如何解决在 Wso2 XACML 中获取如何获取自定义属性
我正在使用 SAML 对用户进行身份验证,其中我编写了一个自定义联合身份验证器,我将为其传递一个 IP,ID,appname
,它将调用其余的 Web 服务以获取用户名、角色和额外属性。因此,在收到响应后,我正在检查用户存储中是否存在用户名。如果存在,则用户的身份验证成功,否则我将抛出异常。但是为了执行 XACML 策略,我需要再次使用请求参数,如 IP,appname
来调用 Web 服务,基于此我需要获取用户属性,XACML 策略应该考虑这些参数来执行策略。
那么,有没有办法实现上述流程?
package org.wso2.carbon.identity.application.authenticator.customfed;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.json.JSONObject;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authenticator.customfed.internal.CustomAuthenticatorServiceComponent;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.wso2.carbon.identity.application.common.model.Property;
public class CustomFedAuthenticator extends AbstractApplicationAuthenticator implements
FederatedApplicationAuthenticator {
private static String RE_CAPTCHA_USER_DOMAIN = "user-domain-recaptcha";
/**
*
*/
private static final long serialVersionUID = 1L;
private static final Log LOGGER = LogFactory.getLog(CustomFedAuthenticator.class);
@Override
protected void processAuthenticationResponse(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse,AuthenticationContext authenticationContext)
throws AuthenticationFailedException {
if(httpServletRequest.getParameter(CustomFedAuthenticatorConstants.ID)==null || httpServletRequest.getParameter(CustomFedAuthenticatorConstants.ID).isEmpty()){
LOGGER.info("Remote Service Call Authentication Failed:::::::::::");
throw new AuthenticationFailedException("ID is empty/null");
}
String userName = callDPPortalGetSession(httpServletRequest.getRemoteHost(),httpServletRequest.getParameter(CustomFedAuthenticatorConstants.APP_ID),httpServletRequest.getParameter(CustomFedAuthenticatorConstants.APPNAME));
boolean isAuthenticated;
UserStoreManager userStoreManager;
IdentityUtil.threadLocalProperties.get().remove(RE_CAPTCHA_USER_DOMAIN);
try {
int tenantId = IdentityTenantUtil.getTenantIdOfUser(userName);
LOGGER.info("Tenant Id is::"+ tenantId);
UserRealm userRealm = CustomAuthenticatorServiceComponent.getRealmService().getTenantUserRealm(tenantId);
if (userRealm != null) {
userStoreManager = (UserStoreManager) userRealm.getUserStoreManager();
isAuthenticated = userStoreManager.isExistingUser(MultitenantUtils.getTenantAwareUsername(userName));
} else {
throw new AuthenticationFailedException("Cannot find the user realm for the given tenant: " +
tenantId,User.getUserFromUserName(userName));
}
} catch (Exception e) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("CustomBasicAuthentication Failed while trying to get the tenant ID of the user " + userName,e);
}
throw new AuthenticationFailedException(e.getMessage(),User.getUserFromUserName(userName),e);
}
if(!isAuthenticated) {
LOGGER.info("Authentication Failed");
throw new AuthenticationFailedException("Authentication Failed");
}
Map<ClaimMapping,String> claims = new HashMap<ClaimMapping,String>();
String[] claimList= {"http://wso2.org/claims/identity/isLiteUser"};
try {
Map<String,String> userClaims = userStoreManager.getUserClaimValues(MultitenantUtils.getTenantAwareUsername
(userName),claimList,null);
LOGGER.info("userClaims::::"+userClaims);
claims.put(ClaimMapping.build("http://wso2.org/claims/identity/isLiteUser","http://wso2.org/claims/identity/isLiteUser",null,true),userClaims.get("http://wso2.org/claims/identity/isLiteUser");
} catch (UserStoreException e) {
e.printstacktrace();
}
AuthenticatedUser authenticatedUserObj = AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(MultitenantUtils.getTenantAwareUsername
(userName));
authenticatedUserObj.setAuthenticatedSubjectIdentifier(MultitenantUtils.getTenantAwareUsername
(userName));
authenticatedUserObj.setUserAttributes(claims);
authenticatedUserObj.setUserName(MultitenantUtils.getTenantAwareUsername
(userName));
authenticationContext.setSubject(authenticatedUserObj);
}
@Override
protected void initiateAuthenticationRequest(HttpServletRequest request,HttpServletResponse response,AuthenticationContext context)
throws AuthenticationFailedException {
super.initiateAuthenticationRequest(request,response,context);
}
@Override
public boolean canHandle(HttpServletRequest request) {
request.setAttribute(FrameworkConstants.REQ_ATTR_HANDLED,null);
return true;
}
@Override
public String getContextIdentifier(HttpServletRequest request) {
return "CustomFedAuth_Context_id";
}
@Override
public String getName() {
return "CustomFedAuthenticator";
}
@Override
public String getFriendlyName() {
return "customfed";
}
private String callGetSession(String ipAddress,String appId,String ID) {
//
return null;
}
private String callGetUserAttributes(String ipAddress,String ID) {
//
return null;
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。