You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2013/05/24 21:25:44 UTC

svn commit: r1486183 - /cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java

Author: owulff
Date: Fri May 24 19:25:43 2013
New Revision: 1486183

URL: http://svn.apache.org/r1486183
Log:
Support adding full group name to SAML token for filtered group list

Modified:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java?rev=1486183&r1=1486182&r2=1486183&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java Fri May 24 19:25:43 2013
@@ -54,8 +54,17 @@ public class LdapGroupClaimsHandler impl
     private String groupNameGlobalFilter = ROLE;
     private String groupNameScopedFilter = SCOPE + "_" + ROLE;
     private Map<String, String> appliesToScopeMapping;
+    private boolean useFullGroupNameAsValue = false;
     
     
+    public boolean isUseFullGroupNameAsValue() {
+        return useFullGroupNameAsValue;
+    }
+
+    public void setUseFullGroupNameAsValue(boolean useFullGroupNameAsValue) {
+        this.useFullGroupNameAsValue = useFullGroupNameAsValue;
+    }
+
     public String getUserObjectClass() {
         return userObjectClass;
     }
@@ -251,14 +260,26 @@ public class LdapGroupClaimsHandler impl
                 //  Demo_User -> Role=User
                 //  Demo_Admin -> Role=Admin
                 String filter = this.groupNameScopedFilter;
-                filteredGroups.add(parseRole(group, filter.replaceAll(SCOPE, scope)));
+                String role = null;
+                if (isUseFullGroupNameAsValue()) {
+                    role = group;
+                } else {
+                    role = parseRole(group, filter.replaceAll(SCOPE, scope));
+                }
+                filteredGroups.add(role);
             } else {
                 if (globalPattern.matcher(group).matches()) {
                     //Group matches the global filter
                     //ex. (default groupNameGlobalFilter)
                     //  User -> Role=User
                     //  Admin -> Role=Admin
-                    filteredGroups.add(parseRole(group, this.groupNameGlobalFilter));
+                    String role = null;
+                    if (isUseFullGroupNameAsValue()) {
+                        role = group;
+                    } else {
+                        role = parseRole(group, this.groupNameGlobalFilter);
+                    }
+                    filteredGroups.add(role);
                 } else {
                     LOG.finer("Group '" + group + "' doesn't match scoped and global group filter");
                 }