cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Some code updates to the LDAP code in the STS + added some tests to cover more code paths
Date Tue, 29 Nov 2016 14:50:32 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 623860d49 -> b13a8a7a6


Some code updates to the LDAP code in the STS + added some tests to cover more code paths


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b13a8a7a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b13a8a7a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b13a8a7a

Branch: refs/heads/3.1.x-fixes
Commit: b13a8a7a63e549d61ed97529de1e5dfc4bec7a3f
Parents: 623860d
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Nov 29 14:01:19 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Nov 29 14:11:03 2016 +0000

----------------------------------------------------------------------
 .../cxf/sts/claims/LdapClaimsHandler.java       | 20 ++++----
 .../org/apache/cxf/sts/claims/LdapUtils.java    | 16 +++---
 .../systest/kerberos/ldap/LDAPClaimsTest.java   | 52 ++++++++++++++++++++
 3 files changed, 69 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/b13a8a7a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
index 65593f8..77de94c 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
@@ -37,7 +37,6 @@ import javax.security.auth.kerberos.KerberosPrincipal;
 import javax.security.auth.x500.X500Principal;
 
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.rt.security.claims.Claim;
 import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.sts.token.realm.RealmSupport;
@@ -171,9 +170,9 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport
{
         
         Map<String, Attribute> ldapAttributes = null;
         if (useLdapLookup) {
-            AttributesMapper mapper = 
-                new AttributesMapper() {
-                    public Object mapFromAttributes(Attributes attrs) throws NamingException
{
+            AttributesMapper<Map<String, Attribute>> mapper = 
+                new AttributesMapper<Map<String, Attribute>>() {
+                    public Map<String, Attribute> mapFromAttributes(Attributes attrs)
throws NamingException {
                         Map<String, Attribute> map = new HashMap<>();
                         NamingEnumeration<? extends Attribute> attrEnum = attrs.getAll();
                         while (attrEnum.hasMore()) {
@@ -184,25 +183,25 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport
{
                     }
                 };
                 
-            Object result = ldap.lookup(user, mapper);
-            ldapAttributes = CastUtils.cast((Map<?, ?>)result);
+            ldapAttributes = ldap.lookup(user, mapper);
         } else {
             List<String> searchAttributeList = new ArrayList<>();
             for (Claim claim : claims) {
-                if (getClaimsLdapAttributeMapping().keySet().contains(claim.getClaimType().toString()))
{
+                String claimType = claim.getClaimType().toString();
+                if (getClaimsLdapAttributeMapping().keySet().contains(claimType)) {
                     searchAttributeList.add(
-                        getClaimsLdapAttributeMapping().get(claim.getClaimType().toString())
+                        getClaimsLdapAttributeMapping().get(claimType)
                     );
                 } else {
                     if (LOG.isLoggable(Level.FINER)) {
-                        LOG.finer("Unsupported claim: " + claim.getClaimType());
+                        LOG.finer("Unsupported claim: " + claimType);
                     }
                 }
             }
 
             String[] searchAttributes = searchAttributeList.toArray(new String[searchAttributeList.size()]);
             
-            if (this.userBaseDNs == null || this.userBaseDn != null) {
+            if (this.userBaseDn != null) {
                 ldapAttributes = LdapUtils.getAttributesOfEntry(ldap, this.userBaseDn, this.getObjectClass(),
this
                     .getUserNameAttribute(), user, searchAttributes);
             }
@@ -226,7 +225,6 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport
{
         }
         
         ProcessedClaimCollection claimsColl = new ProcessedClaimCollection();
-
         for (Claim claim : claims) {
             ProcessedClaim c = processClaim(claim, ldapAttributes, principal);
             if (c != null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/b13a8a7a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java
index 7d14aca..d3134d4 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java
@@ -64,9 +64,9 @@ public final class LdapUtils {
         
         Map<String, Attribute> ldapAttributes = null;
         
-        AttributesMapper mapper = 
-            new AttributesMapper() {
-                public Object mapFromAttributes(Attributes attrs) throws NamingException
{
+        AttributesMapper<Map<String, Attribute>> mapper = 
+            new AttributesMapper<Map<String, Attribute>>() {
+                public Map<String, Attribute> mapFromAttributes(Attributes attrs) throws
NamingException {
                     Map<String, Attribute> map = new HashMap<>();
                     NamingEnumeration<? extends Attribute> attrEnum = attrs.getAll();
                     while (attrEnum.hasMore()) {
@@ -143,9 +143,9 @@ public final class LdapUtils {
     public static Name getDnOfEntry(LdapTemplate ldapTemplate, String baseDN, 
         String objectClass, String filterAttributeName, String filterAttributeValue) {
 
-        ContextMapper mapper = 
-            new AbstractContextMapper() {
-                public Object doMapFromContext(DirContextOperations ctx) {
+        ContextMapper<Name> mapper = 
+            new AbstractContextMapper<Name>() {
+                public Name doMapFromContext(DirContextOperations ctx) {
                     return ctx.getDn();
                 }
             };
@@ -155,12 +155,12 @@ public final class LdapUtils {
             new EqualsFilter("objectclass", objectClass)).and(
                 new EqualsFilter(filterAttributeName, filterAttributeValue));
 
-        List<?> result = ldapTemplate.search((baseDN == null) ? "" : baseDN, filter.toString(),
+        List<Name> result = ldapTemplate.search((baseDN == null) ? "" : baseDN, filter.toString(),
             SearchControls.SUBTREE_SCOPE, mapper);
         
         if (result != null && result.size() > 0) {
             //not only the first one....
-            return (Name)result.get(0);
+            return result.get(0);
         }
         return null;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/b13a8a7a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
index b01b627..785bae7 100644
--- a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
+++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
@@ -160,6 +160,37 @@ public class LDAPClaimsTest extends AbstractLdapTestUnit {
             }
         }
     }
+    
+    @org.junit.Test
+    public void testRetrieveClaimsUsingLDAPLookup() throws Exception {
+        LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler");
+
+        ClaimCollection requestedClaims = createRequestClaimCollection();
+
+        List<URI> expectedClaims = new ArrayList<URI>();
+        expectedClaims.add(ClaimTypes.FIRSTNAME);
+        expectedClaims.add(ClaimTypes.LASTNAME);
+        expectedClaims.add(ClaimTypes.EMAILADDRESS);
+       
+        ClaimsParameters params = new ClaimsParameters();
+        params.setPrincipal(new CustomTokenPrincipal("cn=alice,ou=users,dc=example,dc=com"));
+        ProcessedClaimCollection retrievedClaims = 
+            claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+        Assert.isTrue(
+                      retrievedClaims.size() == expectedClaims.size(), 
+                      "Retrieved number of claims [" + retrievedClaims.size() 
+                      + "] doesn't match with expected [" + expectedClaims.size() + "]"
+        );
+
+        for (ProcessedClaim c : retrievedClaims) {
+            if (expectedClaims.contains(c.getClaimType())) {
+                expectedClaims.remove(c.getClaimType());
+            } else {
+                Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
+            }
+        }
+    }
 
     @org.junit.Test
     public void testMultiUserBaseDNs() throws Exception {
@@ -391,6 +422,27 @@ public class LDAPClaimsTest extends AbstractLdapTestUnit {
     }
     
     @org.junit.Test
+    public void testRetrieveRolesForAliceUsingLDAPLookup() throws Exception {
+        LdapGroupClaimsHandler claimsHandler = 
+            (LdapGroupClaimsHandler)appContext.getBean("testGroupClaimsHandler");
+
+        ClaimCollection requestedClaims = new ClaimCollection();
+        Claim claim = new Claim();
+        URI roleURI = URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+        claim.setClaimType(roleURI);
+        requestedClaims.add(claim);
+
+        ClaimsParameters params = new ClaimsParameters();
+        params.setPrincipal(new CustomTokenPrincipal("cn=alice,ou=users,dc=example,dc=com"));
+        ProcessedClaimCollection retrievedClaims = 
+            claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+        Assert.isTrue(retrievedClaims.size() == 1);
+        Assert.isTrue(retrievedClaims.get(0).getClaimType().equals(roleURI));
+        Assert.isTrue(retrievedClaims.get(0).getValues().size() == 2);
+    }
+    
+    @org.junit.Test
     public void testRetrieveRolesForBob() throws Exception {
         LdapGroupClaimsHandler claimsHandler = 
             (LdapGroupClaimsHandler)appContext.getBean("testGroupClaimsHandlerOtherUsers");


Mime
View raw message