Package org.apache.cxf.sts.token.validator

Class DefaultSAMLRoleParser

java.lang.Object

org.apache.cxf.sts.token.validator.DefaultSubjectRoleParser

org.apache.cxf.sts.token.validator.DefaultSAMLRoleParser

All Implemented Interfaces:

SAMLRoleParser, SubjectRoleParser

public class DefaultSAMLRoleParser
extends DefaultSubjectRoleParser
implements SAMLRoleParser

A default implementation to extract roles from a SAML Assertion

Field Summary

Fields

Modifier and Type	Field	Description
static final String	SAML_ROLE_ATTRIBUTENAME_DEFAULT	This configuration tag specifies the default attribute name where the roles are present The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".

Constructor Summary

Constructors

Constructor	Description
DefaultSAMLRoleParser()

Method Summary

Modifier and Type	Method	Description
String	getRoleAttributeName()
boolean	isUseJaasSubject()
Set<Principal>	parseRolesFromAssertion(Principal principal, Subject subject, org.apache.wss4j.common.saml.SamlAssertionWrapper assertion)	Return the set of User/Principal roles from the Assertion.
void	setRoleAttributeName(String roleAttributeName)	Set the attribute URI of the SAML AttributeStatement where the role information is stored.
void	setUseJaasSubject(boolean useJaasSubject)	Whether to get roles from the JAAS Subject (if not null) returned from SAML Assertion Validation or not.

Methods inherited from class org.apache.cxf.sts.token.validator.DefaultSubjectRoleParser

getRoleClassifier, getRoleClassifierType, parseRolesFromSubject, setRoleClassifier, setRoleClassifierType

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.cxf.sts.token.validator.SubjectRoleParser

parseRolesFromSubject

Field Details

SAML_ROLE_ATTRIBUTENAME_DEFAULT

public static final String SAML_ROLE_ATTRIBUTENAME_DEFAULT

This configuration tag specifies the default attribute name where the roles are present The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".

See Also:

• Constant Field Values

Constructor Details

DefaultSAMLRoleParser

public DefaultSAMLRoleParser()

Method Details

parseRolesFromAssertion

public Set<Principal> parseRolesFromAssertion(Principal principal,
 Subject subject,
 org.apache.wss4j.common.saml.SamlAssertionWrapper assertion)

Return the set of User/Principal roles from the Assertion.

Specified by:

parseRolesFromAssertion in interface SAMLRoleParser

Parameters:

principal - the Principal associated with the Assertion

subject - the JAAS Subject associated with a successful validation of the Assertion

assertion - The Assertion object

Returns:

the set of User/Principal roles from the Assertion.

isUseJaasSubject

public boolean isUseJaasSubject()

setUseJaasSubject

public void setUseJaasSubject(boolean useJaasSubject)

Whether to get roles from the JAAS Subject (if not null) returned from SAML Assertion Validation or not. The default is true.

Parameters:

useJaasSubject - whether to get roles from the JAAS Subject or not

getRoleAttributeName

public String getRoleAttributeName()

setRoleAttributeName

public void setRoleAttributeName(String roleAttributeName)

Set the attribute URI of the SAML AttributeStatement where the role information is stored. The default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role".

Parameters:

roleAttributeName - the Attribute URI where role information is stored