You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/11/29 14:10:50 UTC
cxf git commit: Some code updates to the LDAP code in the STS + added
some tests to cover more code paths
Repository: cxf
Updated Branches:
refs/heads/master 01fdc4052 -> 5226685d6
Some code updates to the LDAP code in the STS + added some tests to cover more code paths
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5226685d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5226685d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5226685d
Branch: refs/heads/master
Commit: 5226685d6d5c199485ac0fd62b113b52a6540d72
Parents: 01fdc40
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Nov 29 14:01:19 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Nov 29 14:01:19 2016 +0000
----------------------------------------------------------------------
.../cxf/sts/claims/LdapClaimsHandler.java | 20 ++++----
.../org/apache/cxf/sts/claims/LdapUtils.java | 16 +++---
.../systest/kerberos/ldap/LDAPClaimsTest.java | 52 ++++++++++++++++++++
3 files changed, 69 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/5226685d/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
index 65593f8..77de94c 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
@@ -37,7 +37,6 @@ import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.x500.X500Principal;
import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.rt.security.claims.Claim;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.sts.token.realm.RealmSupport;
@@ -171,9 +170,9 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
Map<String, Attribute> ldapAttributes = null;
if (useLdapLookup) {
- AttributesMapper mapper =
- new AttributesMapper() {
- public Object mapFromAttributes(Attributes attrs) throws NamingException {
+ AttributesMapper<Map<String, Attribute>> mapper =
+ new AttributesMapper<Map<String, Attribute>>() {
+ public Map<String, Attribute> mapFromAttributes(Attributes attrs) throws NamingException {
Map<String, Attribute> map = new HashMap<>();
NamingEnumeration<? extends Attribute> attrEnum = attrs.getAll();
while (attrEnum.hasMore()) {
@@ -184,25 +183,25 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
}
};
- Object result = ldap.lookup(user, mapper);
- ldapAttributes = CastUtils.cast((Map<?, ?>)result);
+ ldapAttributes = ldap.lookup(user, mapper);
} else {
List<String> searchAttributeList = new ArrayList<>();
for (Claim claim : claims) {
- if (getClaimsLdapAttributeMapping().keySet().contains(claim.getClaimType().toString())) {
+ String claimType = claim.getClaimType().toString();
+ if (getClaimsLdapAttributeMapping().keySet().contains(claimType)) {
searchAttributeList.add(
- getClaimsLdapAttributeMapping().get(claim.getClaimType().toString())
+ getClaimsLdapAttributeMapping().get(claimType)
);
} else {
if (LOG.isLoggable(Level.FINER)) {
- LOG.finer("Unsupported claim: " + claim.getClaimType());
+ LOG.finer("Unsupported claim: " + claimType);
}
}
}
String[] searchAttributes = searchAttributeList.toArray(new String[searchAttributeList.size()]);
- if (this.userBaseDNs == null || this.userBaseDn != null) {
+ if (this.userBaseDn != null) {
ldapAttributes = LdapUtils.getAttributesOfEntry(ldap, this.userBaseDn, this.getObjectClass(), this
.getUserNameAttribute(), user, searchAttributes);
}
@@ -226,7 +225,6 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
}
ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
-
for (Claim claim : claims) {
ProcessedClaim c = processClaim(claim, ldapAttributes, principal);
if (c != null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/5226685d/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java
index 55106bc..09138fb 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java
@@ -64,9 +64,9 @@ public final class LdapUtils {
Map<String, Attribute> ldapAttributes = null;
- AttributesMapper mapper =
- new AttributesMapper() {
- public Object mapFromAttributes(Attributes attrs) throws NamingException {
+ AttributesMapper<Map<String, Attribute>> mapper =
+ new AttributesMapper<Map<String, Attribute>>() {
+ public Map<String, Attribute> mapFromAttributes(Attributes attrs) throws NamingException {
Map<String, Attribute> map = new HashMap<>();
NamingEnumeration<? extends Attribute> attrEnum = attrs.getAll();
while (attrEnum.hasMore()) {
@@ -143,9 +143,9 @@ public final class LdapUtils {
public static Name getDnOfEntry(LdapTemplate ldapTemplate, String baseDN,
String objectClass, String filterAttributeName, String filterAttributeValue) {
- ContextMapper mapper =
- new AbstractContextMapper() {
- public Object doMapFromContext(DirContextOperations ctx) {
+ ContextMapper<Name> mapper =
+ new AbstractContextMapper<Name>() {
+ public Name doMapFromContext(DirContextOperations ctx) {
return ctx.getDn();
}
};
@@ -155,12 +155,12 @@ public final class LdapUtils {
new EqualsFilter("objectclass", objectClass)).and(
new EqualsFilter(filterAttributeName, filterAttributeValue));
- List<?> result = ldapTemplate.search((baseDN == null) ? "" : baseDN, filter.toString(),
+ List<Name> result = ldapTemplate.search((baseDN == null) ? "" : baseDN, filter.toString(),
SearchControls.SUBTREE_SCOPE, mapper);
if (result != null && result.size() > 0) {
//not only the first one....
- return (Name)result.get(0);
+ return result.get(0);
}
return null;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/5226685d/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
index b01b627..785bae7 100644
--- a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
+++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
@@ -160,6 +160,37 @@ public class LDAPClaimsTest extends AbstractLdapTestUnit {
}
}
}
+
+ @org.junit.Test
+ public void testRetrieveClaimsUsingLDAPLookup() throws Exception {
+ LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler");
+
+ ClaimCollection requestedClaims = createRequestClaimCollection();
+
+ List<URI> expectedClaims = new ArrayList<URI>();
+ expectedClaims.add(ClaimTypes.FIRSTNAME);
+ expectedClaims.add(ClaimTypes.LASTNAME);
+ expectedClaims.add(ClaimTypes.EMAILADDRESS);
+
+ ClaimsParameters params = new ClaimsParameters();
+ params.setPrincipal(new CustomTokenPrincipal("cn=alice,ou=users,dc=example,dc=com"));
+ ProcessedClaimCollection retrievedClaims =
+ claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+ Assert.isTrue(
+ retrievedClaims.size() == expectedClaims.size(),
+ "Retrieved number of claims [" + retrievedClaims.size()
+ + "] doesn't match with expected [" + expectedClaims.size() + "]"
+ );
+
+ for (ProcessedClaim c : retrievedClaims) {
+ if (expectedClaims.contains(c.getClaimType())) {
+ expectedClaims.remove(c.getClaimType());
+ } else {
+ Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
+ }
+ }
+ }
@org.junit.Test
public void testMultiUserBaseDNs() throws Exception {
@@ -391,6 +422,27 @@ public class LDAPClaimsTest extends AbstractLdapTestUnit {
}
@org.junit.Test
+ public void testRetrieveRolesForAliceUsingLDAPLookup() throws Exception {
+ LdapGroupClaimsHandler claimsHandler =
+ (LdapGroupClaimsHandler)appContext.getBean("testGroupClaimsHandler");
+
+ ClaimCollection requestedClaims = new ClaimCollection();
+ Claim claim = new Claim();
+ URI roleURI = URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+ claim.setClaimType(roleURI);
+ requestedClaims.add(claim);
+
+ ClaimsParameters params = new ClaimsParameters();
+ params.setPrincipal(new CustomTokenPrincipal("cn=alice,ou=users,dc=example,dc=com"));
+ ProcessedClaimCollection retrievedClaims =
+ claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+ Assert.isTrue(retrievedClaims.size() == 1);
+ Assert.isTrue(retrievedClaims.get(0).getClaimType().equals(roleURI));
+ Assert.isTrue(retrievedClaims.get(0).getValues().size() == 2);
+ }
+
+ @org.junit.Test
public void testRetrieveRolesForBob() throws Exception {
LdapGroupClaimsHandler claimsHandler =
(LdapGroupClaimsHandler)appContext.getBean("testGroupClaimsHandlerOtherUsers");