Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
 package org.picketlink.identity.federation.bindings.jboss.auth;
 import java.util.Map;

An implementation of the SAML20TokenAttributeProvider for JBoss which looks at the authenticated Subject and creates an Attribute containing the user's roles.


    <TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"
      <Property Key="AttributeProvider" Value="org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider"/>
      <Property Key="org.picketlink.identity.federation.bindings.jboss.auth.SAML20TokenRoleAttributeProvider.tokenRoleAttributeName" Value="role"/>
When configured, this attribute provider will be called by the SAML20TokenProvider to return an AttributeStatement from the STS token and supply them for insertion into the JAAS Subject. This returns a multi-valued Attribute to be included in the Assertion, where each value of the attribute is a JBoss user role. The name of this attribute defaults to DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME but may be set to any value through an optional property as shown above.

Babak Mozaffari
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
The name of the principal in JBoss that is expected to include user roles
    public static final String JBOSS_ROLE_PRINCIPAL_NAME = "Roles";

The default attribute name in the SAML Token that will carry the user's roles, if not configured otherwise
    public static final String DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME = "role";

The name of the attribute in the SAML Token that will carry the user's roles
    private String tokenRoleAttributeName;
    public void setProperties(Map<StringStringproperties) {
        String roleAttrKey = this.getClass().getName() + ".tokenRoleAttributeName";
         = properties.get(roleAttrKey);
        if ( == null) {
        Subject subject = SecurityActions.getSecurityContext().getSubjectInfo().getAuthenticatedSubject();
        if (subject == null) {
            .trace("No authentication Subject found, cannot provide any user roles!");
            return null;
        } else {
            AttributeStatementType attributeStatement = new AttributeStatementType();
            AttributeType rolesAttribute = new AttributeType();
            attributeStatement.addAttribute(new ASTChoiceType(rolesAttribute));
            // List<Object> roles = rolesAttribute.getAttributeValue();
            for (Principal rolePrincipal : subject.getPrincipals()) {
                if (.equalsIgnoreCase(rolePrincipal.getName())) {
                    Group simpleGroup = (GrouprolePrincipal;
                    Enumeration<? extends Principalmembers = simpleGroup.members();
                    while (members.hasMoreElements()) {
                        Principal role = members.nextElement();
                        // roles.add( role.getName() );
            .trace("Returning an AttributeStatement with a [" +  + "] attribute containing: " + rolesAttribute.getAttributeValue().toString());
            return attributeStatement;
New to GrepCode? Check out our FAQ X