Posted by
kumarjayanti on December 7, 2007 at 1:01 AM PST
A Question that is often asked is, I am Using a WSIT Secure
Scenario containing SAML Assertion, How do i access the SAML Assertion ?
Here is how you can access the SAML Assertion inside your WebService
Endpoint Implementation Class. Note the method getSAMLAssertion() in
particular.
package test;
import com.sun.xml.wss.SubjectAccessor;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.XWSSecurityRuntimeException;
import com.sun.xml.wss.saml.util.SAMLUtil;
import java.util.Set;
import javax.annotation.Resource;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebService;
import javax.security.auth.Subject;
import javax.xml.stream.XMLStreamException;
import org.w3c.dom.Node;
import javax.xml.stream.XMLStreamReader;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.ws.WebServiceContext;
import org.w3c.dom.Element;
@WebService()
public class NewWebService {
@Resource
private WebServiceContext context;
@WebMethod(operationName = "operation")
public String operation(
@WebParam(name = "parameter") String parameter) {
System.out.println("Hello "
+ parameter);
//get the Assertion from the
Context
Element samlAssertion =
getSAMLAssertion(context);
//dump the assertion to
STDOUT
try {
dumpDomNode(samlAssertion);
} catch (
TransformerException ex) {
System.out.println("Error Dumping SAML Assertion");
}
return "Hello " + parameter;
}
private static Element
getSAMLAssertion(WebServiceContext context) {
try {
Subject subj = SubjectAccessor.getRequesterSubject(context);
Set<Object> set = subj.getPublicCredentials();
Element samlAssertion = null;
for
(Object obj : set) {
if (obj instanceof XMLStreamReader) {
XMLStreamReader reader = (XMLStreamReader) obj;
//To create a DOM Element representing the Assertion :
samlAssertion = SAMLUtil.createSAMLAssertion(reader);
return samlAssertion;
}
}
} catch (XMLStreamException
ex) {
//TODO:Add custom error handling logic
throw new XWSSecurityRuntimeException(ex);
} catch
(XWSSecurityException ex) {
//TODO:Add custom error handling logic
throw new XWSSecurityRuntimeException(ex);
}
return null;
}
private static void dumpDomNode(Node node) throws
TransformerException {
System.out.println("====
DebugUtil.dumpDomNode(...) Start ====");
DOMSource domSource = new
DOMSource(node);
TransformerFactory tf =
TransformerFactory.newInstance();
Transformer xform = null;
xform = tf.newTransformer();
xform.transform(domSource,
new StreamResult(System.out));
System.out.println();
System.out.println("====
DebugUtil.dumpDomNode(...) End ====");
}
}
