Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 6056D200BCC for ; Tue, 29 Nov 2016 15:50:34 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 5F2C6160B15; Tue, 29 Nov 2016 14:50:34 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 815A2160B05 for ; Tue, 29 Nov 2016 15:50:33 +0100 (CET) Received: (qmail 24952 invoked by uid 500); 29 Nov 2016 14:50:32 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 24943 invoked by uid 99); 29 Nov 2016 14:50:32 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 29 Nov 2016 14:50:32 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 96D62E02AB; Tue, 29 Nov 2016 14:50:32 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Message-Id: <6847e042928e4387b9be5b66a07270f0@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: Some code updates to the LDAP code in the STS + added some tests to cover more code paths Date: Tue, 29 Nov 2016 14:50:32 +0000 (UTC) archived-at: Tue, 29 Nov 2016 14:50:34 -0000 Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 623860d49 -> b13a8a7a6 Some code updates to the LDAP code in the STS + added some tests to cover more code paths Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b13a8a7a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b13a8a7a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b13a8a7a Branch: refs/heads/3.1.x-fixes Commit: b13a8a7a63e549d61ed97529de1e5dfc4bec7a3f Parents: 623860d Author: Colm O hEigeartaigh Authored: Tue Nov 29 14:01:19 2016 +0000 Committer: Colm O hEigeartaigh Committed: Tue Nov 29 14:11:03 2016 +0000 ---------------------------------------------------------------------- .../cxf/sts/claims/LdapClaimsHandler.java | 20 ++++---- .../org/apache/cxf/sts/claims/LdapUtils.java | 16 +++--- .../systest/kerberos/ldap/LDAPClaimsTest.java | 52 ++++++++++++++++++++ 3 files changed, 69 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/b13a8a7a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java index 65593f8..77de94c 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java @@ -37,7 +37,6 @@ import javax.security.auth.kerberos.KerberosPrincipal; import javax.security.auth.x500.X500Principal; import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.rt.security.claims.Claim; import org.apache.cxf.rt.security.claims.ClaimCollection; import org.apache.cxf.sts.token.realm.RealmSupport; @@ -171,9 +170,9 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport { Map ldapAttributes = null; if (useLdapLookup) { - AttributesMapper mapper = - new AttributesMapper() { - public Object mapFromAttributes(Attributes attrs) throws NamingException { + AttributesMapper> mapper = + new AttributesMapper>() { + public Map mapFromAttributes(Attributes attrs) throws NamingException { Map map = new HashMap<>(); NamingEnumeration attrEnum = attrs.getAll(); while (attrEnum.hasMore()) { @@ -184,25 +183,25 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport { } }; - Object result = ldap.lookup(user, mapper); - ldapAttributes = CastUtils.cast((Map)result); + ldapAttributes = ldap.lookup(user, mapper); } else { List searchAttributeList = new ArrayList<>(); for (Claim claim : claims) { - if (getClaimsLdapAttributeMapping().keySet().contains(claim.getClaimType().toString())) { + String claimType = claim.getClaimType().toString(); + if (getClaimsLdapAttributeMapping().keySet().contains(claimType)) { searchAttributeList.add( - getClaimsLdapAttributeMapping().get(claim.getClaimType().toString()) + getClaimsLdapAttributeMapping().get(claimType) ); } else { if (LOG.isLoggable(Level.FINER)) { - LOG.finer("Unsupported claim: " + claim.getClaimType()); + LOG.finer("Unsupported claim: " + claimType); } } } String[] searchAttributes = searchAttributeList.toArray(new String[searchAttributeList.size()]); - if (this.userBaseDNs == null || this.userBaseDn != null) { + if (this.userBaseDn != null) { ldapAttributes = LdapUtils.getAttributesOfEntry(ldap, this.userBaseDn, this.getObjectClass(), this .getUserNameAttribute(), user, searchAttributes); } @@ -226,7 +225,6 @@ public class LdapClaimsHandler implements ClaimsHandler, RealmSupport { } ProcessedClaimCollection claimsColl = new ProcessedClaimCollection(); - for (Claim claim : claims) { ProcessedClaim c = processClaim(claim, ldapAttributes, principal); if (c != null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/b13a8a7a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java index 7d14aca..d3134d4 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapUtils.java @@ -64,9 +64,9 @@ public final class LdapUtils { Map ldapAttributes = null; - AttributesMapper mapper = - new AttributesMapper() { - public Object mapFromAttributes(Attributes attrs) throws NamingException { + AttributesMapper> mapper = + new AttributesMapper>() { + public Map mapFromAttributes(Attributes attrs) throws NamingException { Map map = new HashMap<>(); NamingEnumeration attrEnum = attrs.getAll(); while (attrEnum.hasMore()) { @@ -143,9 +143,9 @@ public final class LdapUtils { public static Name getDnOfEntry(LdapTemplate ldapTemplate, String baseDN, String objectClass, String filterAttributeName, String filterAttributeValue) { - ContextMapper mapper = - new AbstractContextMapper() { - public Object doMapFromContext(DirContextOperations ctx) { + ContextMapper mapper = + new AbstractContextMapper() { + public Name doMapFromContext(DirContextOperations ctx) { return ctx.getDn(); } }; @@ -155,12 +155,12 @@ public final class LdapUtils { new EqualsFilter("objectclass", objectClass)).and( new EqualsFilter(filterAttributeName, filterAttributeValue)); - List result = ldapTemplate.search((baseDN == null) ? "" : baseDN, filter.toString(), + List result = ldapTemplate.search((baseDN == null) ? "" : baseDN, filter.toString(), SearchControls.SUBTREE_SCOPE, mapper); if (result != null && result.size() > 0) { //not only the first one.... - return (Name)result.get(0); + return result.get(0); } return null; } http://git-wip-us.apache.org/repos/asf/cxf/blob/b13a8a7a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java index b01b627..785bae7 100644 --- a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java +++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java @@ -160,6 +160,37 @@ public class LDAPClaimsTest extends AbstractLdapTestUnit { } } } + + @org.junit.Test + public void testRetrieveClaimsUsingLDAPLookup() throws Exception { + LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler"); + + ClaimCollection requestedClaims = createRequestClaimCollection(); + + List expectedClaims = new ArrayList(); + expectedClaims.add(ClaimTypes.FIRSTNAME); + expectedClaims.add(ClaimTypes.LASTNAME); + expectedClaims.add(ClaimTypes.EMAILADDRESS); + + ClaimsParameters params = new ClaimsParameters(); + params.setPrincipal(new CustomTokenPrincipal("cn=alice,ou=users,dc=example,dc=com")); + ProcessedClaimCollection retrievedClaims = + claimsHandler.retrieveClaimValues(requestedClaims, params); + + Assert.isTrue( + retrievedClaims.size() == expectedClaims.size(), + "Retrieved number of claims [" + retrievedClaims.size() + + "] doesn't match with expected [" + expectedClaims.size() + "]" + ); + + for (ProcessedClaim c : retrievedClaims) { + if (expectedClaims.contains(c.getClaimType())) { + expectedClaims.remove(c.getClaimType()); + } else { + Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested"); + } + } + } @org.junit.Test public void testMultiUserBaseDNs() throws Exception { @@ -391,6 +422,27 @@ public class LDAPClaimsTest extends AbstractLdapTestUnit { } @org.junit.Test + public void testRetrieveRolesForAliceUsingLDAPLookup() throws Exception { + LdapGroupClaimsHandler claimsHandler = + (LdapGroupClaimsHandler)appContext.getBean("testGroupClaimsHandler"); + + ClaimCollection requestedClaims = new ClaimCollection(); + Claim claim = new Claim(); + URI roleURI = URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"); + claim.setClaimType(roleURI); + requestedClaims.add(claim); + + ClaimsParameters params = new ClaimsParameters(); + params.setPrincipal(new CustomTokenPrincipal("cn=alice,ou=users,dc=example,dc=com")); + ProcessedClaimCollection retrievedClaims = + claimsHandler.retrieveClaimValues(requestedClaims, params); + + Assert.isTrue(retrievedClaims.size() == 1); + Assert.isTrue(retrievedClaims.get(0).getClaimType().equals(roleURI)); + Assert.isTrue(retrievedClaims.get(0).getValues().size() == 2); + } + + @org.junit.Test public void testRetrieveRolesForBob() throws Exception { LdapGroupClaimsHandler claimsHandler = (LdapGroupClaimsHandler)appContext.getBean("testGroupClaimsHandlerOtherUsers");