You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ow...@apache.org on 2013/05/24 21:54:01 UTC
svn commit: r1486200 -
/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
Author: owulff
Date: Fri May 24 19:54:01 2013
New Revision: 1486200
URL: http://svn.apache.org/r1486200
Log:
Support adding full group name to SAML token for filtered group list
Modified:
cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
Modified: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java?rev=1486200&r1=1486199&r2=1486200&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java (original)
+++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java Fri May 24 19:54:01 2013
@@ -54,8 +54,17 @@ public class LdapGroupClaimsHandler impl
private String groupNameGlobalFilter = ROLE;
private String groupNameScopedFilter = SCOPE + "_" + ROLE;
private Map<String, String> appliesToScopeMapping;
+ private boolean useFullGroupNameAsValue = false;
+ public boolean isUseFullGroupNameAsValue() {
+ return useFullGroupNameAsValue;
+ }
+
+ public void setUseFullGroupNameAsValue(boolean useFullGroupNameAsValue) {
+ this.useFullGroupNameAsValue = useFullGroupNameAsValue;
+ }
+
public String getUserObjectClass() {
return userObjectClass;
}
@@ -251,14 +260,26 @@ public class LdapGroupClaimsHandler impl
// Demo_User -> Role=User
// Demo_Admin -> Role=Admin
String filter = this.groupNameScopedFilter;
- filteredGroups.add(parseRole(group, filter.replaceAll(SCOPE, scope)));
+ String role = null;
+ if (isUseFullGroupNameAsValue()) {
+ role = group;
+ } else {
+ role = parseRole(group, filter.replaceAll(SCOPE, scope));
+ }
+ filteredGroups.add(role);
} else {
if (globalPattern.matcher(group).matches()) {
//Group matches the global filter
//ex. (default groupNameGlobalFilter)
// User -> Role=User
// Admin -> Role=Admin
- filteredGroups.add(parseRole(group, this.groupNameGlobalFilter));
+ String role = null;
+ if (isUseFullGroupNameAsValue()) {
+ role = group;
+ } else {
+ role = parseRole(group, this.groupNameGlobalFilter);
+ }
+ filteredGroups.add(role);
} else {
LOG.finer("Group '" + group + "' doesn't match scoped and global group filter");
}