You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/09/21 16:47:04 UTC
[cxf-fediz] 01/05: Adding custom claim transformation support to
fediz plugin
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit 7c6fa3043028886db2a7f3812e96ef9dca0a657a
Author: Juerg Portmann <ju...@zurich.com>
AuthorDate: Tue Mar 6 15:15:00 2018 +0100
Adding custom claim transformation support to fediz plugin
---
.../apache/cxf/fediz/core/config/FedizContext.java | 38 ++++++++++++++++++++++
.../core/processor/FederationProcessorImpl.java | 10 +++++-
.../src/main/resources/schemas/FedizConfig.xsd | 11 +++++++
.../fediz/core/config/FedizConfigurationTest.java | 7 ++++
systests/cxf/src/test/resources/fediz_config.xml | 7 ++--
.../cxfWebapp/src/main/resources/fediz_config.xml | 7 ++--
6 files changed, 73 insertions(+), 7 deletions(-)
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
index 17014c0..4c92994 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
@@ -32,8 +32,10 @@ import java.util.List;
import java.util.Properties;
import java.util.regex.Pattern;
+import org.apache.cxf.fediz.core.config.jaxb.ArgumentType;
import org.apache.cxf.fediz.core.config.jaxb.CallbackType;
import org.apache.cxf.fediz.core.config.jaxb.CertificateStores;
+import org.apache.cxf.fediz.core.config.jaxb.ClaimsTransformerType;
import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
import org.apache.cxf.fediz.core.config.jaxb.KeyManagersType;
@@ -44,6 +46,7 @@ import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
import org.apache.cxf.fediz.core.exception.IllegalConfigurationException;
+import org.apache.cxf.fediz.core.processor.ClaimsProcessor;
import org.apache.cxf.fediz.core.util.CertsUtils;
import org.apache.wss4j.common.cache.ReplayCache;
import org.apache.wss4j.common.cache.ReplayCacheFactory;
@@ -260,6 +263,41 @@ public class FedizContext implements Closeable {
return replayCache;
}
+ public ClaimsProcessor getClaimsTransformer() {
+ ClaimsTransformerType claimsTransformerType = config.getClaimsTransformer();
+ if (claimsTransformerType != null) {
+ ArgumentType type = claimsTransformerType.getType();
+ if (type.equals(ArgumentType.CLASS)) {
+ String clazzName = type.value();
+ Class<?> clazz;
+ try {
+ clazz = getClassloader().loadClass(clazzName);
+ Object obj = clazz.newInstance();
+ if (obj instanceof ClaimsProcessor) {
+ return (ClaimsProcessor) obj;
+ } else {
+ LOG.error("The configured ClaimsTransformer is not an instance of ClaimsProcessor !");
+ return null;
+ }
+
+ } catch (ClassNotFoundException e) {
+ LOG.error("The specified ClaimsTransformer can not be found. Check your classpath");
+ return null;
+
+ } catch (InstantiationException e) {
+ LOG.error("The specified ClaimsTransformer can not be instantiated.");
+ return null;
+
+ } catch (IllegalAccessException e) {
+ LOG.error("The specified ClaimsTransformer can not be accessed.");
+ return null;
+ }
+
+ }
+ }
+ return null;
+ }
+
public String getName() {
return config.getName();
}
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index 595a457..31e4799 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -44,6 +44,8 @@ import javax.servlet.http.HttpServletRequest;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+
+import org.apache.cxf.fediz.core.Claim;
import org.apache.cxf.fediz.core.FederationConstants;
import org.apache.cxf.fediz.core.RequestState;
import org.apache.cxf.fediz.core.TokenValidator;
@@ -218,8 +220,14 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
created = lifeTime.getCreated();
}
+ List<Claim> claims = validatorResponse.getClaims();
+ if (config.getClaimsTransformer() != null) {
+ LOG.debug("invoking ClaimsTransformer");
+ claims = config.getClaimsTransformer().processClaims(validatorResponse.getClaims());
+ }
+
FedizResponse fedResponse = new FedizResponse(validatorResponse.getUsername(), validatorResponse.getIssuer(),
- validatorResponse.getRoles(), validatorResponse.getClaims(),
+ validatorResponse.getRoles(), claims,
validatorResponse.getAudience(), created, expires, rst,
validatorResponse.getUniqueTokenId());
diff --git a/plugins/core/src/main/resources/schemas/FedizConfig.xsd b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
index 3b039a8..97cea11 100644
--- a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
+++ b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
@@ -28,6 +28,7 @@
<xs:element ref="logoutURL" minOccurs="0" />
<xs:element ref="logoutRedirectTo" minOccurs="0" />
<xs:element ref="logoutRedirectToConstraint" minOccurs="0" />
+ <xs:element ref="claimsTransformer" minOccurs="0" />
</xs:sequence>
<xs:attribute name="name" use="required" type="xs:string" />
@@ -222,6 +223,16 @@
</xs:annotation>
</xs:element>
+ <xs:complexType name="ClaimsTransformerType">
+ <xs:simpleContent>
+ <xs:extension base="xs:string">
+ <xs:attribute name="type" type="argumentType" />
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+
+ <xs:element name="claimsTransformer" type="ClaimsTransformerType" />
+
<xs:element name="issuer" type="CallbackType" />
<xs:element name="homeRealm" type="CallbackType" />
<xs:element name="authenticationType" type="CallbackType" />
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
index 9b25e26..347cede 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java
@@ -35,6 +35,7 @@ import org.apache.cxf.fediz.core.config.jaxb.CallbackType;
import org.apache.cxf.fediz.core.config.jaxb.CertificateStores;
import org.apache.cxf.fediz.core.config.jaxb.ClaimType;
import org.apache.cxf.fediz.core.config.jaxb.ClaimTypesRequested;
+import org.apache.cxf.fediz.core.config.jaxb.ClaimsTransformerType;
import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
import org.apache.cxf.fediz.core.config.jaxb.FedizConfig;
@@ -84,6 +85,7 @@ public class FedizConfigurationTest {
private static final String SUBJECT_VALUE_2 = ".*CN=www.sts2.com.*";
private static final String SUBJECT_VALUE_3 = ".*CN=www.sts3.com.*";
+ private static final String CLAIMSTRANFORMER_CLASS = "org.apache.fediz.MyClaimsTransformer.class";
private static final String CONFIG_FILE = "./target/fedizconfig.xml";
@@ -213,6 +215,11 @@ public class FedizConfigurationTest {
issuer.setValue(ISSUER);
protocol.setIssuer(issuer);
+ ClaimsTransformerType claimsTransformer = new ClaimsTransformerType();
+ claimsTransformer.setType(ArgumentType.CLASS);
+ claimsTransformer.setValue(CLAIMSTRANFORMER_CLASS);
+ config.setClaimsTransformer(claimsTransformer);
+
return rootConfig;
}
diff --git a/systests/cxf/src/test/resources/fediz_config.xml b/systests/cxf/src/test/resources/fediz_config.xml
index dc30ea6..5f87c36 100644
--- a/systests/cxf/src/test/resources/fediz_config.xml
+++ b/systests/cxf/src/test/resources/fediz_config.xml
@@ -49,13 +49,14 @@
<homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
<claimTypesRequested>
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="false" />
- <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />
- <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />
- <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />
</claimTypesRequested>
</protocol>
<logoutURL>/secure/logout</logoutURL>
<logoutRedirectTo>/index.html</logoutRedirectTo>
+ <claimsTransformer type="Class">org.apache.cxf.fediz.systests.cxf.ClaimTransformerTest</claimsTransformer>
</contextConfig>
</FedizConfig>
diff --git a/systests/webapps/cxfWebapp/src/main/resources/fediz_config.xml b/systests/webapps/cxfWebapp/src/main/resources/fediz_config.xml
index f73ae4d..a30b0d5 100644
--- a/systests/webapps/cxfWebapp/src/main/resources/fediz_config.xml
+++ b/systests/webapps/cxfWebapp/src/main/resources/fediz_config.xml
@@ -46,13 +46,14 @@
<homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
<claimTypesRequested>
<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="false" />
- <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />
- <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />
- <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />
</claimTypesRequested>
</protocol>
<logoutURL>/secure/logout</logoutURL>
<logoutRedirectTo>/index.html</logoutRedirectTo>
+ <claimsTransformer type="Class">org.apache.cxf.fediz.systests.cxf.ClaimTransformerTest</claimsTransformer>
</contextConfig>
</FedizConfig>