Examples of org.jboss.seam.security.external.jaxb.samlv2.assertion.AudienceRestrictionType

• org.jboss.seam.security.external.jaxb.samlv2.assertion.AudienceRestrictionType

  Java class for AudienceRestrictionType complex type.

  The following schema fragment specifies the expected content contained within this class.

   <complexType name="AudienceRestrictionType"> <complexContent> <extension base="{urn:oasis:names:tc:SAML:2.0:assertion}ConditionAbstractType"> <sequence> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Audience" maxOccurs="unbounded"/> </sequence> </extension> </complexContent> </complexType> 

    */
   private void issueToken(WSTrustRequestContext context, String assertionID) throws WSTrustException
   {
      // lifetime and audience restrictions.
      Lifetime lifetime = context.getRequestSecurityToken().getLifetime();
      AudienceRestrictionType restriction = null;
      AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
      if (appliesTo != null)
         restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo));
      ConditionsType conditions = SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(),
            restriction);

    * @param values a {@code String[]} containing the restriction values.
    * @return the constructed {@code AudienceRestrictionType} instance.
    */
   public static AudienceRestrictionType createAudienceRestriction(String... values)
   {
      AudienceRestrictionType audienceRestriction = new AudienceRestrictionType();
      if (values != null)
         audienceRestriction.getAudience().addAll(Arrays.asList(values));
      return audienceRestriction;
   }

      // generate an id for the new assertion.
      String assertionID = IDGenerator.create("ID_");

      // lifetime and audience restrictions.
      Lifetime lifetime = context.getRequestSecurityToken().getLifetime();
      AudienceRestrictionType restriction = null;
      AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
      if (appliesTo != null)
         restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo));
      ConditionsType conditions = SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(),
            restriction);

    */
   private void issueToken(WSTrustRequestContext context, String assertionID) throws WSTrustException
   {
      // lifetime and audience restrictions.
      Lifetime lifetime = context.getRequestSecurityToken().getLifetime();
      AudienceRestrictionType restriction = null;
      AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
      if (appliesTo != null)
         restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo));
      ConditionsType conditions = SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(),
            restriction);

    * @param values a {@code String[]} containing the restriction values.
    * @return the constructed {@code AudienceRestrictionType} instance.
    */
   public static AudienceRestrictionType createAudienceRestriction(String... values)
   {
      AudienceRestrictionType audienceRestriction = new AudienceRestrictionType();
      if (values != null)
         audienceRestriction.getAudience().addAll(Arrays.asList(values));
      return audienceRestriction;
   }

    * @param values a {@code String[]} containing the restriction values.
    * @return the constructed {@code AudienceRestrictionType} instance.
    */
   public static AudienceRestrictionType createAudienceRestriction(String... values)
   {
      AudienceRestrictionType audienceRestriction = new AudienceRestrictionType();
      if (values != null)
         audienceRestriction.getAudience().addAll(Arrays.asList(values));
      return audienceRestriction;
   }

    public ResponseType createResponse(SamlIdpSession session, SamlEndpoint externalSamlEndpoint) {
        ResponseType response = objectFactory.createResponseType();

        fillStatusResponseFields(response, SamlConstants.STATUS_SUCCESS, null);

        AssertionType assertion = assertionObjectFactory.createAssertionType();
        response.getAssertionOrEncryptedAssertion().add(assertion);

        SubjectType subject = assertionObjectFactory.createSubjectType();
        assertion.setSubject(subject);

        NameIDType nameID = assertionObjectFactory.createNameIDType();
        subject.getContent().add(assertionObjectFactory.createNameID(nameID));
        nameID.setValue(session.getPrincipal().getNameId().getValue());
        nameID.setFormat(session.getPrincipal().getNameId().getFormat());
        nameID.setNameQualifier(session.getPrincipal().getNameId().getQualifier());

        SubjectConfirmationType subjectConfirmation = assertionObjectFactory.createSubjectConfirmationType();
        subject.getContent().add(assertionObjectFactory.createSubjectConfirmation(subjectConfirmation));
        subjectConfirmation.setMethod(SamlConstants.CONFIRMATION_METHOD_BEARER);
        subjectConfirmation.setNameID(nameID);

        SubjectConfirmationDataType subjectConfirmationData = assertionObjectFactory.createSubjectConfirmationDataType();
        subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);

        subjectConfirmationData.setRecipient(externalSamlEndpoint.getLocation());
        subjectConfirmationData.setNotOnOrAfter(SamlUtils.getXMLGregorianCalendarNowPlusDuration(GregorianCalendar.MINUTE, ASSERTION_VALIDITY_IN_MINUTES));
        subjectConfirmationData.setInResponseTo(samlDialogue.get().getExternalProviderMessageId());

        ConditionsType conditions = assertionObjectFactory.createConditionsType();
        assertion.setConditions(conditions);
        AudienceRestrictionType audienceRestriction = assertionObjectFactory.createAudienceRestrictionType();
        conditions.getConditionOrAudienceRestrictionOrOneTimeUse().add(audienceRestriction);
        audienceRestriction.getAudience().add(samlDialogue.get().getExternalProvider().getEntityId());

        AuthnStatementType authnStatement = assertionObjectFactory.createAuthnStatementType();
        assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(authnStatement);
        authnStatement.setAuthnInstant(SamlUtils.getXMLGregorianCalendarNow());
        authnStatement.setSessionIndex(((SamlIdpSessionImpl) session).getSessionIndex());

        AuthnContextType authnContext = assertionObjectFactory.createAuthnContextType();
        authnStatement.setAuthnContext(authnContext);

        session.setPrincipal(principal);
        session.setIdentityProvider(idp);

        for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement()) {
            if (statement instanceof AttributeStatementType) {
                AttributeStatementType attributeStatement = (AttributeStatementType) statement;
                List<AttributeType> attributes = new LinkedList<AttributeType>();
                for (Object object : attributeStatement.getAttributeOrEncryptedAttribute()) {
                    if (object instanceof AttributeType) {
                        attributes.add((AttributeType) object);
                    } else {
                        log.warn("Encrypted attributes are not supported. Ignoring the attribute.");
                    }

        subjectConfirmationData.setNotOnOrAfter(SamlUtils.getXMLGregorianCalendarNowPlusDuration(GregorianCalendar.MINUTE, ASSERTION_VALIDITY_IN_MINUTES));
        subjectConfirmationData.setInResponseTo(samlDialogue.get().getExternalProviderMessageId());

        ConditionsType conditions = assertionObjectFactory.createConditionsType();
        assertion.setConditions(conditions);
        AudienceRestrictionType audienceRestriction = assertionObjectFactory.createAudienceRestrictionType();
        conditions.getConditionOrAudienceRestrictionOrOneTimeUse().add(audienceRestriction);
        audienceRestriction.getAudience().add(samlDialogue.get().getExternalProvider().getEntityId());

        AuthnStatementType authnStatement = assertionObjectFactory.createAuthnStatementType();
        assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(authnStatement);
        authnStatement.setAuthnInstant(SamlUtils.getXMLGregorianCalendarNow());
        authnStatement.setSessionIndex(((SamlIdpSessionImpl) session).getSessionIndex());

      subjectConfirmationData.setNotOnOrAfter(SamlUtils.getXMLGregorianCalendarNowPlusDuration(GregorianCalendar.MINUTE, ASSERTION_VALIDITY_IN_MINUTES));
      subjectConfirmationData.setInResponseTo(samlDialogue.get().getExternalProviderMessageId());

      ConditionsType conditions = assertionObjectFactory.createConditionsType();
      assertion.setConditions(conditions);
      AudienceRestrictionType audienceRestriction = assertionObjectFactory.createAudienceRestrictionType();
      conditions.getConditionOrAudienceRestrictionOrOneTimeUse().add(audienceRestriction);
      audienceRestriction.getAudience().add(samlDialogue.get().getExternalProvider().getEntityId());

      AuthnStatementType authnStatement = assertionObjectFactory.createAuthnStatementType();
      assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(authnStatement);
      authnStatement.setAuthnInstant(SamlUtils.getXMLGregorianCalendarNow());
      authnStatement.setSessionIndex(((SamlIdpSessionImpl) session).getSessionIndex());