Skip to main content

Accessing the SAML Assertion in the WebService

Posted by kumarjayanti on December 7, 2007 at 1:01 AM PST


A Question that is often asked is, I am  Using  a WSIT Secure
Scenario containing SAML Assertion, How do i access the SAML Assertion ?



Here is how you can access the SAML Assertion inside your WebService
Endpoint Implementation Class. Note the method getSAMLAssertion() in
particular.





package test;



import com.sun.xml.wss.SubjectAccessor;

import com.sun.xml.wss.XWSSecurityException;

import com.sun.xml.wss.impl.XWSSecurityRuntimeException;

import com.sun.xml.wss.saml.util.SAMLUtil;

import java.util.Set;

import javax.annotation.Resource;

import javax.jws.WebMethod;

import javax.jws.WebParam;

import javax.jws.WebService;

import javax.security.auth.Subject;

import javax.xml.stream.XMLStreamException;

import org.w3c.dom.Node;

import javax.xml.stream.XMLStreamReader;

import javax.xml.transform.Transformer;

import javax.xml.transform.TransformerException;

import javax.xml.transform.TransformerFactory;

import javax.xml.transform.dom.DOMSource;

import javax.xml.transform.stream.StreamResult;

import javax.xml.ws.WebServiceContext;

import org.w3c.dom.Element;



@WebService()

public class NewWebService {



    @Resource

    private WebServiceContext context;



    @WebMethod(operationName = "operation")

    public String operation(

           

           
@WebParam(name = "parameter") String parameter) {

        System.out.println("Hello "
+ parameter);

        //get the Assertion from the
Context

        Element samlAssertion =
getSAMLAssertion(context);

        //dump the assertion to
STDOUT

        try {

           
dumpDomNode(samlAssertion);

        } catch (
TransformerException ex) {

           
System.out.println("Error Dumping SAML Assertion");

        }

        return "Hello " + parameter;

    }



    private static Element
getSAMLAssertion(WebServiceContext context) {

        try {

           
Subject subj = SubjectAccessor.getRequesterSubject(context);

           
Set<Object> set = subj.getPublicCredentials();

           
Element samlAssertion = null;

            for
(Object obj : set) {

               
if (obj instanceof XMLStreamReader) {

                   
XMLStreamReader reader = (XMLStreamReader) obj;

                   
//To create a DOM Element representing the Assertion :

                   
samlAssertion = SAMLUtil.createSAMLAssertion(reader);

                   
return samlAssertion;

               
}

            }

        } catch (XMLStreamException
ex) {

           
//TODO:Add custom error handling logic

           
throw new XWSSecurityRuntimeException(ex);

        } catch
(XWSSecurityException ex) {

           
//TODO:Add custom error handling logic

           
throw new XWSSecurityRuntimeException(ex);

        }

        return null;

    }



    private static void dumpDomNode(Node node) throws
TransformerException {

        System.out.println("====
DebugUtil.dumpDomNode(...) Start ====");

        DOMSource domSource = new
DOMSource(node);

        TransformerFactory tf =
TransformerFactory.newInstance();

        Transformer xform = null;

        xform = tf.newTransformer();

        xform.transform(domSource,
new StreamResult(System.out));

        System.out.println();

        System.out.println("====
DebugUtil.dumpDomNode(...) End ====");

    }

}