DefaultSAMLRoleParser (Apache CXF JavaDoc 3.0.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Apache CXF API

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.cxf.sts.token.validator
Class DefaultSAMLRoleParser

java.lang.Object
  org.apache.cxf.sts.token.validator.DefaultSAMLRoleParser

All Implemented Interfaces:: SAMLRoleParser

public class DefaultSAMLRoleParser
extends Object
implements SAMLRoleParser
extends Object
implements SAMLRoleParser

A default implementation to extract roles from a SAML Assertion

Field Summary
`static String`	`SAML_ROLE_ATTRIBUTENAME_DEFAULT` This configuration tag specifies the default attribute name where the roles are present The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".

Constructor Summary
`DefaultSAMLRoleParser()`

Method Summary
`String`	`getRoleAttributeName()`
`String`	`getRoleClassifier()`
`String`	`getRoleClassifierType()`
`boolean`	`isUseJaasSubject()`
`Set<Principal>`	`parseRolesFromAssertion(Principal principal, Subject subject, org.apache.wss4j.common.saml.SamlAssertionWrapper assertion)` Return the set of User/Principal roles from the Assertion.
`void`	`setRoleAttributeName(String roleAttributeName)` Set the attribute URI of the SAML AttributeStatement where the role information is stored.
`void`	`setRoleClassifier(String roleClassifier)` Set the Subject Role Classifier to use.
`void`	`setRoleClassifierType(String roleClassifierType)` Set the Subject Role Classifier Type to use.
`void`	`setUseJaasSubject(boolean useJaasSubject)` Whether to get roles from the JAAS Subject (if not null) returned from SAML Assertion Validation or not.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

SAML_ROLE_ATTRIBUTENAME_DEFAULT

public static final String SAML_ROLE_ATTRIBUTENAME_DEFAULT

This configuration tag specifies the default attribute name where the roles are present The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".

See Also:: Constant Field Values

Constructor Detail

DefaultSAMLRoleParser

public DefaultSAMLRoleParser()

Method Detail

parseRolesFromAssertion

public Set<Principal> parseRolesFromAssertion(Principal principal,
                                              Subject subject,
                                              org.apache.wss4j.common.saml.SamlAssertionWrapper assertion)

Return the set of User/Principal roles from the Assertion.

Specified by:: parseRolesFromAssertion in interface SAMLRoleParser

Parameters:: principal - the Principal associated with the Assertion; subject - the JAAS Subject associated with a successful validation of the Assertion; assertion - The Assertion object
Returns:: the set of User/Principal roles from the Assertion.

isUseJaasSubject

public boolean isUseJaasSubject()

setUseJaasSubject

public void setUseJaasSubject(boolean useJaasSubject)

Whether to get roles from the JAAS Subject (if not null) returned from SAML Assertion Validation or not. The default is true.

Parameters:: useJaasSubject - whether to get roles from the JAAS Subject or not

getRoleClassifier

public String getRoleClassifier()

setRoleClassifier

public void setRoleClassifier(String roleClassifier)

Set the Subject Role Classifier to use. If this value is not specified, then it tries to get roles from the supplied JAAS Subject (if not null) using the DefaultSecurityContext in cxf-rt-core. Otherwise it uses this value in combination with the SUBJECT_ROLE_CLASSIFIER_TYPE to get the roles from the Subject.

Parameters:: roleClassifier - the Subject Role Classifier to use

getRoleClassifierType

public String getRoleClassifierType()

setRoleClassifierType

public void setRoleClassifierType(String roleClassifierType)

Set the Subject Role Classifier Type to use. Currently accepted values are "prefix" or "classname". Must be used in conjunction with the SUBJECT_ROLE_CLASSIFIER. The default value is "prefix".

Parameters:: roleClassifierType - the Subject Role Classifier Type to use

getRoleAttributeName

public String getRoleAttributeName()

setRoleAttributeName

public void setRoleAttributeName(String roleAttributeName)

Set the attribute URI of the SAML AttributeStatement where the role information is stored. The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".

Parameters:: roleAttributeName - the Attribute URI where role information is stored