在 Wso2 XACML 中获取如何获取自定义属性

问题描述

我正在使用 SAML 对用户进行身份验证，其中我编写了一个自定义联合身份验证器，我将为其传递一个 IP,ID,appname，它将调用其余的 Web 服务以获取用户名、角色和额外属性。因此，在收到响应后，我正在检查用户存储中是否存在用户名。如果存在，则用户的身份验证成功，否则我将抛出异常。但是为了执行 XACML 策略，我需要再次使用请求参数，如 IP,appname 来调用 Web 服务，基于此我需要获取用户属性，XACML 策略应该考虑这些参数来执行策略。

那么，有没有办法实现上述流程？

以下是自定义联合身份验证器代码。

package org.wso2.carbon.identity.application.authenticator.customfed;

import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.json.JSONObject;
import org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.FederatedApplicationAuthenticator;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authenticator.customfed.internal.CustomAuthenticatorServiceComponent;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.User;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.wso2.carbon.identity.application.common.model.Property;


public class CustomFedAuthenticator extends AbstractApplicationAuthenticator implements
                                                                             FederatedApplicationAuthenticator {

    private static String RE_CAPTCHA_USER_DOMAIN = "user-domain-recaptcha";
    
    /**
     * 
     */
    private static final long serialVersionUID = 1L;
    
    private static final Log LOGGER = LogFactory.getLog(CustomFedAuthenticator.class);
    
    
    
    
    
    
    

    
    
    
    
    @Override
    protected void processAuthenticationResponse(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse,AuthenticationContext authenticationContext)
            throws AuthenticationFailedException {
        
            if(httpServletRequest.getParameter(CustomFedAuthenticatorConstants.ID)==null || httpServletRequest.getParameter(CustomFedAuthenticatorConstants.ID).isEmpty()){
                LOGGER.info("Remote Service Call Authentication Failed:::::::::::");
                throw new AuthenticationFailedException("ID is empty/null");
            }
            
            String userName = callDPPortalGetSession(httpServletRequest.getRemoteHost(),httpServletRequest.getParameter(CustomFedAuthenticatorConstants.APP_ID),httpServletRequest.getParameter(CustomFedAuthenticatorConstants.APPNAME));
            
            boolean isAuthenticated;
            UserStoreManager userStoreManager;
            IdentityUtil.threadLocalProperties.get().remove(RE_CAPTCHA_USER_DOMAIN);
            
            try {
                int tenantId = IdentityTenantUtil.getTenantIdOfUser(userName);
                LOGGER.info("Tenant Id is::"+ tenantId);
                UserRealm userRealm = CustomAuthenticatorServiceComponent.getRealmService().getTenantUserRealm(tenantId);
                if (userRealm != null) {
                    userStoreManager = (UserStoreManager) userRealm.getUserStoreManager();
                    isAuthenticated = userStoreManager.isExistingUser(MultitenantUtils.getTenantAwareUsername(userName));
                } else {
                    throw new AuthenticationFailedException("Cannot find the user realm for the given tenant: " +
                            tenantId,User.getUserFromUserName(userName));
                }
            } catch (Exception e) {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("CustomBasicAuthentication Failed while trying to get the tenant ID of the user " + userName,e);
                }
                throw new AuthenticationFailedException(e.getMessage(),User.getUserFromUserName(userName),e);
            }
            
            if(!isAuthenticated) {
                LOGGER.info("Authentication Failed");
                throw new AuthenticationFailedException("Authentication Failed");
            }
            Map<ClaimMapping,String> claims = new HashMap<ClaimMapping,String>();
            String[] claimList= {"http://wso2.org/claims/identity/isLiteUser"};
            try {
                Map<String,String> userClaims = userStoreManager.getUserClaimValues(MultitenantUtils.getTenantAwareUsername
                        (userName),claimList,null);
                LOGGER.info("userClaims::::"+userClaims);
                claims.put(ClaimMapping.build("http://wso2.org/claims/identity/isLiteUser","http://wso2.org/claims/identity/isLiteUser",null,true),userClaims.get("http://wso2.org/claims/identity/isLiteUser");
            } catch (UserStoreException e) {
                e.printstacktrace();
            }
            
            AuthenticatedUser authenticatedUserObj = AuthenticatedUser.createLocalAuthenticatedUserFromSubjectIdentifier(MultitenantUtils.getTenantAwareUsername
                    (userName));
            authenticatedUserObj.setAuthenticatedSubjectIdentifier(MultitenantUtils.getTenantAwareUsername
                    (userName));
            authenticatedUserObj.setUserAttributes(claims);
            authenticatedUserObj.setUserName(MultitenantUtils.getTenantAwareUsername
                    (userName));
            authenticationContext.setSubject(authenticatedUserObj);
           
            
    }
    
    
    

    @Override
    protected void initiateAuthenticationRequest(HttpServletRequest request,HttpServletResponse response,AuthenticationContext context)
            throws AuthenticationFailedException {
        super.initiateAuthenticationRequest(request,response,context);
    }

    @Override
    public boolean canHandle(HttpServletRequest request) {
        request.setAttribute(FrameworkConstants.REQ_ATTR_HANDLED,null);
        return true;
    }

    @Override
    public String getContextIdentifier(HttpServletRequest request) {
            return "CustomFedAuth_Context_id";
    }

    @Override
    public String getName() {
        return "CustomFedAuthenticator";
    }

    @Override
    public String getFriendlyName() {
        return "customfed";
    }
    
    private String callGetSession(String ipAddress,String appId,String ID) {
        //
        return null;
    }
    
    
    
    private String callGetUserAttributes(String ipAddress,String ID) {
        //
        return null;
    }
}

解决方法

暂无找到可以解决该程序问题的有效方法，小编努力寻找整理中！

如果你已经找到好的解决方法，欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@）

wso2 wso2 wso2is