You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/11/18 16:31:36 UTC

svn commit: r1203702 - /cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java

Author: coheigea
Date: Fri Nov 18 15:31:36 2011
New Revision: 1203702

URL: http://svn.apache.org/viewvc?rev=1203702&view=rev
Log:
[CXF-3922] - Support for KerberosToken in RST if LdapClaimsHandler used
 - Patch applied, thanks.

Modified:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java?rev=1203702&r1=1203701&r2=1203702&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java Fri Nov 18 15:31:36 2011
@@ -26,6 +26,8 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.StringTokenizer;
+import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import javax.naming.NamingEnumeration;
@@ -33,6 +35,8 @@ import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.SearchControls;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.x500.X500Principal;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.ws.security.sts.provider.STSException;
@@ -89,7 +93,33 @@ public class LdapClaimsHandler implement
 
     public ClaimCollection retrieveClaimValues(Principal principal, RequestClaimCollection claims) {
 
-        String dn = getDnOfPrincipal(principal.getName());
+        String user = null;
+        if (principal instanceof KerberosPrincipal) {
+            KerberosPrincipal kp = (KerberosPrincipal)principal;
+            StringTokenizer st = new StringTokenizer(kp.getName(), "@");
+            user = st.nextToken();
+        } else if (principal instanceof X500Principal) {
+            X500Principal x500p = (X500Principal)principal;
+            LOG.warning("Unsupported principal type X500: " + x500p.getName());
+            return new ClaimCollection();
+        } else if (principal != null) {
+            user = principal.getName();
+        } else {
+            //[TODO] if onbehalfof -> principal == null
+            LOG.info("Principal is null");
+            return new ClaimCollection();
+        }
+        
+        if (user == null) {
+            LOG.warning("User must not be null");
+            return new ClaimCollection();
+        } else {
+            if (LOG.isLoggable(Level.FINE)) {
+                LOG.fine("Retrieve claims for user " + user);
+            }
+        }
+        
+        String dn = getDnOfPrincipal(user);
 
         List<String> searchAttributeList = new ArrayList<String>();
         for (RequestClaim claim : claims) {