You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/11/18 16:31:36 UTC
svn commit: r1203702 -
/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
Author: coheigea
Date: Fri Nov 18 15:31:36 2011
New Revision: 1203702
URL: http://svn.apache.org/viewvc?rev=1203702&view=rev
Log:
[CXF-3922] - Support for KerberosToken in RST if LdapClaimsHandler used
- Patch applied, thanks.
Modified:
cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java?rev=1203702&r1=1203701&r2=1203702&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java Fri Nov 18 15:31:36 2011
@@ -26,6 +26,8 @@ import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.StringTokenizer;
+import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.NamingEnumeration;
@@ -33,6 +35,8 @@ import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.x500.X500Principal;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.ws.security.sts.provider.STSException;
@@ -89,7 +93,33 @@ public class LdapClaimsHandler implement
public ClaimCollection retrieveClaimValues(Principal principal, RequestClaimCollection claims) {
- String dn = getDnOfPrincipal(principal.getName());
+ String user = null;
+ if (principal instanceof KerberosPrincipal) {
+ KerberosPrincipal kp = (KerberosPrincipal)principal;
+ StringTokenizer st = new StringTokenizer(kp.getName(), "@");
+ user = st.nextToken();
+ } else if (principal instanceof X500Principal) {
+ X500Principal x500p = (X500Principal)principal;
+ LOG.warning("Unsupported principal type X500: " + x500p.getName());
+ return new ClaimCollection();
+ } else if (principal != null) {
+ user = principal.getName();
+ } else {
+ //[TODO] if onbehalfof -> principal == null
+ LOG.info("Principal is null");
+ return new ClaimCollection();
+ }
+
+ if (user == null) {
+ LOG.warning("User must not be null");
+ return new ClaimCollection();
+ } else {
+ if (LOG.isLoggable(Level.FINE)) {
+ LOG.fine("Retrieve claims for user " + user);
+ }
+ }
+
+ String dn = getDnOfPrincipal(user);
List<String> searchAttributeList = new ArrayList<String>();
for (RequestClaim claim : claims) {