The ClaimsManager is defined in the default STS configuration here:

https://github.com/apache/cxf-fediz/blob/master/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml#L106

Where the default ClaimsHandlers read in some claims from a file:

https://github.com/apache/cxf-fediz/blob/master/services/sts/src/main/webapp/WEB-INF/data/userClaims.xml

For LDAP, we have a LDAPClaimsHandler in CXF, the Fediz configuration for
that is here:

https://github.com/apache/cxf-fediz/blob/master/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml

If you only require the role claims for your login scenario, I think you
can get away with writing a custom ClaimsHandler implementation, and get
the roles from the authenticated principal.

Colm.

On Mon, Sep 25, 2017 at 4:56 PM, Matthew Broadhead <
[email protected]> wrote:

> hi,
>
> i already have a working jaas.config setup with a custom LoginModule
> MyLoginModule {
> uk.me.kissy.jaas.MyLoginModule required debug=false dbPort="3306"
> dbName="directory" dbUsername="directoryUser" dbPassword="<password>";
> };
>
> MyLoginModule is based off this tutorial http://docs.oracle.com/javase/
> 7/docs/technotes/guides/security/jaas/tutorials/GeneralAcnOnly.html and
> is basically one step up from a DataSourceRealm using 2 tables:
> 1. user
> - username
> - password
> 2. userrole
> - username
> - rolename
>
> in fediz-1.4.2/services/sts/src/main/webapp/WEB-INF/endpoints i create a
> file jaas.xml and created an endpoint
> <beans ...>
> <jaxws:endpoint id="transportSTS1" implementor="#transportSTSProviderBean"
>         address="/REALMA/STSServiceTransportUT"
> wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
> xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
>         serviceName="ns1:SecurityTokenService"
> endpointName="ns1:TransportUT_Port">
>         <jaxws:properties>
>             <entry key="ws-security.ut.validator">
>                 <bean class="org.apache.wss4j.dom.va
> lidate.JAASUsernameTokenValidator">
>                     <property name="contextName" value="MyLoginModule" />
>                 </bean>
>             </entry>
>         </jaxws:properties>
>     </jaxws:endpoint>
> </beans>
>
> now the stacktrace says it needs a claimHandlerList and claimsManager.
> could someone point me to an example of how to do that?
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to