[18/42] cxf git commit: Also check the UserInfo for a role in the OidcSecurityContext

Mon, 25 Jul 2016 17:41:42 -0700 

Also check the UserInfo for a role in the OidcSecurityContext


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b3677b6a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b3677b6a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b3677b6a

Branch: refs/heads/master-jaxrs-2.1
Commit: b3677b6a9201bd894879d9d06a4c75ac7e310660
Parents: 9e42b9b
Author: Colm O hEigeartaigh <cohei...@apache.org>
Authored: Thu Jul 21 10:14:52 2016 +0100
Committer: Colm O hEigeartaigh <cohei...@apache.org>
Committed: Thu Jul 21 10:14:52 2016 +0100

----------------------------------------------------------------------
 .../cxf/rs/security/oidc/rp/OidcSecurityContext.java    | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/b3677b6a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
index 552a6a1..c5e456c 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
@@ -86,9 +86,15 @@ public class OidcSecurityContext extends 
SimpleSecurityContext implements Securi
     
     @Override
     public boolean isUserInRole(String role) {
-        return roleClaim != null && role != null && oidcContext.getIdToken() 
!= null
-            && oidcContext.getIdToken().containsProperty(roleClaim)
-            && role.equals(oidcContext.getIdToken().getProperty(roleClaim));
+        
+        return roleClaim != null && role != null
+            && (containsClaim(oidcContext.getIdToken(), roleClaim, role) 
+                || containsClaim(oidcContext.getUserInfo(), roleClaim, role));
+    }
+    
+    private boolean containsClaim(AbstractUserInfo userInfo, String claim, 
String claimValue) {
+        return userInfo != null && userInfo.containsProperty(claim)
+            && claimValue.equals(userInfo.getProperty(claim));
     }
     
     /**

Reply via email to