You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/08/09 14:58:54 UTC
cxf-fediz git commit: Temporarily revert to CXF 3.1.12
Repository: cxf-fediz
Updated Branches:
refs/heads/1.4.x-fixes f71e62006 -> 8a1e688ec
Temporarily revert to CXF 3.1.12
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/8a1e688e
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/8a1e688e
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/8a1e688e
Branch: refs/heads/1.4.x-fixes
Commit: 8a1e688ec57a99d648316dafc989f65930a10d46
Parents: f71e620
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Aug 9 15:58:44 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Aug 9 15:58:44 2017 +0100
----------------------------------------------------------------------
pom.xml | 2 +-
.../fediz/service/oidc/FedizSubjectCreator.java | 62 +++++++++++++++++---
2 files changed, 55 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/8a1e688e/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 58ed206..998dfe3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -44,7 +44,7 @@
<commons.logging.version>1.2</commons.logging.version>
<commons.io.version>2.5</commons.io.version>
<commons.validator.version>1.6</commons.validator.version>
- <cxf.version>3.1.13-SNAPSHOT</cxf.version>
+ <cxf.version>3.1.12</cxf.version>
<cxf.build-utils.version>3.2.0</cxf.build-utils.version>
<dbcp.version>2.1.1</dbcp.version>
<easymock.version>3.4</easymock.version>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/8a1e688e/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
index 3708fca..d0309c2 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
@@ -22,6 +22,7 @@ import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -40,9 +41,9 @@ import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.provider.SubjectCreator;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oidc.common.AbstractUserInfo;
import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.rs.security.oidc.idp.OidcUserSubject;
-import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
import org.apache.cxf.rt.security.crypto.CryptoUtils;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
@@ -53,6 +54,39 @@ import org.opensaml.saml.saml2.core.Issuer;
public class FedizSubjectCreator implements SubjectCreator {
private static final String ROLES_SCOPE = "roles";
+
+ private static final String PROFILE_SCOPE = "profile";
+ private static final String EMAIL_SCOPE = "email";
+ private static final String ADDRESS_SCOPE = "address";
+ private static final String PHONE_SCOPE = "phone";
+ private static final List<String> PROFILE_CLAIMS = Arrays.asList(AbstractUserInfo.NAME_CLAIM,
+ AbstractUserInfo.FAMILY_NAME_CLAIM,
+ AbstractUserInfo.GIVEN_NAME_CLAIM,
+ AbstractUserInfo.MIDDLE_NAME_CLAIM,
+ AbstractUserInfo.NICKNAME_CLAIM,
+ AbstractUserInfo.PREFERRED_USERNAME_CLAIM,
+ AbstractUserInfo.PROFILE_CLAIM,
+ AbstractUserInfo.PICTURE_CLAIM,
+ AbstractUserInfo.WEBSITE_CLAIM,
+ AbstractUserInfo.GENDER_CLAIM,
+ AbstractUserInfo.BIRTHDATE_CLAIM,
+ AbstractUserInfo.ZONEINFO_CLAIM,
+ AbstractUserInfo.LOCALE_CLAIM,
+ AbstractUserInfo.UPDATED_AT_CLAIM);
+ private static final List<String> EMAIL_CLAIMS = Arrays.asList(AbstractUserInfo.EMAIL_CLAIM,
+ AbstractUserInfo.EMAIL_VERIFIED_CLAIM);
+ private static final List<String> ADDRESS_CLAIMS = Arrays.asList(AbstractUserInfo.ADDRESS_CLAIM);
+ private static final List<String> PHONE_CLAIMS = Arrays.asList(AbstractUserInfo.PHONE_CLAIM);
+
+ private static final Map<String, List<String>> SCOPES_MAP;
+ static {
+ SCOPES_MAP = new HashMap<>();
+ SCOPES_MAP.put(PHONE_SCOPE, PHONE_CLAIMS);
+ SCOPES_MAP.put(EMAIL_SCOPE, EMAIL_CLAIMS);
+ SCOPES_MAP.put(ADDRESS_SCOPE, ADDRESS_CLAIMS);
+ SCOPES_MAP.put(PROFILE_SCOPE, PROFILE_CLAIMS);
+ }
+
private String issuer;
private long defaultTimeToLive = 3600L;
private Map<String, String> supportedClaims = Collections.emptyMap();
@@ -166,9 +200,9 @@ public class FedizSubjectCreator implements SubjectCreator {
//TODO: Note that if the consent screen enabled then it is feasible
// that the claims added in this code after mapping the scopes to claims
// may need to be removed if the user disapproves the related scope
-
+
// standard scope to claims mapping:
- requestedClaimsList.addAll(OidcUtils.getScopeClaims(scopes));
+ requestedClaimsList.addAll(getScopeClaims(scopes));
// custom scopes to claims mapping
requestedClaimsList.addAll(getCustomScopeClaims(scopes));
}
@@ -205,29 +239,41 @@ public class FedizSubjectCreator implements SubjectCreator {
}
}
- if (roles != null && !roles.isEmpty()
+ if (roles != null && !roles.isEmpty()
&& supportedClaims.containsKey(FedizConstants.DEFAULT_ROLE_URI.toString())) {
-
+
String roleClaimName = supportedClaims.get(FedizConstants.DEFAULT_ROLE_URI.toString());
if (requestedClaimsList.contains(roleClaimName)) {
idToken.setClaim(roleClaimName, roles);
- }
+ }
}
return idToken;
}
+ private static List<String> getScopeClaims(String... scope) {
+ List<String> claims = new ArrayList<>();
+ if (scope != null) {
+ for (String s : scope) {
+ if (SCOPES_MAP.containsKey(s)) {
+ claims.addAll(SCOPES_MAP.get(s));
+ }
+ }
+ }
+ return claims;
+ }
+
private List<String> getCustomScopeClaims(String[] scopes) {
// For now the only custom scope (to claims) mapping Fediz supports is
// roles where the scope name is expected to be 'roles' and the role name must be configured
String roleClaimName = supportedClaims.get(FedizConstants.DEFAULT_ROLE_URI.toString());
if (roleClaimName != null && Arrays.asList(scopes).contains(ROLES_SCOPE)) {
- return Collections.singletonList(roleClaimName);
+ return Collections.singletonList(roleClaimName);
} else {
return Collections.emptyList();
}
-
+
}
private Assertion getSaml2Assertion(Element samlToken) {