This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 384a11f419c06c52ec07d9f7114bb2134c18ba3c Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Wed Sep 12 11:58:47 2018 +0100 CXF-6727 - Parse Claims annotation in a manner independent of the token --- .../cxf/rt/security/saml/claims/ClaimBean.java | 22 +++++++++++++--------- .../interceptor/ClaimsAuthorizingInterceptor.java | 18 ++++++++---------- .../ClaimsAuthorizingInterceptorTest.java | 2 +- 3 files changed, 22 insertions(+), 20 deletions(-) diff --git a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/ClaimBean.java b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/ClaimBean.java index f46cb94..3216f7a 100644 --- a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/ClaimBean.java +++ b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/ClaimBean.java @@ -18,26 +18,30 @@ */ package org.apache.cxf.rt.security.saml.claims; +import org.apache.cxf.rt.security.claims.Claim; import org.apache.cxf.security.claims.authorization.ClaimMode; public class ClaimBean { - private SAMLClaim claim; - private ClaimMode claimMode; - private boolean matchAll; + private final Claim claim; + private final String claimFormat; + private final ClaimMode claimMode; + private final boolean matchAll; - public ClaimBean(SAMLClaim claim) { - this.claim = claim; - } - - public ClaimBean(SAMLClaim claim, + public ClaimBean(Claim claim, + String claimFormat, ClaimMode claimMode, boolean matchAll) { this.claim = claim; + this.claimFormat = claimFormat; this.claimMode = claimMode; this.matchAll = matchAll; } - public SAMLClaim getClaim() { + public String getClaimFormat() { + return claimFormat; + } + + public Claim getClaim() { return claim; } diff --git a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptor.java b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptor.java index f19471a..c69992a 100644 --- a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptor.java +++ b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptor.java @@ -105,12 +105,11 @@ public class ClaimsAuthorizingInterceptor extends AbstractPhaseInterceptor<Messa org.apache.cxf.rt.security.claims.ClaimCollection actualClaims = sc.getClaims(); for (ClaimBean claimBean : list) { - org.apache.cxf.rt.security.claims.Claim claim = claimBean.getClaim(); org.apache.cxf.rt.security.claims.Claim matchingClaim = null; for (org.apache.cxf.rt.security.claims.Claim cl : actualClaims) { if (cl instanceof SAMLClaim - && ((SAMLClaim)cl).getName().equals(((SAMLClaim)claim).getName()) - && ((SAMLClaim)cl).getNameFormat().equals(((SAMLClaim)claim).getNameFormat())) { + && ((SAMLClaim)cl).getName().equals(claimBean.getClaim().getClaimType()) + && ((SAMLClaim)cl).getNameFormat().equals(claimBean.getClaimFormat())) { matchingClaim = cl; break; } @@ -121,7 +120,7 @@ public class ClaimsAuthorizingInterceptor extends AbstractPhaseInterceptor<Messa } continue; } - List<Object> claimValues = claim.getValues(); + List<Object> claimValues = claimBean.getClaim().getValues(); List<Object> matchingClaimValues = matchingClaim.getValues(); if (claimBean.isMatchAll() && !matchingClaimValues.containsAll(claimValues)) { @@ -189,8 +188,8 @@ public class ClaimsAuthorizingInterceptor extends AbstractPhaseInterceptor<Messa private static boolean isClaimOverridden(ClaimBean bean, List<ClaimBean> mClaims) { for (ClaimBean methodBean : mClaims) { - if (bean.getClaim().getName().equals(methodBean.getClaim().getName()) - && bean.getClaim().getNameFormat().equals(methodBean.getClaim().getNameFormat())) { + if (bean.getClaim().getClaimType().equals(methodBean.getClaim().getClaimType()) + && bean.getClaimFormat().equals(methodBean.getClaimFormat())) { return true; } } @@ -208,7 +207,7 @@ public class ClaimsAuthorizingInterceptor extends AbstractPhaseInterceptor<Messa annClaims.add(claimAnn); } for (Claim ann : annClaims) { - SAMLClaim claim = new SAMLClaim(); + org.apache.cxf.rt.security.claims.Claim claim = new org.apache.cxf.rt.security.claims.Claim(); String claimName = ann.name(); if (nameAliases.containsKey(claimName)) { @@ -219,13 +218,12 @@ public class ClaimsAuthorizingInterceptor extends AbstractPhaseInterceptor<Messa claimFormat = formatAliases.get(claimFormat); } - claim.setName(claimName); - claim.setNameFormat(claimFormat); + claim.setClaimType(claimName); for (String value : ann.value()) { claim.addValue(value); } - claimsList.add(new ClaimBean(claim, ann.mode(), ann.matchAll())); + claimsList.add(new ClaimBean(claim, claimFormat, ann.mode(), ann.matchAll())); } return claimsList; } diff --git a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptorTest.java b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptorTest.java index e35bb56..5e6b14b 100644 --- a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptorTest.java +++ b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptorTest.java @@ -189,7 +189,7 @@ public class ClaimsAuthorizingInterceptorTest extends Assert { claim.addValue("c"); in2.setClaims(Collections.singletonMap("test", Collections.singletonList( - new ClaimBean(claim)))); + new ClaimBean(claim, "a", null, false)))); in2.handleMessage(m); try {