Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2EA22FEF2 for ; Thu, 30 May 2013 20:56:13 +0000 (UTC) Received: (qmail 91248 invoked by uid 500); 30 May 2013 20:56:13 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 91201 invoked by uid 500); 30 May 2013 20:56:13 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 91194 invoked by uid 99); 30 May 2013 20:56:13 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 May 2013 20:56:13 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED,T_LOTTO_URI X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 May 2013 20:56:07 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 1BC6D238889B; Thu, 30 May 2013 20:55:46 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1488009 - in /cxf/branches/2.7.x-fixes/services/sts/sts-core/src: main/java/org/apache/cxf/sts/claims/ main/java/org/apache/cxf/sts/token/realm/ test/java/org/apache/cxf/sts/common/ test/java/org/apache/cxf/sts/token/realm/ Date: Thu, 30 May 2013 20:55:45 -0000 To: commits@cxf.apache.org From: owulff@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130530205546.1BC6D238889B@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: owulff Date: Thu May 30 20:55:45 2013 New Revision: 1488009 URL: http://svn.apache.org/r1488009 Log: [CXF-5039] IdentityMapping support in ClaimsManager Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/RealmSupport.java cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/RealmSupportClaimsHandler.java cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/realm/ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/realm/RealmSupportTest.java Modified: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java Modified: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java?rev=1488009&r1=1488008&r2=1488009&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java (original) +++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java Thu May 30 20:55:45 2013 @@ -21,6 +21,7 @@ package org.apache.cxf.sts.claims; import java.net.URI; import java.net.URISyntaxException; +import java.security.Principal; import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -30,6 +31,8 @@ import java.util.logging.Logger; import org.w3c.dom.Element; import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.sts.IdentityMapper; +import org.apache.cxf.sts.token.realm.RealmSupport; import org.apache.cxf.sts.token.realm.Relationship; import org.apache.cxf.ws.security.sts.provider.STSException; import org.apache.ws.security.saml.ext.AssertionWrapper; @@ -48,6 +51,16 @@ public class ClaimsManager { private List claimHandlers; private List supportedClaimTypes = new ArrayList(); private boolean stopProcessingOnException = true; + private IdentityMapper identityMapper; + + + public IdentityMapper getIdentityMapper() { + return identityMapper; + } + + public void setIdentityMapper(IdentityMapper identityMapper) { + this.identityMapper = identityMapper; + } public boolean isStopProcessingOnException() { return stopProcessingOnException; @@ -124,37 +137,102 @@ public class ClaimsManager { relationship = (Relationship)parameters.getAdditionalProperties().get( Relationship.class.getName()); } - + + if (claims == null || claims.size() == 0) { + return null; + } if (relationship == null || relationship.getType().equals(Relationship.FED_TYPE_IDENTITY)) { // Federate identity. Identity already mapped. // Call all configured claims handlers to retrieve the required claims - if (claimHandlers != null && claimHandlers.size() > 0 && claims != null && claims.size() > 0) { - ClaimCollection returnCollection = new ClaimCollection(); - for (ClaimsHandler handler : claimHandlers) { - RequestClaimCollection supportedClaims = - filterHandlerClaims(claims, handler.getSupportedClaimTypes()); - if (supportedClaims.isEmpty()) { + if (claimHandlers == null || claimHandlers.size() == 0) { + return null; + } + Principal originalPrincipal = parameters.getPrincipal(); + ClaimCollection returnCollection = new ClaimCollection(); + for (ClaimsHandler handler : claimHandlers) { + + RequestClaimCollection supportedClaims = + filterHandlerClaims(claims, handler.getSupportedClaimTypes()); + if (supportedClaims.isEmpty()) { + continue; + } + + if (handler instanceof RealmSupport) { + RealmSupport handlerRealmSupport = (RealmSupport)handler; + // Check whether the handler supports the current realm + if (handlerRealmSupport.getSupportedRealms() != null + && handlerRealmSupport.getSupportedRealms().size() > 0 + && handlerRealmSupport.getSupportedRealms().indexOf(parameters.getRealm()) == -1) { + if (LOG.isLoggable(Level.FINER)) { + LOG.finer("Handler '" + handler.getClass().getName() + "' doesn't support" + + " realm '" + parameters.getRealm() + "'"); + } continue; } - ClaimCollection claimCollection = null; - try { - claimCollection = handler.retrieveClaimValues(claims, parameters); - } catch (RuntimeException ex) { - LOG.log(Level.INFO, "Failed retrieving claims from ClaimsHandler " - + handler.getClass().getName(), ex); - if (this.isStopProcessingOnException()) { - throw ex; + // If handler realm is configured and different from current realm + // do an identity mapping + if (handlerRealmSupport.getHandlerRealm() != null + && !handlerRealmSupport.getHandlerRealm().equalsIgnoreCase(parameters.getRealm())) { + Principal targetPrincipal = null; + try { + if (LOG.isLoggable(Level.FINE)) { + LOG.fine("Mapping user '" + parameters.getPrincipal().getName() + + "' [" + parameters.getRealm() + "] to realm '" + + handlerRealmSupport.getHandlerRealm() + "'"); + } + targetPrincipal = doMapping(parameters.getRealm(), parameters.getPrincipal(), + handlerRealmSupport.getHandlerRealm()); + } catch (Exception ex) { + LOG.log(Level.WARNING, "Failed to map user '" + parameters.getPrincipal().getName() + + "' [" + parameters.getRealm() + "] to realm '" + + handlerRealmSupport.getHandlerRealm() + "'", ex); + throw new STSException("Failed to map user for claims handler", + STSException.REQUEST_FAILED); + } + + if (targetPrincipal == null) { + LOG.log(Level.WARNING, "Null. Failed to map user '" + parameters.getPrincipal().getName() + + "' [" + parameters.getRealm() + "] to realm '" + + handlerRealmSupport.getHandlerRealm() + "'"); + throw new STSException("Failed to map user for claims handler", + STSException.REQUEST_FAILED); + } + if (LOG.isLoggable(Level.INFO)) { + LOG.info("Principal '" + targetPrincipal.getName() + + "' passed to handler '" + handler.getClass().getName() + "'"); + } + parameters.setPrincipal(targetPrincipal); + } else { + if (LOG.isLoggable(Level.FINER)) { + LOG.finer("Handler '" + handler.getClass().getName() + "' doesn't require" + + " identity mapping '" + parameters.getRealm() + "'"); } + } - - if (claimCollection != null && claimCollection.size() != 0) { - returnCollection.addAll(claimCollection); + } + + ClaimCollection claimCollection = null; + try { + claimCollection = handler.retrieveClaimValues(supportedClaims, parameters); + } catch (RuntimeException ex) { + LOG.log(Level.INFO, "Failed retrieving claims from ClaimsHandler " + + handler.getClass().getName(), ex); + if (this.isStopProcessingOnException()) { + throw ex; } + } finally { + // set original principal again, otherwise wrong principal passed to next claim handler in the list + // if no mapping required or wrong source principal used for next identity mapping + parameters.setPrincipal(originalPrincipal); + } + + if (claimCollection != null && claimCollection.size() != 0) { + returnCollection.addAll(claimCollection); } - validateClaimValues(claims, returnCollection); - return returnCollection; } + validateClaimValues(claims, returnCollection); + return returnCollection; } else { // Federate claims @@ -184,7 +262,6 @@ public class ClaimsManager { return targetClaims; } - return null; } private RequestClaimCollection filterHandlerClaims(RequestClaimCollection claims, @@ -357,5 +434,12 @@ public class ClaimsManager { return mergedClaims; } + + + protected Principal doMapping(String sourceRealm, Principal sourcePrincipal, String targetRealm) { + return this.identityMapper.mapPrincipal( + sourceRealm, sourcePrincipal, targetRealm); + + } } Modified: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java?rev=1488009&r1=1488008&r2=1488009&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java (original) +++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java Thu May 30 20:55:45 2013 @@ -38,10 +38,11 @@ import javax.security.auth.x500.X500Prin import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.helpers.CastUtils; +import org.apache.cxf.sts.token.realm.RealmSupport; import org.springframework.ldap.core.AttributesMapper; import org.springframework.ldap.core.LdapTemplate; -public class LdapClaimsHandler implements ClaimsHandler { +public class LdapClaimsHandler implements ClaimsHandler, RealmSupport { private static final Logger LOG = LogUtils.getL7dLogger(LdapClaimsHandler.class); @@ -52,8 +53,18 @@ public class LdapClaimsHandler implement private boolean x500FilterEnabled = true; private String objectClass = "person"; private String userNameAttribute = "cn"; + private List supportedRealms; + private String realm; + public void setSupportedRealms(List supportedRealms) { + this.supportedRealms = supportedRealms; + } + + public void setRealm(String realm) { + this.realm = realm; + } + public String getObjectClass() { return objectClass; } @@ -257,7 +268,15 @@ public class LdapClaimsHandler implement return claimsColl; } - + @Override + public List getSupportedRealms() { + return supportedRealms; + } + + @Override + public String getHandlerRealm() { + return realm; + } } Modified: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java?rev=1488009&r1=1488008&r2=1488009&view=diff ============================================================================== --- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java (original) +++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapGroupClaimsHandler.java Thu May 30 20:55:45 2013 @@ -34,9 +34,10 @@ import javax.security.auth.kerberos.Kerb import javax.security.auth.x500.X500Principal; import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.sts.token.realm.RealmSupport; import org.springframework.ldap.core.LdapTemplate; -public class LdapGroupClaimsHandler implements ClaimsHandler { +public class LdapGroupClaimsHandler implements ClaimsHandler, RealmSupport { private static final Logger LOG = LogUtils.getL7dLogger(LdapGroupClaimsHandler.class); @@ -55,8 +56,18 @@ public class LdapGroupClaimsHandler impl private String groupNameScopedFilter = SCOPE + "_" + ROLE; private Map appliesToScopeMapping; private boolean useFullGroupNameAsValue; + private List supportedRealms; + private String realm; + public void setSupportedRealms(List supportedRealms) { + this.supportedRealms = supportedRealms; + } + + public void setRealm(String realm) { + this.realm = realm; + } + public boolean isUseFullGroupNameAsValue() { return useFullGroupNameAsValue; } @@ -304,6 +315,16 @@ public class LdapGroupClaimsHandler impl return claimsColl; } + + @Override + public List getSupportedRealms() { + return supportedRealms; + } + + @Override + public String getHandlerRealm() { + return realm; + } private String parseRole(String group, String filter) { int roleStart = filter.indexOf(ROLE); Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/RealmSupport.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/RealmSupport.java?rev=1488009&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/RealmSupport.java (added) +++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/RealmSupport.java Thu May 30 20:55:45 2013 @@ -0,0 +1,34 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.sts.token.realm; + +import java.util.List; + +/** + * + */ +public interface RealmSupport { + + List getSupportedRealms(); + + String getHandlerRealm(); + +} + \ No newline at end of file Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/RealmSupportClaimsHandler.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/RealmSupportClaimsHandler.java?rev=1488009&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/RealmSupportClaimsHandler.java (added) +++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/common/RealmSupportClaimsHandler.java Thu May 30 20:55:45 2013 @@ -0,0 +1,104 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.sts.common; + +import java.net.URI; +import java.util.List; + +import org.apache.cxf.sts.claims.Claim; +import org.apache.cxf.sts.claims.ClaimCollection; +import org.apache.cxf.sts.claims.ClaimsHandler; +import org.apache.cxf.sts.claims.ClaimsParameters; +import org.apache.cxf.sts.claims.RequestClaim; +import org.apache.cxf.sts.claims.RequestClaimCollection; +import org.apache.cxf.sts.token.realm.RealmSupport; +import org.junit.Assert; + +/** + * A custom ClaimsHandler implementation for use in the tests. + */ +public class RealmSupportClaimsHandler implements ClaimsHandler, RealmSupport { + + private List supportedRealms; + private String realm; + private List supportedClaimTypes; + + + public void setSupportedRealms(List supportedRealms) { + this.supportedRealms = supportedRealms; + } + + public void setRealm(String realm) { + this.realm = realm; + } + + + public List getSupportedClaimTypes() { + return supportedClaimTypes; + } + + public void setSupportedClaimTypes(List supportedClaimTypes) { + this.supportedClaimTypes = supportedClaimTypes; + } + + public ClaimCollection retrieveClaimValues( + RequestClaimCollection claims, ClaimsParameters parameters) { + + if ("A".equals(realm)) { + Assert.assertEquals("ClaimHandler in realm A. Alice username must be 'alice'", + "alice", parameters.getPrincipal().getName()); + } + + if ("B".equals(realm)) { + Assert.assertEquals("ClaimHandler in realm B. Alice username must be 'ALICE'", + "ALICE", parameters.getPrincipal().getName()); + } + + if (supportedRealms != null && !supportedRealms.contains(parameters.getRealm())) { + Assert.fail("ClaimHandler must not be called. Source realm '" + parameters.getRealm() + + "' not in supportedRealm list: " + supportedRealms); + } + + if (claims != null && claims.size() > 0) { + ClaimCollection claimCollection = new ClaimCollection(); + for (RequestClaim requestClaim : claims) { + if (getSupportedClaimTypes().indexOf(requestClaim.getClaimType()) != -1) { + Claim claim = new Claim(); + claim.setClaimType(requestClaim.getClaimType()); + claim.addValue("Value_" + requestClaim.getClaimType()); + claimCollection.add(claim); + } + } + return claimCollection; + } + + return null; + } + + @Override + public List getSupportedRealms() { + return supportedRealms; + } + + @Override + public String getHandlerRealm() { + return realm; + } + +} Added: cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/realm/RealmSupportTest.java URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/realm/RealmSupportTest.java?rev=1488009&view=auto ============================================================================== --- cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/realm/RealmSupportTest.java (added) +++ cxf/branches/2.7.x-fixes/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/realm/RealmSupportTest.java Thu May 30 20:55:45 2013 @@ -0,0 +1,205 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.sts.token.realm; + +import java.net.URI; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.apache.cxf.sts.claims.ClaimCollection; +import org.apache.cxf.sts.claims.ClaimsHandler; +import org.apache.cxf.sts.claims.ClaimsManager; +import org.apache.cxf.sts.claims.ClaimsParameters; +import org.apache.cxf.sts.claims.RequestClaim; +import org.apache.cxf.sts.claims.RequestClaimCollection; +import org.apache.cxf.sts.common.RealmSupportClaimsHandler; +import org.apache.cxf.sts.operation.CustomIdentityMapper; +import org.apache.wss4j.common.principal.CustomTokenPrincipal; +import org.junit.Assert; + +public class RealmSupportTest extends org.junit.Assert { + + + @org.junit.Test + public void testIdentityMappingRealmA2B() throws Exception { + + ClaimsManager claimsManager = new ClaimsManager(); + + claimsManager.setIdentityMapper(new CustomIdentityMapper()); + + RealmSupportClaimsHandler realmAHandler = new RealmSupportClaimsHandler(); + realmAHandler.setRealm("A"); + realmAHandler.setSupportedClaimTypes(Collections.singletonList(URI.create("Claim-A"))); + + RealmSupportClaimsHandler realmBHandler = new RealmSupportClaimsHandler(); + realmBHandler.setRealm("B"); + realmBHandler.setSupportedClaimTypes(Collections.singletonList(URI.create("Claim-B"))); + + RealmSupportClaimsHandler realmCHandler = new RealmSupportClaimsHandler(); + realmCHandler.setRealm("B"); + realmCHandler.setSupportedClaimTypes(Collections.singletonList(URI.create("Claim-C"))); + + List claimHandlers = new ArrayList(); + claimHandlers.add(realmAHandler); + claimHandlers.add(realmBHandler); + claimHandlers.add(realmCHandler); + claimsManager.setClaimHandlers(Collections.unmodifiableList(claimHandlers)); + + RequestClaimCollection requestedClaims = createRequestClaimCollection(); + + ClaimsParameters parameters = new ClaimsParameters(); + parameters.setRealm("A"); + parameters.setPrincipal(new CustomTokenPrincipal("alice")); + ClaimCollection claims = claimsManager.retrieveClaimValues(requestedClaims, parameters); + Assert.assertEquals("Number of claims incorrect", 3, claims.size()); + } + + @org.junit.Test + public void testIdentityMappingRealmB2A() throws Exception { + + ClaimsManager claimsManager = new ClaimsManager(); + + claimsManager.setIdentityMapper(new CustomIdentityMapper()); + + RealmSupportClaimsHandler realmAHandler = new RealmSupportClaimsHandler(); + realmAHandler.setRealm("A"); + realmAHandler.setSupportedClaimTypes(Collections.singletonList(URI.create("Claim-A"))); + + RealmSupportClaimsHandler realmBHandler = new RealmSupportClaimsHandler(); + realmBHandler.setRealm("B"); + realmBHandler.setSupportedClaimTypes(Collections.singletonList(URI.create("Claim-B"))); + + RealmSupportClaimsHandler realmCHandler = new RealmSupportClaimsHandler(); + realmCHandler.setRealm("B"); + realmCHandler.setSupportedClaimTypes(Collections.singletonList(URI.create("Claim-C"))); + + List claimHandlers = new ArrayList(); + claimHandlers.add(realmAHandler); + claimHandlers.add(realmBHandler); + claimHandlers.add(realmCHandler); + claimsManager.setClaimHandlers(Collections.unmodifiableList(claimHandlers)); + + RequestClaimCollection requestedClaims = createRequestClaimCollection(); + + ClaimsParameters parameters = new ClaimsParameters(); + parameters.setRealm("B"); + parameters.setPrincipal(new CustomTokenPrincipal("ALICE")); + ClaimCollection claims = claimsManager.retrieveClaimValues(requestedClaims, parameters); + Assert.assertEquals("Number of claims incorrect", 3, claims.size()); + } + + @org.junit.Test + public void testFilteredRealmAIdentityMapping() throws Exception { + + ClaimsManager claimsManager = new ClaimsManager(); + + claimsManager.setIdentityMapper(new CustomIdentityMapper()); + + RealmSupportClaimsHandler realmAHandler = new RealmSupportClaimsHandler(); + realmAHandler.setRealm("A"); + realmAHandler.setSupportedClaimTypes(Collections.singletonList(URI.create("Claim-A"))); + + RealmSupportClaimsHandler realmBHandler = new RealmSupportClaimsHandler(); + realmBHandler.setRealm("B"); + realmBHandler.setSupportedClaimTypes(Collections.singletonList(URI.create("Claim-B"))); + + RealmSupportClaimsHandler realmCHandler = new RealmSupportClaimsHandler(); + realmCHandler.setRealm("A"); + realmCHandler.setSupportedRealms(Collections.singletonList("A")); + realmCHandler.setSupportedClaimTypes(Collections.singletonList(URI.create("Claim-C"))); + + List claimHandlers = new ArrayList(); + claimHandlers.add(realmAHandler); + claimHandlers.add(realmBHandler); + claimHandlers.add(realmCHandler); + claimsManager.setClaimHandlers(Collections.unmodifiableList(claimHandlers)); + + RequestClaimCollection requestedClaims = createRequestClaimCollection(); + + ClaimsParameters parameters = new ClaimsParameters(); + parameters.setRealm("A"); + parameters.setPrincipal(new CustomTokenPrincipal("alice")); + ClaimCollection claims = claimsManager.retrieveClaimValues(requestedClaims, parameters); + Assert.assertEquals("Number of claims incorrect", 3, claims.size()); + + //Asserts in RealmSupportClaimsHandler must succeed + + } + + + @org.junit.Test + public void testFilteredRealmBIdentityMapping() throws Exception { + + ClaimsManager claimsManager = new ClaimsManager(); + + claimsManager.setIdentityMapper(new CustomIdentityMapper()); + + RealmSupportClaimsHandler realmAHandler = new RealmSupportClaimsHandler(); + realmAHandler.setRealm("A"); + realmAHandler.setSupportedClaimTypes(Collections.singletonList(URI.create("Claim-A"))); + + RealmSupportClaimsHandler realmBHandler = new RealmSupportClaimsHandler(); + realmBHandler.setRealm("B"); + realmBHandler.setSupportedClaimTypes(Collections.singletonList(URI.create("Claim-B"))); + + RealmSupportClaimsHandler realmCHandler = new RealmSupportClaimsHandler(); + realmCHandler.setRealm("A"); + realmCHandler.setSupportedRealms(Collections.singletonList("A")); + realmCHandler.setSupportedClaimTypes(Collections.singletonList(URI.create("Claim-C"))); + + List claimHandlers = new ArrayList(); + claimHandlers.add(realmAHandler); + claimHandlers.add(realmBHandler); + claimHandlers.add(realmCHandler); + claimsManager.setClaimHandlers(Collections.unmodifiableList(claimHandlers)); + + RequestClaimCollection requestedClaims = createRequestClaimCollection(); + + ClaimsParameters parameters = new ClaimsParameters(); + parameters.setRealm("B"); + parameters.setPrincipal(new CustomTokenPrincipal("ALICE")); + ClaimCollection claims = claimsManager.retrieveClaimValues(requestedClaims, parameters); + Assert.assertEquals("Number of claims incorrect", 2, claims.size()); + + //Asserts in RealmSupportClaimsHandler must succeed + + } + + private RequestClaimCollection createRequestClaimCollection() { + RequestClaimCollection requestedClaims = new RequestClaimCollection(); + RequestClaim requestClaimA = new RequestClaim(); + requestClaimA.setClaimType(URI.create("Claim-A")); + requestClaimA.setOptional(false); + requestedClaims.add(requestClaimA); + RequestClaim requestClaimB = new RequestClaim(); + requestClaimB.setClaimType(URI.create("Claim-B")); + requestClaimB.setOptional(false); + requestedClaims.add(requestClaimB); + RequestClaim requestClaimC = new RequestClaim(); + requestClaimC.setClaimType(URI.create("Claim-C")); + requestClaimC.setOptional(true); + requestedClaims.add(requestClaimC); + return requestedClaims; + } + +} + +