cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Only use the common name as the SAML Subject name if the principal is an X500Principal
Date Mon, 09 Mar 2015 16:52:27 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 57822c1de -> 58e944a4e


Only use the common name as the SAML Subject name if the principal is an X500Principal


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/58e944a4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/58e944a4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/58e944a4

Branch: refs/heads/3.0.x-fixes
Commit: 58e944a4e65671d0f8ef7d79cbf13698a79a17cb
Parents: 57822c1
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Mar 9 16:51:16 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Mar 9 16:52:22 2015 +0000

----------------------------------------------------------------------
 .../cxf/sts/claims/LdapClaimsHandler.java       |  2 +-
 .../token/provider/DefaultSubjectProvider.java  | 21 ++++++++++++++++++--
 2 files changed, 20 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/58e944a4/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
index 2863d0d..3622965 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
@@ -242,7 +242,7 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport
{
                                     itemValue = x500p.getName();
                                     int index = itemValue.indexOf('=');
                                     itemValue = itemValue.substring(index + 1, itemValue.indexOf(',',
index));
-                                } catch (Exception ex) {
+                                } catch (Throwable ex) {
                                     //Ignore, not X500 compliant thus use the whole string
as the value
                                 }
                             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/58e944a4/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
index b04886d..7d28b57 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
@@ -27,6 +27,8 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.regex.Pattern;
 
+import javax.security.auth.x500.X500Principal;
+
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.apache.cxf.common.logging.LogUtils;
@@ -61,7 +63,7 @@ public class DefaultSubjectProvider implements SubjectProvider {
     
     private static final Logger LOG = LogUtils.getL7dLogger(DefaultSubjectProvider.class);
     private String subjectNameQualifier = "http://cxf.apache.org/sts";
-    private String subjectNameIDFormat;
+    private String subjectNameIDFormat = SAML2Constants.NAMEID_FORMAT_UNSPECIFIED;
     
     /**
      * Set the SubjectNameQualifier.
@@ -121,8 +123,23 @@ public class DefaultSubjectProvider implements SubjectProvider {
             throw new STSException("Error in getting principal", STSException.REQUEST_FAILED);
         }
         
+        String subjectName = principal.getName();
+        if (SAML2Constants.NAMEID_FORMAT_UNSPECIFIED.equals(subjectNameIDFormat)
+            && principal instanceof X500Principal) {
+            // Just use the "cn" instead of the entire DN
+            try {
+                String principalName = principal.getName();
+                int index = principalName.indexOf('=');
+                principalName = principalName.substring(index + 1, principalName.indexOf(',',
index));
+                subjectName = principalName;
+            } catch (Throwable ex) {
+                subjectName = principal.getName();
+                //Ignore, not X500 compliant thus use the whole string as the value
+            }
+        }
+        
         SubjectBean subjectBean = 
-            new SubjectBean(principal.getName(), subjectNameQualifier, confirmationMethod);
+            new SubjectBean(subjectName, subjectNameQualifier, confirmationMethod);
         LOG.fine("Creating new subject with principal name: " + principal.getName());
         if (subjectNameIDFormat != null && subjectNameIDFormat.length() > 0) {
             subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);


Mime
View raw message