cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/6] git commit: [CXF-5927] Providing claim mapping utils
Date Wed, 06 Aug 2014 15:28:52 GMT
[CXF-5927] Providing claim mapping utils


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ed2a2ef4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ed2a2ef4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ed2a2ef4

Branch: refs/heads/2.7.x-fixes
Commit: ed2a2ef408dff9c4a9d64512ddefc039ccd8449c
Parents: 79285f4
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Mon Aug 4 16:40:01 2014 +0200
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Aug 6 16:24:20 2014 +0100

----------------------------------------------------------------------
 .../apache/cxf/sts/claims/JexlClaimsMapper.java |  76 -----
 .../cxf/sts/claims/mapper/ClaimUtils.java       | 281 +++++++++++++++++++
 .../cxf/sts/claims/mapper/JexlClaimsMapper.java |  85 ++++++
 .../sts/claims/mapper/JexlClaimsMapperTest.java |  22 +-
 .../src/test/resources/jexlClaimMappings.script | 127 ---------
 .../jexlClaimMappingsWithFunctions.script       |  60 ++++
 .../jexlClaimMappingsWithoutFunctions.script    | 127 +++++++++
 7 files changed, 572 insertions(+), 206 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/ed2a2ef4/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/JexlClaimsMapper.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/JexlClaimsMapper.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/JexlClaimsMapper.java
deleted file mode 100644
index c1cd1e8..0000000
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/JexlClaimsMapper.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.claims;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.logging.Logger;
-
-import org.apache.commons.jexl2.JexlContext;
-import org.apache.commons.jexl2.JexlEngine;
-import org.apache.commons.jexl2.MapContext;
-import org.apache.commons.jexl2.Script;
-import org.apache.cxf.common.logging.LogUtils;
-
-public class JexlClaimsMapper implements ClaimsMapper {
-
-    private static final Logger LOG = LogUtils.getL7dLogger(JexlClaimsMapper.class);
-
-    JexlEngine jexl = new JexlEngine();
-    JexlContext context = new MapContext();
-    private Script script;
-
-    public JexlClaimsMapper() {
-        // jexl.setCache(512);
-        // jexl.setLenient(false);
-        jexl.setSilent(false);
-    }
-
-    public ClaimCollection mapClaims(String sourceRealm, ClaimCollection sourceClaims,
-        String targetRealm, ClaimsParameters parameters) {
-        context.set("sourceClaims", sourceClaims);
-        context.set("targetClaims", new ClaimCollection());
-        context.set("sourceRealm", sourceRealm);
-        context.set("targetRealm", targetRealm);
-        context.set("claimsParameters", parameters);
-
-        Script s = getScript();
-        if (s == null) {
-            LOG.warning("No claim mapping script defined");
-            return new ClaimCollection(); // TODO Check if null or an exception would be
more
-                                                   // appropriate
-        } else {
-            return (ClaimCollection)s.execute(context);
-        }
-    }
-
-    public Script getScript() {
-        return script;
-    }
-
-    public void setScript(Script script) {
-        this.script = script;
-    }
-
-    public void setScript(String scriptPath) throws IOException {
-        this.script = jexl.createScript(new File(scriptPath));
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/ed2a2ef4/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
new file mode 100644
index 0000000..2967a9a
--- /dev/null
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/ClaimUtils.java
@@ -0,0 +1,281 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.claims.mapper;
+
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.cxf.sts.claims.Claim;
+import org.apache.cxf.sts.claims.ClaimCollection;
+
+public class ClaimUtils {
+
+    /**
+     * @param targetCollection Collection that should be used to add further claims to
+     * @param claims Claims to be added to the provided collection
+     * @return Returns provided collection including provided claims
+     */
+    public ClaimCollection add(ClaimCollection targetCollection, Claim... claims) {
+        for (Claim c : claims) {
+            if (c != null) {
+                targetCollection.add(c);
+            }
+        }
+        return targetCollection;
+    }
+
+    /**
+     * @param targetCollection Collection that should be used to add claims from the other
provided claim
+     *            collections
+     * @param claimCollections All claims contained within the provided collections will
be added to the
+     *            targetCollection
+     * @return Returns claim collection containing all claims that have been provided
+     */
+    public ClaimCollection add(ClaimCollection targetCollection,
+        ClaimCollection... claimCollections) {
+        for (ClaimCollection cc : claimCollections) {
+            targetCollection.addAll(cc);
+        }
+        return targetCollection;
+    }
+
+    /**
+     * @param claimTypeURI claim type URI
+     * @param values values of created claim. Can be null if no values shall be added to
claim.
+     * @return Returns new claim with provided claim type and values
+     */
+    public Claim create(String claimTypeURI, String... values) {
+        Claim claim = new Claim();
+        if (claimTypeURI != null) {
+            claim.setClaimType(URI.create(claimTypeURI));
+        }
+        if (values != null) {
+            claim.getValues().addAll(Arrays.asList(values));
+        }
+        return claim;
+    }
+
+    /**
+     * @param claims Collection of multiple claims with different claim types
+     * @param claimType URI of claim type to be selected from claim collection
+     * @return Returns first claim from claims collection matching the provided claimType
+     */
+    public Claim get(ClaimCollection claims, String claimType) {
+        if (claimType == null || claims == null) {
+            return null;
+        }
+        for (Claim c : claims) {
+            if (c.getClaimType() != null && claimType.equals(c.getClaimType().toString()))
{
+                return c;
+            }
+        }
+        return null;
+    }
+
+    /**
+     * @param claims Collection of claims to be mapped to a differnt claim type
+     * @param map Map of old:new claim types
+     * @param keepUnmapped if set to false only claims with a claim type contained in the
map will be
+     *            returned. If set to false claims with an unmapped claim type will also
be returned.
+     * @return Returns claim collection with mapped claim types
+     */
+    public ClaimCollection mapType(ClaimCollection claims, Map<String, String> map,
+        boolean keepUnmapped) {
+        ClaimCollection mappedClaims = new ClaimCollection();
+        if (claims != null && map != null) {
+            for (Claim c : claims) {
+                String claimType = (c.getClaimType() != null)
+                    ? c.getClaimType().toString()
+                    : "";
+                String mappedClaimType = map.get(claimType);
+                if (mappedClaimType != null) {
+                    Claim claim = c.clone();
+                    claim.setClaimType(URI.create(mappedClaimType));
+                    mappedClaims.add(claim);
+                } else if (keepUnmapped) {
+                    mappedClaims.add(c.clone());
+                }
+            }
+        }
+        return mappedClaims;
+    }
+
+    /**
+     * @param claim Claim providing values to be mapped
+     * @param map Map of old:new mapping values
+     * @param keepUnmapped if set to false only values contained in the map will be returned.
If set to true,
+     *            values not contained in the map will also remain in the returned claim.
+     * @return Returns the provided claim with mapped values
+     */
+    public Claim mapValues(Claim claim, Map<String, String> mapping, boolean keepUnmapped)
{
+
+        if (claim != null) {
+            List<String> values = claim.getValues();
+            List<String> mappedValues = new ArrayList<String>();
+
+            if (values == null || mapping == null || mapping.size() == 0) {
+                claim.setValues(mappedValues);
+                return claim;
+            }
+
+            for (String value : values) {
+                String newValue = mapping.get(value);
+                if (newValue != null) {
+                    mappedValues.add(newValue);
+                } else if (keepUnmapped) {
+                    mappedValues.add(value);
+                }
+            }
+            claim.setValues(mappedValues);
+        }
+        return claim;
+    }
+
+    /**
+     * @param claims Collection of claims containing claims with claim types of listed <code>claimType</code>
+     *            array
+     * @param targetClaimType claim type URI of merged result claim
+     * @param delimiter Delimiter added between multiple claim types. Value can be <code>null</code>.
+     * @param claimType URIs of claim types to be merged. Merging will be in the same order
as the provided
+     *            claim type URIs. If a claim type is not found in the collection this claim
type will be
+     *            omitted.
+     * @return Returns merged claim of all found claim types
+     */
+    public Claim merge(ClaimCollection claims, String targetClaimType, String delimiter,
+        String... claimType) {
+        Claim mergedClaim = null;
+        StringBuilder sbClaimValue = new StringBuilder();
+        for (String sc : claimType) {
+            Claim c = get(claims, sc);
+            if (c != null) {
+                List<String> values = c.getValues();
+                if (values != null && values.size() > 0) {
+                    if (mergedClaim == null) {
+                        // First match TODO refactor for better method override
+                        mergedClaim = c.clone();
+                        sbClaimValue.append(values.get(0));
+                        mergedClaim.getValues().clear();
+                    } else {
+                        sbClaimValue.append(delimiter).append(values.get(0));
+                    }
+                }
+            }
+        }
+        if (mergedClaim != null) {
+            mergedClaim.setClaimType(URI.create(targetClaimType));
+            mergedClaim.addValue(sbClaimValue.toString());
+        }
+
+        return mergedClaim;
+    }
+
+    /**
+     * @param claim Claim to be updated
+     * @param claimTypeURI URI as String to be set as claim type in provided claim
+     * @return Returns updated claim
+     */
+    public Claim setType(Claim claim, String claimTypeURI) {
+        claim.setClaimType(URI.create(claimTypeURI));
+        return claim;
+    }
+
+    /**
+     * All claims within the provided collection will be updated in the following manner:
If no original
+     * issuer is set, the issuer in the provided claims will be set as original issuer. If
an original issuer
+     * was already set before, the original issuer will not be updated. All claims will be
updated to have the
+     * provided issuer name be set as the claim issuer.
+     * 
+     * @param claims Collection of claims to be updated
+     * @param issuerName Issuer to be set for all claims within the collection
+     * @return Returns updated claim collection
+     */
+    public ClaimCollection updateIssuer(ClaimCollection claims, String newIssuer) {
+        for (Claim c : claims) {
+            if (c.getOriginalIssuer() == null) {
+                c.setOriginalIssuer(c.getIssuer());
+            }
+            c.setIssuer(newIssuer);
+        }
+        return claims;
+    }
+
+    /**
+     * @param claim values of this claim will be transformed to uppercase format
+     * @return Returns claim with values all in uppercase format
+     */
+    public Claim upperCaseValues(Claim claim) {
+        if (claim != null && claim.getValues() != null) {
+            List<String> oldValues = claim.getValues();
+            List<String> newValues = new ArrayList<String>();
+            for (String value : oldValues) {
+                newValues.add(value.toUpperCase());
+            }
+            claim.getValues().clear();
+            claim.getValues().addAll(newValues);
+        }
+        return claim;
+    }
+
+    /**
+     * @param claim values of this claim will be transformed to lowercase format
+     * @return Returns claim with values all in lowercase format
+     */
+    public Claim lowerCaseValues(Claim claim) {
+        if (claim != null && claim.getValues() != null) {
+            List<String> oldValues = claim.getValues();
+            List<String> newValues = new ArrayList<String>();
+            for (String value : oldValues) {
+                newValues.add(value.toLowerCase());
+            }
+            claim.getValues().clear();
+            claim.getValues().addAll(newValues);
+        }
+        return claim;
+    }
+
+    /**
+     * @param claim Claim providing values to be wrapped
+     * @param prefix Prefix to be added to each claim value. Can be null.
+     * @param suffix Suffix to be appended to each claim value. Can be null.
+     * @return Returns the provided claim with wrapped values
+     */
+    public Claim wrapValues(Claim claim, String prefix, String suffix) {
+        prefix = (prefix == null)
+            ? ""
+            : prefix;
+        suffix = (suffix == null)
+            ? ""
+            : suffix;
+        if (claim != null && claim.getValues() != null) {
+            List<String> oldValues = claim.getValues();
+            List<String> newValues = new ArrayList<String>();
+            for (String value : oldValues) {
+                newValues.add(prefix + value + suffix);
+            }
+            claim.getValues().clear();
+            claim.getValues().addAll(newValues);
+        }
+        return claim;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/ed2a2ef4/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
new file mode 100644
index 0000000..496897d
--- /dev/null
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapper.java
@@ -0,0 +1,85 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.claims.mapper;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import org.apache.commons.jexl2.JexlContext;
+import org.apache.commons.jexl2.JexlEngine;
+import org.apache.commons.jexl2.MapContext;
+import org.apache.commons.jexl2.Script;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.claims.ClaimCollection;
+import org.apache.cxf.sts.claims.ClaimsMapper;
+import org.apache.cxf.sts.claims.ClaimsParameters;
+
+public class JexlClaimsMapper implements ClaimsMapper {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(JexlClaimsMapper.class);
+
+    JexlEngine jexl = new JexlEngine();
+    JexlContext context = new MapContext();
+    private Script script;
+
+    public JexlClaimsMapper() {
+        // jexl.setCache(512);
+        // jexl.setLenient(false);
+        jexl.setSilent(false);
+        
+        Map<String, Object> functions = new HashMap<String, Object>();
+        functions.put("claims", new ClaimUtils());
+        jexl.setFunctions(functions);
+    }
+
+    public ClaimCollection mapClaims(String sourceRealm, ClaimCollection sourceClaims,
+        String targetRealm, ClaimsParameters parameters) {
+        context.set("sourceClaims", sourceClaims);
+        context.set("targetClaims", new ClaimCollection());
+        context.set("sourceRealm", sourceRealm);
+        context.set("targetRealm", targetRealm);
+        context.set("claimsParameters", parameters);
+
+        Script s = getScript();
+        if (s == null) {
+            LOG.warning("No claim mapping script defined");
+            return new ClaimCollection(); // TODO Check if null or an exception would be
more
+                                                   // appropriate
+        } else {
+            return (ClaimCollection)s.execute(context);
+        }
+    }
+
+    public Script getScript() {
+        return script;
+    }
+
+    public void setScript(Script script) {
+        this.script = script;
+    }
+
+    public void setScript(String scriptPath) throws IOException {
+        this.script = jexl.createScript(new File(scriptPath));
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/ed2a2ef4/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapperTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapperTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapperTest.java
index 9df89c7..6ee0d10 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapperTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/claims/mapper/JexlClaimsMapperTest.java
@@ -22,21 +22,37 @@ package org.apache.cxf.sts.claims.mapper;
 import java.io.IOException;
 import java.net.URI;
 import java.util.Arrays;
+import java.util.Collection;
 
 import org.apache.cxf.sts.StaticSTSProperties;
 import org.apache.cxf.sts.claims.Claim;
 import org.apache.cxf.sts.claims.ClaimCollection;
 import org.apache.cxf.sts.claims.ClaimsParameters;
-import org.apache.cxf.sts.claims.JexlClaimsMapper;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameters;
 
+@RunWith(Parameterized.class)
 public class JexlClaimsMapperTest extends org.junit.Assert {
 
     JexlClaimsMapper jcm;
 
-    public JexlClaimsMapperTest() throws IOException {
+    public JexlClaimsMapperTest(String scriptPath) throws IOException {
         jcm = new JexlClaimsMapper();
-        jcm.setScript("src/test/resources/jexlClaimMappings.script");
+        jcm.setScript(scriptPath);
+    }
+
+    @Parameters
+    public static Collection<Object[]> data() {
+        Object[][] data = new Object[][] {
+            {
+                "src/test/resources/jexlClaimMappingsWithoutFunctions.script"
+            }, {
+                "src/test/resources/jexlClaimMappingsWithFunctions.script"
+            }
+        };
+        return Arrays.asList(data);
     }
 
     @Test

http://git-wip-us.apache.org/repos/asf/cxf/blob/ed2a2ef4/services/sts/sts-core/src/test/resources/jexlClaimMappings.script
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/resources/jexlClaimMappings.script b/services/sts/sts-core/src/test/resources/jexlClaimMappings.script
deleted file mode 100644
index b477088..0000000
--- a/services/sts/sts-core/src/test/resources/jexlClaimMappings.script
+++ /dev/null
@@ -1,127 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-{
-    // Role value mapping
-    var roleClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role';
-    var roleMappings = { "admin" : "administrator", "manager" : "manager" };
-    
-    for (c : sourceClaims) {
-    	if(c.claimType == roleClaimType) {
-	    	var mappedValues = new("java.util.ArrayList");
-	    	for (v : c.values) {
-	    		var newValue = roleMappings.get(v);
-	    		if (newValue != null) {
-	    			mappedValues.add(newValue);
-	    		}
-	    	}
-	    	c.values = mappedValues;
-	    	targetClaims.add(c);
-    	}
-    }
-    
-    // Claim merge
-    var firstNameClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname';
-    var lastNameClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname';
-    var firstName;
-    var lastName;
-    var issuer;
-    for (c : sourceClaims) {
-    	if(c.claimType == firstNameClaimType) {
-    		firstName = c.values[0];
-    		issuer = c.issuer;
-    	} else if(c.claimType == lastNameClaimType) {
-    		lastName = c.values[0];
-    	}
-    }
-    if (firstName != null && lastName != null) {
-    	var claim = new("org.apache.cxf.sts.claims.Claim");
-    	claim.issuer = issuer;
-    	claim.claimType = new("java.net.URI", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name");
-    	claim.addValue(firstName + " " + lastName);
-    	targetClaims.add(claim);
-    }
-    
-    // Additional static claim
-    var idpClaim = new("org.apache.cxf.sts.claims.Claim");
-    idpClaim.claimType = new("java.net.URI", "http://schemas.microsoft.com/identity/claims/identityprovider");
-    idpClaim.value = "https://idp.apache.org/cbb375d-33b-45fa-9bf5-f33bd8721a77/";
-    targetClaims.add(idpClaim);
-    
-    // Claim value updates
-    var uppercaseClaim = new("org.apache.cxf.sts.claims.Claim");
-    uppercaseClaim.claimType = new("java.net.URI", "http://my.schema.org/identity/claims/uppercase");
-    uppercaseClaim.values.add("Value");
-    uppercaseClaim.values.add("Value2");
-    var newValues = new("java.util.ArrayList");
-    for (v : uppercaseClaim.values) {
-    	newValue = v.toUpperCase();
-    	newValues.add(newValue);
-    }
-    uppercaseClaim.values = newValues;
-    targetClaims.add(uppercaseClaim);
-    
-    var lowercaseClaim = new("org.apache.cxf.sts.claims.Claim");
-    lowercaseClaim.claimType = new("java.net.URI", "http://my.schema.org/identity/claims/lowercase");
-    lowercaseClaim.values.add("Value");
-    lowercaseClaim.values.add("Value2");
-    var newValues = new("java.util.ArrayList");
-    for (v : lowercaseClaim.values) {
-    	newValue = v.toLowerCase();
-    	newValues.add(newValue);
-    }
-    lowercaseClaim.values = newValues;
-    targetClaims.add(lowercaseClaim);
-    
-    var wrappedUppercaseClaim = new("org.apache.cxf.sts.claims.Claim");
-    wrappedUppercaseClaim.claimType = new("java.net.URI", "http://my.schema.org/identity/claims/wrappedUppercase");
-    wrappedUppercaseClaim.values.add("Value");
-    var newValues = new("java.util.ArrayList");
-    for (v : wrappedUppercaseClaim.values) {
-    	newValue = "Prefix_" + v + "_Suffix";
-    	newValues.add(newValue);
-    }
-    wrappedUppercaseClaim.values = newValues;
-    var newValues = new("java.util.ArrayList");
-    for (v : wrappedUppercaseClaim.values) {
-    	newValue = v.toUpperCase();
-    	newValues.add(newValue);
-    }
-    wrappedUppercaseClaim.values = newValues;
-    targetClaims.add(wrappedUppercaseClaim);
-    
-    // Direct copy
-    var emailClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mail';
-    for (c : sourceClaims) {
-    	if(c.claimType == emailClaimType) {
-    		targetClaims.add(c);
-    	}
-    }
-    
-    // Set correct issuer
-    for (c : targetClaims) {
-    	if(c.originalIssuer == null) {
-    		c.originalIssuer = c.issuer;
-    	}
-    	c.issuer = claimsParameters.stsProperties.issuer;
-    }
-    
-    // Return new claims
-    return targetClaims;
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/ed2a2ef4/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithFunctions.script
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithFunctions.script
b/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithFunctions.script
new file mode 100644
index 0000000..af5bb35
--- /dev/null
+++ b/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithFunctions.script
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+{
+    // Role value mapping
+    var roleClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role';
+    var roleClaim = claims:get(sourceClaims, roleClaimType);
+    var roleMappings = { "admin" : "administrator", "manager" : "manager" };
+    var mappedRoles = claims:mapValues(roleClaim, roleMappings, false);
+    
+    // Claim merge
+    var delimiter = ' ';
+    var firstNameClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname';
+    var lastNameClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname';
+    var fullNameClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name';
+    var mergedClaim = claims:merge(sourceClaims, fullNameClaimType, delimiter, firstNameClaimType,
lastNameClaimType);
+    
+    // Additional static claim
+    var idpClaim = claims:create("http://schemas.microsoft.com/identity/claims/identityprovider",
+            "https://idp.apache.org/cbb375d-33b-45fa-9bf5-f33bd8721a77/");
+
+    // Claim value updates
+    var uppercaseClaim = claims:create("http://my.schema.org/identity/claims/uppercase",
"Value", "Value2");
+    claims:upperCaseValues(uppercaseClaim);
+    var lowercaseClaim = claims:create("http://my.schema.org/identity/claims/lowercase",
"Value", "Value2");
+    claims:lowerCaseValues(lowercaseClaim);
+    var wrappedUppercaseClaim = claims:create("http://my.schema.org/identity/claims/wrappedUppercase",
"Value");
+    claims:wrapValues(wrappedUppercaseClaim, "Prefix_", "_Suffix");
+    claims:upperCaseValues(wrappedUppercaseClaim);
+
+    // Simple claim copy
+    var emailClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mail';
+    var emailClaim = claims:get(sourceClaims, emailClaimType);
+    
+    // Collect claims for new token
+    claims:add(targetClaims, mappedRoles, mergedClaim, idpClaim);
+    claims:add(targetClaims, uppercaseClaim, lowercaseClaim, wrappedUppercaseClaim, emailClaim);
+    
+    // Set correct issuer
+    claims:updateIssuer(targetClaims, claimsParameters.stsProperties.issuer);
+    
+    // Return new claims
+    return targetClaims;
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/ed2a2ef4/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithoutFunctions.script
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithoutFunctions.script
b/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithoutFunctions.script
new file mode 100644
index 0000000..b477088
--- /dev/null
+++ b/services/sts/sts-core/src/test/resources/jexlClaimMappingsWithoutFunctions.script
@@ -0,0 +1,127 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+{
+    // Role value mapping
+    var roleClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role';
+    var roleMappings = { "admin" : "administrator", "manager" : "manager" };
+    
+    for (c : sourceClaims) {
+    	if(c.claimType == roleClaimType) {
+	    	var mappedValues = new("java.util.ArrayList");
+	    	for (v : c.values) {
+	    		var newValue = roleMappings.get(v);
+	    		if (newValue != null) {
+	    			mappedValues.add(newValue);
+	    		}
+	    	}
+	    	c.values = mappedValues;
+	    	targetClaims.add(c);
+    	}
+    }
+    
+    // Claim merge
+    var firstNameClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname';
+    var lastNameClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname';
+    var firstName;
+    var lastName;
+    var issuer;
+    for (c : sourceClaims) {
+    	if(c.claimType == firstNameClaimType) {
+    		firstName = c.values[0];
+    		issuer = c.issuer;
+    	} else if(c.claimType == lastNameClaimType) {
+    		lastName = c.values[0];
+    	}
+    }
+    if (firstName != null && lastName != null) {
+    	var claim = new("org.apache.cxf.sts.claims.Claim");
+    	claim.issuer = issuer;
+    	claim.claimType = new("java.net.URI", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name");
+    	claim.addValue(firstName + " " + lastName);
+    	targetClaims.add(claim);
+    }
+    
+    // Additional static claim
+    var idpClaim = new("org.apache.cxf.sts.claims.Claim");
+    idpClaim.claimType = new("java.net.URI", "http://schemas.microsoft.com/identity/claims/identityprovider");
+    idpClaim.value = "https://idp.apache.org/cbb375d-33b-45fa-9bf5-f33bd8721a77/";
+    targetClaims.add(idpClaim);
+    
+    // Claim value updates
+    var uppercaseClaim = new("org.apache.cxf.sts.claims.Claim");
+    uppercaseClaim.claimType = new("java.net.URI", "http://my.schema.org/identity/claims/uppercase");
+    uppercaseClaim.values.add("Value");
+    uppercaseClaim.values.add("Value2");
+    var newValues = new("java.util.ArrayList");
+    for (v : uppercaseClaim.values) {
+    	newValue = v.toUpperCase();
+    	newValues.add(newValue);
+    }
+    uppercaseClaim.values = newValues;
+    targetClaims.add(uppercaseClaim);
+    
+    var lowercaseClaim = new("org.apache.cxf.sts.claims.Claim");
+    lowercaseClaim.claimType = new("java.net.URI", "http://my.schema.org/identity/claims/lowercase");
+    lowercaseClaim.values.add("Value");
+    lowercaseClaim.values.add("Value2");
+    var newValues = new("java.util.ArrayList");
+    for (v : lowercaseClaim.values) {
+    	newValue = v.toLowerCase();
+    	newValues.add(newValue);
+    }
+    lowercaseClaim.values = newValues;
+    targetClaims.add(lowercaseClaim);
+    
+    var wrappedUppercaseClaim = new("org.apache.cxf.sts.claims.Claim");
+    wrappedUppercaseClaim.claimType = new("java.net.URI", "http://my.schema.org/identity/claims/wrappedUppercase");
+    wrappedUppercaseClaim.values.add("Value");
+    var newValues = new("java.util.ArrayList");
+    for (v : wrappedUppercaseClaim.values) {
+    	newValue = "Prefix_" + v + "_Suffix";
+    	newValues.add(newValue);
+    }
+    wrappedUppercaseClaim.values = newValues;
+    var newValues = new("java.util.ArrayList");
+    for (v : wrappedUppercaseClaim.values) {
+    	newValue = v.toUpperCase();
+    	newValues.add(newValue);
+    }
+    wrappedUppercaseClaim.values = newValues;
+    targetClaims.add(wrappedUppercaseClaim);
+    
+    // Direct copy
+    var emailClaimType = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mail';
+    for (c : sourceClaims) {
+    	if(c.claimType == emailClaimType) {
+    		targetClaims.add(c);
+    	}
+    }
+    
+    // Set correct issuer
+    for (c : targetClaims) {
+    	if(c.originalIssuer == null) {
+    		c.originalIssuer = c.issuer;
+    	}
+    	c.issuer = claimsParameters.stsProperties.issuer;
+    }
+    
+    // Return new claims
+    return targetClaims;
+}


Mime
View raw message