Repository: cxf-fediz Updated Branches: refs/heads/1.4.x-fixes 5decec2ec -> e22353152
Revert "Temporarily revert to CXF 3.1.12" This reverts commit 8a1e688ec57a99d648316dafc989f65930a10d46. Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e2235315 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e2235315 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e2235315 Branch: refs/heads/1.4.x-fixes Commit: e2235315276930b3bfe28f39df596d0abb4c7d2c Parents: 5decec2 Author: Colm O hEigeartaigh <[email protected]> Authored: Tue Sep 5 16:59:47 2017 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Tue Sep 5 16:59:47 2017 +0100 ---------------------------------------------------------------------- .../fediz/service/oidc/FedizSubjectCreator.java | 62 +++----------------- 1 file changed, 8 insertions(+), 54 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e2235315/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java index a4b2161..eb495f9 100644 --- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizSubjectCreator.java @@ -22,7 +22,6 @@ import java.security.Principal; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; -import java.util.HashMap; import java.util.List; import java.util.Map; @@ -40,9 +39,9 @@ import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.provider.SubjectCreator; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; -import org.apache.cxf.rs.security.oidc.common.AbstractUserInfo; import org.apache.cxf.rs.security.oidc.common.IdToken; import org.apache.cxf.rs.security.oidc.idp.OidcUserSubject; +import org.apache.cxf.rs.security.oidc.utils.OidcUtils; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.joda.time.DateTime; @@ -52,39 +51,6 @@ import org.opensaml.saml.saml2.core.Issuer; public class FedizSubjectCreator implements SubjectCreator { private static final String ROLES_SCOPE = "roles"; - - private static final String PROFILE_SCOPE = "profile"; - private static final String EMAIL_SCOPE = "email"; - private static final String ADDRESS_SCOPE = "address"; - private static final String PHONE_SCOPE = "phone"; - private static final List<String> PROFILE_CLAIMS = Arrays.asList(AbstractUserInfo.NAME_CLAIM, - AbstractUserInfo.FAMILY_NAME_CLAIM, - AbstractUserInfo.GIVEN_NAME_CLAIM, - AbstractUserInfo.MIDDLE_NAME_CLAIM, - AbstractUserInfo.NICKNAME_CLAIM, - AbstractUserInfo.PREFERRED_USERNAME_CLAIM, - AbstractUserInfo.PROFILE_CLAIM, - AbstractUserInfo.PICTURE_CLAIM, - AbstractUserInfo.WEBSITE_CLAIM, - AbstractUserInfo.GENDER_CLAIM, - AbstractUserInfo.BIRTHDATE_CLAIM, - AbstractUserInfo.ZONEINFO_CLAIM, - AbstractUserInfo.LOCALE_CLAIM, - AbstractUserInfo.UPDATED_AT_CLAIM); - private static final List<String> EMAIL_CLAIMS = Arrays.asList(AbstractUserInfo.EMAIL_CLAIM, - AbstractUserInfo.EMAIL_VERIFIED_CLAIM); - private static final List<String> ADDRESS_CLAIMS = Arrays.asList(AbstractUserInfo.ADDRESS_CLAIM); - private static final List<String> PHONE_CLAIMS = Arrays.asList(AbstractUserInfo.PHONE_CLAIM); - - private static final Map<String, List<String>> SCOPES_MAP; - static { - SCOPES_MAP = new HashMap<>(); - SCOPES_MAP.put(PHONE_SCOPE, PHONE_CLAIMS); - SCOPES_MAP.put(EMAIL_SCOPE, EMAIL_CLAIMS); - SCOPES_MAP.put(ADDRESS_SCOPE, ADDRESS_CLAIMS); - SCOPES_MAP.put(PROFILE_SCOPE, PROFILE_CLAIMS); - } - private String issuer; private long defaultTimeToLive = 3600L; private Map<String, String> supportedClaims = Collections.emptyMap(); @@ -194,9 +160,9 @@ public class FedizSubjectCreator implements SubjectCreator { //TODO: Note that if the consent screen enabled then it is feasible // that the claims added in this code after mapping the scopes to claims // may need to be removed if the user disapproves the related scope - + // standard scope to claims mapping: - requestedClaimsList.addAll(getScopeClaims(scopes)); + requestedClaimsList.addAll(OidcUtils.getScopeClaims(scopes)); // custom scopes to claims mapping requestedClaimsList.addAll(getCustomScopeClaims(scopes)); } @@ -233,41 +199,29 @@ public class FedizSubjectCreator implements SubjectCreator { } } - if (roles != null && !roles.isEmpty() + if (roles != null && !roles.isEmpty() && supportedClaims.containsKey(FedizConstants.DEFAULT_ROLE_URI.toString())) { - + String roleClaimName = supportedClaims.get(FedizConstants.DEFAULT_ROLE_URI.toString()); if (requestedClaimsList.contains(roleClaimName)) { idToken.setClaim(roleClaimName, roles); - } + } } return idToken; } - private static List<String> getScopeClaims(String... scope) { - List<String> claims = new ArrayList<>(); - if (scope != null) { - for (String s : scope) { - if (SCOPES_MAP.containsKey(s)) { - claims.addAll(SCOPES_MAP.get(s)); - } - } - } - return claims; - } - private List<String> getCustomScopeClaims(String[] scopes) { // For now the only custom scope (to claims) mapping Fediz supports is // roles where the scope name is expected to be 'roles' and the role name must be configured String roleClaimName = supportedClaims.get(FedizConstants.DEFAULT_ROLE_URI.toString()); if (roleClaimName != null && Arrays.asList(scopes).contains(ROLES_SCOPE)) { - return Collections.singletonList(roleClaimName); + return Collections.singletonList(roleClaimName); } else { return Collections.emptyList(); } - + } private Assertion getSaml2Assertion(Element samlToken) {
