You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/06/02 14:37:55 UTC
cxf git commit: Factor out the RealmHandler stuff out into a separate
method
Repository: cxf
Updated Branches:
refs/heads/master 27217faed -> 52bbb4bfd
Factor out the RealmHandler stuff out into a separate method
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/52bbb4bf
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/52bbb4bf
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/52bbb4bf
Branch: refs/heads/master
Commit: 52bbb4bfdbae96c93693191c850db12e6f5f21e8
Parents: 27217fa
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Jun 2 15:32:53 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jun 2 15:32:53 2017 +0100
----------------------------------------------------------------------
.../apache/cxf/sts/claims/ClaimsManager.java | 141 ++++++++++---------
1 file changed, 74 insertions(+), 67 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/52bbb4bf/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
index 7d3ebd1..4fa41fb 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java
@@ -133,15 +133,16 @@ public class ClaimsManager {
}
public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) {
+ if (claims == null || claims.size() == 0) {
+ return null;
+ }
+
Relationship relationship = null;
if (parameters.getAdditionalProperties() != null) {
relationship = (Relationship)parameters.getAdditionalProperties().get(
Relationship.class.getName());
}
- if (claims == null || claims.size() == 0) {
- return null;
- }
if (relationship == null || relationship.getType().equals(Relationship.FED_TYPE_IDENTITY)) {
// Federate identity. Identity already mapped.
// Call all configured claims handlers to retrieve the required claims
@@ -176,17 +177,15 @@ public class ClaimsManager {
validateClaimValues(claims, targetClaims);
return targetClaims;
}
-
}
private ProcessedClaimCollection handleClaims(ClaimCollection claims, ClaimsParameters parameters) {
ProcessedClaimCollection returnCollection = new ProcessedClaimCollection();
- Principal originalPrincipal = parameters.getPrincipal();
-
if (claimHandlers == null) {
return returnCollection;
}
+ Principal originalPrincipal = parameters.getPrincipal();
for (ClaimsHandler handler : claimHandlers) {
ClaimCollection supportedClaims =
@@ -195,81 +194,89 @@ public class ClaimsManager {
continue;
}
- if (handler instanceof RealmSupport) {
- RealmSupport handlerRealmSupport = (RealmSupport)handler;
- // Check whether the handler supports the current realm
- if (handlerRealmSupport.getSupportedRealms() != null
- && handlerRealmSupport.getSupportedRealms().size() > 0
- && handlerRealmSupport.getSupportedRealms().indexOf(parameters.getRealm()) == -1) {
- if (LOG.isLoggable(Level.FINER)) {
- LOG.finer("Handler '" + handler.getClass().getName() + "' doesn't support"
- + " realm '" + parameters.getRealm() + "'");
+ if (isCurrentRealmSupported(handler, parameters)) {
+ ProcessedClaimCollection claimCollection = null;
+ try {
+ claimCollection = handler.retrieveClaimValues(supportedClaims, parameters);
+ } catch (RuntimeException ex) {
+ LOG.log(Level.INFO, "Failed retrieving claims from ClaimsHandler "
+ + handler.getClass().getName(), ex);
+ if (this.isStopProcessingOnException()) {
+ throw ex;
}
- continue;
+ } finally {
+ // set original principal again, otherwise wrong principal passed to next claim handler in the list
+ // if no mapping required or wrong source principal used for next identity mapping
+ parameters.setPrincipal(originalPrincipal);
}
- // If handler realm is configured and different from current realm
- // do an identity mapping
- if (handlerRealmSupport.getHandlerRealm() != null
- && !handlerRealmSupport.getHandlerRealm().equalsIgnoreCase(parameters.getRealm())) {
- Principal targetPrincipal = null;
- try {
- if (LOG.isLoggable(Level.FINE)) {
- LOG.fine("Mapping user '" + parameters.getPrincipal().getName()
- + "' [" + parameters.getRealm() + "] to realm '"
- + handlerRealmSupport.getHandlerRealm() + "'");
- }
- targetPrincipal = doMapping(parameters.getRealm(), parameters.getPrincipal(),
- handlerRealmSupport.getHandlerRealm());
- } catch (Exception ex) {
- LOG.log(Level.WARNING, "Failed to map user '" + parameters.getPrincipal().getName()
- + "' [" + parameters.getRealm() + "] to realm '"
- + handlerRealmSupport.getHandlerRealm() + "'", ex);
- throw new STSException("Failed to map user for claims handler",
- STSException.REQUEST_FAILED);
- }
+ if (claimCollection != null && !claimCollection.isEmpty()) {
+ returnCollection.addAll(claimCollection);
+ }
+ }
+ }
- if (targetPrincipal == null || targetPrincipal.getName() == null) {
- LOG.log(Level.WARNING, "Null. Failed to map user '" + parameters.getPrincipal().getName()
- + "' [" + parameters.getRealm() + "] to realm '"
- + handlerRealmSupport.getHandlerRealm() + "'");
- continue;
- }
- if (LOG.isLoggable(Level.INFO)) {
- LOG.info("Principal '" + targetPrincipal.getName()
- + "' passed to handler '" + handler.getClass().getName() + "'");
- }
- parameters.setPrincipal(targetPrincipal);
- } else {
- if (LOG.isLoggable(Level.FINER)) {
- LOG.finer("Handler '" + handler.getClass().getName() + "' doesn't require"
- + " identity mapping '" + parameters.getRealm() + "'");
- }
+ return returnCollection;
+ }
- }
+ private boolean isCurrentRealmSupported(ClaimsHandler handler, ClaimsParameters parameters) {
+ if (!(handler instanceof RealmSupport)) {
+ return true;
+ }
+
+ RealmSupport handlerRealmSupport = (RealmSupport)handler;
+
+ // Check whether the handler supports the current realm
+ if (handlerRealmSupport.getSupportedRealms() != null
+ && handlerRealmSupport.getSupportedRealms().size() > 0
+ && handlerRealmSupport.getSupportedRealms().indexOf(parameters.getRealm()) == -1) {
+ if (LOG.isLoggable(Level.FINER)) {
+ LOG.finer("Handler '" + handlerRealmSupport.getClass().getName() + "' doesn't support"
+ + " realm '" + parameters.getRealm() + "'");
}
+ return false;
+ }
- ProcessedClaimCollection claimCollection = null;
+ // If handler realm is configured and different from current realm
+ // do an identity mapping
+ if (handlerRealmSupport.getHandlerRealm() != null
+ && !handlerRealmSupport.getHandlerRealm().equalsIgnoreCase(parameters.getRealm())) {
+ Principal targetPrincipal = null;
try {
- claimCollection = handler.retrieveClaimValues(supportedClaims, parameters);
- } catch (RuntimeException ex) {
- LOG.log(Level.INFO, "Failed retrieving claims from ClaimsHandler "
- + handler.getClass().getName(), ex);
- if (this.isStopProcessingOnException()) {
- throw ex;
+ if (LOG.isLoggable(Level.FINE)) {
+ LOG.fine("Mapping user '" + parameters.getPrincipal().getName()
+ + "' [" + parameters.getRealm() + "] to realm '"
+ + handlerRealmSupport.getHandlerRealm() + "'");
}
- } finally {
- // set original principal again, otherwise wrong principal passed to next claim handler in the list
- // if no mapping required or wrong source principal used for next identity mapping
- parameters.setPrincipal(originalPrincipal);
+ targetPrincipal = doMapping(parameters.getRealm(), parameters.getPrincipal(),
+ handlerRealmSupport.getHandlerRealm());
+ } catch (Exception ex) {
+ LOG.log(Level.WARNING, "Failed to map user '" + parameters.getPrincipal().getName()
+ + "' [" + parameters.getRealm() + "] to realm '"
+ + handlerRealmSupport.getHandlerRealm() + "'", ex);
+ throw new STSException("Failed to map user for claims handler",
+ STSException.REQUEST_FAILED);
}
- if (claimCollection != null && claimCollection.size() != 0) {
- returnCollection.addAll(claimCollection);
+ if (targetPrincipal == null || targetPrincipal.getName() == null) {
+ LOG.log(Level.WARNING, "Null. Failed to map user '" + parameters.getPrincipal().getName()
+ + "' [" + parameters.getRealm() + "] to realm '"
+ + handlerRealmSupport.getHandlerRealm() + "'");
+ return false;
+ }
+ if (LOG.isLoggable(Level.INFO)) {
+ LOG.info("Principal '" + targetPrincipal.getName()
+ + "' passed to handler '" + handlerRealmSupport.getClass().getName() + "'");
+ }
+ parameters.setPrincipal(targetPrincipal);
+ } else {
+ if (LOG.isLoggable(Level.FINER)) {
+ LOG.finer("Handler '" + handlerRealmSupport.getClass().getName() + "' doesn't require"
+ + " identity mapping '" + parameters.getRealm() + "'");
}
}
- return returnCollection;
+ return true;
}
private ClaimCollection filterHandlerClaims(ClaimCollection claims,