cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] cxf git commit: Fix ActAs behaviour for JWT Case
Date Mon, 24 Oct 2016 10:56:05 GMT
Repository: cxf
Updated Branches:
  refs/heads/master d46818bd3 -> 6d2fe1245


Fix ActAs behaviour for JWT Case


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6d2fe124
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6d2fe124
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6d2fe124

Branch: refs/heads/master
Commit: 6d2fe12458d124265886e4e5584d37552331dbca
Parents: 9c1b940
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Oct 24 11:55:43 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Oct 24 11:55:54 2016 +0100

----------------------------------------------------------------------
 .../provider/jwt/DefaultJWTClaimsProvider.java  | 21 ++++++++++++++------
 .../token/provider/JWTProviderActAsTest.java    | 10 ++++++----
 2 files changed, 21 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6d2fe124/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
index faf353a..fee93df 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
@@ -85,6 +85,8 @@ public class DefaultJWTClaimsProvider implements JWTClaimsProvider {
         
         handleAudienceRestriction(jwtClaimsProviderParameters, claims);
         
+        handleActAs(jwtClaimsProviderParameters, claims);
+        
         return claims;
     }
     
@@ -115,7 +117,6 @@ public class DefaultJWTClaimsProvider implements JWTClaimsProvider {
     /**
      * Get the Principal (which is used as the Subject). By default, we check the following
(in order):
      *  - A valid OnBehalfOf principal
-     *  - A valid ActAs principal
      *  - A valid principal associated with a token received as ValidateTarget
      *  - The principal associated with the request. We don't need to check to see if it
is "valid" here, as it
      *    is not parsed by the STS (but rather the WS-Security layer).
@@ -131,11 +132,6 @@ public class DefaultJWTClaimsProvider implements JWTClaimsProvider {
             if (receivedToken.getState().equals(STATE.VALID)) {
                 principal = receivedToken.getPrincipal();
             }
-        } else if (providerParameters.getTokenRequirements().getActAs() != null) {
-            ReceivedToken receivedToken = providerParameters.getTokenRequirements().getActAs();
-            if (receivedToken.getState().equals(STATE.VALID)) {
-                principal = receivedToken.getPrincipal();
-            }
         } else if (providerParameters.getTokenRequirements().getValidateTarget() != null)
{
             ReceivedToken receivedToken = providerParameters.getTokenRequirements().getValidateTarget();
             if (receivedToken.getState().equals(STATE.VALID)) {
@@ -269,6 +265,19 @@ public class DefaultJWTClaimsProvider implements JWTClaimsProvider {
         
     }
     
+    protected void handleActAs(
+        JWTClaimsProviderParameters jwtClaimsProviderParameters, JwtClaims claims
+    ) {
+        TokenProviderParameters providerParameters = jwtClaimsProviderParameters.getProviderParameters();
+        
+        if (providerParameters.getTokenRequirements().getActAs() != null) {
+            ReceivedToken receivedToken = providerParameters.getTokenRequirements().getActAs();
+            if (receivedToken.getState().equals(STATE.VALID)) {
+                claims.setClaim("ActAs", receivedToken.getPrincipal().getName());
+            }
+        } 
+    }
+    
     public boolean isUseX500CN() {
         return useX500CN;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/6d2fe124/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTProviderActAsTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTProviderActAsTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTProviderActAsTest.java
index 8dc9999..f2a2018 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTProviderActAsTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTProviderActAsTest.java
@@ -88,7 +88,8 @@ public class JWTProviderActAsTest extends org.junit.Assert {
         // Validate the token
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
         JwtToken jwt = jwtConsumer.getJwtToken();
-        Assert.assertEquals("bob", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+        Assert.assertEquals("technical-user", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+        Assert.assertEquals("bob", jwt.getClaim("ActAs"));
     }
     
     /**
@@ -98,7 +99,7 @@ public class JWTProviderActAsTest extends org.junit.Assert {
     public void testJWTActAsAssertion() throws Exception {
         TokenProvider tokenProvider = new JWTTokenProvider();
         
-        String user = "alice";
+        String user = "bob";
         Element saml1Assertion = getSAMLAssertion(user);
         
         TokenProviderParameters providerParameters = 
@@ -120,7 +121,8 @@ public class JWTProviderActAsTest extends org.junit.Assert {
         // Validate the token
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
         JwtToken jwt = jwtConsumer.getJwtToken();
-        Assert.assertEquals(user, jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+        Assert.assertEquals("technical-user", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+        Assert.assertEquals("bob", jwt.getClaim("ActAs"));
     }
     
     private Element getSAMLAssertion(String user) throws Exception {
@@ -156,7 +158,7 @@ public class JWTProviderActAsTest extends org.junit.Assert {
         KeyRequirements keyRequirements = new KeyRequirements();
         parameters.setKeyRequirements(keyRequirements);
         
-        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
+        parameters.setPrincipal(new CustomTokenPrincipal("technical-user"));
         // Mock up message context
         MessageImpl msg = new MessageImpl();
         WrappedMessageContext msgCtx = new WrappedMessageContext(msg);


Mime
View raw message