cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/5] git commit: [CXF-5927] Providing claim mapping utils
Date Wed, 06 Aug 2014 15:17:23 GMT
[CXF-5927] Providing claim mapping utils


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/31c80946
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/31c80946
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/31c80946

Branch: refs/heads/master
Commit: 31c80946f223a03eb827d56d07de7229d4bbe1b6
Parents: 17d077f
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Mon Aug 4 16:40:01 2014 +0200
Committer: Jan Bernhardt <jbernhardt@talend.com>
Committed: Mon Aug 4 16:44:04 2014 +0200

----------------------------------------------------------------------
 .../apache/cxf/sts/claims/JexlClaimsMapper.java |  76 -----
 .../cxf/sts/claims/mapper/ClaimUtils.java       | 281 +++++++++++++++++++
 .../cxf/sts/claims/mapper/JexlClaimsMapper.java |  85 ++++++
 .../sts/claims/mapper/JexlClaimsMapperTest.java |  24 +-
 .../src/test/resources/jexlClaimMappings.script | 127 ---------
 .../jexlClaimMappingsWithFunctions.script       |  60 ++++
 .../jexlClaimMappingsWithoutFunctions.script    | 127 +++++++++
 7 files changed, 573 insertions(+), 207 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/31c80946/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/JexlClaimsMapper.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/JexlClaimsMapper.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/JexlClaimsMapper.java
deleted file mode 100644
index e11e112..0000000
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/JexlClaimsMapper.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.claims;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.logging.Logger;
-
-import org.apache.commons.jexl2.JexlContext;
-import org.apache.commons.jexl2.JexlEngine;
-import org.apache.commons.jexl2.MapContext;
-import org.apache.commons.jexl2.Script;
-import org.apache.cxf.common.logging.LogUtils;
-
-public class JexlClaimsMapper implements ClaimsMapper {
-
-    private static final Logger LOG = LogUtils.getL7dLogger(JexlClaimsMapper.class);
-
-    JexlEngine jexl = new JexlEngine();
-    JexlContext context = new MapContext();
-    private Script script;
-
-    public JexlClaimsMapper() {
-        // jexl.setCache(512);
-        // jexl.setLenient(false);
-        jexl.setSilent(false);
-    }
-
-    public ProcessedClaimCollection mapClaims(String sourceRealm, ProcessedClaimCollection
sourceClaims,
-        String targetRealm, ClaimsParameters parameters) {
-        context.set("sourceClaims", sourceClaims);
-        context.set("targetClaims", new ProcessedClaimCollection());
-        context.set("sourceRealm", sourceRealm);
-        context.set("targetRealm", targetRealm);
-        context.set("claimsParameters", parameters);
-
-        Script s = getScript();
-        if (s == null) {
-            LOG.warning("No claim mapping script defined");
-            return new ProcessedClaimCollection(); // TODO Check if null or an exception
would be more
-                                                   // appropriate
-        } else {
-            return (ProcessedClaimCollection)s.execute(context);
-        }
-    }
-
-    public Script getScript() {
-        return script;
-    }
-
-    public void setScript(Script script) {
-        this.script = script;
-    }
-
-    public void setScript(String scriptPath) throws IOException {
-        this.script = jexl.createScript(new File(scriptPath));
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/31c80946/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
new file mode 100644
index 0000000..b30354f
--- /dev/null
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
@@ -0,0 +1,281 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.claims.mapper;
+
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.cxf.sts.claims.ProcessedClaim;
+import org.apache.cxf.sts.claims.ProcessedClaimCollection;
+
+public class ClaimUtils {
+
+    /**
+     * @param targetCollection Collection that should be used to add further claims to
+     * @param claims Claims to be added to the provided collection
+     * @return Returns provided collection including provided claims
+     */
+    public ProcessedClaimCollection add(ProcessedClaimCollection targetCollection, ProcessedClaim...
claims) {
+        for (ProcessedClaim c : claims) {
+            if (c != null) {
+                targetCollection.add(c);
+            }
+        }
+        return targetCollection;
+    }
+
+    /**
+     * @param targetCollection Collection that should be used to add claims from the other
provided claim
+     *            collections
+     * @param claimCollections All claims contained within the provided collections will
be added to the
+     *            targetCollection
+     * @return Returns claim collection containing all claims that have been provided
+     */
+    public ProcessedClaimCollection add(ProcessedClaimCollection targetCollection,
+        ProcessedClaimCollection... claimCollections) {
+        for (ProcessedClaimCollection cc : claimCollections) {
+            targetCollection.addAll(cc);
+        }
+        return targetCollection;
+    }
+
+    /**
+     * @param claimTypeURI claim type URI
+     * @param values values of created claim. Can be null if no values shall be added to
claim.
+     * @return Returns new claim with provided claim type and values
+     */
+    public ProcessedClaim create(String processedClaimTypeURI, String... values) {
+        ProcessedClaim processedClaim = new ProcessedClaim();
+        if (processedClaimTypeURI != null) {
+            processedClaim.setClaimType(URI.create(processedClaimTypeURI));
+        }
+        if (values != null) {
+            processedClaim.getValues().addAll(Arrays.asList(values));
+        }
+        return processedClaim;
+    }
+
+    /**
+     * @param claims Collection of multiple claims with different claim types
+     * @param claimType URI of claim type to be selected from claim collection
+     * @return Returns first claim from claims collection matching the provided claimType
+     */
+    public ProcessedClaim get(ProcessedClaimCollection processedClaims, String processedClaimType)
{
+        if (processedClaimType == null || processedClaims == null) {
+            return null;
+        }
+        for (ProcessedClaim c : processedClaims) {
+            if (c.getClaimType() != null && processedClaimType.equals(c.getClaimType().toString()))
{
+                return c;
+            }
+        }
+        return null;
+    }
+
+    /**
+     * @param claims Collection of claims to be mapped to a differnt claim type
+     * @param map Map of old:new claim types
+     * @param keepUnmapped if set to false only claims with a claim type contained in the
map will be
+     *            returned. If set to false claims with an unmapped claim type will also
be returned.
+     * @return Returns claim collection with mapped claim types
+     */
+    public ProcessedClaimCollection mapType(ProcessedClaimCollection processedClaims, Map<String,
String> map,
+        boolean keepUnmapped) {
+        ProcessedClaimCollection mappedProcessedClaims = new ProcessedClaimCollection();
+        if (processedClaims != null && map != null) {
+            for (ProcessedClaim c : processedClaims) {
+                String processedClaimType = (c.getClaimType() != null)
+                    ? c.getClaimType().toString()
+                    : "";
+                String mappedProcessedClaimType = map.get(processedClaimType);
+                if (mappedProcessedClaimType != null) {
+                    ProcessedClaim processedClaim = c.clone();
+                    processedClaim.setClaimType(URI.create(mappedProcessedClaimType));
+                    mappedProcessedClaims.add(processedClaim);
+                } else if (keepUnmapped) {
+                    mappedProcessedClaims.add(c.clone());
+                }
+            }
+        }
+        return mappedProcessedClaims;
+    }
+
+    /**
+     * @param claim Claim providing values to be mapped
+     * @param map Map of old:new mapping values
+     * @param keepUnmapped if set to false only values contained in the map will be returned.
If set to true,
+     *            values not contained in the map will also remain in the returned claim.
+     * @return Returns the provided claim with mapped values
+     */
+    public ProcessedClaim mapValues(ProcessedClaim processedClaim, Map<Object, Object>
mapping, boolean keepUnmapped) {
+
+        if (processedClaim != null) {
+            List<Object> values = processedClaim.getValues();
+            List<Object> mappedValues = new ArrayList<Object>();
+
+            if (values == null || mapping == null || mapping.size() == 0) {
+                processedClaim.setValues(mappedValues);
+                return processedClaim;
+            }
+
+            for (Object value : values) {
+                Object newValue = mapping.get(value);
+                if (newValue != null) {
+                    mappedValues.add(newValue);
+                } else if (keepUnmapped) {
+                    mappedValues.add(value);
+                }
+            }
+            processedClaim.setValues(mappedValues);
+        }
+        return processedClaim;
+    }
+
+    /**
+     * @param claims Collection of claims containing claims with claim types of listed <code>claimType</code>
+     *            array
+     * @param targetClaimType claim type URI of merged result claim
+     * @param delimiter Delimiter added between multiple claim types. Value can be <code>null</code>.
+     * @param claimType URIs of claim types to be merged. Merging will be in the same order
as the provided
+     *            claim type URIs. If a claim type is not found in the collection this claim
type will be
+     *            omitted.
+     * @return Returns merged claim of all found claim types
+     */
+    public ProcessedClaim merge(ProcessedClaimCollection processedClaims, String targetClaimType,
String delimiter,
+        String... processedClaimType) {
+        ProcessedClaim mergedProcessedClaim = null;
+        StringBuilder sbProcessedClaimValue = new StringBuilder();
+        for (String sc : processedClaimType) {
+            ProcessedClaim c = get(processedClaims, sc);
+            if (c != null) {
+                List<Object> values = c.getValues();
+                if (values != null && values.size() > 0) {
+                    if (mergedProcessedClaim == null) {
+                        // First match TODO refactor for better method override
+                        mergedProcessedClaim = c.clone();
+                        sbProcessedClaimValue.append(values.get(0));
+                        mergedProcessedClaim.getValues().clear();
+                    } else {
+                        sbProcessedClaimValue.append(delimiter).append(values.get(0));
+                    }
+                }
+            }
+        }
+        if (mergedProcessedClaim != null) {
+            mergedProcessedClaim.setClaimType(URI.create(targetClaimType));
+            mergedProcessedClaim.addValue(sbProcessedClaimValue.toString());
+        }
+
+        return mergedProcessedClaim;
+    }
+
+    /**
+     * @param claim Claim to be updated
+     * @param claimTypeURI URI as String to be set as claim type in provided claim
+     * @return Returns updated claim
+     */
+    public ProcessedClaim setType(ProcessedClaim processedClaim, String processedClaimTypeURI)
{
+        processedClaim.setClaimType(URI.create(processedClaimTypeURI));
+        return processedClaim;
+    }
+
+    /**
+     * All claims within the provided collection will be updated in the following manner:
If no original
+     * issuer is set, the issuer in the provided claims will be set as original issuer. If
an original issuer
+     * was already set before, the original issuer will not be updated. All claims will be
updated to have the
+     * provided issuer name be set as the claim issuer.
+     * 
+     * @param claims Collection of claims to be updated
+     * @param issuerName Issuer to be set for all claims within the collection
+     * @return Returns updated claim collection
+     */
+    public ProcessedClaimCollection updateIssuer(ProcessedClaimCollection processedClaims,
String newIssuer) {
+        for (ProcessedClaim c : processedClaims) {
+            if (c.getOriginalIssuer() == null) {
+                c.setOriginalIssuer(c.getIssuer());
+            }
+            c.setIssuer(newIssuer);
+        }
+        return processedClaims;
+    }
+
+    /**
+     * @param claim values of this claim will be transformed to uppercase format
+     * @return Returns claim with values all in uppercase format
+     */
+    public ProcessedClaim upperCaseValues(ProcessedClaim processedClaim) {
+        if (processedClaim != null && processedClaim.getValues() != null) {
+            List<Object> oldValues = processedClaim.getValues();
+            List<Object> newValues = new ArrayList<Object>();
+            for (Object value : oldValues) {
+                newValues.add(value.toString().toUpperCase());
+            }
+            processedClaim.getValues().clear();
+            processedClaim.getValues().addAll(newValues);
+        }
+        return processedClaim;
+    }
+
+    /**
+     * @param claim values of this claim will be transformed to lowercase format
+     * @return Returns claim with values all in lowercase format
+     */
+    public ProcessedClaim lowerCaseValues(ProcessedClaim processedClaim) {
+        if (processedClaim != null && processedClaim.getValues() != null) {
+            List<Object> oldValues = processedClaim.getValues();
+            List<Object> newValues = new ArrayList<Object>();
+            for (Object value : oldValues) {
+                newValues.add(value.toString().toLowerCase());
+            }
+            processedClaim.getValues().clear();
+            processedClaim.getValues().addAll(newValues);
+        }
+        return processedClaim;
+    }
+
+    /**
+     * @param claim Claim providing values to be wrapped
+     * @param prefix Prefix to be added to each claim value. Can be null.
+     * @param suffix Suffix to be appended to each claim value. Can be null.
+     * @return Returns the provided claim with wrapped values
+     */
+    public ProcessedClaim wrapValues(ProcessedClaim processedClaim, String prefix, String
suffix) {
+        prefix = (prefix == null)
+            ? ""
+            : prefix;
+        suffix = (suffix == null)
+            ? ""
+            : suffix;
+        if (processedClaim != null && processedClaim.getValues() != null) {
+            List<Object> oldValues = processedClaim.getValues();
+            List<Object> newValues = new ArrayList<Object>();
+            for (Object value : oldValues) {
+                newValues.add(prefix + value.toString() + suffix);
+            }
+            processedClaim.getValues().clear();
+            processedClaim.getValues().addAll(newValues);
+        }
+        return processedClaim;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/31c80946/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
new file mode 100644
index 0000000..8fbe59f
--- /dev/null
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
@@ -0,0 +1,85 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.claims.mapper;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import org.apache.commons.jexl2.JexlContext;
+import org.apache.commons.jexl2.JexlEngine;
+import org.apache.commons.jexl2.MapContext;
+import org.apache.commons.jexl2.Script;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.claims.ClaimsMapper;
+import org.apache.cxf.sts.claims.ClaimsParameters;
+import org.apache.cxf.sts.claims.ProcessedClaimCollection;
+
+public class JexlClaimsMapper implements ClaimsMapper {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(JexlClaimsMapper.class);
+
+    JexlEngine jexl = new JexlEngine();
+    JexlContext context = new MapContext();
+    private Script script;
+
+    public JexlClaimsMapper() {
+        // jexl.setCache(512);
+        // jexl.setLenient(false);
+        jexl.setSilent(false);
+        
+        Map<String, Object> functions = new HashMap<String, Object>();
+        functions.put("claims", new ClaimUtils());
+        jexl.setFunctions(functions);
+    }
+
+    public ProcessedClaimCollection mapClaims(String sourceRealm, ProcessedClaimCollection
sourceClaims,
+        String targetRealm, ClaimsParameters parameters) {
+        context.set("sourceClaims", sourceClaims);
+        context.set("targetClaims", new ProcessedClaimCollection());
+        context.set("sourceRealm", sourceRealm);
+        context.set("targetRealm", targetRealm);
+        context.set("claimsParameters", parameters);
+
+        Script s = getScript();
+        if (s == null) {
+            LOG.warning("No claim mapping script defined");
+            return new ProcessedClaimCollection(); // TODO Check if null or an exception
would be more
+                                                   // appropriate
+        } else {
+            return (ProcessedClaimCollection)s.execute(context);
+        }
+    }
+
+    public Script getScript() {
+        return script;
+    }
+
+    public void setScript(Script script) {
+        this.script = script;
+    }
+
+    public void setScript(String scriptPath) throws IOException {
+        this.script = jexl.createScript(new File(scriptPath));
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/31c80946/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapperTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapperTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapperTest.java
index db530a5..cec247a 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapperTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapperTest.java
@@ -22,22 +22,38 @@ package org.apache.cxf.sts.claims.mapper;
 import java.io.IOException;
 import java.net.URI;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.List;
 
 import org.apache.cxf.sts.StaticSTSProperties;
 import org.apache.cxf.sts.claims.ClaimsParameters;
-import org.apache.cxf.sts.claims.JexlClaimsMapper;
 import org.apache.cxf.sts.claims.ProcessedClaim;
 import org.apache.cxf.sts.claims.ProcessedClaimCollection;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameters;
 
+@RunWith(Parameterized.class)
 public class JexlClaimsMapperTest extends org.junit.Assert {
 
     JexlClaimsMapper jcm;
-
-    public JexlClaimsMapperTest() throws IOException {
+    
+    public JexlClaimsMapperTest(String scriptPath) throws IOException {
         jcm = new JexlClaimsMapper();
-        jcm.setScript("src/test/resources/jexlClaimMappings.script");
+        jcm.setScript(scriptPath);
+    }
+    
+    @Parameters
+    public static Collection<Object[]> data() {
+        Object[][] data = new Object[][] {
+            {
+                "src/test/resources/jexlClaimMappingsWithoutFunctions.script"
+            }, {
+                "src/test/resources/jexlClaimMappingsWithFunctions.script"
+            }
+        };
+        return Arrays.asList(data);
     }
 
     @Test

http://git-wip-us.apache.org/repos/asf/cxf/blob/31c80946/services/sts/sts-core/src/test/resources/jexlClaimMappings.script
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/resources/jexlClaimMappings.script b/services/sts/sts-core/src/test/resources/jexlClaimMappings.script
deleted file mode 100644
index 6b5c4f3..0000000
--- a/services/sts/sts-core/src/test/resources/jexlClaimMappings.script
+++ /dev/null
@@ -1,127 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-{
-    // Role value mapping
-    var roleClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role';
-    var roleMappings = { "admin" : "administrator", "manager" : "manager" };
-    
-    for (c : sourceClaims) {
-    	if(c.claimType == roleClaimType) {
-	    	var mappedValues = new("java.util.ArrayList");
-	    	for (v : c.values) {
-	    		var newValue = roleMappings.get(v);
-	    		if (newValue != null) {
-	    			mappedValues.add(newValue);
-	    		}
-	    	}
-	    	c.values = mappedValues;
-	    	targetClaims.add(c);
-    	}
-    }
-    
-    // Claim merge
-    var firstNameClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname';
-    var lastNameClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname';
-    var firstName;
-    var lastName;
-    var issuer;
-    for (c : sourceClaims) {
-    	if(c.claimType == firstNameClaimType) {
-    		firstName = c.values[0];
-    		issuer = c.issuer;
-    	} else if(c.claimType == lastNameClaimType) {
-    		lastName = c.values[0];
-    	}
-    }
-    if (firstName != null && lastName != null) {
-    	var claim = new("org.apache.cxf.sts.claims.ProcessedClaim");
-    	claim.issuer = issuer;
-    	claim.claimType = new("java.net.URI", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name");
-    	claim.addValue(firstName + " " + lastName);
-    	targetClaims.add(claim);
-    }
-    
-    // Additional static claim
-    var idpClaim = new("org.apache.cxf.sts.claims.ProcessedClaim");
-    idpClaim.claimType = new("java.net.URI", "http://schemas.microsoft.com/identity/claims/identityprovider");
-    idpClaim.value = "https://idp.apache.org/cbb375d-33b-45fa-9bf5-f33bd8721a77/";
-    targetClaims.add(idpClaim);
-    
-    // Claim value updates
-    var uppercaseClaim = new("org.apache.cxf.sts.claims.ProcessedClaim");
-    uppercaseClaim.claimType = new("java.net.URI", "http://my.schema.org/identity/claims/uppercase");
-    uppercaseClaim.values.add("Value");
-    uppercaseClaim.values.add("Value2");
-    var newValues = new("java.util.ArrayList");
-    for (v : uppercaseClaim.values) {
-    	newValue = v.toUpperCase();
-    	newValues.add(newValue);
-    }
-    uppercaseClaim.values = newValues;
-    targetClaims.add(uppercaseClaim);
-    
-    var lowercaseClaim = new("org.apache.cxf.sts.claims.ProcessedClaim");
-    lowercaseClaim.claimType = new("java.net.URI", "http://my.schema.org/identity/claims/lowercase");
-    lowercaseClaim.values.add("Value");
-    lowercaseClaim.values.add("Value2");
-    var newValues = new("java.util.ArrayList");
-    for (v : lowercaseClaim.values) {
-    	newValue = v.toLowerCase();
-    	newValues.add(newValue);
-    }
-    lowercaseClaim.values = newValues;
-    targetClaims.add(lowercaseClaim);
-    
-    var wrappedUppercaseClaim = new("org.apache.cxf.sts.claims.ProcessedClaim");
-    wrappedUppercaseClaim.claimType = new("java.net.URI", "http://my.schema.org/identity/claims/wrappedUppercase");
-    wrappedUppercaseClaim.values.add("Value");
-    var newValues = new("java.util.ArrayList");
-    for (v : wrappedUppercaseClaim.values) {
-    	newValue = "Prefix_" + v + "_Suffix";
-    	newValues.add(newValue);
-    }
-    wrappedUppercaseClaim.values = newValues;
-    var newValues = new("java.util.ArrayList");
-    for (v : wrappedUppercaseClaim.values) {
-    	newValue = v.toUpperCase();
-    	newValues.add(newValue);
-    }
-    wrappedUppercaseClaim.values = newValues;
-    targetClaims.add(wrappedUppercaseClaim);
-    
-    // Direct copy
-    var emailClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mail';
-    for (c : sourceClaims) {
-    	if(c.claimType == emailClaimType) {
-    		targetClaims.add(c);
-    	}
-    }
-    
-    // Set correct issuer
-    for (c : targetClaims) {
-    	if(c.originalIssuer == null) {
-    		c.originalIssuer = c.issuer;
-    	}
-    	c.issuer = claimsParameters.stsProperties.issuer;
-    }
-    
-    // Return new claims
-    return targetClaims;
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/31c80946/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithFunctions.script
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithFunctions.script
b/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithFunctions.script
new file mode 100644
index 0000000..af5bb35
--- /dev/null
+++ b/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithFunctions.script
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+{
+    // Role value mapping
+    var roleClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role';
+    var roleClaim = claims:get(sourceClaims, roleClaimType);
+    var roleMappings = { "admin" : "administrator", "manager" : "manager" };
+    var mappedRoles = claims:mapValues(roleClaim, roleMappings, false);
+    
+    // Claim merge
+    var delimiter = ' ';
+    var firstNameClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname';
+    var lastNameClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname';
+    var fullNameClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name';
+    var mergedClaim = claims:merge(sourceClaims, fullNameClaimType, delimiter, firstNameClaimType,
lastNameClaimType);
+    
+    // Additional static claim
+    var idpClaim = claims:create("http://schemas.microsoft.com/identity/claims/identityprovider",
+            "https://idp.apache.org/cbb375d-33b-45fa-9bf5-f33bd8721a77/");
+
+    // Claim value updates
+    var uppercaseClaim = claims:create("http://my.schema.org/identity/claims/uppercase",
"Value", "Value2");
+    claims:upperCaseValues(uppercaseClaim);
+    var lowercaseClaim = claims:create("http://my.schema.org/identity/claims/lowercase",
"Value", "Value2");
+    claims:lowerCaseValues(lowercaseClaim);
+    var wrappedUppercaseClaim = claims:create("http://my.schema.org/identity/claims/wrappedUppercase",
"Value");
+    claims:wrapValues(wrappedUppercaseClaim, "Prefix_", "_Suffix");
+    claims:upperCaseValues(wrappedUppercaseClaim);
+
+    // Simple claim copy
+    var emailClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mail';
+    var emailClaim = claims:get(sourceClaims, emailClaimType);
+    
+    // Collect claims for new token
+    claims:add(targetClaims, mappedRoles, mergedClaim, idpClaim);
+    claims:add(targetClaims, uppercaseClaim, lowercaseClaim, wrappedUppercaseClaim, emailClaim);
+    
+    // Set correct issuer
+    claims:updateIssuer(targetClaims, claimsParameters.stsProperties.issuer);
+    
+    // Return new claims
+    return targetClaims;
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/31c80946/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithoutFunctions.script
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithoutFunctions.script
b/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithoutFunctions.script
new file mode 100644
index 0000000..6b5c4f3
--- /dev/null
+++ b/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithoutFunctions.script
@@ -0,0 +1,127 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+{
+    // Role value mapping
+    var roleClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role';
+    var roleMappings = { "admin" : "administrator", "manager" : "manager" };
+    
+    for (c : sourceClaims) {
+    	if(c.claimType == roleClaimType) {
+	    	var mappedValues = new("java.util.ArrayList");
+	    	for (v : c.values) {
+	    		var newValue = roleMappings.get(v);
+	    		if (newValue != null) {
+	    			mappedValues.add(newValue);
+	    		}
+	    	}
+	    	c.values = mappedValues;
+	    	targetClaims.add(c);
+    	}
+    }
+    
+    // Claim merge
+    var firstNameClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname';
+    var lastNameClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname';
+    var firstName;
+    var lastName;
+    var issuer;
+    for (c : sourceClaims) {
+    	if(c.claimType == firstNameClaimType) {
+    		firstName = c.values[0];
+    		issuer = c.issuer;
+    	} else if(c.claimType == lastNameClaimType) {
+    		lastName = c.values[0];
+    	}
+    }
+    if (firstName != null && lastName != null) {
+    	var claim = new("org.apache.cxf.sts.claims.ProcessedClaim");
+    	claim.issuer = issuer;
+    	claim.claimType = new("java.net.URI", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name");
+    	claim.addValue(firstName + " " + lastName);
+    	targetClaims.add(claim);
+    }
+    
+    // Additional static claim
+    var idpClaim = new("org.apache.cxf.sts.claims.ProcessedClaim");
+    idpClaim.claimType = new("java.net.URI", "http://schemas.microsoft.com/identity/claims/identityprovider");
+    idpClaim.value = "https://idp.apache.org/cbb375d-33b-45fa-9bf5-f33bd8721a77/";
+    targetClaims.add(idpClaim);
+    
+    // Claim value updates
+    var uppercaseClaim = new("org.apache.cxf.sts.claims.ProcessedClaim");
+    uppercaseClaim.claimType = new("java.net.URI", "http://my.schema.org/identity/claims/uppercase");
+    uppercaseClaim.values.add("Value");
+    uppercaseClaim.values.add("Value2");
+    var newValues = new("java.util.ArrayList");
+    for (v : uppercaseClaim.values) {
+    	newValue = v.toUpperCase();
+    	newValues.add(newValue);
+    }
+    uppercaseClaim.values = newValues;
+    targetClaims.add(uppercaseClaim);
+    
+    var lowercaseClaim = new("org.apache.cxf.sts.claims.ProcessedClaim");
+    lowercaseClaim.claimType = new("java.net.URI", "http://my.schema.org/identity/claims/lowercase");
+    lowercaseClaim.values.add("Value");
+    lowercaseClaim.values.add("Value2");
+    var newValues = new("java.util.ArrayList");
+    for (v : lowercaseClaim.values) {
+    	newValue = v.toLowerCase();
+    	newValues.add(newValue);
+    }
+    lowercaseClaim.values = newValues;
+    targetClaims.add(lowercaseClaim);
+    
+    var wrappedUppercaseClaim = new("org.apache.cxf.sts.claims.ProcessedClaim");
+    wrappedUppercaseClaim.claimType = new("java.net.URI", "http://my.schema.org/identity/claims/wrappedUppercase");
+    wrappedUppercaseClaim.values.add("Value");
+    var newValues = new("java.util.ArrayList");
+    for (v : wrappedUppercaseClaim.values) {
+    	newValue = "Prefix_" + v + "_Suffix";
+    	newValues.add(newValue);
+    }
+    wrappedUppercaseClaim.values = newValues;
+    var newValues = new("java.util.ArrayList");
+    for (v : wrappedUppercaseClaim.values) {
+    	newValue = v.toUpperCase();
+    	newValues.add(newValue);
+    }
+    wrappedUppercaseClaim.values = newValues;
+    targetClaims.add(wrappedUppercaseClaim);
+    
+    // Direct copy
+    var emailClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mail';
+    for (c : sourceClaims) {
+    	if(c.claimType == emailClaimType) {
+    		targetClaims.add(c);
+    	}
+    }
+    
+    // Set correct issuer
+    for (c : targetClaims) {
+    	if(c.originalIssuer == null) {
+    		c.originalIssuer = c.issuer;
+    	}
+    	c.issuer = claimsParameters.stsProperties.issuer;
+    }
+    
+    // Return new claims
+    return targetClaims;
+}


Mime
View raw message