Repository: cxf Updated Branches: refs/heads/master 27217faed -> 52bbb4bfd
Factor out the RealmHandler stuff out into a separate method Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/52bbb4bf Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/52bbb4bf Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/52bbb4bf Branch: refs/heads/master Commit: 52bbb4bfdbae96c93693191c850db12e6f5f21e8 Parents: 27217fa Author: Colm O hEigeartaigh <[email protected]> Authored: Fri Jun 2 15:32:53 2017 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Fri Jun 2 15:32:53 2017 +0100 ---------------------------------------------------------------------- .../apache/cxf/sts/claims/ClaimsManager.java | 141 ++++++++++--------- 1 file changed, 74 insertions(+), 67 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/52bbb4bf/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java index 7d3ebd1..4fa41fb 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/ClaimsManager.java @@ -133,15 +133,16 @@ public class ClaimsManager { } public ProcessedClaimCollection retrieveClaimValues(ClaimCollection claims, ClaimsParameters parameters) { + if (claims == null || claims.size() == 0) { + return null; + } + Relationship relationship = null; if (parameters.getAdditionalProperties() != null) { relationship = (Relationship)parameters.getAdditionalProperties().get( Relationship.class.getName()); } - if (claims == null || claims.size() == 0) { - return null; - } if (relationship == null || relationship.getType().equals(Relationship.FED_TYPE_IDENTITY)) { // Federate identity. Identity already mapped. // Call all configured claims handlers to retrieve the required claims @@ -176,17 +177,15 @@ public class ClaimsManager { validateClaimValues(claims, targetClaims); return targetClaims; } - } private ProcessedClaimCollection handleClaims(ClaimCollection claims, ClaimsParameters parameters) { ProcessedClaimCollection returnCollection = new ProcessedClaimCollection(); - Principal originalPrincipal = parameters.getPrincipal(); - if (claimHandlers == null) { return returnCollection; } + Principal originalPrincipal = parameters.getPrincipal(); for (ClaimsHandler handler : claimHandlers) { ClaimCollection supportedClaims = @@ -195,81 +194,89 @@ public class ClaimsManager { continue; } - if (handler instanceof RealmSupport) { - RealmSupport handlerRealmSupport = (RealmSupport)handler; - // Check whether the handler supports the current realm - if (handlerRealmSupport.getSupportedRealms() != null - && handlerRealmSupport.getSupportedRealms().size() > 0 - && handlerRealmSupport.getSupportedRealms().indexOf(parameters.getRealm()) == -1) { - if (LOG.isLoggable(Level.FINER)) { - LOG.finer("Handler '" + handler.getClass().getName() + "' doesn't support" - + " realm '" + parameters.getRealm() + "'"); + if (isCurrentRealmSupported(handler, parameters)) { + ProcessedClaimCollection claimCollection = null; + try { + claimCollection = handler.retrieveClaimValues(supportedClaims, parameters); + } catch (RuntimeException ex) { + LOG.log(Level.INFO, "Failed retrieving claims from ClaimsHandler " + + handler.getClass().getName(), ex); + if (this.isStopProcessingOnException()) { + throw ex; } - continue; + } finally { + // set original principal again, otherwise wrong principal passed to next claim handler in the list + // if no mapping required or wrong source principal used for next identity mapping + parameters.setPrincipal(originalPrincipal); } - // If handler realm is configured and different from current realm - // do an identity mapping - if (handlerRealmSupport.getHandlerRealm() != null - && !handlerRealmSupport.getHandlerRealm().equalsIgnoreCase(parameters.getRealm())) { - Principal targetPrincipal = null; - try { - if (LOG.isLoggable(Level.FINE)) { - LOG.fine("Mapping user '" + parameters.getPrincipal().getName() - + "' [" + parameters.getRealm() + "] to realm '" - + handlerRealmSupport.getHandlerRealm() + "'"); - } - targetPrincipal = doMapping(parameters.getRealm(), parameters.getPrincipal(), - handlerRealmSupport.getHandlerRealm()); - } catch (Exception ex) { - LOG.log(Level.WARNING, "Failed to map user '" + parameters.getPrincipal().getName() - + "' [" + parameters.getRealm() + "] to realm '" - + handlerRealmSupport.getHandlerRealm() + "'", ex); - throw new STSException("Failed to map user for claims handler", - STSException.REQUEST_FAILED); - } + if (claimCollection != null && !claimCollection.isEmpty()) { + returnCollection.addAll(claimCollection); + } + } + } - if (targetPrincipal == null || targetPrincipal.getName() == null) { - LOG.log(Level.WARNING, "Null. Failed to map user '" + parameters.getPrincipal().getName() - + "' [" + parameters.getRealm() + "] to realm '" - + handlerRealmSupport.getHandlerRealm() + "'"); - continue; - } - if (LOG.isLoggable(Level.INFO)) { - LOG.info("Principal '" + targetPrincipal.getName() - + "' passed to handler '" + handler.getClass().getName() + "'"); - } - parameters.setPrincipal(targetPrincipal); - } else { - if (LOG.isLoggable(Level.FINER)) { - LOG.finer("Handler '" + handler.getClass().getName() + "' doesn't require" - + " identity mapping '" + parameters.getRealm() + "'"); - } + return returnCollection; + } - } + private boolean isCurrentRealmSupported(ClaimsHandler handler, ClaimsParameters parameters) { + if (!(handler instanceof RealmSupport)) { + return true; + } + + RealmSupport handlerRealmSupport = (RealmSupport)handler; + + // Check whether the handler supports the current realm + if (handlerRealmSupport.getSupportedRealms() != null + && handlerRealmSupport.getSupportedRealms().size() > 0 + && handlerRealmSupport.getSupportedRealms().indexOf(parameters.getRealm()) == -1) { + if (LOG.isLoggable(Level.FINER)) { + LOG.finer("Handler '" + handlerRealmSupport.getClass().getName() + "' doesn't support" + + " realm '" + parameters.getRealm() + "'"); } + return false; + } - ProcessedClaimCollection claimCollection = null; + // If handler realm is configured and different from current realm + // do an identity mapping + if (handlerRealmSupport.getHandlerRealm() != null + && !handlerRealmSupport.getHandlerRealm().equalsIgnoreCase(parameters.getRealm())) { + Principal targetPrincipal = null; try { - claimCollection = handler.retrieveClaimValues(supportedClaims, parameters); - } catch (RuntimeException ex) { - LOG.log(Level.INFO, "Failed retrieving claims from ClaimsHandler " - + handler.getClass().getName(), ex); - if (this.isStopProcessingOnException()) { - throw ex; + if (LOG.isLoggable(Level.FINE)) { + LOG.fine("Mapping user '" + parameters.getPrincipal().getName() + + "' [" + parameters.getRealm() + "] to realm '" + + handlerRealmSupport.getHandlerRealm() + "'"); } - } finally { - // set original principal again, otherwise wrong principal passed to next claim handler in the list - // if no mapping required or wrong source principal used for next identity mapping - parameters.setPrincipal(originalPrincipal); + targetPrincipal = doMapping(parameters.getRealm(), parameters.getPrincipal(), + handlerRealmSupport.getHandlerRealm()); + } catch (Exception ex) { + LOG.log(Level.WARNING, "Failed to map user '" + parameters.getPrincipal().getName() + + "' [" + parameters.getRealm() + "] to realm '" + + handlerRealmSupport.getHandlerRealm() + "'", ex); + throw new STSException("Failed to map user for claims handler", + STSException.REQUEST_FAILED); } - if (claimCollection != null && claimCollection.size() != 0) { - returnCollection.addAll(claimCollection); + if (targetPrincipal == null || targetPrincipal.getName() == null) { + LOG.log(Level.WARNING, "Null. Failed to map user '" + parameters.getPrincipal().getName() + + "' [" + parameters.getRealm() + "] to realm '" + + handlerRealmSupport.getHandlerRealm() + "'"); + return false; + } + if (LOG.isLoggable(Level.INFO)) { + LOG.info("Principal '" + targetPrincipal.getName() + + "' passed to handler '" + handlerRealmSupport.getClass().getName() + "'"); + } + parameters.setPrincipal(targetPrincipal); + } else { + if (LOG.isLoggable(Level.FINER)) { + LOG.finer("Handler '" + handlerRealmSupport.getClass().getName() + "' doesn't require" + + " identity mapping '" + parameters.getRealm() + "'"); } } - return returnCollection; + return true; } private ClaimCollection filterHandlerClaims(ClaimCollection claims,
