Examples of org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType

• org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType

  Java class for AttributeStatementType complex type.

  The following schema fragment specifies the expected content contained within this class.

   <complexType name="AttributeStatementType"> <complexContent> <extension base="{urn:oasis:names:tc:SAML:2.0:assertion}StatementAbstractType"> <choice maxOccurs="unbounded"> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Attribute"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}EncryptedAttribute"/> </choice> </extension> </complexContent> </complexType> 

      for (StatementAbstractType statement : assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement())
      {
         if (statement instanceof AttributeStatementType)
         {
            AttributeStatementType attributeStatement = (AttributeStatementType) statement;
            List<AttributeType> attributes = new LinkedList<AttributeType>();
            for (Object object : attributeStatement.getAttributeOrEncryptedAttribute())
            {
               if (object instanceof AttributeType)
               {
                  attributes.add((AttributeType) object);
               }

                event.event(EventType.LOGIN);
                event.error(Errors.INVALID_TOKEN);
                return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Invalid Request");
            }

            SAML2Object samlObject = documentHolder.getSamlObject();

            RequestAbstractType requestAbstractType = (RequestAbstractType)samlObject;
            String issuer = requestAbstractType.getIssuer().getValue();
            ClientModel client = realm.findClient(issuer);

        sp.setRequestID(requestID);
        sp.setIssuer(requestIssuer);
        responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);

        // Add information on the roles
        AssertionType assertion = responseType.getAssertions().get(0).getAssertion();

        // Create an AuthnStatementType
        if (!disableAuthnStatement) {
            String authContextRef = JBossSAMLURIConstants.AC_UNSPECIFIED.get();
            if (isNotNull(authMethod))
                authContextRef = authMethod;

            AuthnStatementType authnStatement = StatementUtil.createAuthnStatement(XMLTimeUtil.getIssueInstant(),
                    authContextRef);

            authnStatement.setSessionIndex(assertion.getID());

            assertion.addStatement(authnStatement);
        }

        if (roles != null && !roles.isEmpty()) {
            AttributeStatementType attrStatement = StatementUtil.createAttributeStatementForRoles(roles, multiValuedRoles);
            assertion.addStatement(attrStatement);
        }

        // Add in the attributes information
        if (attributes != null && attributes.size() > 0) {
            AttributeStatementType attStatement = StatementUtil.createAttributeStatement(attributes);
            assertion.addStatement(attStatement);
        }

        try {
            samlResponseDocument = saml2Response.convert(responseType);

            String assertionStr = samlCredential.getAssertionAsString();
            if (StringUtil.isNullOrEmpty(assertionStr))
                throw logger.authSAMLAssertionNullOrEmpty();

            SAMLParser parser = new SAMLParser();
            AssertionType assertion = (AssertionType) parser.parse(new ByteArrayInputStream(assertionStr.getBytes()));
            List<String> roles = AssertionUtil.getRoles(assertion, null);
            Group roleGroup = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
            for (String role : roles) {
                roleGroup.addMember(new SimplePrincipal(role));
            }

        }

        Map<String, Object> contextMap = new HashMap<String, Object>();
        contextMap.put(SHARED_TOKEN, this.samlToken);

        AssertionType assertion = null;
        try {
            assertion = SAMLUtil.fromElement(samlToken);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }

        if (principalMappingContext != null) {
            principalMappingContext.performMapping(contextMap, null);
            Principal principal = principalMappingContext.getMappingResult().getMappedObject();
            subject.getPrincipals().add(principal);

            // If the user has configured cache invalidation of subject based on saml token expiry
            if (enableCacheInvalidation) {
                TimeCacheExpiry cacheExpiry = JBossAuthCacheInvalidationFactory.getCacheExpiry();

                XMLGregorianCalendar expiry = AssertionUtil.getExpiration(assertion);
                if (expiry != null) {
                    cacheExpiry.register(securityDomain, expiry.toGregorianCalendar().getTime(), principal);
                } else {
                    logger.samlAssertionWithoutExpiration(assertion.getID());
                }
            }
        }

        if (roleMappingContext != null) {

            assertion.addStatement(authnStatement);
        }

        if (roles != null && !roles.isEmpty()) {
            AttributeStatementType attrStatement = StatementUtil.createAttributeStatementForRoles(roles, multiValuedRoles);
            assertion.addStatement(attrStatement);
        }

        // Add in the attributes information
        if (attributes != null && attributes.size() > 0) {
            AttributeStatementType attStatement = StatementUtil.createAttributeStatement(attributes);
            assertion.addStatement(attStatement);
        }

        try {
            samlResponseDocument = saml2Response.convert(responseType);

     * Create an empty attribute statement
     *
     * @return
     */
    public static AttributeStatementType createAttributeStatement() {
        return new AttributeStatementType();
    }

     *
     * @param attributeValue
     * @return
     */
    public static AttributeStatementType createAttributeStatement(String attributeValue) {
        AttributeStatementType attribStatement = new AttributeStatementType();
        AttributeType att = new AttributeType(attributeValue);
        att.addAttributeValue(attributeValue);

        attribStatement.addAttribute(new ASTChoiceType(att));
        return attribStatement;
    }

        try {
            Element tokenElement = (Element) tokenObject;
            AssertionType assertion = SAMLUtil.fromElement(tokenElement);

            // check the assertion statements and look for role attributes.
            AttributeStatementType attributeStatement = this.getAttributeStatement(assertion);
            if (attributeStatement != null) {
                RoleGroup rolesGroup = new SimpleRoleGroup(SAML20CommonTokenRoleAttributeProvider.JBOSS_ROLE_PRINCIPAL_NAME);
                List<ASTChoiceType> attributeList = attributeStatement.getAttributes();
                for (ASTChoiceType obj : attributeList) {
                    AttributeType attribute = obj.getAttribute();
                    if (attribute != null) {
                        // if this is a role attribute, get its values and add them to the role set.
                        if (tokenRoleAttributeName.equals(attribute.getName())) {

        Subject subject = SecurityActions.getSecurityContext().getSubjectInfo().getAuthenticatedSubject();
        if (subject == null) {
            logger.trace("No authentication Subject found, cannot provide any user roles!");
            return null;
        } else {
            AttributeStatementType attributeStatement = new AttributeStatementType();
            AttributeType rolesAttribute = new AttributeType(tokenRoleAttributeName);
            attributeStatement.addAttribute(new ASTChoiceType(rolesAttribute));

            // List<Object> roles = rolesAttribute.getAttributeValue();
            for (Principal rolePrincipal : subject.getPrincipals()) {
                if (JBOSS_ROLE_PRINCIPAL_NAME.equalsIgnoreCase(rolePrincipal.getName())) {
                    Group simpleGroup = (Group) rolePrincipal;