Hi Kevin,
Rampart puts the parsed SAML assertion object as a property in the
message context. You can access it with in the service like this.
Vector results = null;
if ((results = (Vector) msgCtx
.getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
throw new RuntimeException("No security results!!");
} else {
for (int i = 0; i < results.size(); i++) {
//Get hold of the WSHandlerResult instance
WSHandlerResult rResult = (WSHandlerResult) results.get(i);
Vector wsSecEngineResults = rResult.getResults();
for (int j = 0; j < wsSecEngineResults.size(); j++) {
//Get hold of the WSSecurityEngineResult instance
WSSecurityEngineResult wser =
(WSSecurityEngineResult)wsSecEngineResults.get(j);
Check for the SAML result
if ( ((java.lang.Integer)
wser.get(WSSecurityEngineResult.TAG_ACTION)).intValue()) ==
WSConstants.ST_UNSIGNED) {
//This will return the
org.opensaml.SAMLAssertion object
wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
}
}
}
}
I didn't have time to try the code, so you may have to do little
modifications to get it working but hope you can grab the logic from here.
regards,
nandana
On Fri, May 30, 2008 at 7:15 PM, Smith, Kevin T <[EMAIL PROTECTED]>
wrote:
> Hi,
>
>
>
> I'm new to Rampart and I am switching from having a custom
> module/handler to using Rampart.
>
>
>
> The only thing is - from the service itself, I need to access a SAML
> token passed in (using WS-Security SAML Token Profile), because I need
> to filter data based on the attributes of the user in the assertion.
>
>
>
> That is, the service pulls information from a data source, and based on
> releasability constraints of the information it pulls, it then needs to
> filter data based on the attributes of the user from the SAML assertion.
>
>
>
>
> It would be great if I could actually get a SAML assertion object
> directly from the service (without having to parse the header again -
> this should have been done already if rampart is providing the WS-Policy
> validation). Is this object fetchable from the service?
>
>
> From a service, I have been looking at the MessageContext properties
> and, I saw that there is a "org.apache.rahas.TokenStorage" object. Even
> though tokens are passed, however, I have never seen this object with
> any tokens. And even so, it would contain an org.apache.rahas.Token,
> which I don't believe is what I need.
>
>
>
> Any help would be appreciated! Thanks!
>
>
>
> Kevin T. Smith
>
> Technical Director, Mantech MBI
>
> [EMAIL PROTECTED]
>
> (804) 550-3670; cell 571-426-8639
>
>
>
>
>
> --
Nandana Mihindukulasooriya
WSO2 inc.
http://nandana83.blogspot.com/
http://nandanasm.wordpress.com/
