Package: DefaultClaimHandler

DefaultClaimHandler

nameinstructionbranchcomplexitylinemethod
DefaultClaimHandler()
M: 3 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 1 C: 0
0%
M: 1 C: 0
0%
addMultiAttributeSperatorToRequestedClaims(AuthenticatedUser, UserStoreManager, Map)
M: 19 C: 0
0%
M: 4 C: 0
0%
M: 3 C: 0
0%
M: 6 C: 0
0%
M: 1 C: 0
0%
filterSPClaims(Map, Map, Map, Map, Map)
M: 42 C: 0
0%
M: 6 C: 0
0%
M: 4 C: 0
0%
M: 10 C: 0
0%
M: 1 C: 0
0%
getAuthenticatedUser(StepConfig, AuthenticationContext)
M: 12 C: 0
0%
M: 2 C: 0
0%
M: 2 C: 0
0%
M: 4 C: 0
0%
M: 1 C: 0
0%
getCarbonToStandardDialectMapping(String, AuthenticationContext, Map, String)
M: 33 C: 0
0%
M: 2 C: 0
0%
M: 2 C: 0
0%
M: 7 C: 0
0%
M: 1 C: 0
0%
getClaimManager(String, UserRealm)
M: 24 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 6 C: 0
0%
M: 1 C: 0
0%
getClaimMappings(String, Set, String, boolean)
M: 25 C: 0
0%
M: 2 C: 0
0%
M: 2 C: 0
0%
M: 9 C: 0
0%
M: 1 C: 0
0%
getInstance()
M: 17 C: 0
0%
M: 4 C: 0
0%
M: 3 C: 0
0%
M: 6 C: 0
0%
M: 1 C: 0
0%
getLocalToIdpClaimMappingWithStandardDialect(Map, ClaimMapping[], AuthenticationContext, String)
M: 75 C: 0
0%
M: 8 C: 0
0%
M: 5 C: 0
0%
M: 13 C: 0
0%
M: 1 C: 0
0%
getServiceProviderMappedUserRoles(ApplicationConfig, List, String)
M: 37 C: 0
0%
M: 6 C: 0
0%
M: 4 C: 0
0%
M: 8 C: 0
0%
M: 1 C: 0
0%
getStandardDialect(String, ApplicationConfig)
M: 70 C: 0
0%
M: 20 C: 0
0%
M: 11 C: 0
0%
M: 22 C: 0
0%
M: 1 C: 0
0%
getStanderDialectToCarbonMapping(String, AuthenticationContext, Map, String)
M: 37 C: 0
0%
M: 2 C: 0
0%
M: 2 C: 0
0%
M: 7 C: 0
0%
M: 1 C: 0
0%
getUserRealm(String)
M: 24 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 7 C: 0
0%
M: 1 C: 0
0%
getUserStoreManager(String, UserRealm, String)
M: 50 C: 0
0%
M: 4 C: 0
0%
M: 3 C: 0
0%
M: 10 C: 0
0%
M: 1 C: 0
0%
handleClaimMappings(StepConfig, AuthenticationContext, Map, boolean)
M: 44 C: 0
0%
M: 6 C: 0
0%
M: 4 C: 0
0%
M: 11 C: 0
0%
M: 1 C: 0
0%
handleFederatedClaims(Map, String, StepConfig, AuthenticationContext)
M: 194 C: 0
0%
M: 18 C: 0
0%
M: 10 C: 0
0%
M: 46 C: 0
0%
M: 1 C: 0
0%
handleLocalClaims(String, StepConfig, AuthenticationContext)
M: 151 C: 0
0%
M: 14 C: 0
0%
M: 8 C: 0
0%
M: 34 C: 0
0%
M: 1 C: 0
0%
loadDefaultValuesForClaims(ClaimMapping[], Map)
M: 32 C: 0
0%
M: 6 C: 0
0%
M: 4 C: 0
0%
M: 6 C: 0
0%
M: 1 C: 0
0%
logInput(Map, boolean)
M: 62 C: 0
0%
M: 4 C: 0
0%
M: 3 C: 0
0%
M: 13 C: 0
0%
M: 1 C: 0
0%
logOutput(Map, AuthenticationContext)
M: 242 C: 0
0%
M: 14 C: 0
0%
M: 8 C: 0
0%
M: 53 C: 0
0%
M: 1 C: 0
0%
mapLocalSpClaimsToRemoteSPClaims(String, AuthenticationContext, Map)
M: 52 C: 0
0%
M: 4 C: 0
0%
M: 3 C: 0
0%
M: 12 C: 0
0%
M: 1 C: 0
0%
mapRemoteClaimsToLocalClaims(Map, Map, Map, Map)
M: 40 C: 0
0%
M: 6 C: 0
0%
M: 4 C: 0
0%
M: 9 C: 0
0%
M: 1 C: 0
0%
mapRequestClaimsInStandardDialect(Map, Map)
M: 35 C: 0
0%
M: 6 C: 0
0%
M: 4 C: 0
0%
M: 10 C: 0
0%
M: 1 C: 0
0%
mapSPClaimsAndFilterRequestedClaims(Map, Map, Map, Map, Map)
M: 42 C: 0
0%
M: 6 C: 0
0%
M: 4 C: 0
0%
M: 10 C: 0
0%
M: 1 C: 0
0%
retrieveAllNunNullUserClaimValues(AuthenticatedUser, ClaimManager, ApplicationConfig, UserStoreManager)
M: 152 C: 0
0%
M: 14 C: 0
0%
M: 8 C: 0
0%
M: 32 C: 0
0%
M: 1 C: 0
0%
setSubjectClaim(String, UserStoreManager, Map, String, AuthenticationContext)
M: 81 C: 0
0%
M: 18 C: 0
0%
M: 10 C: 0
0%
M: 22 C: 0
0%
M: 1 C: 0
0%
setSubjectClaimForFederatedClaims(Map, String, AuthenticationContext)
M: 42 C: 0
0%
M: 10 C: 0
0%
M: 6 C: 0
0%
M: 10 C: 0
0%
M: 1 C: 0
0%
setSubjectClaimForLocalClaims(String, UserStoreManager, Map, String, AuthenticationContext)
M: 42 C: 0
0%
M: 10 C: 0
0%
M: 6 C: 0
0%
M: 10 C: 0
0%
M: 1 C: 0
0%
setSubjectClaimForStandardDialect(String, UserStoreManager, AuthenticationContext, String)
M: 59 C: 0
0%
M: 6 C: 0
0%
M: 4 C: 0
0%
M: 11 C: 0
0%
M: 1 C: 0
0%
static {...}
M: 4 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 1 C: 0
0%
M: 1 C: 0
0%

Coverage

1: /*
2: * Copyright (c) 2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
3: *
4: * WSO2 Inc. licenses this file to you under the Apache License,
5: * Version 2.0 (the "License"); you may not use this file except
6: * in compliance with the License.
7: * You may obtain a copy of the License at
8: *
9: * http://www.apache.org/licenses/LICENSE-2.0
10: *
11: * Unless required by applicable law or agreed to in writing,
12: * software distributed under the License is distributed on an
13: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14: * KIND, either express or implied. See the License for the
15: * specific language governing permissions and limitations
16: * under the License.
17: */
18:
19: package org.wso2.carbon.identity.application.authentication.framework.handler.claims.impl;
20:
21: import org.apache.commons.collections.MapUtils;
22: import org.apache.commons.lang.StringUtils;
23: import org.apache.commons.logging.Log;
24: import org.apache.commons.logging.LogFactory;
25: import org.wso2.carbon.CarbonException;
26: import org.wso2.carbon.base.MultitenantConstants;
27: import org.wso2.carbon.core.util.AnonymousSessionUtil;
28: import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
29: import org.wso2.carbon.identity.application.authentication.framework.config.model.ApplicationConfig;
30: import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
31: import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
32: import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
33: import org.wso2.carbon.identity.application.authentication.framework.handler.claims.ClaimHandler;
34: import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceComponent;
35: import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
36: import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
37: import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
38: import org.wso2.carbon.identity.application.common.model.ClaimConfig;
39: import org.wso2.carbon.identity.application.common.model.ClaimMapping;
40: import org.wso2.carbon.identity.application.common.model.ServiceProvider;
41: import org.wso2.carbon.identity.application.mgt.ApplicationConstants;
42: import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataHandler;
43: import org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException;
44: import org.wso2.carbon.identity.core.util.IdentityCoreConstants;
45: import org.wso2.carbon.user.api.ClaimManager;
46: import org.wso2.carbon.user.api.RealmConfiguration;
47: import org.wso2.carbon.user.api.UserStoreException;
48: import org.wso2.carbon.user.api.UserStoreManager;
49: import org.wso2.carbon.user.core.UserRealm;
50:
51: import java.util.ArrayList;
52: import java.util.Arrays;
53: import java.util.HashMap;
54: import java.util.Iterator;
55: import java.util.LinkedList;
56: import java.util.List;
57: import java.util.Map;
58: import java.util.Map.Entry;
59: import java.util.Set;
60:
61: public class DefaultClaimHandler implements ClaimHandler {
62:
63: public static final String SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE =
64: FrameworkConstants.SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE;
65: private static final Log log = LogFactory.getLog(DefaultClaimHandler.class);
66: private static volatile DefaultClaimHandler instance;
67:
68: public static DefaultClaimHandler getInstance() {
69:• if (instance == null) {
70: synchronized (DefaultClaimHandler.class) {
71:• if (instance == null) {
72: instance = new DefaultClaimHandler();
73: }
74: }
75: }
76: return instance;
77: }
78:
79: @Override
80: public Map<String, String> handleClaimMappings(StepConfig stepConfig,
81: AuthenticationContext context, Map<String, String> remoteClaims,
82: boolean isFederatedClaims) throws FrameworkException {
83:
84:• if (log.isDebugEnabled()) {
85: logInput(remoteClaims, isFederatedClaims);
86: }
87:
88: ApplicationConfig appConfig = context.getSequenceConfig().getApplicationConfig();
89: String spStandardDialect = getStandardDialect(context.getRequestType(), appConfig);
90: Map<String, String> returningClaims = null;
91:• if (isFederatedClaims) {
92:
93: returningClaims = handleFederatedClaims(remoteClaims, spStandardDialect, stepConfig, context);
94:
95: } else {
96:
97: returningClaims = handleLocalClaims(spStandardDialect, stepConfig, context);
98:
99: }
100:• if (log.isDebugEnabled()) {
101: logOutput(returningClaims, context);
102: }
103: return returningClaims;
104: }
105:
106: /**
107: * @param spStandardDialect
108: * @param remoteClaims
109: * @param stepConfig
110: * @param context
111: * @return
112: * @throws FrameworkException
113: */
114: protected Map<String, String> handleFederatedClaims(Map<String, String> remoteClaims, String spStandardDialect,
115: StepConfig stepConfig, AuthenticationContext context)
116: throws FrameworkException {
117:
118: ClaimMapping[] idPClaimMappings = context.getExternalIdP().getClaimMappings();
119:
120:• if (idPClaimMappings == null) {
121: idPClaimMappings = new ClaimMapping[0];
122: }
123:
124: Map<String, String> spClaimMappings = context.getSequenceConfig().getApplicationConfig().
125: getClaimMappings();
126:
127:• if (spClaimMappings == null) {
128: spClaimMappings = new HashMap<>();
129: }
130:
131: Map<String, String> carbonToStandardClaimMapping;
132: Map<String, String> spRequestedClaimMappings = context.getSequenceConfig().getApplicationConfig().
133: getRequestedClaimMappings();
134:• if (StringUtils.isNotBlank(spStandardDialect) && !StringUtils.equals(spStandardDialect, ApplicationConstants
135: .LOCAL_IDP_DEFAULT_CLAIM_DIALECT)) {
136: carbonToStandardClaimMapping = getCarbonToStandardDialectMapping(spStandardDialect, context,
137: spRequestedClaimMappings, context.getTenantDomain());
138: spRequestedClaimMappings = mapRequestClaimsInStandardDialect(spRequestedClaimMappings,
139: carbonToStandardClaimMapping);
140: context.setProperty(FrameworkConstants.SP_TO_CARBON_CLAIM_MAPPING, spRequestedClaimMappings);
141: }
142:
143: ApplicationAuthenticator authenticator = stepConfig.
144: getAuthenticatedAutenticator().getApplicationAuthenticator();
145: String idPStandardDialect = authenticator.getClaimDialectURI();
146:
147: boolean useDefaultIdpDialect = context.getExternalIdP().useDefaultLocalIdpDialect();
148:
149: // set unfiltered remote claims as a property
150: context.setProperty(FrameworkConstants.UNFILTERED_IDP_CLAIM_VALUES, remoteClaims);
151:
152: Map<String, String> localUnfilteredClaims = new HashMap<>();
153: Map<String, String> spUnfilteredClaims = new HashMap<>();
154: Map<String, String> spFilteredClaims = new HashMap<>();
155:
156:
157: // claim mapping from local IDP to remote IDP : local-claim-uri / idp-claim-uri
158:
159: Map<String, String> localToIdPClaimMap = null;
160: Map<String, String> defaultValuesForClaims = new HashMap<>();
161:
162: loadDefaultValuesForClaims(idPClaimMappings, defaultValuesForClaims);
163:
164:• if (idPStandardDialect != null || useDefaultIdpDialect) {
165: localToIdPClaimMap = getLocalToIdpClaimMappingWithStandardDialect(remoteClaims, idPClaimMappings, context,
166: idPStandardDialect);
167:• } else if (idPClaimMappings.length > 0) {
168: localToIdPClaimMap = FrameworkUtils.getClaimMappings(idPClaimMappings, true);
169: } else {
170: log.warn("Authenticator : " + authenticator.getFriendlyName() + " does not have " +
171: "a standard dialect and IdP : " + context.getExternalIdP().getIdPName() +
172: " does not have custom claim mappings. Cannot proceed with claim mappings");
173: return spFilteredClaims;
174: }
175:
176: // Loop remote claims and map to local claims
177: mapRemoteClaimsToLocalClaims(remoteClaims, localUnfilteredClaims, localToIdPClaimMap, defaultValuesForClaims);
178:
179: // set all locally mapped unfiltered remote claims as a property
180: context.setProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES, localUnfilteredClaims);
181:
182: // claim mapping from local service provider to remote service provider.
183: Map<String, String> localToSPClaimMappings = mapLocalSpClaimsToRemoteSPClaims(spStandardDialect, context,
184: spClaimMappings);
185:
186: // Loop through <code>localToSPClaimMappings</code> and filter
187: // <code>spUnfilteredClaims</code> and <code>spFilteredClaims</code>
188: filterSPClaims(spRequestedClaimMappings, localUnfilteredClaims, spUnfilteredClaims, spFilteredClaims,
189: localToSPClaimMappings);
190:
191: // set all service provider mapped unfiltered remote claims as a property
192: context.setProperty(FrameworkConstants.UNFILTERED_SP_CLAIM_VALUES, spUnfilteredClaims);
193:
194:• if (FrameworkConstants.RequestType.CLAIM_TYPE_OPENID.equals(context.getRequestType())) {
195: spFilteredClaims = spUnfilteredClaims;
196: }
197:
198: // set the subject claim URI as a property
199:• if (spStandardDialect != null) {
200: setSubjectClaimForFederatedClaims(localUnfilteredClaims, spStandardDialect, context);
201: } else {
202: setSubjectClaimForFederatedClaims(spUnfilteredClaims, null, context);
203: }
204:
205:
206: //Add multi Attributes separator with claims.it can be defined in user-mgt.xml file
207: UserRealm realm = getUserRealm(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
208: UserStoreManager userStore = getUserStoreManager(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, realm, null);
209: addMultiAttributeSperatorToRequestedClaims(null, (org.wso2.carbon.user.core.UserStoreManager)
210: userStore, spFilteredClaims);
211:
212: return spFilteredClaims;
213:
214: }
215:
216: private void filterSPClaims(Map<String, String> spRequestedClaimMappings, Map<String, String> localUnfilteredClaims,
217: Map<String, String> spUnfilteredClaims, Map<String, String> spFilteredClaims,
218: Map<String, String> localToSPClaimMappings) {
219:• for (Entry<String, String> entry : localToSPClaimMappings.entrySet()) {
220: String localClaimURI = entry.getKey();
221: String spClaimURI = entry.getValue();
222: String claimValue = localUnfilteredClaims.get(localClaimURI);
223:• if (claimValue != null) {
224: spUnfilteredClaims.put(spClaimURI, claimValue);
225:• if (spRequestedClaimMappings.get(spClaimURI) != null) {
226: spFilteredClaims.put(spClaimURI, claimValue);
227: }
228: }
229: }
230: }
231:
232: private Map<String, String> mapLocalSpClaimsToRemoteSPClaims(String spStandardDialect,
233: AuthenticationContext context,
234: Map<String, String> spClaimMappings)
235: throws FrameworkException {
236: Map<String, String> localToSPClaimMappings = null;
237:
238:• if (spStandardDialect != null) {
239: // passing null for keySet argument to get all claim mappings,
240: // since we don't know required claim mappings in advance
241: // Key:value -> carbon_dialect:standard_dialect
242: try {
243: localToSPClaimMappings = getClaimMappings(spStandardDialect, null,
244: context.getTenantDomain(), true);
245: } catch (Exception e) {
246: throw new FrameworkException("Error occurred while getting all claim mappings from " +
247: spStandardDialect + " dialect to " +
248: ApplicationConstants.LOCAL_IDP_DEFAULT_CLAIM_DIALECT + " dialect for " +
249: context.getTenantDomain() + " to handle federated claims", e);
250: }
251:• } else if (!spClaimMappings.isEmpty()) {
252: localToSPClaimMappings = FrameworkUtils.getLocalToSPClaimMappings(spClaimMappings);
253: } else { // no standard dialect and no custom claim mappings
254: throw new AssertionError("Authenticator Error! Authenticator does not have a " +
255: "standard dialect and no custom claim mappings defined for IdP");
256: }
257: return localToSPClaimMappings;
258: }
259:
260: private void mapRemoteClaimsToLocalClaims(Map<String, String> remoteClaims,
261: Map<String, String> localUnfilteredClaims,
262: Map<String, String> localToIdPClaimMap,
263: Map<String, String> defaultValuesForClaims) {
264:• for (Entry<String, String> entry : localToIdPClaimMap.entrySet()) {
265: String localClaimURI = entry.getKey();
266: String claimValue = remoteClaims.get(localToIdPClaimMap.get(localClaimURI));
267:• if (StringUtils.isEmpty(claimValue)) {
268: claimValue = defaultValuesForClaims.get(localClaimURI);
269: }
270:• if (!StringUtils.isEmpty(claimValue)) {
271: localUnfilteredClaims.put(localClaimURI, claimValue);
272: }
273: }
274: }
275:
276: private Map<String, String> getLocalToIdpClaimMappingWithStandardDialect(Map<String, String> remoteClaims,
277: ClaimMapping[] idPClaimMappings,
278: AuthenticationContext context,
279: String idPStandardDialect)
280: throws FrameworkException {
281: Map<String, String> localToIdPClaimMap;
282:• if (idPStandardDialect == null) {
283: idPStandardDialect = ApplicationConstants.LOCAL_IDP_DEFAULT_CLAIM_DIALECT;
284: }
285:
286: try {
287: localToIdPClaimMap = getClaimMappings(idPStandardDialect,
288: remoteClaims.keySet(), context.getTenantDomain(), true);
289: } catch (Exception e) {
290: throw new FrameworkException("Error occurred while getting claim mappings for " +
291: "received remote claims from " +
292: idPStandardDialect + " dialect to " +
293: ApplicationConstants.LOCAL_IDP_DEFAULT_CLAIM_DIALECT + " dialect for " +
294: context.getTenantDomain() + " to handle federated claims", e);
295: }
296: // adding remote claims with default values also to the key set because they may not come from the federated IdP
297:• for (ClaimMapping claimMapping : idPClaimMappings) {
298:• if (StringUtils.isNotBlank(claimMapping.getDefaultValue()) && !localToIdPClaimMap.containsKey
299:• (claimMapping.getLocalClaim().getClaimUri())) {
300: localToIdPClaimMap.put(claimMapping.getLocalClaim().getClaimUri(), claimMapping.getDefaultValue());
301: }
302: }
303: return localToIdPClaimMap;
304: }
305:
306: private void loadDefaultValuesForClaims(ClaimMapping[] idPClaimMappings,
307: Map<String, String> defaultValuesForClaims) {
308:• for (ClaimMapping claimMapping : idPClaimMappings) {
309: String defaultValue = claimMapping.getDefaultValue();
310:• if (defaultValue != null && !defaultValue.isEmpty()) {
311: defaultValuesForClaims
312: .put(claimMapping.getLocalClaim().getClaimUri(), defaultValue);
313: }
314: }
315: }
316:
317: /**
318: * @param applicationConfig
319: * @param locallyMappedUserRoles
320: * @return
321: */
322: private static String getServiceProviderMappedUserRoles(ApplicationConfig applicationConfig,
323: List<String> locallyMappedUserRoles, String claimSeparator)
324: throws FrameworkException {
325:
326: Map<String, String> localToSpRoleMapping = applicationConfig.getRoleMappings();
327:
328:• if (!MapUtils.isEmpty(localToSpRoleMapping)) {
329:• for (Map.Entry<String, String> roleMapping : localToSpRoleMapping.entrySet()) {
330:• if (locallyMappedUserRoles.contains(roleMapping.getKey())) {
331: locallyMappedUserRoles.remove(roleMapping.getKey());
332: locallyMappedUserRoles.add(roleMapping.getValue());
333: }
334: }
335: }
336:
337: return StringUtils.join(locallyMappedUserRoles, claimSeparator);
338: }
339:
340: /**
341: * @param context
342: * @return
343: * @throws FrameworkException
344: */
345: protected Map<String, String> handleLocalClaims(String spStandardDialect,
346: StepConfig stepConfig,
347: AuthenticationContext context)
348: throws FrameworkException {
349:
350: ApplicationConfig appConfig = context.getSequenceConfig().getApplicationConfig();
351:
352: Map<String, String> spToLocalClaimMappings = appConfig.getClaimMappings();
353:• if (spToLocalClaimMappings == null) {
354: spToLocalClaimMappings = new HashMap<>();
355: }
356:
357: Map<String, String> carbonToStandardClaimMapping;
358: Map<String, String> requestedClaimMappings = appConfig.getRequestedClaimMappings();
359:• if (requestedClaimMappings == null) {
360: requestedClaimMappings = new HashMap<>();
361: }
362:
363: AuthenticatedUser authenticatedUser = getAuthenticatedUser(stepConfig, context);
364:
365: String tenantDomain = authenticatedUser.getTenantDomain();
366: String tenantAwareUserName = authenticatedUser.getUserName();
367:
368: UserRealm realm = getUserRealm(tenantDomain);
369:
370:• if (realm == null) {
371: log.warn("No valid tenant domain provider. No claims returned back");
372: return new HashMap<>();
373: }
374:
375: ClaimManager claimManager = getClaimManager(tenantDomain, realm);
376:
377: UserStoreManager userStore = getUserStoreManager(tenantDomain, realm, authenticatedUser.getUserStoreDomain());
378:
379: // key:value -> carbon_dialect:claim_value
380: Map<String, String> allLocalClaims;
381:
382: // If default dialect -> all non-null user claims
383: // If custom dialect -> all non-null user claims that have been mapped to custom claims
384: // key:value -> sp_dialect:claim_value
385: Map<String, String> allSPMappedClaims = new HashMap<>();
386:
387: // Requested claims only
388: // key:value -> sp_dialect:claim_value
389: Map<String, String> spRequestedClaims = new HashMap<>();
390:
391: // Retrieve all non-null user claim values against local claim uris.
392: allLocalClaims = retrieveAllNunNullUserClaimValues(authenticatedUser, claimManager, appConfig,
393: (org.wso2.carbon.user.core.UserStoreManager) userStore);
394:
395: context.setProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES, allLocalClaims);
396:
397: // if standard dialect get all claim mappings from standard dialect to carbon dialect
398: spToLocalClaimMappings = getStanderDialectToCarbonMapping(spStandardDialect, context, spToLocalClaimMappings,
399: tenantDomain);
400:• if (StringUtils.isNotBlank(spStandardDialect) && (!StringUtils.equals(spStandardDialect, ApplicationConstants
401: .LOCAL_IDP_DEFAULT_CLAIM_DIALECT))) {
402: carbonToStandardClaimMapping = getCarbonToStandardDialectMapping(spStandardDialect, context,
403: spToLocalClaimMappings, tenantDomain);
404: requestedClaimMappings = mapRequestClaimsInStandardDialect(requestedClaimMappings,
405: carbonToStandardClaimMapping);
406: context.setProperty(FrameworkConstants.SP_TO_CARBON_CLAIM_MAPPING, requestedClaimMappings);
407: }
408:
409: mapSPClaimsAndFilterRequestedClaims(spToLocalClaimMappings, requestedClaimMappings, allLocalClaims,
410: allSPMappedClaims, spRequestedClaims);
411:
412: context.setProperty(FrameworkConstants.UNFILTERED_SP_CLAIM_VALUES, allSPMappedClaims);
413:
414:• if (spStandardDialect != null) {
415: setSubjectClaimForLocalClaims(tenantAwareUserName, userStore,
416: allLocalClaims, spStandardDialect, context);
417: } else {
418: setSubjectClaimForLocalClaims(tenantAwareUserName, userStore,
419: allSPMappedClaims, null, context);
420: }
421:
422:
423:• if (FrameworkConstants.RequestType.CLAIM_TYPE_OPENID.equals(context.getRequestType())) {
424: spRequestedClaims = allSPMappedClaims;
425: }
426:
427: /*
428: * This is a custom change added to pass 'MultipleAttributeSeparator' attribute value to other components,
429: * since we can't get the logged in user in some situations.
430: *
431: * Following components affected from this change -
432: * org.wso2.carbon.identity.application.authentication.endpoint
433: * org.wso2.carbon.identity.provider
434: * org.wso2.carbon.identity.oauth
435: * org.wso2.carbon.identity.oauth.endpoint
436: * org.wso2.carbon.identity.sso.saml
437: *
438: * TODO: Should use Map<String, List<String>> in future for claim mapping
439: * */
440: addMultiAttributeSperatorToRequestedClaims(authenticatedUser, (org.wso2.carbon.user.core.UserStoreManager)
441: userStore, spRequestedClaims);
442:
443: return spRequestedClaims;
444: }
445:
446: private Map<String, String> mapRequestClaimsInStandardDialect(Map<String, String> requestedClaimMappings,
447: Map<String, String> carbonToStandardClaimMapping) {
448: Map<String, String> requestedClaimMappingsInStandardDialect = new HashMap<>();
449:• if (requestedClaimMappings != null) {
450: Iterator iterator = requestedClaimMappings.entrySet().iterator();
451:• while (iterator.hasNext()) {
452: Entry<String, String> mapping = (Entry) iterator.next();
453: String standardMappedClaim = carbonToStandardClaimMapping.get(mapping.getValue());
454:• if (StringUtils.isNotBlank(standardMappedClaim)) {
455: requestedClaimMappingsInStandardDialect.put(standardMappedClaim, mapping.getValue());
456: }
457: }
458: }
459: return requestedClaimMappingsInStandardDialect;
460: }
461:
462: private void addMultiAttributeSperatorToRequestedClaims(AuthenticatedUser authenticatedUser,
463: org.wso2.carbon.user.core.UserStoreManager userStore,
464: Map<String, String> spRequestedClaims) {
465:• if (!spRequestedClaims.isEmpty()) {
466: RealmConfiguration realmConfiguration = userStore.getRealmConfiguration();
467:
468: String claimSeparator = realmConfiguration.getUserStoreProperty(IdentityCoreConstants
469: .MULTI_ATTRIBUTE_SEPARATOR);
470:• if (StringUtils.isNotBlank(claimSeparator)) {
471: spRequestedClaims.put(IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR, claimSeparator);
472: }
473: }
474: }
475:
476: private void mapSPClaimsAndFilterRequestedClaims(Map<String, String> spToLocalClaimMappings,
477: Map<String, String> requestedClaimMappings,
478: Map<String, String> allLocalClaims,
479: Map<String, String> allSPMappedClaims,
480: Map<String, String> spRequestedClaims) {
481:• for (Entry<String, String> entry : spToLocalClaimMappings.entrySet()) {
482: String spClaimURI = entry.getKey();
483: String localClaimURI = entry.getValue();
484: String claimValue = allLocalClaims.get(localClaimURI);
485:• if (claimValue != null) {
486: allSPMappedClaims.put(spClaimURI, claimValue);
487:• if (requestedClaimMappings.get(spClaimURI) != null) {
488: spRequestedClaims.put(spClaimURI, claimValue);
489: }
490: }
491: }
492: }
493:
494: private Map<String, String> getStanderDialectToCarbonMapping(String spStandardDialect,
495: AuthenticationContext context,
496: Map<String, String> spToLocalClaimMappings,
497: String tenantDomain) throws FrameworkException {
498:• if (spStandardDialect != null) {
499: try {
500: spToLocalClaimMappings = getClaimMappings(spStandardDialect, null,
501: context.getTenantDomain(), false);
502: } catch (Exception e) {
503: throw new FrameworkException("Error occurred while getting all claim mappings from " +
504: spStandardDialect + " dialect to " +
505: ApplicationConstants.LOCAL_IDP_DEFAULT_CLAIM_DIALECT + " dialect for " +
506: tenantDomain + " to handle local claims", e);
507: }
508: }
509: return spToLocalClaimMappings;
510: }
511:
512: private Map<String, String> getCarbonToStandardDialectMapping(String spStandardDialect,
513: AuthenticationContext context,
514: Map<String, String> spToLocalClaimMappings,
515: String tenantDomain) throws FrameworkException {
516:• if (spStandardDialect != null) {
517: try {
518: spToLocalClaimMappings = getClaimMappings(spStandardDialect, null,
519: context.getTenantDomain(), true);
520: } catch (Exception e) {
521: throw new FrameworkException("Error occurred while getting all claim mappings from " +
522: ApplicationConstants.LOCAL_IDP_DEFAULT_CLAIM_DIALECT + " dialect to " +
523: spStandardDialect + " dialect for " + tenantDomain + " to handle local claims", e);
524: }
525: }
526: return spToLocalClaimMappings;
527: }
528:
529: private Map<String, String> retrieveAllNunNullUserClaimValues(AuthenticatedUser authenticatedUser,
530: ClaimManager claimManager, ApplicationConfig appConfig,
531: org.wso2.carbon.user.core.UserStoreManager userStore) throws FrameworkException {
532:
533: String tenantDomain = authenticatedUser.getTenantDomain();
534: String tenantAwareUserName = authenticatedUser.getUserName();
535:
536: Map<String, String> allLocalClaims = new HashMap<>();
537: try {
538:
539: org.wso2.carbon.user.api.ClaimMapping[] claimMappings = claimManager
540: .getAllClaimMappings(ApplicationConstants.LOCAL_IDP_DEFAULT_CLAIM_DIALECT);
541: List<String> localClaimURIs = new ArrayList<>();
542:• for (org.wso2.carbon.user.api.ClaimMapping mapping : claimMappings) {
543: String claimURI = mapping.getClaim().getClaimUri();
544: localClaimURIs.add(claimURI);
545: }
546: allLocalClaims = userStore.getUserClaimValues(tenantAwareUserName,
547: localClaimURIs.toArray(new String[localClaimURIs.size()]), null);
548:
549:• if (allLocalClaims != null) {
550:• for (Map.Entry<String, String> entry : allLocalClaims.entrySet()) {
551: //set local2sp role mappings
552:• if (FrameworkConstants.LOCAL_ROLE_CLAIM_URI.equals(entry.getKey())) {
553: RealmConfiguration realmConfiguration = userStore.getRealmConfiguration();
554: String claimSeparator = realmConfiguration
555: .getUserStoreProperty(IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR);
556:• if (StringUtils.isBlank(claimSeparator)) {
557: claimSeparator = IdentityCoreConstants.MULTI_ATTRIBUTE_SEPARATOR_DEFAULT;
558: }
559: String roleClaim = entry.getValue();
560: List<String> rolesList = new LinkedList<>(Arrays.asList(roleClaim.split(claimSeparator)));
561: roleClaim = getServiceProviderMappedUserRoles(appConfig, rolesList, claimSeparator);
562: entry.setValue(roleClaim);
563: }
564: }
565: } else {
566: return new HashMap<>();
567: }
568: } catch (UserStoreException e) {
569:• if (e.getMessage().contains("UserNotFound")) {
570:• if (log.isDebugEnabled()) {
571: log.debug("User " + tenantAwareUserName + " not found in user store");
572: }
573: } else {
574: throw new FrameworkException("Error occurred while getting all user claims for " +
575: authenticatedUser + " in " + tenantDomain, e);
576: }
577: }
578: return allLocalClaims;
579: }
580:
581: private UserStoreManager getUserStoreManager(String tenantDomain, UserRealm realm, String userDomain) throws
582: FrameworkException {
583: UserStoreManager userStore = null;
584: try {
585: userStore = realm.getUserStoreManager();
586:• if (StringUtils.isNotBlank(userDomain)) {
587: userStore = realm.getUserStoreManager().getSecondaryUserStoreManager(userDomain);
588: }
589:
590:• if (userStore == null) {
591: // To avoid NPEs
592: throw new FrameworkException("Invalid user store domain name : " + userDomain + " in tenant : "
593: + tenantDomain);
594: }
595: } catch (UserStoreException e) {
596: throw new FrameworkException("Error occurred while retrieving the UserStoreManager " +
597: "from Realm for " + tenantDomain + " to handle local claims", e);
598: }
599: return userStore;
600: }
601:
602: private ClaimManager getClaimManager(String tenantDomain, UserRealm realm) throws FrameworkException {
603: ClaimManager claimManager = null;
604: try {
605: claimManager = realm.getClaimManager();
606: } catch (UserStoreException e) {
607: throw new FrameworkException("Error occurred while retrieving the ClaimManager " +
608: "from Realm for " + tenantDomain + " to handle local claims", e);
609: }
610: return claimManager;
611: }
612:
613: private UserRealm getUserRealm(String tenantDomain) throws FrameworkException {
614: UserRealm realm;
615: try {
616: realm = AnonymousSessionUtil.getRealmByTenantDomain(
617: FrameworkServiceComponent.getRegistryService(),
618: FrameworkServiceComponent.getRealmService(), tenantDomain);
619: } catch (CarbonException e) {
620: throw new FrameworkException("Error occurred while retrieving the Realm for " +
621: tenantDomain + " to handle local claims", e);
622: }
623: return realm;
624: }
625:
626: private AuthenticatedUser getAuthenticatedUser(StepConfig stepConfig, AuthenticationContext context) {
627: AuthenticatedUser authenticatedUser;
628:• if (stepConfig != null) {
629: //calling from StepBasedSequenceHandler
630: authenticatedUser = stepConfig.getAuthenticatedUser();
631: } else {
632: //calling from RequestPathBasedSequenceHandler
633: authenticatedUser = context.getSequenceConfig().getAuthenticatedUser();
634: }
635: return authenticatedUser;
636: }
637:
638: /**
639: * Set federated subject's SP Subject Claim URI as a property
640: */
641: private void setSubjectClaimForFederatedClaims(Map<String, String> attributesMap,
642: String spStandardDialect,
643: AuthenticationContext context) {
644:
645: String subjectURI = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri();
646:• if (subjectURI != null && !subjectURI.isEmpty()) {
647:• if (spStandardDialect != null) {
648: setSubjectClaim(null, null, attributesMap, spStandardDialect, context);
649:• if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
650: log.warn("Subject claim could not be found amongst locally mapped " +
651: "unfiltered remote claims");
652: }
653: } else {
654: setSubjectClaim(null, null, attributesMap, null, context);
655:• if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
656: log.warn("Subject claim could not be found amongst service provider mapped " +
657: "unfiltered remote claims");
658: }
659: }
660: }
661: }
662:
663: /**
664: * Set federated subject's SP Subject Claim URI as a property
665: */
666: private void setSubjectClaimForLocalClaims(String tenantAwareUserId,
667: UserStoreManager userStore,
668: Map<String, String> attributesMap,
669: String spStandardDialect,
670: AuthenticationContext context) {
671:
672: String subjectURI = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri();
673:• if (subjectURI != null && !subjectURI.isEmpty()) {
674:• if (spStandardDialect != null) {
675: setSubjectClaim(tenantAwareUserId, userStore, attributesMap, spStandardDialect, context);
676:• if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
677: log.warn("Subject claim could not be found amongst unfiltered local claims");
678: }
679: } else {
680: setSubjectClaim(tenantAwareUserId, userStore, attributesMap, null, context);
681:• if (context.getProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE) == null) {
682: log.warn("Subject claim could not be found amongst service provider mapped " +
683: "unfiltered local claims");
684: }
685: }
686: }
687: }
688:
689: /**
690: * Set authenticated user's SP Subject Claim URI as a property
691: */
692: private void setSubjectClaim(String tenantAwareUserId, UserStoreManager userStore,
693: Map<String, String> attributesMap, String spStandardDialect,
694: AuthenticationContext context) {
695:
696: String subjectURI = context.getSequenceConfig().getApplicationConfig().getSubjectClaimUri();
697: ApplicationConfig applicationConfig = context.getSequenceConfig().getApplicationConfig();
698: ServiceProvider serviceProvider = applicationConfig.getServiceProvider();
699: ClaimConfig claimConfig = serviceProvider.getClaimConfig();
700: boolean isLocalClaimDialect = claimConfig.isLocalClaimDialect();
701: Map<String, String> spToLocalClaimMappings = applicationConfig.getClaimMappings();
702:• if (subjectURI != null) {
703:
704:• if (!isLocalClaimDialect && spStandardDialect != null) {
705:• if (spToLocalClaimMappings != null) {
706: subjectURI = spToLocalClaimMappings.get(subjectURI);
707: }
708: }
709:
710:• if (attributesMap.get(subjectURI) != null) {
711: context.setProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE, attributesMap.get(subjectURI));
712:• if (log.isDebugEnabled()) {
713: log.debug("Setting \'ServiceProviderSubjectClaimValue\' property value from " +
714: "attribute map " + attributesMap.get(subjectURI));
715: }
716: } else {
717: log.debug("Subject claim not found among attributes");
718: }
719:
720: // if federated case return
721:• if (tenantAwareUserId == null || userStore == null) {
722: log.debug("Tenant aware username or user store \'NULL\'. Possibly federated case");
723: return;
724: }
725:
726: // standard dialect
727:• if (spStandardDialect != null) {
728: setSubjectClaimForStandardDialect(tenantAwareUserId, userStore, context, subjectURI);
729: }
730: }
731: }
732:
733: private void setSubjectClaimForStandardDialect(String tenantAwareUserId, UserStoreManager userStore,
734: AuthenticationContext context, String subjectURI) {
735: try {
736: String value = userStore.getUserClaimValue(tenantAwareUserId, subjectURI, null);
737:• if (value != null) {
738: context.setProperty(SERVICE_PROVIDER_SUBJECT_CLAIM_VALUE, value);
739:• if (log.isDebugEnabled()) {
740: log.debug("Setting \'ServiceProviderSubjectClaimValue\' property value " +
741: "from user store " + value);
742: }
743: } else {
744:• if (log.isDebugEnabled()) {
745: log.debug("Subject claim for " + tenantAwareUserId + " not found in user store");
746: }
747: }
748: } catch (UserStoreException e) {
749: log.error("Error occurred while retrieving " + subjectURI + " claim value for user " + tenantAwareUserId,
750: e);
751: }
752: }
753:
754: /**
755: * @param otherDialect
756: * @param keySet
757: * @param tenantDomain
758: * @param useLocalDialectAsKey
759: * @return
760: * @throws FrameworkException
761: */
762: private Map<String, String> getClaimMappings(String otherDialect, Set<String> keySet,
763: String tenantDomain, boolean useLocalDialectAsKey)
764: throws FrameworkException {
765:
766: Map<String, String> claimMapping = null;
767: try {
768: claimMapping = ClaimMetadataHandler.getInstance()
769: .getMappingsMapFromOtherDialectToCarbon(otherDialect, keySet, tenantDomain,
770: useLocalDialectAsKey);
771: } catch (ClaimMetadataException e) {
772: throw new FrameworkException("Error while loading mappings.", e);
773: }
774:
775:• if (claimMapping == null) {
776: claimMapping = new HashMap<>();
777: }
778:
779: return claimMapping;
780: }
781:
782: /**
783: * Returns the claim dialect URI based on the client type
784: *
785: * @param clientType
786: * @param appConfig
787: * @return standard dialect -> SP uses standard dialect; carbon or other
788: * null -> SP uses custom dialect
789: */
790: protected String getStandardDialect(String clientType, ApplicationConfig appConfig) {
791:
792: Map<String, String> claimMappings = appConfig.getClaimMappings();
793:• if (FrameworkConstants.RequestType.CLAIM_TYPE_OIDC.equals(clientType)) {
794: return "http://wso2.org/oidc/claim";
795:• } else if (FrameworkConstants.RequestType.CLAIM_TYPE_STS.equals(clientType)) {
796: return "http://schemas.xmlsoap.org/ws/2005/05/identity";
797:• } else if (FrameworkConstants.RequestType.CLAIM_TYPE_OPENID.equals(clientType)) {
798: return "http://axschema.org";
799:• } else if (FrameworkConstants.RequestType.CLAIM_TYPE_SCIM.equals(clientType)) {
800: return "urn:scim:schemas:core:1.0";
801:• } else if (FrameworkConstants.RequestType.CLAIM_TYPE_WSO2.equals(clientType)) {
802: return ApplicationConstants.LOCAL_IDP_DEFAULT_CLAIM_DIALECT;
803:• } else if (claimMappings == null || claimMappings.isEmpty()) {
804: return ApplicationConstants.LOCAL_IDP_DEFAULT_CLAIM_DIALECT;
805: } else {
806: boolean isAtLeastOneNotEqual = false;
807:• for (Map.Entry<String, String> entry : claimMappings.entrySet()) {
808:• if (!entry.getKey().equals(entry.getValue())) {
809: isAtLeastOneNotEqual = true;
810: break;
811: }
812: }
813:• if (!isAtLeastOneNotEqual) {
814: return ApplicationConstants.LOCAL_IDP_DEFAULT_CLAIM_DIALECT;
815: }
816: }
817: return null;
818: }
819:
820: private void logInput(Map<String, String> remoteClaims, boolean isFederatedClaims) {
821: StringBuilder sb = new StringBuilder();
822: sb.append("[");
823:• if (remoteClaims != null) {
824:• for (Map.Entry<String, String> entry : remoteClaims.entrySet()) {
825: sb.append(entry.getKey());
826: sb.append(":");
827: sb.append(entry.getValue());
828: sb.append(",");
829: }
830: }
831: sb.append("]");
832: log.debug("Executing claim handler. isFederatedClaims = " + isFederatedClaims +
833: " and remote claims = " + sb.toString());
834: }
835:
836: private void logOutput(Map<String, String> returningClaims, AuthenticationContext context) {
837: StringBuilder sb = new StringBuilder();
838: sb.append("[");
839:• for (Map.Entry<String, String> entry : returningClaims.entrySet()) {
840: sb.append(entry.getKey());
841: sb.append(":");
842: sb.append(entry.getValue());
843: sb.append(",");
844: }
845: sb.append("]");
846: log.debug("Returning claims from claim handler = " + sb.toString());
847: Map<String, String> claimsProperty = (Map<String, String>)
848: context.getProperty(FrameworkConstants.UNFILTERED_IDP_CLAIM_VALUES);
849:• if (claimsProperty != null) {
850: sb = new StringBuilder();
851: sb.append("[");
852:• for (Map.Entry<String, String> entry : claimsProperty.entrySet()) {
853: sb.append(entry.getKey());
854: sb.append(":");
855: sb.append(entry.getValue());
856: sb.append(",");
857: }
858: sb.append("]");
859: }
860: log.debug(FrameworkConstants.UNFILTERED_IDP_CLAIM_VALUES +
861: " map property set to " + sb.toString());
862: claimsProperty = (Map<String, String>)
863: context.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
864:• if (claimsProperty != null) {
865: sb = new StringBuilder();
866: sb.append("[");
867:• for (Map.Entry<String, String> entry : claimsProperty.entrySet()) {
868: sb.append(entry.getKey());
869: sb.append(":");
870: sb.append(entry.getValue());
871: sb.append(",");
872: }
873: sb.append("]");
874: }
875: log.debug(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES +
876: " map property set to " + sb.toString());
877: claimsProperty = (Map<String, String>)
878: context.getProperty(FrameworkConstants.UNFILTERED_SP_CLAIM_VALUES);
879:• if (claimsProperty != null) {
880: sb = new StringBuilder();
881: sb.append("[");
882:• for (Map.Entry<String, String> entry : claimsProperty.entrySet()) {
883: sb.append(entry.getKey());
884: sb.append(":");
885: sb.append(entry.getValue());
886: sb.append(",");
887: }
888: sb.append("]");
889: }
890: log.debug(FrameworkConstants.UNFILTERED_SP_CLAIM_VALUES +
891: " map property set to " + sb.toString());
892: }
893: }