cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Use the LDAP API to get the CN of a Certificate DN in the DefaultSubjectProvider in the STS
Date Thu, 20 Oct 2016 10:04:31 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 1c0e79115 -> 556f7f6dd


Use the LDAP API to get the CN of a Certificate DN in the DefaultSubjectProvider in the STS


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/556f7f6d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/556f7f6d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/556f7f6d

Branch: refs/heads/3.1.x-fixes
Commit: 556f7f6dd4659859044f3968d2060bfeb6e14cdb
Parents: 1c0e791
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Oct 20 10:52:52 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Oct 20 10:58:29 2016 +0100

----------------------------------------------------------------------
 .../sts/token/provider/DefaultSubjectProvider.java    | 14 ++++++++++----
 .../systest/sts/username_actas/ActAsValidator.java    |  2 +-
 2 files changed, 11 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/556f7f6d/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
index c3f70c9..c81df4d 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
@@ -27,6 +27,8 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 import java.util.regex.Pattern;
 
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
 import javax.security.auth.kerberos.KerberosPrincipal;
 import javax.security.auth.x500.X500Principal;
 
@@ -160,10 +162,14 @@ public class DefaultSubjectProvider implements SubjectProvider {
             && principal instanceof X500Principal) {
             // Just use the "cn" instead of the entire DN
             try {
-                String principalName = principal.getName();
-                int index = principalName.indexOf('=');
-                principalName = principalName.substring(index + 1, principalName.indexOf(',',
index));
-                subjectName = principalName;
+                LdapName ln = new LdapName(principal.getName());
+
+                for (Rdn rdn : ln.getRdns()) {
+                    if ("CN".equalsIgnoreCase(rdn.getType()) && (rdn.getValue() instanceof
String)) {
+                        subjectName = (String)rdn.getValue();
+                        break;
+                    }
+                }
             } catch (Throwable ex) {
                 subjectName = principal.getName();
                 //Ignore, not X500 compliant thus use the whole string as the value

http://git-wip-us.apache.org/repos/asf/cxf/blob/556f7f6d/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/ActAsValidator.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/ActAsValidator.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/ActAsValidator.java
index 78db7f6..610fb45 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/ActAsValidator.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/ActAsValidator.java
@@ -51,7 +51,7 @@ public class ActAsValidator extends SamlAssertionValidator {
         // The technical user should be in the Subject
         Subject subject = saml2Assertion.getSubject();
         if (subject == null || subject.getNameID() == null
-            || !subject.getNameID().getValue().contains("CN=www.client.com")) {
+            || !subject.getNameID().getValue().contains("www.client.com")) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         


Mime
View raw message