You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by jb...@apache.org on 2014/10/10 20:48:28 UTC
[1/2] git commit: [CXF-6043] Adding multiple user base DN support
Repository: cxf
Updated Branches:
refs/heads/master 8e930bcfc -> 43c65b076
[CXF-6043] Adding multiple user base DN support
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a4222c93
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a4222c93
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a4222c93
Branch: refs/heads/master
Commit: a4222c930f7d69608f826c14e4bc7bc9f670097c
Parents: 8e930bc
Author: Jan Bernhardt <jb...@talend.com>
Authored: Fri Oct 10 18:57:08 2014 +0200
Committer: Jan Bernhardt <jb...@talend.com>
Committed: Fri Oct 10 20:46:30 2014 +0200
----------------------------------------------------------------------
.../cxf/sts/claims/LdapClaimsHandler.java | 28 ++++++++--
.../org/apache/cxf/sts/ldap/LDAPClaimsTest.java | 59 ++++++++++++++++++++
.../sts-core/src/test/resources/ldap.properties | 3 +-
.../sts/sts-core/src/test/resources/ldap.xml | 16 +++++-
4 files changed, 97 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/a4222c93/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
index 238544c..f833798 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
@@ -51,6 +51,7 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
private LdapTemplate ldap;
private Map<String, String> claimMapping;
private String userBaseDn;
+ private List<String> userBaseDNs;
private String delimiter = ";";
private boolean x500FilterEnabled = true;
private String objectClass = "person";
@@ -202,14 +203,25 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
String[] searchAttributes = null;
searchAttributes = searchAttributeList.toArray(new String[searchAttributeList.size()]);
- ldapAttributes = LdapUtils.getAttributesOfEntry(ldap, this.userBaseDn, this.getObjectClass(),
- this.getUserNameAttribute(), user, searchAttributes);
+ if (this.userBaseDNs == null || this.userBaseDn != null) {
+ ldapAttributes = LdapUtils.getAttributesOfEntry(ldap, this.userBaseDn, this.getObjectClass(), this
+ .getUserNameAttribute(), user, searchAttributes);
+ }
+ if (this.userBaseDNs != null && (ldapAttributes == null || ldapAttributes.size() == 0)) {
+ for (String userBase : userBaseDNs) {
+ ldapAttributes = LdapUtils.getAttributesOfEntry(ldap, userBase, this.getObjectClass(), this
+ .getUserNameAttribute(), user, searchAttributes);
+ if (ldapAttributes != null && ldapAttributes.size() > 0) {
+ break; // User found
+ }
+ }
+ }
}
if (ldapAttributes == null || ldapAttributes.size() == 0) {
//No result
if (LOG.isLoggable(Level.INFO)) {
- LOG.finest("User '" + user + "' not found");
+ LOG.info("User '" + user + "' not found");
}
return new ProcessedClaimCollection();
}
@@ -278,8 +290,14 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
@Override
public String getHandlerRealm() {
return realm;
- }
+ }
-}
+ public List<String> getUserBaseDNs() {
+ return userBaseDNs;
+ }
+ public void setUserBaseDNs(List<String> userBaseDNs) {
+ this.userBaseDNs = userBaseDNs;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/a4222c93/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
index 6751131..f302c0a 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
@@ -111,6 +111,65 @@ public class LDAPClaimsTest {
}
+ @org.junit.Test
+ @org.junit.Ignore
+ public void testMultiUserBaseDNs() throws Exception {
+ LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandlerMultipleUserBaseDNs");
+
+ String user = props.getProperty("claimUser");
+ Assert.notNull(user, "Property 'claimUser' not configured");
+ String otherUser = props.getProperty("otherClaimUser");
+ Assert.notNull(otherUser, "Property 'otherClaimUser' not configured");
+
+ ClaimCollection requestedClaims = createRequestClaimCollection();
+
+ List<URI> expectedClaims = new ArrayList<URI>();
+ expectedClaims.add(ClaimTypes.FIRSTNAME);
+ expectedClaims.add(ClaimTypes.LASTNAME);
+ expectedClaims.add(ClaimTypes.EMAILADDRESS);
+
+ // First user
+ ClaimsParameters params = new ClaimsParameters();
+ params.setPrincipal(new CustomTokenPrincipal(user));
+ ProcessedClaimCollection retrievedClaims =
+ claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+ Assert.isTrue(
+ retrievedClaims.size() == expectedClaims.size(),
+ "Retrieved number of claims [" + retrievedClaims.size()
+ + "] doesn't match with expected [" + expectedClaims.size() + "]"
+ );
+
+ for (ProcessedClaim c : retrievedClaims) {
+ if (expectedClaims.contains(c.getClaimType())) {
+ expectedClaims.remove(c.getClaimType());
+ } else {
+ Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
+ }
+ }
+
+ // Second user
+ params.setPrincipal(new CustomTokenPrincipal(otherUser));
+ retrievedClaims = claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+ expectedClaims.add(ClaimTypes.FIRSTNAME);
+ expectedClaims.add(ClaimTypes.LASTNAME);
+ expectedClaims.add(ClaimTypes.EMAILADDRESS);
+
+ Assert.isTrue(
+ retrievedClaims.size() == expectedClaims.size(),
+ "Retrieved number of claims [" + retrievedClaims.size()
+ + "] doesn't match with expected [" + expectedClaims.size() + "]"
+ );
+
+ for (ProcessedClaim c : retrievedClaims) {
+ if (expectedClaims.contains(c.getClaimType())) {
+ expectedClaims.remove(c.getClaimType());
+ } else {
+ Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
+ }
+ }
+ }
@org.junit.Test(expected = STSException.class)
@org.junit.Ignore
http://git-wip-us.apache.org/repos/asf/cxf/blob/a4222c93/services/sts/sts-core/src/test/resources/ldap.properties
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/resources/ldap.properties b/services/sts/sts-core/src/test/resources/ldap.properties
index 8654096..7ca488b 100644
--- a/services/sts/sts-core/src/test/resources/ldap.properties
+++ b/services/sts/sts-core/src/test/resources/ldap.properties
@@ -17,4 +17,5 @@
# under the License.
#
-claimUser=alice
\ No newline at end of file
+claimUser=alice
+otherClaimUser=bob
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf/blob/a4222c93/services/sts/sts-core/src/test/resources/ldap.xml
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/resources/ldap.xml b/services/sts/sts-core/src/test/resources/ldap.xml
index 601ece2..1d395f8 100644
--- a/services/sts/sts-core/src/test/resources/ldap.xml
+++ b/services/sts/sts-core/src/test/resources/ldap.xml
@@ -35,8 +35,18 @@
<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country" value="c"/>
</util:map>
<bean id="testClaimsHandler" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
- <property name="ldapTemplate" ref="ldapTemplate"/>
- <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping"/>
- <property name="userBaseDN" value="OU=users,DC=emea,DC=mycompany,DC=com"/>
+ <property name="ldapTemplate" ref="ldapTemplate" />
+ <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping" />
+ <property name="userBaseDN" value="OU=users,DC=emea,DC=mycompany,DC=com" />
+ </bean>
+ <bean id="testClaimsHandlerMultipleUserBaseDNs" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
+ <property name="ldapTemplate" ref="ldapTemplate" />
+ <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping" />
+ <property name="userBaseDNs">
+ <list>
+ <value>OU=users,DC=emea,DC=mycompany,DC=com</value>
+ <value>OU=other-users,DC=emea,DC=mycompany,DC=com</value>
+ </list>
+ </property>
</bean>
</beans>
[2/2] git commit: [CXF-5927] Improving ClaimUtils
Posted by jb...@apache.org.
[CXF-5927] Improving ClaimUtils
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/43c65b07
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/43c65b07
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/43c65b07
Branch: refs/heads/master
Commit: 43c65b07658b8041f6689d16a34ff98132b8a424
Parents: a4222c9
Author: Jan Bernhardt <jb...@talend.com>
Authored: Fri Oct 10 20:45:54 2014 +0200
Committer: Jan Bernhardt <jb...@talend.com>
Committed: Fri Oct 10 20:46:34 2014 +0200
----------------------------------------------------------------------
.../cxf/sts/claims/mapper/ClaimUtils.java | 41 ++++++++++++++++++++
1 file changed, 41 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/43c65b07/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
index 61c2284..2ff19c1 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
@@ -22,8 +22,10 @@ package org.apache.cxf.sts.claims.mapper;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import java.util.StringTokenizer;
import org.apache.cxf.sts.claims.ProcessedClaim;
@@ -415,4 +417,43 @@ public class ClaimUtils {
}
return resultClaim;
}
+
+ /**
+ * This function removes duplicated values.
+ *
+ * @param processedClaim claim containing multi-values of which some might be duplicated
+ * @return Returns a clone of the provided claim containing only distinct values
+ */
+ public ProcessedClaim distinctValues(ProcessedClaim processedClaim) {
+ ProcessedClaim resultClaim = null;
+ if (processedClaim != null) {
+ resultClaim = processedClaim.clone();
+ if (resultClaim.getValues() != null) {
+ List<Object> oldValues = resultClaim.getValues();
+ Set<Object> distincValues = new LinkedHashSet<Object>(oldValues);
+ resultClaim.getValues().clear();
+ resultClaim.getValues().addAll(distincValues);
+ }
+ }
+ return resultClaim;
+ }
+
+ /**
+ * Removes Claims without values.
+ *
+ * @param processedClaims Collection of claims with and/or without values
+ * @return Returns a collection of claims which contain values only
+ */
+ public ProcessedClaimCollection removeEmptyClaims(ProcessedClaimCollection processedClaims) {
+ ProcessedClaimCollection resultClaimCollection = null;
+ if (processedClaims != null) {
+ resultClaimCollection = new ProcessedClaimCollection();
+ for (ProcessedClaim c : processedClaims) {
+ if (c.getValues() != null && c.getValues().size() > 0) {
+ resultClaimCollection.add(c);
+ }
+ }
+ }
+ return resultClaimCollection;
+ }
}