifier to use. If this value is not specified, then it tries to get roles from the supplied JAAS Subject (if not null) using the DefaultSecurityContext in cxf-rt-core. Otherwise it uses this value in combination with the SUBJECT_ROLE_CLASSIFIER_TYPE to get the roles from the Subject.

Parameters:
roleClassifier - the Subject Role Classifier to use

getRoleClassifierType

public String getRoleClassifierType()

setRoleClassifierType

public void setRoleClassifierType(String roleClassifierType)
Set the Subject Role Classifier Type to use. Currently accepted values are "prefix" or "classname". Must be used in conjunction with the SUBJECT_ROLE_CLASSIFIER. The default value is "prefix".

Parameters:
roleClassifierType - the Subject Role Classifier Type to use

getRoleAttributeName

public String getRoleAttributeName()

setRoleAttributeName

public void setRoleAttributeName(String roleAttributeName)
Set the attribute URI of the SAML AttributeStatement where the role information is stored. The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".

Parameters:
roleAttributeName - the Attribute URI where role information is stored

Apache CXF API

Apache CXF