Repository: cxf-fediz
Updated Branches:
  refs/heads/1.4.x-fixes f71e62006 -> 8a1e688ec


Temporarily revert to CXF 3.1.12


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/8a1e688e
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/8a1e688e
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/8a1e688e

Branch: refs/heads/1.4.x-fixes
Commit: 8a1e688ec57a99d648316dafc989f65930a10d46
Parents: f71e620
Author: Colm O hEigeartaigh <cohei...@apache.org>
Authored: Wed Aug 9 15:58:44 2017 +0100
Committer: Colm O hEigeartaigh <cohei...@apache.org>
Committed: Wed Aug 9 15:58:44 2017 +0100

----------------------------------------------------------------------
 pom.xml                                         |  2 +-
 .../fediz/service/oidc/FedizSubjectCreator.java | 62 +++++++++++++++++---
 2 files changed, 55 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/8a1e688e/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 58ed206..998dfe3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -44,7 +44,7 @@
         <commons.logging.version>1.2</commons.logging.version>
         <commons.io.version>2.5</commons.io.version>
         <commons.validator.version>1.6</commons.validator.version>
-        <cxf.version>3.1.13-SNAPSHOT</cxf.version>
+        <cxf.version>3.1.12</cxf.version>
         <cxf.build-utils.version>3.2.0</cxf.build-utils.version>
         <dbcp.version>2.1.1</dbcp.version>
         <easymock.version>3.4</easymock.version>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/8a1e688e/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
----------------------------------------------------------------------
diff --git 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
index 3708fca..d0309c2 100644
--- 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
+++ 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java
@@ -22,6 +22,7 @@ import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -40,9 +41,9 @@ import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.provider.SubjectCreator;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oidc.common.AbstractUserInfo;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
 import org.apache.cxf.rs.security.oidc.idp.OidcUserSubject;
-import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
@@ -53,6 +54,39 @@ import org.opensaml.saml.saml2.core.Issuer;
 
 public class FedizSubjectCreator implements SubjectCreator {
     private static final String ROLES_SCOPE = "roles";
+
+    private static final String PROFILE_SCOPE = "profile";
+    private static final String EMAIL_SCOPE = "email";
+    private static final String ADDRESS_SCOPE = "address";
+    private static final String PHONE_SCOPE = "phone";
+    private static final List<String> PROFILE_CLAIMS = 
Arrays.asList(AbstractUserInfo.NAME_CLAIM,
+                                                                    
AbstractUserInfo.FAMILY_NAME_CLAIM,
+                                                                    
AbstractUserInfo.GIVEN_NAME_CLAIM,
+                                                                    
AbstractUserInfo.MIDDLE_NAME_CLAIM,
+                                                                    
AbstractUserInfo.NICKNAME_CLAIM,
+                                                                    
AbstractUserInfo.PREFERRED_USERNAME_CLAIM,
+                                                                    
AbstractUserInfo.PROFILE_CLAIM,
+                                                                    
AbstractUserInfo.PICTURE_CLAIM,
+                                                                    
AbstractUserInfo.WEBSITE_CLAIM,
+                                                                    
AbstractUserInfo.GENDER_CLAIM,
+                                                                    
AbstractUserInfo.BIRTHDATE_CLAIM,
+                                                                    
AbstractUserInfo.ZONEINFO_CLAIM,
+                                                                    
AbstractUserInfo.LOCALE_CLAIM,
+                                                                    
AbstractUserInfo.UPDATED_AT_CLAIM);
+    private static final List<String> EMAIL_CLAIMS = 
Arrays.asList(AbstractUserInfo.EMAIL_CLAIM,
+                                                                  
AbstractUserInfo.EMAIL_VERIFIED_CLAIM);
+    private static final List<String> ADDRESS_CLAIMS = 
Arrays.asList(AbstractUserInfo.ADDRESS_CLAIM);
+    private static final List<String> PHONE_CLAIMS = 
Arrays.asList(AbstractUserInfo.PHONE_CLAIM);
+
+    private static final Map<String, List<String>> SCOPES_MAP;
+    static {
+        SCOPES_MAP = new HashMap<>();
+        SCOPES_MAP.put(PHONE_SCOPE, PHONE_CLAIMS);
+        SCOPES_MAP.put(EMAIL_SCOPE, EMAIL_CLAIMS);
+        SCOPES_MAP.put(ADDRESS_SCOPE, ADDRESS_CLAIMS);
+        SCOPES_MAP.put(PROFILE_SCOPE, PROFILE_CLAIMS);
+    }
+
     private String issuer;
     private long defaultTimeToLive = 3600L;
     private Map<String, String> supportedClaims = Collections.emptyMap();
@@ -166,9 +200,9 @@ public class FedizSubjectCreator implements SubjectCreator {
             //TODO: Note that if the consent screen enabled then it is feasible
             // that the claims added in this code after mapping the scopes to 
claims
             // may need to be removed if the user disapproves the related scope
-            
+
             // standard scope to claims mapping:
-            requestedClaimsList.addAll(OidcUtils.getScopeClaims(scopes));
+            requestedClaimsList.addAll(getScopeClaims(scopes));
             // custom scopes to claims mapping
             requestedClaimsList.addAll(getCustomScopeClaims(scopes));
         }
@@ -205,29 +239,41 @@ public class FedizSubjectCreator implements 
SubjectCreator {
             }
         }
 
-        if (roles != null && !roles.isEmpty() 
+        if (roles != null && !roles.isEmpty()
             && 
supportedClaims.containsKey(FedizConstants.DEFAULT_ROLE_URI.toString())) {
-            
+
             String roleClaimName = 
supportedClaims.get(FedizConstants.DEFAULT_ROLE_URI.toString());
             if (requestedClaimsList.contains(roleClaimName)) {
                 idToken.setClaim(roleClaimName, roles);
-            }            
+            }
         }
 
         return idToken;
     }
 
+    private static List<String> getScopeClaims(String... scope) {
+        List<String> claims = new ArrayList<>();
+        if (scope != null) {
+            for (String s : scope) {
+                if (SCOPES_MAP.containsKey(s)) {
+                    claims.addAll(SCOPES_MAP.get(s));
+                }
+            }
+        }
+        return claims;
+    }
+
 
     private List<String> getCustomScopeClaims(String[] scopes) {
         // For now the only custom scope (to claims) mapping Fediz supports is
         // roles where the scope name is expected to be 'roles' and the role 
name must be configured
         String roleClaimName = 
supportedClaims.get(FedizConstants.DEFAULT_ROLE_URI.toString());
         if (roleClaimName != null && 
Arrays.asList(scopes).contains(ROLES_SCOPE)) {
-            return Collections.singletonList(roleClaimName);    
+            return Collections.singletonList(roleClaimName);
         } else {
             return Collections.emptyList();
         }
-        
+
     }
 
     private Assertion getSaml2Assertion(Element samlToken) {

Reply via email to