You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/07/16 11:21:30 UTC
svn commit: r1503624 -
/cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
Author: coheigea
Date: Tue Jul 16 09:21:29 2013
New Revision: 1503624
URL: http://svn.apache.org/r1503624
Log:
Send multiple roles as XACML AttributeValues of a single Attribute
Modified:
cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
Modified: cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java?rev=1503624&r1=1503623&r2=1503624&view=diff
==============================================================================
--- cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java (original)
+++ cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java Tue Jul 16 09:21:29 2013
@@ -28,6 +28,7 @@ import org.apache.cxf.message.Message;
import org.joda.time.DateTime;
import org.opensaml.xacml.ctx.ActionType;
import org.opensaml.xacml.ctx.AttributeType;
+import org.opensaml.xacml.ctx.AttributeValueType;
import org.opensaml.xacml.ctx.EnvironmentType;
import org.opensaml.xacml.ctx.RequestType;
import org.opensaml.xacml.ctx.ResourceType;
@@ -96,20 +97,38 @@ public class DefaultXACMLRequestBuilder
attributes.add(createAttribute(XACMLConstants.SUBJECT_ID, XACMLConstants.XS_STRING, issuer,
principal.getName()));
- for (String role : roles) {
- if (role != null) {
- attributes.add(createAttribute(XACMLConstants.SUBJECT_ROLE, XACMLConstants.XS_ANY_URI,
- issuer, role));
+ if (roles != null) {
+ List<AttributeValueType> roleAttributes = new ArrayList<AttributeValueType>();
+ for (String role : roles) {
+ if (role != null) {
+ AttributeValueType subjectRoleAttributeValue =
+ RequestComponentBuilder.createAttributeValueType(role);
+ roleAttributes.add(subjectRoleAttributeValue);
+ }
+ }
+
+ if (!roleAttributes.isEmpty()) {
+ AttributeType subjectRoleAttribute =
+ createAttribute(
+ XACMLConstants.SUBJECT_ROLE,
+ XACMLConstants.XS_ANY_URI,
+ issuer,
+ roleAttributes
+ );
+ attributes.add(subjectRoleAttribute);
}
}
return RequestComponentBuilder.createSubjectType(attributes, null);
}
+ private AttributeType createAttribute(String id, String type, String issuer, List<AttributeValueType> values) {
+ return RequestComponentBuilder.createAttributeType(id, type, issuer, values);
+ }
+
private AttributeType createAttribute(String id, String type, String issuer, String value) {
- return RequestComponentBuilder.createAttributeType(id, type, issuer,
- Collections.singletonList(
- RequestComponentBuilder.createAttributeValueType(value)));
+ return createAttribute(id, type, issuer,
+ Collections.singletonList(RequestComponentBuilder.createAttributeValueType(value)));
}
/**