You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/07/14 11:38:20 UTC
cxf-fediz git commit: Store the roles in FedizPrincipal. The roles
are removed from the Claims, so before this there is no way to get the roles
Repository: cxf-fediz
Updated Branches:
refs/heads/master d7b3b8e0e -> 95905560e
Store the roles in FedizPrincipal. The roles are removed from the Claims, so before this there is no way to get the roles
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/95905560
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/95905560
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/95905560
Branch: refs/heads/master
Commit: 95905560e67df8f00feba547eee4d25711791d4f
Parents: d7b3b8e
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Jul 14 12:22:16 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Jul 14 12:22:16 2016 +0100
----------------------------------------------------------------------
.../java/org/apache/cxf/fediz/core/FedizPrincipal.java | 3 +++
.../cxf/fediz/core/federation/TestSigninHandler.java | 9 +++++++++
.../fediz/cxf/plugin/AbstractServiceProviderFilter.java | 3 ++-
.../apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java | 11 +++++++++--
.../cxf/fediz/jetty8/FederationUserPrincipal.java | 12 +++++++++++-
.../cxf/fediz/jetty9/FederationUserPrincipal.java | 12 +++++++++++-
.../authentication/FederationAuthenticationToken.java | 9 +++++++++
.../authentication/FederationAuthenticationToken.java | 9 +++++++++
.../cxf/fediz/tomcat7/FederationPrincipalImpl.java | 9 +++++++++
.../cxf/fediz/tomcat8/FederationPrincipalImpl.java | 8 ++++++++
10 files changed, 80 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/95905560/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java
index 4a2c63e..52d7c17 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java
@@ -20,6 +20,7 @@
package org.apache.cxf.fediz.core;
import java.security.Principal;
+import java.util.List;
import org.w3c.dom.Element;
@@ -28,5 +29,7 @@ public interface FedizPrincipal extends Principal {
ClaimCollection getClaims();
Element getLoginToken();
+
+ List<String> getRoleClaims();
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/95905560/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/TestSigninHandler.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/TestSigninHandler.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/TestSigninHandler.java
index bdf68d9..26aa0ca 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/TestSigninHandler.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/TestSigninHandler.java
@@ -19,6 +19,7 @@
package org.apache.cxf.fediz.core.federation;
+import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -61,12 +62,16 @@ public class TestSigninHandler extends SigninHandler<FedizPrincipal> {
protected ClaimCollection claims;
protected Element loginToken;
private String username;
+ private List<String> roles = new ArrayList<>();
FederationPrincipalImpl(String username, List<String> roles,
List<Claim> claims, Element loginToken) {
this.claims = new ClaimCollection(claims);
this.loginToken = loginToken;
this.username = username;
+ if (roles != null) {
+ this.roles = roles;
+ }
}
public ClaimCollection getClaims() {
@@ -83,6 +88,10 @@ public class TestSigninHandler extends SigninHandler<FedizPrincipal> {
return username;
}
+ public List<String> getRoleClaims() {
+ return roles;
+ }
+
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/95905560/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
index b9e89a9..56f3c9d 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
@@ -183,7 +183,8 @@ public abstract class AbstractServiceProviderFilter implements ContainerRequestF
ResponseState responseState, Message m, Element token
) throws WSSecurityException {
CXFFedizPrincipal principal =
- new CXFFedizPrincipal(responseState.getSubject(), responseState.getClaims(), token);
+ new CXFFedizPrincipal(responseState.getSubject(), responseState.getClaims(),
+ responseState.getRoles(), token);
SecurityTokenThreadLocal.setToken(principal.getLoginToken());
FedizSecurityContext context =
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/95905560/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
index 3fde312..5a6914e 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
@@ -18,6 +18,7 @@
*/
package org.apache.cxf.fediz.cxf.plugin;
+import java.util.Collections;
import java.util.List;
import org.w3c.dom.Element;
@@ -30,11 +31,15 @@ public class CXFFedizPrincipal implements FedizPrincipal {
private final String subject;
private final List<Claim> claims;
private Element token;
+ private List<String> roles = Collections.emptyList();
- public CXFFedizPrincipal(String subject, List<Claim> claims, Element token) {
+ public CXFFedizPrincipal(String subject, List<Claim> claims, List<String> roles, Element token) {
this.subject = subject;
this.claims = claims;
this.token = token;
+ if (roles != null) {
+ this.roles = roles;
+ }
}
@Override
@@ -52,5 +57,7 @@ public class CXFFedizPrincipal implements FedizPrincipal {
return token;
}
-
+ public List<String> getRoleClaims() {
+ return Collections.unmodifiableList(roles);
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/95905560/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
index b209605..549e5da 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
@@ -19,7 +19,11 @@
package org.apache.cxf.fediz.jetty8;
+import java.util.Collections;
+import java.util.List;
+
import org.w3c.dom.Element;
+
import org.apache.cxf.fediz.core.ClaimCollection;
import org.apache.cxf.fediz.core.FedizPrincipal;
import org.apache.cxf.fediz.core.processor.FedizResponse;
@@ -28,11 +32,15 @@ public class FederationUserPrincipal implements FedizPrincipal {
private String name;
private ClaimCollection claims;
private FedizResponse response;
+ private List<String> roles = Collections.emptyList();
public FederationUserPrincipal(String name, FedizResponse response) {
this.name = name;
this.response = response;
this.claims = new ClaimCollection(response.getClaims());
+ if (response.getRoles() != null) {
+ this.roles = response.getRoles();
+ }
}
@Override
@@ -57,5 +65,7 @@ public class FederationUserPrincipal implements FedizPrincipal {
return response.getToken();
}
-
+ public List<String> getRoleClaims() {
+ return Collections.unmodifiableList(roles);
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/95905560/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java
----------------------------------------------------------------------
diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java
index 02176ec..76b2986 100644
--- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java
+++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java
@@ -19,7 +19,11 @@
package org.apache.cxf.fediz.jetty9;
+import java.util.Collections;
+import java.util.List;
+
import org.w3c.dom.Element;
+
import org.apache.cxf.fediz.core.ClaimCollection;
import org.apache.cxf.fediz.core.FedizPrincipal;
import org.apache.cxf.fediz.core.processor.FedizResponse;
@@ -28,11 +32,15 @@ public class FederationUserPrincipal implements FedizPrincipal {
private String name;
private ClaimCollection claims;
private FedizResponse response;
+ private List<String> roles = Collections.emptyList();
public FederationUserPrincipal(String name, FedizResponse response) {
this.name = name;
this.response = response;
this.claims = new ClaimCollection(response.getClaims());
+ if (response.getRoles() != null) {
+ this.roles = response.getRoles();
+ }
}
@Override
@@ -57,5 +65,7 @@ public class FederationUserPrincipal implements FedizPrincipal {
return response.getToken();
}
-
+ public List<String> getRoleClaims() {
+ return Collections.unmodifiableList(roles);
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/95905560/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
----------------------------------------------------------------------
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
index 4c2aea1..ad099d1 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
@@ -21,6 +21,8 @@ package org.apache.cxf.fediz.spring.authentication;
import java.io.Serializable;
import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
import org.w3c.dom.Element;
import org.apache.cxf.fediz.core.ClaimCollection;
@@ -43,6 +45,7 @@ public class FederationAuthenticationToken extends AbstractAuthenticationToken
private final Object principal;
private final UserDetails userDetails;
private final FedizResponse response;
+ private List<String> roles = Collections.emptyList();
public FederationAuthenticationToken(final Object principal, final Object credentials,
@@ -60,6 +63,9 @@ public class FederationAuthenticationToken extends AbstractAuthenticationToken
this.userDetails = userDetails;
this.response = response;
setAuthenticated(true);
+ if (response.getRoles() != null) {
+ this.roles = response.getRoles();
+ }
}
public Object getCredentials() {
@@ -97,4 +103,7 @@ public class FederationAuthenticationToken extends AbstractAuthenticationToken
return response.getToken();
}
+ public List<String> getRoleClaims() {
+ return Collections.unmodifiableList(roles);
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/95905560/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
----------------------------------------------------------------------
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
index 284b910..14e1047 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
@@ -20,6 +20,8 @@
package org.apache.cxf.fediz.spring.authentication;
import java.io.Serializable;
+import java.util.Collections;
+import java.util.List;
import org.w3c.dom.Element;
import org.apache.cxf.fediz.core.ClaimCollection;
@@ -41,6 +43,7 @@ public class FederationAuthenticationToken extends AbstractAuthenticationToken
private final Object principal;
private final UserDetails userDetails;
private final FedizResponse response;
+ private List<String> roles = Collections.emptyList();
public FederationAuthenticationToken(final Object principal, final Object credentials,
@@ -58,6 +61,9 @@ public class FederationAuthenticationToken extends AbstractAuthenticationToken
this.userDetails = userDetails;
this.response = response;
setAuthenticated(true);
+ if (response.getRoles() != null) {
+ this.roles = response.getRoles();
+ }
}
public Object getCredentials() {
@@ -95,4 +101,7 @@ public class FederationAuthenticationToken extends AbstractAuthenticationToken
return response.getToken();
}
+ public List<String> getRoleClaims() {
+ return Collections.unmodifiableList(roles);
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/95905560/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java
index 453879f..964701a 100644
--- a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java
+++ b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java
@@ -19,6 +19,7 @@
package org.apache.cxf.fediz.tomcat7;
+import java.util.Collections;
import java.util.List;
import org.w3c.dom.Element;
@@ -31,12 +32,16 @@ public class FederationPrincipalImpl extends GenericPrincipal implements FedizPr
protected ClaimCollection claims;
protected Element loginToken;
+ private List<String> roles = Collections.emptyList();
public FederationPrincipalImpl(String username, List<String> roles,
List<Claim> claims, Element loginToken) {
super(username, null, roles);
this.claims = new ClaimCollection(claims);
this.loginToken = loginToken;
+ if (roles != null) {
+ this.roles = roles;
+ }
}
public ClaimCollection getClaims() {
@@ -47,5 +52,9 @@ public class FederationPrincipalImpl extends GenericPrincipal implements FedizPr
public Element getLoginToken() {
return loginToken;
}
+
+ public List<String> getRoleClaims() {
+ return Collections.unmodifiableList(roles);
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/95905560/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationPrincipalImpl.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationPrincipalImpl.java b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationPrincipalImpl.java
index aa1d316..81408c7 100644
--- a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationPrincipalImpl.java
+++ b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationPrincipalImpl.java
@@ -19,6 +19,7 @@
package org.apache.cxf.fediz.tomcat8;
+import java.util.Collections;
import java.util.List;
import org.w3c.dom.Element;
@@ -31,12 +32,16 @@ public class FederationPrincipalImpl extends GenericPrincipal implements FedizPr
protected ClaimCollection claims;
protected Element loginToken;
+ private List<String> roles = Collections.emptyList();
public FederationPrincipalImpl(String username, List<String> roles,
List<Claim> claims, Element loginToken) {
super(username, null, roles);
this.claims = new ClaimCollection(claims);
this.loginToken = loginToken;
+ if (roles != null) {
+ this.roles = roles;
+ }
}
public ClaimCollection getClaims() {
@@ -48,4 +53,7 @@ public class FederationPrincipalImpl extends GenericPrincipal implements FedizPr
return loginToken;
}
+ public List<String> getRoleClaims() {
+ return Collections.unmodifiableList(roles);
+ }
}