SamlCallbackHandler.java

/*
 * Copyright (C) 2011 Talend Inc. - www.talend.com
 */
package demo.secure_greeter.client;

import java.io.IOException;
import java.util.Collections;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.bean.AttributeBean;
import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.builder.SAML2Constants;
import org.opensaml.saml.common.SAMLVersion;

/**
 * A CallbackHandler instance used to create a simple SAML 2.0 Assertion. This assertion will
 * be added to the outbound security header of the client request. As it uses a subject
 * confirmation method of "Sender Vouches", it conveys to the Web Service Provider that the
 * client has authenticated an external user in some way (not shown as part of this sample), 
 * and has assigned the attribute role of "authenticated-client" to the external user. The
 * assertion that will be generated from this CallbackHandler instance will be signed by the 
 * client, as per the policy definition ("SignedSupportingTokens").
 */
public class SamlCallbackHandler implements CallbackHandler {

    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbacks.length; i++) {
            if (callbacks[i] instanceof SAMLCallback) {
                SAMLCallback callback = (SAMLCallback) callbacks[i];
                callback.setSamlVersion(SAMLVersion.VERSION_20);
                callback.setIssuer("alice");
                String subjectName = "uid=auth_client";
                SubjectBean subjectBean = 
                    new SubjectBean(
                        subjectName, null, SAML2Constants.CONF_SENDER_VOUCHES
                    );
                callback.setSubject(subjectBean);
                
                AttributeStatementBean attrBean = new AttributeStatementBean();
                if (subjectBean != null) {
                    attrBean.setSubject(subjectBean);
                }
                AttributeBean attributeBean = new AttributeBean();
                attributeBean.setQualifiedName("attribute-role");
                attributeBean.setAttributeValues(Collections.singletonList((Object)"authenticated-client"));
                attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
                callback.setAttributeStatementData(Collections.singletonList(attrBean));
            }
        }
    }
    
}