You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Smith, Kevin T" <KS...@mcdonaldbradley.com> on 2008/05/30 15:45:48 UTC
Getting Token from a Service (Rampart 1.3)
Hi,
I'm new to Rampart and I am switching from having a custom
module/handler to using Rampart.
The only thing is - from the service itself, I need to access a SAML
token passed in (using WS-Security SAML Token Profile), because I need
to filter data based on the attributes of the user in the assertion.
That is, the service pulls information from a data source, and based on
releasability constraints of the information it pulls, it then needs to
filter data based on the attributes of the user from the SAML assertion.
It would be great if I could actually get a SAML assertion object
directly from the service (without having to parse the header again -
this should have been done already if rampart is providing the WS-Policy
validation). Is this object fetchable from the service?
>From a service, I have been looking at the MessageContext properties
and, I saw that there is a "org.apache.rahas.TokenStorage" object. Even
though tokens are passed, however, I have never seen this object with
any tokens. And even so, it would contain an org.apache.rahas.Token,
which I don't believe is what I need.
Any help would be appreciated! Thanks!
Kevin T. Smith
Technical Director, Mantech MBI
ksmith@mcdonaldbradley.com
(804) 550-3670; cell 571-426-8639
Re: Getting Token from a Service (Rampart 1.3)
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi Kevin,
Rampart puts the parsed SAML assertion object as a property in the
message context. You can access it with in the service like this.
Vector results = null;
if ((results = (Vector) msgCtx
.getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
throw new RuntimeException("No security results!!");
} else {
for (int i = 0; i < results.size(); i++) {
//Get hold of the WSHandlerResult instance
WSHandlerResult rResult = (WSHandlerResult) results.get(i);
Vector wsSecEngineResults = rResult.getResults();
for (int j = 0; j < wsSecEngineResults.size(); j++) {
//Get hold of the WSSecurityEngineResult instance
WSSecurityEngineResult wser =
(WSSecurityEngineResult)wsSecEngineResults.get(j);
Check for the SAML result
if ( ((java.lang.Integer)
wser.get(WSSecurityEngineResult.TAG_ACTION)).intValue()) ==
WSConstants.ST_UNSIGNED) {
//This will return the
org.opensaml.SAMLAssertion object
wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
}
}
}
}
I didn't have time to try the code, so you may have to do little
modifications to get it working but hope you can grab the logic from here.
regards,
nandana
On Fri, May 30, 2008 at 7:15 PM, Smith, Kevin T <KS...@mcdonaldbradley.com>
wrote:
> Hi,
>
>
>
> I'm new to Rampart and I am switching from having a custom
> module/handler to using Rampart.
>
>
>
> The only thing is - from the service itself, I need to access a SAML
> token passed in (using WS-Security SAML Token Profile), because I need
> to filter data based on the attributes of the user in the assertion.
>
>
>
> That is, the service pulls information from a data source, and based on
> releasability constraints of the information it pulls, it then needs to
> filter data based on the attributes of the user from the SAML assertion.
>
>
>
>
> It would be great if I could actually get a SAML assertion object
> directly from the service (without having to parse the header again -
> this should have been done already if rampart is providing the WS-Policy
> validation). Is this object fetchable from the service?
>
>
> From a service, I have been looking at the MessageContext properties
> and, I saw that there is a "org.apache.rahas.TokenStorage" object. Even
> though tokens are passed, however, I have never seen this object with
> any tokens. And even so, it would contain an org.apache.rahas.Token,
> which I don't believe is what I need.
>
>
>
> Any help would be appreciated! Thanks!
>
>
>
> Kevin T. Smith
>
> Technical Director, Mantech MBI
>
> ksmith@mcdonaldbradley.com
>
> (804) 550-3670; cell 571-426-8639
>
>
>
>
>
> --
Nandana Mihindukulasooriya
WSO2 inc.
http://nandana83.blogspot.com/
http://nandanasm.wordpress.com/