This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 1.4.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit 7c6fa3043028886db2a7f3812e96ef9dca0a657a Author: Juerg Portmann <[email protected]> AuthorDate: Tue Mar 6 15:15:00 2018 +0100 Adding custom claim transformation support to fediz plugin --- .../apache/cxf/fediz/core/config/FedizContext.java | 38 ++++++++++++++++++++++ .../core/processor/FederationProcessorImpl.java | 10 +++++- .../src/main/resources/schemas/FedizConfig.xsd | 11 +++++++ .../fediz/core/config/FedizConfigurationTest.java | 7 ++++ systests/cxf/src/test/resources/fediz_config.xml | 7 ++-- .../cxfWebapp/src/main/resources/fediz_config.xml | 7 ++-- 6 files changed, 73 insertions(+), 7 deletions(-) diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java index 17014c0..4c92994 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java @@ -32,8 +32,10 @@ import java.util.List; import java.util.Properties; import java.util.regex.Pattern; +import org.apache.cxf.fediz.core.config.jaxb.ArgumentType; import org.apache.cxf.fediz.core.config.jaxb.CallbackType; import org.apache.cxf.fediz.core.config.jaxb.CertificateStores; +import org.apache.cxf.fediz.core.config.jaxb.ClaimsTransformerType; import org.apache.cxf.fediz.core.config.jaxb.ContextConfig; import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType; import org.apache.cxf.fediz.core.config.jaxb.KeyManagersType; @@ -44,6 +46,7 @@ import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType; import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType; import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers; import org.apache.cxf.fediz.core.exception.IllegalConfigurationException; +import org.apache.cxf.fediz.core.processor.ClaimsProcessor; import org.apache.cxf.fediz.core.util.CertsUtils; import org.apache.wss4j.common.cache.ReplayCache; import org.apache.wss4j.common.cache.ReplayCacheFactory; @@ -260,6 +263,41 @@ public class FedizContext implements Closeable { return replayCache; } + public ClaimsProcessor getClaimsTransformer() { + ClaimsTransformerType claimsTransformerType = config.getClaimsTransformer(); + if (claimsTransformerType != null) { + ArgumentType type = claimsTransformerType.getType(); + if (type.equals(ArgumentType.CLASS)) { + String clazzName = type.value(); + Class<?> clazz; + try { + clazz = getClassloader().loadClass(clazzName); + Object obj = clazz.newInstance(); + if (obj instanceof ClaimsProcessor) { + return (ClaimsProcessor) obj; + } else { + LOG.error("The configured ClaimsTransformer is not an instance of ClaimsProcessor !"); + return null; + } + + } catch (ClassNotFoundException e) { + LOG.error("The specified ClaimsTransformer can not be found. Check your classpath"); + return null; + + } catch (InstantiationException e) { + LOG.error("The specified ClaimsTransformer can not be instantiated."); + return null; + + } catch (IllegalAccessException e) { + LOG.error("The specified ClaimsTransformer can not be accessed."); + return null; + } + + } + } + return null; + } + public String getName() { return config.getName(); } diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java index 595a457..31e4799 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java @@ -44,6 +44,8 @@ import javax.servlet.http.HttpServletRequest; import org.w3c.dom.Document; import org.w3c.dom.Element; + +import org.apache.cxf.fediz.core.Claim; import org.apache.cxf.fediz.core.FederationConstants; import org.apache.cxf.fediz.core.RequestState; import org.apache.cxf.fediz.core.TokenValidator; @@ -218,8 +220,14 @@ public class FederationProcessorImpl extends AbstractFedizProcessor { created = lifeTime.getCreated(); } + List<Claim> claims = validatorResponse.getClaims(); + if (config.getClaimsTransformer() != null) { + LOG.debug("invoking ClaimsTransformer"); + claims = config.getClaimsTransformer().processClaims(validatorResponse.getClaims()); + } + FedizResponse fedResponse = new FedizResponse(validatorResponse.getUsername(), validatorResponse.getIssuer(), - validatorResponse.getRoles(), validatorResponse.getClaims(), + validatorResponse.getRoles(), claims, validatorResponse.getAudience(), created, expires, rst, validatorResponse.getUniqueTokenId()); diff --git a/plugins/core/src/main/resources/schemas/FedizConfig.xsd b/plugins/core/src/main/resources/schemas/FedizConfig.xsd index 3b039a8..97cea11 100644 --- a/plugins/core/src/main/resources/schemas/FedizConfig.xsd +++ b/plugins/core/src/main/resources/schemas/FedizConfig.xsd @@ -28,6 +28,7 @@ <xs:element ref="logoutURL" minOccurs="0" /> <xs:element ref="logoutRedirectTo" minOccurs="0" /> <xs:element ref="logoutRedirectToConstraint" minOccurs="0" /> + <xs:element ref="claimsTransformer" minOccurs="0" /> </xs:sequence> <xs:attribute name="name" use="required" type="xs:string" /> @@ -222,6 +223,16 @@ </xs:annotation> </xs:element> + <xs:complexType name="ClaimsTransformerType"> + <xs:simpleContent> + <xs:extension base="xs:string"> + <xs:attribute name="type" type="argumentType" /> + </xs:extension> + </xs:simpleContent> + </xs:complexType> + + <xs:element name="claimsTransformer" type="ClaimsTransformerType" /> + <xs:element name="issuer" type="CallbackType" /> <xs:element name="homeRealm" type="CallbackType" /> <xs:element name="authenticationType" type="CallbackType" /> diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java index 9b25e26..347cede 100644 --- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java +++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/config/FedizConfigurationTest.java @@ -35,6 +35,7 @@ import org.apache.cxf.fediz.core.config.jaxb.CallbackType; import org.apache.cxf.fediz.core.config.jaxb.CertificateStores; import org.apache.cxf.fediz.core.config.jaxb.ClaimType; import org.apache.cxf.fediz.core.config.jaxb.ClaimTypesRequested; +import org.apache.cxf.fediz.core.config.jaxb.ClaimsTransformerType; import org.apache.cxf.fediz.core.config.jaxb.ContextConfig; import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType; import org.apache.cxf.fediz.core.config.jaxb.FedizConfig; @@ -84,6 +85,7 @@ public class FedizConfigurationTest { private static final String SUBJECT_VALUE_2 = ".*CN=www.sts2.com.*"; private static final String SUBJECT_VALUE_3 = ".*CN=www.sts3.com.*"; + private static final String CLAIMSTRANFORMER_CLASS = "org.apache.fediz.MyClaimsTransformer.class"; private static final String CONFIG_FILE = "./target/fedizconfig.xml"; @@ -213,6 +215,11 @@ public class FedizConfigurationTest { issuer.setValue(ISSUER); protocol.setIssuer(issuer); + ClaimsTransformerType claimsTransformer = new ClaimsTransformerType(); + claimsTransformer.setType(ArgumentType.CLASS); + claimsTransformer.setValue(CLAIMSTRANFORMER_CLASS); + config.setClaimsTransformer(claimsTransformer); + return rootConfig; } diff --git a/systests/cxf/src/test/resources/fediz_config.xml b/systests/cxf/src/test/resources/fediz_config.xml index dc30ea6..5f87c36 100644 --- a/systests/cxf/src/test/resources/fediz_config.xml +++ b/systests/cxf/src/test/resources/fediz_config.xml @@ -49,13 +49,14 @@ <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm> <claimTypesRequested> <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; optional="false" /> - <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; optional="true" /> - <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; optional="true" /> - <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; optional="true" /> + <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; optional="true" /> + <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; optional="true" /> + <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; optional="true" /> </claimTypesRequested> </protocol> <logoutURL>/secure/logout</logoutURL> <logoutRedirectTo>/index.html</logoutRedirectTo> + <claimsTransformer type="Class">org.apache.cxf.fediz.systests.cxf.ClaimTransformerTest</claimsTransformer> </contextConfig> </FedizConfig> diff --git a/systests/webapps/cxfWebapp/src/main/resources/fediz_config.xml b/systests/webapps/cxfWebapp/src/main/resources/fediz_config.xml index f73ae4d..a30b0d5 100644 --- a/systests/webapps/cxfWebapp/src/main/resources/fediz_config.xml +++ b/systests/webapps/cxfWebapp/src/main/resources/fediz_config.xml @@ -46,13 +46,14 @@ <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm> <claimTypesRequested> <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; optional="false" /> - <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; optional="true" /> - <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; optional="true" /> - <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; optional="true" /> + <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; optional="true" /> + <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; optional="true" /> + <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; optional="true" /> </claimTypesRequested> </protocol> <logoutURL>/secure/logout</logoutURL> <logoutRedirectTo>/index.html</logoutRedirectTo> + <claimsTransformer type="Class">org.apache.cxf.fediz.systests.cxf.ClaimTransformerTest</claimsTransformer> </contextConfig> </FedizConfig>
