This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 384a11f419c06c52ec07d9f7114bb2134c18ba3c
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Wed Sep 12 11:58:47 2018 +0100
CXF-6727 - Parse Claims annotation in a manner independent of the token
---
.../cxf/rt/security/saml/claims/ClaimBean.java | 22 +++++++++++++---------
.../interceptor/ClaimsAuthorizingInterceptor.java | 18 ++++++++----------
.../ClaimsAuthorizingInterceptorTest.java | 2 +-
3 files changed, 22 insertions(+), 20 deletions(-)
diff --git
a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/ClaimBean.java
b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/ClaimBean.java
index f46cb94..3216f7a 100644
---
a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/ClaimBean.java
+++
b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/claims/ClaimBean.java
@@ -18,26 +18,30 @@
*/
package org.apache.cxf.rt.security.saml.claims;
+import org.apache.cxf.rt.security.claims.Claim;
import org.apache.cxf.security.claims.authorization.ClaimMode;
public class ClaimBean {
- private SAMLClaim claim;
- private ClaimMode claimMode;
- private boolean matchAll;
+ private final Claim claim;
+ private final String claimFormat;
+ private final ClaimMode claimMode;
+ private final boolean matchAll;
- public ClaimBean(SAMLClaim claim) {
- this.claim = claim;
- }
-
- public ClaimBean(SAMLClaim claim,
+ public ClaimBean(Claim claim,
+ String claimFormat,
ClaimMode claimMode,
boolean matchAll) {
this.claim = claim;
+ this.claimFormat = claimFormat;
this.claimMode = claimMode;
this.matchAll = matchAll;
}
- public SAMLClaim getClaim() {
+ public String getClaimFormat() {
+ return claimFormat;
+ }
+
+ public Claim getClaim() {
return claim;
}
diff --git
a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptor.java
b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptor.java
index f19471a..c69992a 100644
---
a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptor.java
+++
b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptor.java
@@ -105,12 +105,11 @@ public class ClaimsAuthorizingInterceptor extends
AbstractPhaseInterceptor<Messa
org.apache.cxf.rt.security.claims.ClaimCollection actualClaims =
sc.getClaims();
for (ClaimBean claimBean : list) {
- org.apache.cxf.rt.security.claims.Claim claim =
claimBean.getClaim();
org.apache.cxf.rt.security.claims.Claim matchingClaim = null;
for (org.apache.cxf.rt.security.claims.Claim cl : actualClaims) {
if (cl instanceof SAMLClaim
- &&
((SAMLClaim)cl).getName().equals(((SAMLClaim)claim).getName())
- &&
((SAMLClaim)cl).getNameFormat().equals(((SAMLClaim)claim).getNameFormat())) {
+ &&
((SAMLClaim)cl).getName().equals(claimBean.getClaim().getClaimType())
+ &&
((SAMLClaim)cl).getNameFormat().equals(claimBean.getClaimFormat())) {
matchingClaim = cl;
break;
}
@@ -121,7 +120,7 @@ public class ClaimsAuthorizingInterceptor extends
AbstractPhaseInterceptor<Messa
}
continue;
}
- List<Object> claimValues = claim.getValues();
+ List<Object> claimValues = claimBean.getClaim().getValues();
List<Object> matchingClaimValues = matchingClaim.getValues();
if (claimBean.isMatchAll()
&& !matchingClaimValues.containsAll(claimValues)) {
@@ -189,8 +188,8 @@ public class ClaimsAuthorizingInterceptor extends
AbstractPhaseInterceptor<Messa
private static boolean isClaimOverridden(ClaimBean bean, List<ClaimBean>
mClaims) {
for (ClaimBean methodBean : mClaims) {
- if
(bean.getClaim().getName().equals(methodBean.getClaim().getName())
- &&
bean.getClaim().getNameFormat().equals(methodBean.getClaim().getNameFormat())) {
+ if
(bean.getClaim().getClaimType().equals(methodBean.getClaim().getClaimType())
+ && bean.getClaimFormat().equals(methodBean.getClaimFormat())) {
return true;
}
}
@@ -208,7 +207,7 @@ public class ClaimsAuthorizingInterceptor extends
AbstractPhaseInterceptor<Messa
annClaims.add(claimAnn);
}
for (Claim ann : annClaims) {
- SAMLClaim claim = new SAMLClaim();
+ org.apache.cxf.rt.security.claims.Claim claim = new
org.apache.cxf.rt.security.claims.Claim();
String claimName = ann.name();
if (nameAliases.containsKey(claimName)) {
@@ -219,13 +218,12 @@ public class ClaimsAuthorizingInterceptor extends
AbstractPhaseInterceptor<Messa
claimFormat = formatAliases.get(claimFormat);
}
- claim.setName(claimName);
- claim.setNameFormat(claimFormat);
+ claim.setClaimType(claimName);
for (String value : ann.value()) {
claim.addValue(value);
}
- claimsList.add(new ClaimBean(claim, ann.mode(), ann.matchAll()));
+ claimsList.add(new ClaimBean(claim, claimFormat, ann.mode(),
ann.matchAll()));
}
return claimsList;
}
diff --git
a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptorTest.java
b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptorTest.java
index e35bb56..5e6b14b 100644
---
a/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptorTest.java
+++
b/rt/security-saml/src/test/java/org/apache/cxf/rt/security/saml/interceptor/ClaimsAuthorizingInterceptorTest.java
@@ -189,7 +189,7 @@ public class ClaimsAuthorizingInterceptorTest extends
Assert {
claim.addValue("c");
in2.setClaims(Collections.singletonMap("test",
Collections.singletonList(
- new ClaimBean(claim))));
+ new ClaimBean(claim, "a", null, false))));
in2.handleMessage(m);
try {
