cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: FEDIZ-171 - Add a configuration option to add the "Authenticated" role to the list of roles of the authenticated user
Date Mon, 18 Jul 2016 14:00:45 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 220ce5e5e -> 3dfe0c161


FEDIZ-171 - Add a configuration option to add the "Authenticated" role to the list of roles
of the authenticated user


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3dfe0c16
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3dfe0c16
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3dfe0c16

Branch: refs/heads/master
Commit: 3dfe0c161f55ee47d4a24aeb8ce0363bd41810f2
Parents: 220ce5e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Jul 18 14:55:29 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Jul 18 14:55:29 2016 +0100

----------------------------------------------------------------------
 .../org/apache/cxf/fediz/core/config/FedizContext.java  |  5 +++--
 plugins/core/src/main/resources/schemas/FedizConfig.xsd | 12 ++++++++++++
 .../fediz/cxf/plugin/FedizRedirectBindingFilter.java    |  5 +++++
 .../apache/cxf/fediz/jetty8/FederationLoginService.java |  5 +++++
 .../apache/cxf/fediz/jetty9/FederationLoginService.java |  5 +++++
 .../cxf/fediz/tomcat7/handler/TomcatSigninHandler.java  |  6 +++++-
 .../cxf/fediz/tomcat8/handler/TomcatSigninHandler.java  |  5 +++++
 services/oidc/src/main/conf/fediz_config.xml            |  1 +
 8 files changed, 41 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3dfe0c16/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
index d9ff3de..fc8ef33 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FedizContext.java
@@ -76,7 +76,6 @@ public class FedizContext implements Closeable {
             throw new IllegalArgumentException("ContextConfig cannot be null!");
         }
         this.config = config;
-        
     }
     
     public void init() {
@@ -372,6 +371,8 @@ public class FedizContext implements Closeable {
         this.classloader = classloader;
     }
     
-    
+    public boolean isAddAuthenticatedRole() {
+        return config.isAddAuthenticatedRole();
+    }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3dfe0c16/plugins/core/src/main/resources/schemas/FedizConfig.xsd
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/resources/schemas/FedizConfig.xsd b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
index d8a6ff3..b556e8b 100644
--- a/plugins/core/src/main/resources/schemas/FedizConfig.xsd
+++ b/plugins/core/src/main/resources/schemas/FedizConfig.xsd
@@ -17,6 +17,7 @@
                 <xs:element ref="certificateValidation" />
                 <xs:element ref="certificateStores" />
                 <xs:element ref="tokenExpirationValidation" minOccurs="0" />
+                <xs:element ref="addAuthenticatedRole" minOccurs="0" />
                 <xs:element ref="maximumClockSkew" />
                 <xs:element ref="tokenReplayCache" />
                 <xs:element ref="serviceCertificate" />
@@ -93,6 +94,17 @@
             </xs:documentation>
         </xs:annotation>
     </xs:element>
+    
+    <xs:element name="addAuthenticatedRole" type="xs:boolean" default="false" >
+        <xs:annotation>
+            <xs:documentation>Whether to add the "Authenticated" role to the list of
roles associated
+            with the "authenticated" user. This could be useful if you don't care about authorizing

+            the user, only about authentication. A role is required to activate authentication,
and it
+            may be problematic to list all relevant roles in web.xml. Note that if the user
has no
+            roles, then the "Authenticated" role is added automatically.
+            </xs:documentation>
+        </xs:annotation>
+    </xs:element>
 
     <xs:element name="tokenReplayCache" type="xs:string" />
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3dfe0c16/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
----------------------------------------------------------------------
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
index 731b24a..7bb8ab7 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
@@ -22,6 +22,7 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.net.URI;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Date;
 import java.util.List;
@@ -163,9 +164,13 @@ public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
 
             String webAppDomain = getWebAppDomain();
             String token = DOM2Writer.nodeToString(wfRes.getToken());
+            // Add "Authenticated" role
             List<String> roles = wfRes.getRoles();
             if (roles == null || roles.size() == 0) {
                 roles = Collections.singletonList("Authenticated");
+            } else if (fedConfig.isAddAuthenticatedRole()) {
+                roles = new ArrayList<>(roles);
+                roles.add("Authenticated");
             }
 
             String webAppContext = getWebAppContext(m);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3dfe0c16/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
----------------------------------------------------------------------
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
index 629f43d..d5daa5c 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationLoginService.java
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.fediz.jetty8;
 
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Date;
 import java.util.List;
@@ -114,9 +115,13 @@ public class FederationLoginService extends AbstractLifeCycle implements
LoginSe
                 }
             }
 
+            // Add "Authenticated" role
             List<String> roles = wfRes.getRoles();
             if (roles == null || roles.size() == 0) {
                 roles = Collections.singletonList("Authenticated");
+            } else if (config.isAddAuthenticatedRole()) {
+                roles = new ArrayList<>(roles);
+                roles.add("Authenticated");
             }
             
             FederationUserPrincipal user = new FederationUserPrincipal(wfRes.getUsername(),
wfRes);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3dfe0c16/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java
----------------------------------------------------------------------
diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java
b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java
index f058002..17bafad 100644
--- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java
+++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationLoginService.java
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.fediz.jetty9;
 
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Date;
 import java.util.List;
@@ -115,9 +116,13 @@ public class FederationLoginService extends AbstractLifeCycle implements
LoginSe
                 }
             }
 
+            // Add "Authenticated" role
             List<String> roles = wfRes.getRoles();
             if (roles == null || roles.size() == 0) {
                 roles = Collections.singletonList("Authenticated");
+            } else if (config.isAddAuthenticatedRole()) {
+                roles = new ArrayList<>(roles);
+                roles.add("Authenticated");
             }
             
             FederationUserPrincipal user = new FederationUserPrincipal(wfRes.getUsername(),
wfRes);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3dfe0c16/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/handler/TomcatSigninHandler.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/handler/TomcatSigninHandler.java
b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/handler/TomcatSigninHandler.java
index 476fbbf..56fd6b8 100644
--- a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/handler/TomcatSigninHandler.java
+++ b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/handler/TomcatSigninHandler.java
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.fediz.tomcat7.handler;
 
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
@@ -49,10 +50,13 @@ public class TomcatSigninHandler extends SigninHandler<FedizPrincipal>
{
     @Override
     protected FedizPrincipal createPrincipal(HttpServletRequest request, HttpServletResponse
response,
         FedizResponse wfRes) {
-
+        // Add "Authenticated" role
         List<String> roles = wfRes.getRoles();
         if (roles == null || roles.size() == 0) {
             roles = Collections.singletonList("Authenticated");
+        } else if (getFedizContext().isAddAuthenticatedRole()) {
+            roles = new ArrayList<>(roles);
+            roles.add("Authenticated");
         }
 
         // proceed creating the JAAS Subject

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3dfe0c16/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/handler/TomcatSigninHandler.java
----------------------------------------------------------------------
diff --git a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/handler/TomcatSigninHandler.java
b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/handler/TomcatSigninHandler.java
index 27d353a..66239ce 100644
--- a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/handler/TomcatSigninHandler.java
+++ b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/handler/TomcatSigninHandler.java
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.fediz.tomcat8.handler;
 
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
@@ -50,9 +51,13 @@ public class TomcatSigninHandler extends SigninHandler<FedizPrincipal>
{
     protected FedizPrincipal createPrincipal(HttpServletRequest request, HttpServletResponse
response,
         FedizResponse wfRes) {
 
+        // Add "Authenticated" role
         List<String> roles = wfRes.getRoles();
         if (roles == null || roles.size() == 0) {
             roles = Collections.singletonList("Authenticated");
+        } else if (getFedizContext().isAddAuthenticatedRole()) {
+            roles = new ArrayList<>(roles);
+            roles.add("Authenticated");
         }
 
         // proceed creating the JAAS Subject

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3dfe0c16/services/oidc/src/main/conf/fediz_config.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/conf/fediz_config.xml b/services/oidc/src/main/conf/fediz_config.xml
index 9fbbc55..5987462 100644
--- a/services/oidc/src/main/conf/fediz_config.xml
+++ b/services/oidc/src/main/conf/fediz_config.xml
@@ -36,6 +36,7 @@
 			<issuer certificateValidation="PeerTrust" />
 		</trustedIssuers>
 		<maximumClockSkew>1000</maximumClockSkew>
+		<addAuthenticatedRole>true</addAuthenticatedRole>
 		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 			xsi:type="federationProtocolType" version="1.0.0">
 			<realm>urn:org:apache:cxf:fediz:oidc</realm>


Mime
View raw message