cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf git commit: Add the ability to set a custom claim type in the generated token
Date Tue, 11 Jul 2017 12:21:23 GMT
Add the ability to set a custom claim type in the generated token

# Conflicts:
#	services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
#	services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTClaimsTest.java
#	services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/fb414c7a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/fb414c7a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/fb414c7a

Branch: refs/heads/3.1.x-fixes
Commit: fb414c7abfb5de8bf95462a9de23335d4320af4e
Parents: af13152
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Jul 11 13:11:49 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Jul 11 13:14:05 2017 +0100

----------------------------------------------------------------------
 .../sts/rest/RESTSecurityTokenServiceImpl.java  |  1 +
 .../provider/jwt/DefaultJWTClaimsProvider.java  | 29 +++++++-
 .../cxf/sts/token/provider/JWTClaimsTest.java   | 77 +++++++++++++++++++-
 .../cxf/systest/sts/rest/STSRESTTest.java       | 14 ++--
 .../cxf/systest/sts/rest/cxf-rest-sts.xml       |  7 ++
 5 files changed, 115 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/fb414c7a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
index bcc31a4..f3d0719 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
@@ -77,6 +77,7 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl
imple
         DEFAULT_CLAIM_TYPE_MAP = new HashMap<String, String>();
         DEFAULT_CLAIM_TYPE_MAP.put("emailaddress", CLAIM_TYPE_NS + "/claims/emailaddress");
         DEFAULT_CLAIM_TYPE_MAP.put("role", CLAIM_TYPE_NS + "/claims/role");
+        DEFAULT_CLAIM_TYPE_MAP.put("roles", CLAIM_TYPE_NS + "/claims/role");
         DEFAULT_CLAIM_TYPE_MAP.put("surname", CLAIM_TYPE_NS + "/claims/surname");
         DEFAULT_CLAIM_TYPE_MAP.put("givenname", CLAIM_TYPE_NS + "/claims/givenname");
         DEFAULT_CLAIM_TYPE_MAP.put("name", CLAIM_TYPE_NS + "/claims/name");

http://git-wip-us.apache.org/repos/asf/cxf/blob/fb414c7a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
index fee93df..6b4ffe0 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
@@ -24,6 +24,7 @@ import java.util.ArrayList;
 import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
 import java.util.UUID;
 import java.util.logging.Logger;
 
@@ -60,7 +61,8 @@ public class DefaultJWTClaimsProvider implements JWTClaimsProvider {
     private boolean failLifetimeExceedance = true;
     private boolean acceptClientLifetime;
     private long futureTimeToLive = 60L;
-                                                            
+    private Map<String, String> claimTypeMap;
+
     /**
      * Get a JwtClaims object.
      */
@@ -158,7 +160,7 @@ public class DefaultJWTClaimsProvider implements JWTClaimsProvider {
                     if (claim.getValues().size() == 1) {
                         claimValues = claim.getValues().get(0);
                     }
-                    claims.setProperty(claim.getClaimType().toString(), claimValues);
+                    claims.setProperty(translateClaim(claim.getClaimType().toString()), claimValues);
                 }
             }
         }
@@ -277,7 +279,14 @@ public class DefaultJWTClaimsProvider implements JWTClaimsProvider {
             }
         } 
     }
-    
+
+    private String translateClaim(String claimType) {
+        if (claimTypeMap == null || !claimTypeMap.containsKey(claimType)) {
+            return claimType;
+        }
+        return claimTypeMap.get(claimType);
+    }
+
     public boolean isUseX500CN() {
         return useX500CN;
     }
@@ -366,5 +375,17 @@ public class DefaultJWTClaimsProvider implements JWTClaimsProvider {
     public void setFailLifetimeExceedance(boolean failLifetimeExceedance) {
         this.failLifetimeExceedance = failLifetimeExceedance;
     }
-    
+
+    public Map<String, String> getClaimTypeMap() {
+        return claimTypeMap;
+    }
+
+    /**
+     * Specify a way to map ClaimType URIs to custom ClaimTypes
+     * @param claimTypeMap
+     */
+    public void setClaimTypeMap(Map<String, String> claimTypeMap) {
+        this.claimTypeMap = claimTypeMap;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/fb414c7a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTClaimsTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTClaimsTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTClaimsTest.java
index 6e33ea4..88cb020 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTClaimsTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTClaimsTest.java
@@ -40,6 +40,7 @@ import org.apache.cxf.sts.common.PasswordCallbackHandler;
 import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.TokenRequirements;
 import org.apache.cxf.sts.service.EncryptionProperties;
+import org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider;
 import org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
@@ -210,7 +211,81 @@ public class JWTClaimsTest extends org.junit.Assert {
         JwtToken jwt = jwtConsumer.getJwtToken();
         assertEquals(jwt.getClaim(CLAIM_STATIC_COMPANY.toString()), CLAIM_STATIC_COMPANY_VALUE);
     }
-    
+
+    @org.junit.Test
+    public void testJWTRoleUsingURI() throws Exception {
+        TokenProvider tokenProvider = new JWTTokenProvider();
+        TokenProviderParameters providerParameters =
+            createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE, null);
+
+        ClaimsManager claimsManager = new ClaimsManager();
+        ClaimsHandler claimsHandler = new CustomClaimsHandler();
+        claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
+        providerParameters.setClaimsManager(claimsManager);
+
+        ClaimCollection claims = new ClaimCollection();
+
+        URI role = URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+
+        Claim claim = new Claim();
+        claim.setClaimType(role);
+        claims.add(claim);
+
+        providerParameters.setRequestedPrimaryClaims(claims);
+
+        assertTrue(tokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
+        TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId()
!= null);
+
+        String token = (String)providerResponse.getToken();
+        assertNotNull(token);
+
+        JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
+        JwtToken jwt = jwtConsumer.getJwtToken();
+        assertEquals(jwt.getClaim(role.toString()), "DUMMY");
+    }
+
+    @org.junit.Test
+    public void testJWTRoleUsingCustomReturnType() throws Exception {
+        TokenProvider tokenProvider = new JWTTokenProvider();
+        TokenProviderParameters providerParameters =
+            createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE, null);
+
+        ClaimsManager claimsManager = new ClaimsManager();
+        ClaimsHandler claimsHandler = new CustomClaimsHandler();
+        claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
+        providerParameters.setClaimsManager(claimsManager);
+
+        ClaimCollection claims = new ClaimCollection();
+
+        URI role = URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+
+        Claim claim = new Claim();
+        claim.setClaimType(role);
+        claims.add(claim);
+
+        providerParameters.setRequestedPrimaryClaims(claims);
+
+        Map<String, String> claimTypeMap = new HashMap<>();
+        claimTypeMap.put(role.toString(), "roles");
+        DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
+        claimsProvider.setClaimTypeMap(claimTypeMap);
+        ((JWTTokenProvider)tokenProvider).setJwtClaimsProvider(claimsProvider);
+
+        assertTrue(tokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
+        TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId()
!= null);
+
+        String token = (String)providerResponse.getToken();
+        assertNotNull(token);
+
+        JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
+        JwtToken jwt = jwtConsumer.getJwtToken();
+        assertEquals(jwt.getClaim("roles"), "DUMMY");
+    }
+
     private TokenProviderParameters createProviderParameters(
         String tokenType, String appliesTo
     ) throws WSSecurityException {

http://git-wip-us.apache.org/repos/asf/cxf/blob/fb414c7a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java
index 4cc6b66..fbe4b2a 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java
@@ -936,13 +936,11 @@ public class STSRESTTest extends AbstractBusClientServerTestBase {
         
         JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
         JwtToken jwt = jwtConsumer.getJwtToken();
-        
-        String role = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
-        assertTrue(jwt.getClaim(role) == null);
-        
+        assertTrue(jwt.getClaim("roles") == null);
+
         // Now get another token specifying the role
-        client.query("claim", role);
-        
+        client.query("claim", "roles");
+
         response = client.get();
         token = response.readEntity(String.class);
         assertNotNull(token);
@@ -952,8 +950,8 @@ public class STSRESTTest extends AbstractBusClientServerTestBase {
         
         jwtConsumer = new JwsJwtCompactConsumer(token);
         jwt = jwtConsumer.getJwtToken();
-        assertEquals("ordinary-user", jwt.getClaim(role));
-        
+        assertEquals("ordinary-user", jwt.getClaim("roles"));
+
         bus.shutdown(true);
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/fb414c7a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/rest/cxf-rest-sts.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/rest/cxf-rest-sts.xml
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/rest/cxf-rest-sts.xml
index 0a6828e..fabb124 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/rest/cxf-rest-sts.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/rest/cxf-rest-sts.xml
@@ -77,7 +77,14 @@
     </bean>
     <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
     </bean>
+    <util:map id="claimTypes">
+        <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" value="roles"/>
+    </util:map>
+    <bean id="customJWTClaimsProvider" class="org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider">
+        <property name="claimTypeMap" ref="claimTypes"/>
+    </bean>
     <bean id="transportJWTTokenProvider" class="org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider">
+        <property name="jwtClaimsProvider" ref="customJWTClaimsProvider" />
     </bean>
     <bean id="transportJWTTokenValidator" class="org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator">
     </bean>


Mime
View raw message