• Home
• org.glassfish.metro
• webservices-osgi
• 3.0.3
• source code
• UsernameOrSAMLAlternativeSelector.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.sun.xml.wss.impl.policy.verifier.UsernameOrSAMLAlternativeSelector Maven / Gradle / Ivy

/*
 * Copyright (c) 2011, 2018 Oracle and/or its affiliates. All rights reserved.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Distribution License v. 1.0, which is available at
 * http://www.eclipse.org/org/documents/edl-v10.php.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */

package com.sun.xml.wss.impl.policy.verifier;

import com.sun.xml.ws.security.spi.AlternativeSelector;
import com.sun.xml.wss.ProcessingContext;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.policy.SecurityPolicy;
import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import java.util.List;

/**
 * A class which can select specific alternatives of a Username or a SAMLToken appearing
 * as SignedSupportingTokens.
 */
public class UsernameOrSAMLAlternativeSelector implements AlternativeSelector {



	private enum SupportingTokenType {

		USERNAME, SAML, UNKNOWN
	}

	@Override
	public MessagePolicy selectAlternative(ProcessingContext ctx, List alternatives, SecurityPolicy recvdPolicy) {
		//TODO: assert that the number of alternatives is two only
		//it can handle the alternatives as defined in the following oracle security profiles :
		//1. wss11_saml_or_username_token_with_message_protection_service_policy
		//2. OR wss_saml_or_username_token_over_ssl_service_policy
		SupportingTokenType reqMsgTokenType = determineTokenType(recvdPolicy);
		for (MessagePolicy mp : alternatives) {
			SupportingTokenType alternativeTokenType = determineTokenType(mp);
			if (reqMsgTokenType != SupportingTokenType.UNKNOWN && reqMsgTokenType.equals(alternativeTokenType)) {
				return mp;
			}
		}
		return null;
	}

	@Override
	public boolean supportsAlternatives(List alternatives) {
		 if (alternatives.size() != 2) {
			 return false;
		 }
		 SupportingTokenType firstAlternativeType = determineTokenType(alternatives.get(0));

		 if(firstAlternativeType == SupportingTokenType.UNKNOWN) {
			 return false;
		 }

		 SupportingTokenType secondAlternativeType = determineTokenType(alternatives.get(1));

		 if(secondAlternativeType == SupportingTokenType.UNKNOWN) {
			 return false;
		 }

		 if(firstAlternativeType == secondAlternativeType) {
			 return false;
		 }

		 return true;
	}

	private SupportingTokenType determineTokenType(SecurityPolicy recvdPolicy) {
		SupportingTokenType ret = SupportingTokenType.UNKNOWN;
		if (recvdPolicy instanceof MessagePolicy) {
			MessagePolicy pol = (MessagePolicy) recvdPolicy;
			for (int i = 0; i < pol.size(); i++) {
				try {
					WSSPolicy p = (WSSPolicy) pol.get(i);
					if (PolicyTypeUtil.usernameTokenBinding(p) || PolicyTypeUtil.usernameTokenBinding(p.getFeatureBinding())) {
						ret = SupportingTokenType.USERNAME;
						break;
					} else if (PolicyTypeUtil.samlTokenPolicy(p) || PolicyTypeUtil.samlTokenPolicy(p.getFeatureBinding())) {
						ret = SupportingTokenType.SAML;
						break;
					}
				} catch (Exception e) {
					//nothing to do.
				}
			}
		}
		return ret;
	}

}