Java NameID类代码示例

import org.opensaml.saml.saml2.core.NameID; //导入依赖的package包/类
/**
 * Attempt to generate a {@link NameID} using each of the candidate and
 * plugins.
 * 
 * @param profileRequestContext
 *            current profile request context
 * 
 * @return a generated {@link NameID} or null
 */
@Nullable
private NameID generateNameID(@Nonnull final ProfileRequestContext profileRequestContext) {

    log.debug("{} Trying to generate Subject with Type {}", getLogPrefix(), subjectType.toString());
    try {
        final NameID nameId = generator.generate(profileRequestContext, subjectType.toString());
        if (nameId != null) {
            log.debug("{} Successfully generated Subject with Type {}", getLogPrefix(), subjectType.toString());
            return nameId;
        }
    } catch (final SAMLException e) {
        log.error("{} Error while generating Subject", getLogPrefix(), e);
    }
    return null;
}
 

import org.opensaml.saml.saml2.core.NameID; //导入依赖的package包/类
/**
 * Finalize name id name id.
 *
 * @param nameid               the nameid
 * @param authnRequest         the authn request
 * @param assertion            the assertion
 * @param supportedNameFormats the supported name formats
 * @param service              the service
 * @param adaptor              the adaptor
 * @return the name id
 */
protected NameID finalizeNameId(final NameID nameid,
                                final AuthnRequest authnRequest,
                                final Assertion assertion,
                                final List<String> supportedNameFormats,
                                final SamlRegisteredService service,
                                final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) {
    
    if (StringUtils.isNotBlank(service.getNameIdQualifier())) {
        nameid.setNameQualifier(service.getNameIdQualifier());
    }
    if (StringUtils.isNotBlank(service.getServiceProviderNameIdQualifier())) {
        nameid.setNameQualifier(service.getServiceProviderNameIdQualifier());
    }

    return nameid;
}
 

import org.opensaml.saml.saml2.core.NameID; //导入依赖的package包/类
/**
 * Encode name id based on name format name id.
 *
 * @param authnRequest the authn request
 * @param assertion    the assertion
 * @param nameFormat   the name format
 * @param service      the service
 * @param adaptor      the adaptor
 * @return the name id
 */
protected NameID encodeNameIdBasedOnNameFormat(final AuthnRequest authnRequest,
                                               final Assertion assertion,
                                               final String nameFormat,
                                               final SamlRegisteredService service,
                                               final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) {
    try {
        final IdPAttribute attribute = prepareNameIdAttribute(assertion);
        final SAML2StringNameIDEncoder encoder = prepareNameIdEncoder(authnRequest, nameFormat, attribute, service, adaptor);
        LOGGER.debug("Encoding NameID based on [{}]", nameFormat);
        final NameID nameid = encoder.encode(attribute);
        LOGGER.debug("Final NameID encoded with format [{}] has value [{}]", nameid.getFormat(), nameid.getValue());
        return nameid;
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return null;
}
 

import org.opensaml.saml.saml2.core.NameID; //导入依赖的package包/类
private Subject buildSubject(final HttpServletRequest request,
                             final HttpServletResponse response,
                             final AuthnRequest authnRequest,
                             final Assertion assertion,
                             final SamlRegisteredService service,
                             final SamlRegisteredServiceServiceProviderMetadataFacade adaptor,
                             final String binding) throws SamlException {
    final NameID nameID = this.ssoPostProfileSamlNameIdBuilder.build(authnRequest, request, response, 
            assertion, service, adaptor, binding);
    final ZonedDateTime validFromDate = ZonedDateTime.ofInstant(assertion.getValidFromDate().toInstant(), ZoneOffset.UTC);

    final AssertionConsumerService acs = adaptor.getAssertionConsumerService(binding);
    if (acs == null) {
        throw new IllegalArgumentException("Failed to locate the assertion consumer service url");
    }

    final String location = StringUtils.isBlank(acs.getResponseLocation()) ? acs.getLocation() : acs.getResponseLocation();
    final Subject subject = newSubject(nameID.getFormat(), nameID.getValue(),
            location, validFromDate.plusSeconds(this.skewAllowance), authnRequest.getID());
    subject.setNameID(nameID);
    return subject;
}
 

import org.opensaml.saml.saml2.core.NameID; //导入依赖的package包/类
/**
 * Decrypts an EncryptedID, using a decrypter.
 * 
 * @param encryptedId The EncryptedID to be decrypted.
 * @param decrypter The decrypter to use.
 * 
 * @return Decrypted ID or {@code null} if any input is {@code null}.
 * 
 * @throws SAMLException If the input ID cannot be decrypted.
 */
protected final NameID decryptEncryptedId(final EncryptedID encryptedId, final Decrypter decrypter) throws SAMLException {
    if (encryptedId == null) {
        return null;
    }
    if (decrypter == null) {
        logger.warn("Encrypted attributes returned, but no keystore was provided.");
        return null;
    }

    try {
        final NameID decryptedId = (NameID) decrypter.decrypt(encryptedId);
        return decryptedId;
    } catch (final DecryptionException e) {
        throw new SAMLException("Decryption of an EncryptedID failed.", e);
    }
}
 

import org.opensaml.saml.saml2.core.NameID; //导入依赖的package包/类
private AttributeQuery givenAValidAttributeQuery() {
    AttributeQuery query = openSamlXmlObjectFactory.createAttributeQuery();

    query.setIssueInstant(DateTime.now());
    Subject originalSubject = openSamlXmlObjectFactory.createSubject();
    NameID originalSubjectNameId = openSamlXmlObjectFactory.createNameId("name_id");
    Issuer originalIssuer = openSamlXmlObjectFactory.createIssuer("issuer_id");
    originalSubject.setNameID(originalSubjectNameId);

    SubjectConfirmation subjectConfirmation = openSamlXmlObjectFactory.createSubjectConfirmation();
    originalSubject.getSubjectConfirmations().add(subjectConfirmation);
    query.setSubject(originalSubject);
    query.setIssuer(originalIssuer);

    originalIssuer.setValue("original issuer");
    query.setID("original id");
    originalSubjectNameId.setValue("original subject id");
    originalSubjectNameId.setSPNameQualifier("http://foo.com");

    List<Attribute> attributes = query.getAttributes();
    AttributeFactory_1_1 attributeFactory = new AttributeFactory_1_1(openSamlXmlObjectFactory);
    attributes.add(attributeFactory.createFirstnameAttribute(ImmutableList.of(new SimpleMdsValue<>(FIRST_NAME, null, null, false))));

    return query;
}
 

import org.opensaml.saml.saml2.core.NameID; //导入依赖的package包/类
/** {@inheritDoc} */
@Override
protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) {

    final NameID nameId = generateNameID(profileRequestContext);
    if (nameId == null) {
        log.error("{} Subject may not be null", getLogPrefix());
        ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
        return;
    }
    getOidcResponseContext().setNameId(nameId);
    log.debug("{} Subject of type {} set to {}", getLogPrefix(), nameId.getFormat(), nameId.getValue());

}
 

import org.opensaml.saml.saml2.core.NameID; //导入依赖的package包/类
@Test
public void testSetters() throws URISyntaxException, ParseException {
    ctx.setAcr("acrValue");
    ctx.setAuthTime(1);
    ctx.setExp(2);
    Issuer issuer = new Issuer("iss");
    Subject sub = new Subject("sub");
    List<Audience> aud = new ArrayList<Audience>();
    aud.add(new Audience("aud"));
    IDTokenClaimsSet token = new IDTokenClaimsSet(issuer, sub, aud, new Date(), new Date());
    ctx.setIDToken(token);
    NameID id = new MockNameID();
    ctx.setNameId(id);
    URI uri = new URI("https://example.org");
    ctx.setRedirectURI(uri);
    ctx.setRequestedSubject("sub");
    Scope scope = new Scope();
    ctx.setScope(scope);
    JWSHeader header = new JWSHeader(JWSAlgorithm.ES256);
    SignedJWT sJWT = new SignedJWT(header, token.toJWTClaimsSet());
    ctx.setSignedIDToken(sJWT);
    Assert.assertEquals(ctx.getAcr().toString(), "acrValue");
    ctx.setAcr(null);
    Assert.assertNull(ctx.getAcr());
    Assert.assertEquals(ctx.getAuthTime(), new Date(1));
    Assert.assertEquals(ctx.getExp(), new Date(2));
    Assert.assertEquals(ctx.getIDToken(), token);
    Assert.assertEquals(ctx.getNameId(), id);
    Assert.assertEquals(ctx.getSignedIDToken(), sJWT);
    Assert.assertEquals(ctx.getRedirectURI(), uri);
    Assert.assertEquals(ctx.getRequestedSubject(), "sub");
    Assert.assertEquals(ctx.getScope(), scope);
}
 

import org.opensaml.saml.saml2.core.NameID; //导入依赖的package包/类
/**
 * Construct SAML response.
 * <a href="http://bit.ly/1uI8Ggu">See this reference for more info.</a>
 * @return the SAML response
 */
private String constructSamlResponse() {
    final DateTime currentDateTime = DateTime.parse(new ISOStandardDateFormat().getCurrentDateAndTime());
    final DateTime notBeforeIssueInstant = DateTime.parse("2003-04-17T00:46:02Z");

    final RegisteredService svc = this.servicesManager.findServiceBy(this);
    final String userId = svc.getUsernameAttributeProvider().resolveUsername(getPrincipal(), this);

    final org.opensaml.saml.saml2.core.Response response = BUILDER.newResponse(
            BUILDER.generateSecureRandomId(),
            currentDateTime,
            getId(), this);
    response.setStatus(BUILDER.newStatus(StatusCode.SUCCESS, null));

    final AuthnStatement authnStatement = BUILDER.newAuthnStatement(
            AuthnContext.PASSWORD_AUTHN_CTX, currentDateTime);
    final Assertion assertion = BUILDER.newAssertion(authnStatement,
            "https://www.opensaml.org/IDP",
            notBeforeIssueInstant, BUILDER.generateSecureRandomId());

    final Conditions conditions = BUILDER.newConditions(notBeforeIssueInstant,
            currentDateTime, getId());
    assertion.setConditions(conditions);

    final Subject subject = BUILDER.newSubject(NameID.EMAIL, userId,
            getId(), currentDateTime, this.requestId);
    assertion.setSubject(subject);

    response.getAssertions().add(assertion);

    final StringWriter writer = new StringWriter();
    BUILDER.marshalSamlXmlObject(response, writer);

    final String result = writer.toString();
    logger.debug("Generated Google SAML response: {}", result);
    return result;
}
 

import org.opensaml.saml.saml2.core.NameID; //导入依赖的package包/类
@Override
public NameID build(final AuthnRequest authnRequest, final HttpServletRequest request, final HttpServletResponse response,
                    final Assertion assertion, final SamlRegisteredService service,
                    final SamlRegisteredServiceServiceProviderMetadataFacade adaptor,
                    final String binding)
        throws SamlException {
    return buildNameId(authnRequest, assertion, service, adaptor);
}
 

import org.opensaml.saml.saml2.core.NameID; //导入依赖的package包/类
/**
 * Gets required name id format if any.
 *
 * @param authnRequest the authn request
 * @return the required name id format if any
 */
protected String getRequiredNameIdFormatIfAny(final AuthnRequest authnRequest) {
    String requiredNameFormat = null;
    if (authnRequest.getNameIDPolicy() != null) {
        requiredNameFormat = authnRequest.getNameIDPolicy().getFormat();
        LOGGER.debug("AuthN request indicates [{}] is the required NameID format", requiredNameFormat);
        if (NameID.ENCRYPTED.equals(requiredNameFormat)) {
            LOGGER.warn("Encrypted NameID formats are not supported");
            requiredNameFormat = null;
        }
    }
    return requiredNameFormat;
}
 

import org.opensaml.saml.saml2.core.NameID; //导入依赖的package包/类
/**
 * Determine name id name id.
 *
 * @param authnRequest         the authn request
 * @param assertion            the assertion
 * @param supportedNameFormats the supported name formats
 * @param service              the service
 * @param adaptor              the adaptor
 * @return the name id
 */
protected NameID determineNameId(final AuthnRequest authnRequest,
                                 final Assertion assertion,
                                 final List<String> supportedNameFormats,
                                 final SamlRegisteredService service,
                                 final SamlRegisteredServiceServiceProviderMetadataFacade adaptor) {
    for (final String nameFormat : supportedNameFormats) {
        LOGGER.debug("Evaluating NameID format [{}]", nameFormat);
        final NameID nameid = encodeNameIdBasedOnNameFormat(authnRequest, assertion, nameFormat, service, adaptor);
        if (nameid != null) {
            return nameid;
        }
    }
    return null;
}
 

import org.opensaml.saml.saml2.core.NameID; //导入依赖的package包/类
/**
 * Construct SAML response.
 * <a href="http://bit.ly/1uI8Ggu">See this reference for more info.</a>
 *
 * @param service the service
 * @return the SAML response
 */
protected String constructSamlResponse(final GoogleAccountsService service) {
    final ZonedDateTime currentDateTime = ZonedDateTime.now(ZoneOffset.UTC);
    final ZonedDateTime notBeforeIssueInstant = ZonedDateTime.parse("2003-04-17T00:46:02Z");
    final RegisteredService registeredService = servicesManager.findServiceBy(service);
    if (registeredService == null || !registeredService.getAccessStrategy().isServiceAccessAllowed()) {
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE);
    }
    final String userId = registeredService.getUsernameAttributeProvider().resolveUsername(service.getPrincipal(), service, registeredService);

    final org.opensaml.saml.saml2.core.Response response = this.samlObjectBuilder.newResponse(
            this.samlObjectBuilder.generateSecureRandomId(), currentDateTime, null, service);
    response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null));

    final String sessionIndex = '_' + String.valueOf(Math.abs(new SecureRandom().nextLong()));
    final AuthnStatement authnStatement = this.samlObjectBuilder.newAuthnStatement(AuthnContext.PASSWORD_AUTHN_CTX, currentDateTime, sessionIndex);
    final Assertion assertion = this.samlObjectBuilder.newAssertion(authnStatement, casServerPrefix,
            notBeforeIssueInstant, this.samlObjectBuilder.generateSecureRandomId());

    final Conditions conditions = this.samlObjectBuilder.newConditions(notBeforeIssueInstant,
            currentDateTime.plusSeconds(this.skewAllowance), service.getId());
    assertion.setConditions(conditions);

    final Subject subject = this.samlObjectBuilder.newSubject(NameID.EMAIL, userId,
            service.getId(), currentDateTime.plusSeconds(this.skewAllowance), service.getRequestId());
    assertion.setSubject(subject);

    response.getAssertions().add(assertion);

    final StringWriter writer = new StringWriter();
    this.samlObjectBuilder.marshalSamlXmlObject(response, writer);

    final String result = writer.toString();
    LOGGER.debug("Generated Google SAML response: [{}]", result);
    return result;
}
 

import org.opensaml.saml.saml2.core.NameID; //导入依赖的package包/类
@RefreshScope
@Bean
public SAMLTokenProvider transportSamlTokenProvider() {
    final WsFederationProperties.SecurityTokenService wsfed = casProperties.getAuthn().getWsfedIdP().getSts();

    final DefaultSubjectProvider s = new DefaultSubjectProvider();
    switch (wsfed.getSubjectNameIdFormat().trim().toLowerCase()) {
        case "email":
            s.setSubjectNameIDFormat(NameID.EMAIL);
            break;
        case "entity":
            s.setSubjectNameIDFormat(NameID.ENTITY);
            break;
        case "transient":
            s.setSubjectNameIDFormat(NameID.TRANSIENT);
            break;
        case "unspecified":
        default:
            s.setSubjectNameIDFormat(NameID.UNSPECIFIED);
            break;
    }

    final DefaultConditionsProvider c = new DefaultConditionsProvider();
    c.setAcceptClientLifetime(true);

    final SAMLTokenProvider provider = new SAMLTokenProvider();
    provider.setAttributeStatementProviders(Arrays.asList(new ClaimsAttributeStatementProvider()));
    provider.setRealmMap(realms());
    provider.setConditionsProvider(c);
    provider.setSubjectProvider(s);
    return provider;
}
 

import org.opensaml.saml.saml2.core.NameID; //导入依赖的package包/类
protected final SAML2Credentials buildSAML2Credentials(final SAML2MessageContext context) {

        final NameID nameId = context.getSAMLSubjectNameIdentifierContext().getSAML2SubjectNameID();
        final Assertion subjectAssertion = context.getSubjectAssertion();

        final String sessionIndex = getSessionIndex(subjectAssertion);

        final List<Attribute> attributes = new ArrayList<Attribute>();
        for (final AttributeStatement attributeStatement : subjectAssertion.getAttributeStatements()) {
            for (final Attribute attribute : attributeStatement.getAttributes()) {
                attributes.add(attribute);
            }
            if (!attributeStatement.getEncryptedAttributes().isEmpty()) {
                if (decrypter == null) {
                    logger.warn("Encrypted attributes returned, but no keystore was provided.");
                } else {
                    for (final EncryptedAttribute encryptedAttribute : attributeStatement.getEncryptedAttributes()) {
                        try {
                            attributes.add(decrypter.decrypt(encryptedAttribute));
                        } catch (final DecryptionException e) {
                            logger.warn("Decryption of attribute failed, continue with the next one", e);
                        }
                    }
                }
            }
        }
        return new SAML2Credentials(nameId, attributes, subjectAssertion.getConditions(),
                SAML2Client.class.getSimpleName(), sessionIndex);
    }