cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbernha...@apache.org
Subject [1/2] git commit: [CXF-6043] Adding multiple user base DN support
Date Fri, 10 Oct 2014 18:48:28 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 8e930bcfc -> 43c65b076


[CXF-6043] Adding multiple user base DN support


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a4222c93
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a4222c93
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a4222c93

Branch: refs/heads/master
Commit: a4222c930f7d69608f826c14e4bc7bc9f670097c
Parents: 8e930bc
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Fri Oct 10 18:57:08 2014 +0200
Committer: Jan Bernhardt <jbernhardt@talend.com>
Committed: Fri Oct 10 20:46:30 2014 +0200

----------------------------------------------------------------------
 .../cxf/sts/claims/LdapClaimsHandler.java       | 28 ++++++++--
 .../org/apache/cxf/sts/ldap/LDAPClaimsTest.java | 59 ++++++++++++++++++++
 .../sts-core/src/test/resources/ldap.properties |  3 +-
 .../sts/sts-core/src/test/resources/ldap.xml    | 16 +++++-
 4 files changed, 97 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/a4222c93/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
index 238544c..f833798 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
@@ -51,6 +51,7 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport {
     private LdapTemplate ldap;
     private Map<String, String> claimMapping;
     private String userBaseDn;
+    private List<String> userBaseDNs;
     private String delimiter = ";";
     private boolean x500FilterEnabled = true;
     private String objectClass = "person";
@@ -202,14 +203,25 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport
{
             String[] searchAttributes = null;
             searchAttributes = searchAttributeList.toArray(new String[searchAttributeList.size()]);
             
-            ldapAttributes = LdapUtils.getAttributesOfEntry(ldap, this.userBaseDn, this.getObjectClass(),
-                                                            this.getUserNameAttribute(),
user, searchAttributes);
+            if (this.userBaseDNs == null || this.userBaseDn != null) {
+                ldapAttributes = LdapUtils.getAttributesOfEntry(ldap, this.userBaseDn, this.getObjectClass(),
this
+                    .getUserNameAttribute(), user, searchAttributes);
+            }
+            if (this.userBaseDNs != null && (ldapAttributes == null || ldapAttributes.size()
== 0)) {
+                for (String userBase : userBaseDNs) {
+                    ldapAttributes = LdapUtils.getAttributesOfEntry(ldap, userBase, this.getObjectClass(),
this
+                        .getUserNameAttribute(), user, searchAttributes);
+                    if (ldapAttributes != null && ldapAttributes.size() > 0) {
+                        break; // User found
+                    }
+                }
+            }
         }
         
         if (ldapAttributes == null || ldapAttributes.size() == 0) {
             //No result
             if (LOG.isLoggable(Level.INFO)) {
-                LOG.finest("User '" + user + "' not found");
+                LOG.info("User '" + user + "' not found");
             }
             return new ProcessedClaimCollection();
         }
@@ -278,8 +290,14 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport
{
     @Override
     public String getHandlerRealm() {
         return realm;
-    }  
+    }
 
-}
+    public List<String> getUserBaseDNs() {
+        return userBaseDNs;
+    }
 
+    public void setUserBaseDNs(List<String> userBaseDNs) {
+        this.userBaseDNs = userBaseDNs;
+    }  
 
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/a4222c93/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
index 6751131..f302c0a 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
@@ -111,6 +111,65 @@ public class LDAPClaimsTest {
 
     }
 
+    @org.junit.Test
+    @org.junit.Ignore
+    public void testMultiUserBaseDNs() throws Exception {
+        LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandlerMultipleUserBaseDNs");
+
+        String user = props.getProperty("claimUser");
+        Assert.notNull(user, "Property 'claimUser' not configured");
+        String otherUser = props.getProperty("otherClaimUser");
+        Assert.notNull(otherUser, "Property 'otherClaimUser' not configured");
+
+        ClaimCollection requestedClaims = createRequestClaimCollection();
+
+        List<URI> expectedClaims = new ArrayList<URI>();
+        expectedClaims.add(ClaimTypes.FIRSTNAME);
+        expectedClaims.add(ClaimTypes.LASTNAME);
+        expectedClaims.add(ClaimTypes.EMAILADDRESS);
+       
+        // First user
+        ClaimsParameters params = new ClaimsParameters();
+        params.setPrincipal(new CustomTokenPrincipal(user));
+        ProcessedClaimCollection retrievedClaims = 
+            claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+        Assert.isTrue(
+                      retrievedClaims.size() == expectedClaims.size(), 
+                      "Retrieved number of claims [" + retrievedClaims.size() 
+                      + "] doesn't match with expected [" + expectedClaims.size() + "]"
+        );
+
+        for (ProcessedClaim c : retrievedClaims) {
+            if (expectedClaims.contains(c.getClaimType())) {
+                expectedClaims.remove(c.getClaimType());
+            } else {
+                Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
+            }
+        }
+        
+        // Second user
+        params.setPrincipal(new CustomTokenPrincipal(otherUser));
+        retrievedClaims = claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+        expectedClaims.add(ClaimTypes.FIRSTNAME);
+        expectedClaims.add(ClaimTypes.LASTNAME);
+        expectedClaims.add(ClaimTypes.EMAILADDRESS);
+        
+        Assert.isTrue(
+                      retrievedClaims.size() == expectedClaims.size(), 
+                      "Retrieved number of claims [" + retrievedClaims.size() 
+                      + "] doesn't match with expected [" + expectedClaims.size() + "]"
+        );
+
+        for (ProcessedClaim c : retrievedClaims) {
+            if (expectedClaims.contains(c.getClaimType())) {
+                expectedClaims.remove(c.getClaimType());
+            } else {
+                Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
+            }
+        }
+    }
 
     @org.junit.Test(expected = STSException.class)
     @org.junit.Ignore

http://git-wip-us.apache.org/repos/asf/cxf/blob/a4222c93/services/sts/sts-core/src/test/resources/ldap.properties
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/resources/ldap.properties b/services/sts/sts-core/src/test/resources/ldap.properties
index 8654096..7ca488b 100644
--- a/services/sts/sts-core/src/test/resources/ldap.properties
+++ b/services/sts/sts-core/src/test/resources/ldap.properties
@@ -17,4 +17,5 @@
 # under the License.
 #
 
-claimUser=alice
\ No newline at end of file
+claimUser=alice
+otherClaimUser=bob
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/a4222c93/services/sts/sts-core/src/test/resources/ldap.xml
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/resources/ldap.xml b/services/sts/sts-core/src/test/resources/ldap.xml
index 601ece2..1d395f8 100644
--- a/services/sts/sts-core/src/test/resources/ldap.xml
+++ b/services/sts/sts-core/src/test/resources/ldap.xml
@@ -35,8 +35,18 @@
         <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country" value="c"/>
     </util:map>
     <bean id="testClaimsHandler" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
-        <property name="ldapTemplate" ref="ldapTemplate"/>
-        <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping"/>
-        <property name="userBaseDN" value="OU=users,DC=emea,DC=mycompany,DC=com"/>
+        <property name="ldapTemplate" ref="ldapTemplate" />
+        <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping"
/>
+        <property name="userBaseDN" value="OU=users,DC=emea,DC=mycompany,DC=com" />
+    </bean>
+    <bean id="testClaimsHandlerMultipleUserBaseDNs" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
+        <property name="ldapTemplate" ref="ldapTemplate" />
+        <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping"
/>
+        <property name="userBaseDNs">
+            <list>
+                <value>OU=users,DC=emea,DC=mycompany,DC=com</value>
+                <value>OU=other-users,DC=emea,DC=mycompany,DC=com</value>
+            </list>
+        </property>
     </bean>
 </beans>


Mime
View raw message