Accessing the SAML Assertion in the WebService
Posted by kumarjayanti on December 7, 2007 at 1:01 AM PST
A Question that is often asked is, I am Using a WSIT Secure
Scenario containing SAML Assertion, How do i access the SAML Assertion ?
Here is how you can access the SAML Assertion inside your WebService
Endpoint Implementation Class. Note the method getSAMLAssertion() in
particular.
package test;<br>
<br>
import com.sun.xml.wss.SubjectAccessor;<br>
import com.sun.xml.wss.XWSSecurityException;<br>
import com.sun.xml.wss.impl.XWSSecurityRuntimeException;<br>
import com.sun.xml.wss.saml.util.SAMLUtil;<br>
import java.util.Set;<br>
import javax.annotation.Resource;<br>
import javax.jws.WebMethod;<br>
import javax.jws.WebParam;<br>
import javax.jws.WebService;<br>
import javax.security.auth.Subject;<br>
import javax.xml.stream.XMLStreamException;<br>
import org.w3c.dom.Node;<br>
import javax.xml.stream.XMLStreamReader;<br>
import javax.xml.transform.Transformer;<br>
import javax.xml.transform.TransformerException;<br>
import javax.xml.transform.TransformerFactory;<br>
import javax.xml.transform.dom.DOMSource;<br>
import javax.xml.transform.stream.StreamResult;<br>
import javax.xml.ws.WebServiceContext;<br>
import org.w3c.dom.Element;<br>
<br>
@WebService()<br>
public class NewWebService {<br>
<br>
@Resource<br>
private WebServiceContext context;<br>
<br>
@WebMethod(operationName = "operation")<br>
public String operation(<br>
<br>
@WebParam(name = "parameter") String parameter) {<br>
System.out.println("Hello "
+ parameter);<br>
//get the Assertion from the
Context<br>
Element samlAssertion =
getSAMLAssertion(context);<br>
//dump the assertion to
STDOUT<br>
try {<br>
dumpDomNode(samlAssertion);<br>
} catch (
TransformerException ex) {<br>
System.out.println("Error Dumping SAML Assertion");<br>
}<br>
return "Hello " + parameter;<br>
}<br>
<br>
private static Element
getSAMLAssertion(WebServiceContext context) {<br>
try {<br>
Subject subj = SubjectAccessor.getRequesterSubject(context);<br>
Set<Object> set = subj.getPublicCredentials();<br>
Element samlAssertion = null;<br>
for
(Object obj : set) {<br>
if (obj instanceof XMLStreamReader) {<br>
XMLStreamReader reader = (XMLStreamReader) obj;<br>
//To create a DOM Element representing the Assertion :<br>
samlAssertion = SAMLUtil.createSAMLAssertion(reader);<br>
return samlAssertion;<br>
}<br>
}<br>
} catch (XMLStreamException
ex) {<br>
//TODO:Add custom error handling logic<br>
throw new XWSSecurityRuntimeException(ex);<br>
} catch
(XWSSecurityException ex) {<br>
//TODO:Add custom error handling logic<br>
throw new XWSSecurityRuntimeException(ex);<br>
}<br>
return null;<br>
}<br>
<br>
private static void dumpDomNode(Node node) throws
TransformerException {<br>
System.out.println("====
DebugUtil.dumpDomNode(...) Start ====");<br>
DOMSource domSource = new
DOMSource(node);<br>
TransformerFactory tf =
TransformerFactory.newInstance();<br>
Transformer xform = null;<br>
xform = tf.newTransformer();<br>
xform.transform(domSource,
new StreamResult(System.out));<br>
System.out.println();<br>
System.out.println("====
DebugUtil.dumpDomNode(...) End ====");<br>
}<br>
}<br>Blog Links >>
- Login or register to post comments
- Printer-friendly version
- kumarjayanti's blog
- 3319 reads
