I need to construct an instance of SAMLObject from a SAML message string. After having a look at the OpenSAML APIs, I can't figure how it can be done.
Any advice?
I eventually figure out a solution:
DefaultBootstrap.bootstrap();
UnmarshallerFactory factory = Configuration.getUnmarshallerFactory();
Element element = getElement(); // reading a XML file into a Input Stream
Unmarshaller unmarshaller = factory.getUnmarshaller(element);
XMLObject obj = unmarshaller.unmarshall(element);
You can do this manually by using an UnmarshallerFactory to get a Unmarshaller for your type of SAML message that can be used to parse a XMLObject from a XML element. Some thing like this
factory = XMLObjectProviderRegistrySupport().getUnmarshallerFactory()
unmarshaller = factory.getUnmarshaller(Assertion.DEFAULT_ELEMENT_NAME)
XMLobject = unmarshaller.unmarshall(Element element)
This XML object can then be cast to the actual SAML object like a Assertion object
This could atleast be done in opensaml 2.
However what you should really look into is using the available encoders to handle the low level message parsing and handling.
Here is an example on my blog on how to use encoders to send a authnrequst
http://blog.samlsecurity.com/2016/08/signing-and-sending-authnrequests-in.html
The encoder handles signing converting the SAML object to text and sending the message.
Related
I am developing ios app which is getting data from Google endpoint ,the data is base 64 encoded on the server to a custom java object, which is then returned by the endpoint method.
On the iOS side I am able to receive the data and print the data using the generated client code.
I am facing a problem and I am unable to decode the data back in to the GTL**** endpoint auto generated class.
The decoded data shows up with some hex numbers:
My Code:
let respo2 = GTLDecodeBase64(responce) as? GTLEndpointStatusCollection
I also tried decoding using the swift classes:
let respo = NSData(base64EncodedString: responce, options: NSDataBase64DecodingOptions(rawValue: 0))
The input is base64 encoded : rO0ABXNyABNqYXZhLnV0aWwuQXJyYXlMaXN0eIHSHZnHYZ......
The desired output should have been readable data,
but instead im getting:
<aced0005 73720013 6a617661 2e757469 6c2e4172 7261794c.....
I even tried encoding, decoding the base64 decoded data with NSUTF8
but no use.
What am I doing wrong? Is it possible for data encoded on Server in Java (with custom Java objects) to be decoded back ? (I understand Google endpoint does the serialization/deserialization in between)
Thanks in advance.
You should use JSON for serialization rather than manually converting the object to a bytestring and base64 encoding it. If you are using the Endpoints libraries this is automatically done for you, simply by returning the object in your method. See the docs here for an example and the rest of the Endpoints docs for more details. To consume the API you can use the generated iOS libraries which also do this for you as per the examples here. You won't actually see any JSON unless you inspect the HTTP traffic or use the API Explorer.
It sounds like you might just be doing more work than is needed by pre-encoding the object, rather than just letting Endpoints do it for you. If you really need to manually serialize an object to some property you can use a library on the Endpoints side like Jackson to serialize the object to a string property and NSJSONSerialization on the client to convert it back to an object.
Issue: How to correlate messages for an aggregator based on a XML value in the payload? I have a scenerio where I call a third party application and it only gives back an xml response. Based on an xml value in the payload I would like to correlate the messages to produce a single response back to the consumer.
Example using Header Attribute
#CorrelationStrategy
public Object correlate(Message message) throws JMSException {
return message.getHeaders().get("JMSXUserID");
}
Solution Notes:
As described below and referenced in the spring documentation for xml payload support.
http://docs.spring.io/spring-integration/reference/html/xml.html#xpath-spel-function
Sample Config Applied:
<aggregator
id="agg"
input-channel="jmsInChannel"
output-channel="outputChannel"
ref="AggregatorPOJO"
method="combineResponesMessages"
correlation-strategy-expression="#xpath(payload, '/test/name')"
release-strategy="AggregatorPOJO"
release-strategy-method="isComplete"/>
This will correlate the following xml.
<test><name>test1</name></test>
Take a look if #xpath() SpEL function can help you, for example:
correlation-strategy-expression="#xpath(payload, '/name')"
where payload is a payload in some XML representation of messages to correlated and /name is an XPath against that payload.
You should be sure that spring-integratrion-xml jar is on your CLASSPATH.
You would have to parse the XML; you might be able to use a simple regex Pattern or you might have to convert the payload to a DOM for more complex situations.
I have a schema, which will result in an XML like this
<root-element>
<element_1>value_a<element_1>
<element_2>value_b<element_2>
<element_3>value_c<element_3>
<element_1>value_a<element_1>
<element_2>value_b<element_2>
<element_3>value_c<element_3>
</root-element>
Now, in my REST Method, there are two different methods which receives input call
#POST
#Path(PATH+"/{" + PATH_2 + "}/query-by-list." + XML)
#Consumes (MediaType.APPLICATION_XML)
#Produces(MediaType.APPLICATION_XML)
public Response getShipmentListXML (String xmlRequest)
and other we can do is like
#POST
#Path(PATH+"/{" + PATH_2 + "}/query-by-list." + XML)
#Consumes (MediaType.APPLICATION_XML)
#Produces(MediaType.APPLICATION_XML)
public Response getShipmentListXML (JAXBElement<ShipmentListType> jaxbShipmentListType)
in short, the first method is getting the "raw" request and the second one is marshalling the request into appropriate jaxb element type.
Question is, which one would be faster ? The one which is taking raw request or the one which is marshalling ... or ... would that making any request ?
P.S:
The raw request is marshalling the input raw string into jaxbobject anyways. the only difference is that the input request (xml body) is used somewhere else too. which can be converted from those jaxb object.
If you don't need to read or store the XML payload, then it shouldn't make any difference from a performance standpoint whether you do the unmarshalling manually or via Jersey, but the latter will make for less code and work.
If you do need to read or store the XML payload, then letting Jersey do the unmarshalling for you is less efficient as it will require you to remarshall it later on. In this case, you might as well just get the raw String.
I need to do a post request from a gwt app to a server. So far this works fine. However, originally I used an object that contained all the parameters send over to the server via a rpc request so I did not have to manage the serialization and deserialization myself. Now I send this stuff via a post request and on the server side I get something like username=blabla&location=blabla
I'd rather like to do something like this (pseudo code):
String serializedObject = parameterObject.serialize();
sendPostRequestWithContent(serializedObject);
and on the server side:
doPost(...)
String serializedObject = request.getContent();
ParameterObject parameterObject = ParameterObject.deserialize( serializedObject );
Any idea how I could do this?
There are different ways.
For simple objects manually serialize and deserialize (field1=123123&field2=1232)
Use JSON as payload.
For solution 2 you can use a JSON parser on the beackend (Jackson, Gson, etc) and on the client you can either manually serialize the object to JSON or one of these methods.
I've generated the web service client in eclipse for the OpenCalais WSDL using the "develop" client type. Actually I was following this post so not really going in detail. Now when I get the results this way: new CalaisLocator().getcalaisSoap().enlighten(key, content, requestParams);, I get the String object, containing the response XML. Sure it's possible to parse that XML, but I think there must be some way to do it automatically, e.g. getting the response object in the form of some list whatsoever?
The response from the SOAP interface is already parsed. The englighten() method returns an XML string. When you call it with SOAP, this response is wrapped within even more XML. The SOAP library already parses the outer SOAP XML and returns the result of the enlighten() method, which is also XML.