cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Also check the UserInfo for a role in the OidcSecurityContext
Date Thu, 21 Jul 2016 09:22:21 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 9e42b9bff -> b3677b6a9


Also check the UserInfo for a role in the OidcSecurityContext


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b3677b6a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b3677b6a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b3677b6a

Branch: refs/heads/master
Commit: b3677b6a9201bd894879d9d06a4c75ac7e310660
Parents: 9e42b9b
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Jul 21 10:14:52 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Jul 21 10:14:52 2016 +0100

----------------------------------------------------------------------
 .../cxf/rs/security/oidc/rp/OidcSecurityContext.java    | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/b3677b6a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
index 552a6a1..c5e456c 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
@@ -86,9 +86,15 @@ public class OidcSecurityContext extends SimpleSecurityContext implements
Securi
     
     @Override
     public boolean isUserInRole(String role) {
-        return roleClaim != null && role != null && oidcContext.getIdToken()
!= null
-            && oidcContext.getIdToken().containsProperty(roleClaim)
-            && role.equals(oidcContext.getIdToken().getProperty(roleClaim));
+        
+        return roleClaim != null && role != null
+            && (containsClaim(oidcContext.getIdToken(), roleClaim, role) 
+                || containsClaim(oidcContext.getUserInfo(), roleClaim, role));
+    }
+    
+    private boolean containsClaim(AbstractUserInfo userInfo, String claim, String claimValue)
{
+        return userInfo != null && userInfo.containsProperty(claim)
+            && claimValue.equals(userInfo.getProperty(claim));
     }
     
     /**


Mime
View raw message