c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden * The contents of this file are subject to the terms of the Common Development and
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden * Distribution License (the License). You may not use this file except in compliance with the
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden * specific language governing permission and limitations under the License.
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden * When distributing Covered Software, include this CDDL Header Notice in each file and include
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden * Header, with the fields enclosed by brackets [] replaced by your own identifying
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden * information: "Portions copyright [year] [name of copyright owner]".
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden * Copyright 2014 ForgeRock AS.
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden * A policy subject condition that examines claims in a Json Web Token (JWT) subject, such as an OpenID Connect
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden * ID token. Currently only supports testing claims for string equality.
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Maddenpublic class JwtClaimSubject implements EntitlementSubject {
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden private static final Debug DEBUG = Debug.getInstance("amEntitlements");
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden private static final String CLAIM_FIELD = "claimName";
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden private static final String VALUE_FIELD = "claimValue";
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden private static final Map<String, Set<String>> NO_ADVICE = Collections.emptyMap();
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden public Map<String, Set<String>> getSearchIndexAttributes() {
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden return Collections.singletonMap(SubjectAttributesCollector.NAMESPACE_IDENTITY,
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden Collections.singleton(SubjectAttributesCollector.ATTR_NAME_ALL_ENTITIES));
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden public Set<String> getRequiredAttributeNames() {
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden public SubjectDecision evaluate(final String realm, final SubjectAttributesManager mgr, final Subject subject,
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden final String resourceName, final Map<String, Set<String>> environment)
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden final Set<JwtPrincipal> jwts = subject.getPrincipals(JwtPrincipal.class);
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden final JwtPrincipal jwt = jwts.iterator().next();
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden final boolean match = StringUtils.equals(claimValue, value);
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden return true;
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden if (this == o) {
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden return true;
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden return false;
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden final JwtClaimSubject that = (JwtClaimSubject) o;
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden return StringUtils.equals(this.claimName, that.claimName)
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden && StringUtils.equals(this.claimValue, that.claimValue);
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden int result = claimName != null ? claimName.hashCode() : 0;
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden result = 31 * result + (claimValue != null ? claimValue.hashCode() : 0);
c8ab19d28fde5eda3b2daab4b1124887681fedf9Neil Madden return "JwtClaimSubject{ claimName='" + claimName + "', claimValue='" + claimValue + "' }";