cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1331814 - in /cxf/fediz/trunk: fediz-core/src/main/java/org/apache/cxf/fediz/core/ fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/ fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/
Date Sat, 28 Apr 2012 19:54:04 GMT
Author: owulff
Date: Sat Apr 28 19:54:03 2012
New Revision: 1331814

URL: http://svn.apache.org/viewvc?rev=1331814&view=rev
Log:
Type of claim value changed to Object

Modified:
    cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/Claim.java
    cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConfiguration.java
    cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
    cxf/fediz/trunk/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java

Modified: cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/Claim.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/Claim.java?rev=1331814&r1=1331813&r2=1331814&view=diff
==============================================================================
--- cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/Claim.java (original)
+++ cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/Claim.java Sat Apr
28 19:54:03 2012
@@ -54,7 +54,7 @@ public class Claim implements Serializab
     private String issuer;
     private String originalIssuer;
     private Principal principal;
-    private String value;
+    private Object value;
     private URI namespace = ClaimTypes.URI_BASE;
 
     public URI getNamespace() {
@@ -97,11 +97,11 @@ public class Claim implements Serializab
         this.principal = principal;
     }
 
-    public void setValue(String value) {
+    public void setValue(Object value) {
         this.value = value;
     }
 
-    public String getValue() {
+    public Object getValue() {
         return value;
     }
 

Modified: cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConfiguration.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConfiguration.java?rev=1331814&r1=1331813&r2=1331814&view=diff
==============================================================================
--- cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConfiguration.java
(original)
+++ cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/FederationConfiguration.java
Sat Apr 28 19:54:03 2012
@@ -35,6 +35,7 @@ public class FederationConfiguration {
     private boolean detectReplayedTokens = true;
     private long tokenReplayCacheExpirationTime = 0;
     private boolean detectExpiredTokens = true;
+    private String relativePath;
 
     //[TODO] TokenReplayCacheExpirationPeriod
     //[TODO] DetectReplayedTokens
@@ -119,5 +120,11 @@ public class FederationConfiguration {
     public String getTrustStorePassword() {
         return trustStorePassword;
     }
+    public void setRelativePath(String relativePath) {
+        this.relativePath = relativePath;
+    }
+    public String getRelativePath() {
+        return relativePath;
+    }
 
 }

Modified: cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java?rev=1331814&r1=1331813&r2=1331814&view=diff
==============================================================================
--- cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
(original)
+++ cxf/fediz/trunk/fediz-core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java
Sat Apr 28 19:54:03 2012
@@ -19,11 +19,12 @@ package org.apache.cxf.fediz.core.saml;
 
 import java.io.IOException;
 import java.net.URI;
-import java.net.URISyntaxException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.Properties;
 import java.util.StringTokenizer;
 
@@ -74,9 +75,15 @@ public class SAMLTokenValidator implemen
             FederationContext config) {
 
         try {
-
+            String trustStoreFile = config.getTrustStoreFile();
+            /*
+            File f = new File(trustStoreFile);
+            if (!f.exists() && config.getRelativePath() != null && !config.getRelativePath().isEmpty())
{
+                trustStoreFile = config.getRelativePath().concat(File.separator + config.getTrustStoreFile());
+            }
+            */
             Properties sigProperties = createCryptoProviderProperties(
-                    config.getTrustStoreFile(), config.getTrustStorePassword());
+                    trustStoreFile, config.getTrustStorePassword());
 
             Crypto sigCrypto = CryptoFactory.getInstance(sigProperties);
             RequestData requestData = new RequestData();
@@ -145,10 +152,19 @@ public class SAMLTokenValidator implemen
                     URI claimURI = URI.create(c.getNamespace() + "/"
                             + c.getClaimType());
                     if (roleURI.equals(claimURI)) {
-                        if (delim == null) {
-                            delim = ",";
+                        Object oValue = c.getValue();
+                        if (oValue instanceof String) {
+                            if (delim == null) {
+                                roles = Collections.singletonList((String)oValue);
+                            } else {
+                                roles = parseRoles((String)oValue, delim);
+                            }
+                        } else if (oValue instanceof List<?>) {
+                            List<String> values = (List<String>)oValue;
+                            roles = Collections.unmodifiableList(values);
+                        } else {
+                            throw new IllegalStateException("Invalid value type of Claim
value");
                         }
-                        roles = parseRoles(c.getValue(), delim);
                         claims.remove(c);
                         break;
                     }
@@ -180,6 +196,8 @@ public class SAMLTokenValidator implemen
             return Collections.emptyList();
         }
         ClaimCollection collection = new ClaimCollection();
+        Map<String,Claim> claimsMap = new HashMap<String,Claim>();
+        
 
         for (org.opensaml.saml1.core.AttributeStatement statement : attributeStatements)
{
             if (LOG.isDebugEnabled()) {
@@ -196,28 +214,24 @@ public class SAMLTokenValidator implemen
                 Claim c = new Claim();
                 c.setIssuer(assertion.getIssuer());
                 c.setClaimType(URI.create(attribute.getAttributeName()));
-                try {
-                    c.setClaimType(new URI(attribute.getAttributeName()));
-                } catch (URISyntaxException e) {
-                    LOG.warn("Invalid attribute name in attributestatement: "
-                            + e.getMessage());
-                    continue;
-                }
+                List<String> valueList = new ArrayList<String>();
                 for (XMLObject attributeValue : attribute.getAttributeValues()) {
                     Element attributeValueElement = attributeValue.getDOM();
                     String value = attributeValueElement.getTextContent();
                     if (LOG.isDebugEnabled()) {
                         LOG.debug(" [" + value + "]");
                     }
-                    c.setValue(value);
-                    collection.add(c);
-                    break;
+                    valueList.add(value);
                 }
+                mergeClaimToMap(claimsMap, c, valueList);
             }
         }
+        collection.addAll(claimsMap.values());
         return collection;
     }
 
+
+
     protected List<Claim> parseClaimsInAssertion(
             org.opensaml.saml2.core.Assertion assertion) {
         List<org.opensaml.saml2.core.AttributeStatement> attributeStatements = assertion
@@ -230,6 +244,7 @@ public class SAMLTokenValidator implemen
         }
 
         List<Claim> collection = new ArrayList<Claim>();
+        Map<String,Claim> claimsMap = new HashMap<String,Claim>();
 
         for (org.opensaml.saml2.core.AttributeStatement statement : attributeStatements)
{
             if (LOG.isDebugEnabled()) {
@@ -244,22 +259,53 @@ public class SAMLTokenValidator implemen
                 Claim c = new Claim();
                 c.setClaimType(URI.create(attribute.getName()));
                 c.setIssuer(assertion.getIssuer().getNameQualifier());
+                
+                List<String> valueList = new ArrayList<String>();
                 for (XMLObject attributeValue : attribute.getAttributeValues()) {
                     Element attributeValueElement = attributeValue.getDOM();
                     String value = attributeValueElement.getTextContent();
                     if (LOG.isDebugEnabled()) {
                         LOG.debug(" [" + value + "]");
                     }
-                    c.setValue(value);
-                    collection.add(c);
-                    break;
+                    valueList.add(value);
                 }
+                mergeClaimToMap(claimsMap, c, valueList);
             }
         }
+        collection.addAll(claimsMap.values());
         return collection;
 
     }
 
+    protected void mergeClaimToMap(Map<String, Claim> claimsMap, Claim c,
+            List<String> valueList) {
+        Claim t = claimsMap.get(c.getClaimType().toString());
+        if (t != null) {
+            //same SAML attribute already processed. Thus Claim object already created.
+            Object oValue = t.getValue();
+            if (oValue instanceof String) {
+                //one child element AttributeValue only
+                List<String> values = new ArrayList<String>();
+                values.add((String)oValue); //add existing value
+                values.addAll(valueList);
+            } else if (oValue instanceof List<?>) {
+                //more than one child element AttributeValue
+                List<String> values = (List<String>)oValue;
+                values.addAll(valueList);
+            } else {
+                throw new IllegalStateException("Invalid value type of Claim value");
+            }
+        } else {
+            if (valueList.size() == 1) {
+                c.setValue(valueList.get(0));
+            } else {
+                c.setValue(valueList);
+            }
+            // Add claim to map
+            claimsMap.put(c.getClaimType().toString(), c);
+        }
+    }
+    
     protected List<String> parseRoles(String value, String delim) {
         List<String> roles = new ArrayList<String>();
         StringTokenizer st = new StringTokenizer(value, delim);

Modified: cxf/fediz/trunk/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java?rev=1331814&r1=1331813&r2=1331814&view=diff
==============================================================================
--- cxf/fediz/trunk/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
(original)
+++ cxf/fediz/trunk/fediz-tomcat/src/main/java/org/apache/cxf/fediz/tomcat/FederationAuthenticator.java
Sat Apr 28 19:54:03 2012
@@ -88,6 +88,7 @@ public class FederationAuthenticator ext
             }
             configurator = new FederationConfigurator();
             configurator.loadConfig(f);
+            log.debug("Fediz configuration read from " + f.getAbsolutePath());
         } catch (JAXBException e) {
             throw new LifecycleException("Failed to load Fediz configuration",
                     e);
@@ -100,11 +101,9 @@ public class FederationAuthenticator ext
         if (configurator == null) {
             throw new IllegalStateException("No Fediz configuration available");
         }
-        FederationContext config = configurator
-        .getFederationContext(contextName);
+        FederationContext config = configurator.getFederationContext(contextName);
         if (config == null) {
-            throw new IllegalStateException(
-                    "No Fediz configuration for context :" + contextName);
+            throw new IllegalStateException("No Fediz configuration for context :" + contextName);
         }
         return config;
     }
@@ -406,15 +405,14 @@ public class FederationAuthenticator ext
     }
 
     /**
-     * Called to redirect to the login page
+     * Called to redirect to the IDP/Issuer
      * 
      * @param request
      *            Request we are processing
      * @param response
      *            Response we are populating
-     * @param config
-     *            Login configuration describing how authentication should be
-     *            performed
+     * @param processor
+     *            FederationProcessor
      * @throws IOException
      *             If the forward to the login page fails and the call to
      *             {@link HttpServletResponse#sendError(int, String)} throws an



Mime
View raw message