[GitHub] [guacamole-client] mike-jumper commented on a change in pull request #303: GUACAMOLE-579: Get user attributes from CAS ticket

Thu, 20 Jun 2019 16:09:31 -0700 

mike-jumper commented on a change in pull request #303: GUACAMOLE-579: Get user 
attributes from CAS ticket
URL: https://github.com/apache/guacamole-client/pull/303#discussion_r296044435
 
 

 ##########
 File path: 
extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java
 ##########
 @@ -88,33 +92,39 @@ public String validateTicket(String ticket, Credentials 
credentials) throws Guac
         validator.setAcceptAnyProxy(true);
         validator.setEncoding("UTF-8");
         try {
+            Map<String, String> tokens = new HashMap<>();
             String confRedirectURI = confService.getRedirectURI();
             Assertion a = validator.validate(ticket, confRedirectURI);
             AttributePrincipal principal =  a.getPrincipal();
+            Map<String, Object> ticketAttrs = principal.getAttributes();
 
             // Retrieve username and set the credentials.
             String username = principal.getName();
             if (username != null)
                 credentials.setUsername(username);
 
             // Retrieve password, attempt decryption, and set credentials.
-            Object credObj = principal.getAttributes().get("credential");
+            Object credObj = ticketAttrs.remove("credential");
 
 Review comment:
   Is the `Map<String, Object>` returned by `principal.getAttributes()` known 
to be mutable? Are there side effects to making changes to that `Map`? If 
there's any chance the `Map` might be unmodifiable, might be cached, etc., I 
don't think we can rely on being able to call `remove()`.
   
   From what I can tell, the CAS client documentation doesn't specify one way 
or the other. Checking the client source, there is at least one case where an 
implementation of the `AttributePrincipal` interface will return an 
unmodifiable, empty map:
   
   
https://github.com/apereo/java-cas-client/blob/d88b96a4c6b9445d68379b9c0c5a16d8cd3f1bcd/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AttributePrincipalImpl.java#L55-L57

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to