Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A27BC9F79 for ; Wed, 11 Jan 2012 19:12:31 +0000 (UTC) Received: (qmail 80637 invoked by uid 500); 11 Jan 2012 19:12:31 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 80524 invoked by uid 500); 11 Jan 2012 19:12:31 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 80516 invoked by uid 99); 11 Jan 2012 19:12:30 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Jan 2012 19:12:30 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Jan 2012 19:12:27 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 8167B2388A67 for ; Wed, 11 Jan 2012 19:12:06 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1230195 - /cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java Date: Wed, 11 Jan 2012 19:12:06 -0000 To: commits@cxf.apache.org From: owulff@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120111191206.8167B2388A67@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: owulff Date: Wed Jan 11 19:12:06 2012 New Revision: 1230195 URL: http://svn.apache.org/viewvc?rev=1230195&view=rev Log: [CXF-3985] Support for attributes with multiple values in LdapClaimsHandler Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java?rev=1230195&r1=1230194&r2=1230195&view=diff ============================================================================== --- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java (original) +++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java Wed Jan 11 19:12:06 2012 @@ -53,6 +53,27 @@ public class LdapClaimsHandler implement private LdapTemplate ldap; private Map claimMapping; private String userBaseDn; + private String delimiter = ";"; + private boolean x500FilterEnabled = true; + private String objectClass = "person"; + private String userNameAttribute = "cn"; + + + public String getObjectClass() { + return objectClass; + } + + public void setObjectClass(String objectClass) { + this.objectClass = objectClass; + } + + public String getUserNameAttribute() { + return userNameAttribute; + } + + public void setUserNameAttribute(String userNameAttribute) { + this.userNameAttribute = userNameAttribute; + } public void setLdapTemplate(LdapTemplate ldapTemplate) { this.ldap = ldapTemplate; @@ -77,8 +98,24 @@ public class LdapClaimsHandler implement public String getUserBaseDN() { return userBaseDn; } + + public void setDelimiter(String delimiter) { + this.delimiter = delimiter; + } - + public String getDelimiter() { + return delimiter; + } + + public boolean isX500FilterEnabled() { + return x500FilterEnabled; + } + + public void setX500FilterEnabled(boolean x500FilterEnabled) { + this.x500FilterEnabled = x500FilterEnabled; + } + + public List getSupportedClaimTypes() { List uriList = new ArrayList(); for (String uri : getClaimsLdapAttributeMapping().keySet()) { @@ -121,7 +158,10 @@ public class LdapClaimsHandler implement } } - String dn = getDnOfPrincipal(user); + AndFilter filter = new AndFilter(); + filter.and( + new EqualsFilter("objectclass", this.getObjectClass())).and( + new EqualsFilter(this.getUserNameAttribute(), user)); List searchAttributeList = new ArrayList(); for (RequestClaim claim : claims) { @@ -140,25 +180,33 @@ public class LdapClaimsHandler implement AttributesMapper mapper = new AttributesMapper() { public Object mapFromAttributes(Attributes attrs) throws NamingException { - Map map = new HashMap(); + Map map = new HashMap(); NamingEnumeration attrEnum = attrs.getAll(); while (attrEnum.hasMore()) { Attribute att = attrEnum.next(); - map.put(att.getID(), (String)att.get()); + map.put(att.getID(), att); } return map; } }; + + @SuppressWarnings("unchecked") - Map ldapAttributes = - (Map) ldap.lookup(dn, searchAttributes, mapper); + List result = ldap.search((this.userBaseDn == null) ? "" : this.userBaseDn, filter.toString(), + SearchControls.SUBTREE_SCOPE, searchAttributes, mapper); + + Map ldapAttributes = null; + if (result != null && result.size() > 0) { + ldapAttributes = (Map)result.get(0); + } + ClaimCollection claimsColl = new ClaimCollection(); for (RequestClaim claim : claims) { URI claimType = claim.getClaimType(); String ldapAttribute = getClaimsLdapAttributeMapping().get(claimType.toString()); - String claimValue = ldapAttributes.get(ldapAttribute); - if (claimValue == null) { + Attribute attr = ldapAttributes.get(ldapAttribute); + if (attr == null) { if (!claim.isOptional()) { LOG.warning("Mandatory claim not found in LDAP: " + claim.getClaimType()); throw new STSException("Mandatory claim '" + claim.getClaimType() + "' not found"); @@ -169,38 +217,47 @@ public class LdapClaimsHandler implement Claim c = new Claim(); c.setClaimType(claimType); c.setPrincipal(principal); - c.setValue(claimValue); + + StringBuilder claimValue = new StringBuilder(); + try { + NamingEnumeration list = (NamingEnumeration)attr.getAll(); + while (list.hasMore()) { + Object obj = list.next(); + if (!(obj instanceof String)) { + LOG.warning("LDAP attribute '" + ldapAttribute + + "' has got an unsupported value type"); + break; + } + String itemValue = (String)obj; + if (this.isX500FilterEnabled()) { + try { + X500Principal x500p = new X500Principal(itemValue); + itemValue = x500p.getName(); + int index = itemValue.indexOf('='); + itemValue = itemValue.substring(index + 1, itemValue.indexOf(',', index)); + } catch (Exception ex) { + //Ignore, not X500 compliant thus use the whole string as the value + } + } + claimValue.append(itemValue); + if (list.hasMore()) { + claimValue.append(this.getDelimiter()); + } + } + } catch (NamingException ex) { + LOG.warning("Failed to read value of LDAP attribute '" + ldapAttribute + "'"); + } + + c.setValue(claimValue.toString()); // c.setIssuer(issuer); // c.setOriginalIssuer(originalIssuer); // c.setNamespace(namespace); claimsColl.add(c); } } - + return claimsColl; } - - private String getDnOfPrincipal(String principal) { - String dn = null; - AndFilter filter = new AndFilter(); - filter.and(new EqualsFilter("objectclass", "person")).and(new EqualsFilter("cn", principal)); - - //find DN of user - AttributesMapper mapper = - new AttributesMapper() { - public Object mapFromAttributes(Attributes attrs) throws NamingException { - return attrs.get("distinguishedName").get(); - } - }; - @SuppressWarnings("rawtypes") - List users = - ldap.search(this.userBaseDn, filter.toString(), SearchControls.SUBTREE_SCOPE, mapper); - if (users.size() == 1) { - dn = (String)users.get(0); - } - return dn; - } - }