Store the roles in FedizPrincipal. The roles are removed from the Claims, so before this there is no way to get the roles
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java
index 4a2c63e..52d7c17 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/FedizPrincipal.java
@@ -20,6 +20,7 @@
package org.apache.cxf.fediz.core;
import java.security.Principal;
+import java.util.List;
import org.w3c.dom.Element;
@@ -28,5 +29,7 @@
ClaimCollection getClaims();
Element getLoginToken();
+
+ List<String> getRoleClaims();
}
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/TestSigninHandler.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/TestSigninHandler.java
index bdf68d9..26aa0ca 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/TestSigninHandler.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/TestSigninHandler.java
@@ -19,6 +19,7 @@
package org.apache.cxf.fediz.core.federation;
+import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -61,12 +62,16 @@
protected ClaimCollection claims;
protected Element loginToken;
private String username;
+ private List<String> roles = new ArrayList<>();
FederationPrincipalImpl(String username, List<String> roles,
List<Claim> claims, Element loginToken) {
this.claims = new ClaimCollection(claims);
this.loginToken = loginToken;
this.username = username;
+ if (roles != null) {
+ this.roles = roles;
+ }
}
public ClaimCollection getClaims() {
@@ -83,6 +88,10 @@
return username;
}
+ public List<String> getRoleClaims() {
+ return roles;
+ }
+
}
}
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
index b9e89a9..56f3c9d 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/AbstractServiceProviderFilter.java
@@ -183,7 +183,8 @@
ResponseState responseState, Message m, Element token
) throws WSSecurityException {
CXFFedizPrincipal principal =
- new CXFFedizPrincipal(responseState.getSubject(), responseState.getClaims(), token);
+ new CXFFedizPrincipal(responseState.getSubject(), responseState.getClaims(),
+ responseState.getRoles(), token);
SecurityTokenThreadLocal.setToken(principal.getLoginToken());
FedizSecurityContext context =
diff --git a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
index 3fde312..5a6914e 100644
--- a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
+++ b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/CXFFedizPrincipal.java
@@ -18,6 +18,7 @@
*/
package org.apache.cxf.fediz.cxf.plugin;
+import java.util.Collections;
import java.util.List;
import org.w3c.dom.Element;
@@ -30,11 +31,15 @@
private final String subject;
private final List<Claim> claims;
private Element token;
+ private List<String> roles = Collections.emptyList();
- public CXFFedizPrincipal(String subject, List<Claim> claims, Element token) {
+ public CXFFedizPrincipal(String subject, List<Claim> claims, List<String> roles, Element token) {
this.subject = subject;
this.claims = claims;
this.token = token;
+ if (roles != null) {
+ this.roles = roles;
+ }
}
@Override
@@ -52,5 +57,7 @@
return token;
}
-
+ public List<String> getRoleClaims() {
+ return Collections.unmodifiableList(roles);
+ }
}
diff --git a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
index b209605..549e5da 100644
--- a/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
+++ b/plugins/jetty8/src/main/java/org/apache/cxf/fediz/jetty8/FederationUserPrincipal.java
@@ -19,7 +19,11 @@
package org.apache.cxf.fediz.jetty8;
+import java.util.Collections;
+import java.util.List;
+
import org.w3c.dom.Element;
+
import org.apache.cxf.fediz.core.ClaimCollection;
import org.apache.cxf.fediz.core.FedizPrincipal;
import org.apache.cxf.fediz.core.processor.FedizResponse;
@@ -28,11 +32,15 @@
private String name;
private ClaimCollection claims;
private FedizResponse response;
+ private List<String> roles = Collections.emptyList();
public FederationUserPrincipal(String name, FedizResponse response) {
this.name = name;
this.response = response;
this.claims = new ClaimCollection(response.getClaims());
+ if (response.getRoles() != null) {
+ this.roles = response.getRoles();
+ }
}
@Override
@@ -57,5 +65,7 @@
return response.getToken();
}
-
+ public List<String> getRoleClaims() {
+ return Collections.unmodifiableList(roles);
+ }
}
diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java
index 02176ec..76b2986 100644
--- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java
+++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationUserPrincipal.java
@@ -19,7 +19,11 @@
package org.apache.cxf.fediz.jetty9;
+import java.util.Collections;
+import java.util.List;
+
import org.w3c.dom.Element;
+
import org.apache.cxf.fediz.core.ClaimCollection;
import org.apache.cxf.fediz.core.FedizPrincipal;
import org.apache.cxf.fediz.core.processor.FedizResponse;
@@ -28,11 +32,15 @@
private String name;
private ClaimCollection claims;
private FedizResponse response;
+ private List<String> roles = Collections.emptyList();
public FederationUserPrincipal(String name, FedizResponse response) {
this.name = name;
this.response = response;
this.claims = new ClaimCollection(response.getClaims());
+ if (response.getRoles() != null) {
+ this.roles = response.getRoles();
+ }
}
@Override
@@ -57,5 +65,7 @@
return response.getToken();
}
-
+ public List<String> getRoleClaims() {
+ return Collections.unmodifiableList(roles);
+ }
}
diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
index 4c2aea1..ad099d1 100644
--- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
+++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
@@ -21,6 +21,8 @@
import java.io.Serializable;
import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
import org.w3c.dom.Element;
import org.apache.cxf.fediz.core.ClaimCollection;
@@ -43,6 +45,7 @@
private final Object principal;
private final UserDetails userDetails;
private final FedizResponse response;
+ private List<String> roles = Collections.emptyList();
public FederationAuthenticationToken(final Object principal, final Object credentials,
@@ -60,6 +63,9 @@
this.userDetails = userDetails;
this.response = response;
setAuthenticated(true);
+ if (response.getRoles() != null) {
+ this.roles = response.getRoles();
+ }
}
public Object getCredentials() {
@@ -97,4 +103,7 @@
return response.getToken();
}
+ public List<String> getRoleClaims() {
+ return Collections.unmodifiableList(roles);
+ }
}
diff --git a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
index 284b910..14e1047 100644
--- a/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
+++ b/plugins/spring2/src/main/java/org/apache/cxf/fediz/spring/authentication/FederationAuthenticationToken.java
@@ -20,6 +20,8 @@
package org.apache.cxf.fediz.spring.authentication;
import java.io.Serializable;
+import java.util.Collections;
+import java.util.List;
import org.w3c.dom.Element;
import org.apache.cxf.fediz.core.ClaimCollection;
@@ -41,6 +43,7 @@
private final Object principal;
private final UserDetails userDetails;
private final FedizResponse response;
+ private List<String> roles = Collections.emptyList();
public FederationAuthenticationToken(final Object principal, final Object credentials,
@@ -58,6 +61,9 @@
this.userDetails = userDetails;
this.response = response;
setAuthenticated(true);
+ if (response.getRoles() != null) {
+ this.roles = response.getRoles();
+ }
}
public Object getCredentials() {
@@ -95,4 +101,7 @@
return response.getToken();
}
+ public List<String> getRoleClaims() {
+ return Collections.unmodifiableList(roles);
+ }
}
diff --git a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java
index 453879f..964701a 100644
--- a/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java
+++ b/plugins/tomcat7/src/main/java/org/apache/cxf/fediz/tomcat7/FederationPrincipalImpl.java
@@ -19,6 +19,7 @@
package org.apache.cxf.fediz.tomcat7;
+import java.util.Collections;
import java.util.List;
import org.w3c.dom.Element;
@@ -31,12 +32,16 @@
protected ClaimCollection claims;
protected Element loginToken;
+ private List<String> roles = Collections.emptyList();
public FederationPrincipalImpl(String username, List<String> roles,
List<Claim> claims, Element loginToken) {
super(username, null, roles);
this.claims = new ClaimCollection(claims);
this.loginToken = loginToken;
+ if (roles != null) {
+ this.roles = roles;
+ }
}
public ClaimCollection getClaims() {
@@ -47,5 +52,9 @@
public Element getLoginToken() {
return loginToken;
}
+
+ public List<String> getRoleClaims() {
+ return Collections.unmodifiableList(roles);
+ }
}
diff --git a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationPrincipalImpl.java b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationPrincipalImpl.java
index aa1d316..81408c7 100644
--- a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationPrincipalImpl.java
+++ b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationPrincipalImpl.java
@@ -19,6 +19,7 @@
package org.apache.cxf.fediz.tomcat8;
+import java.util.Collections;
import java.util.List;
import org.w3c.dom.Element;
@@ -31,12 +32,16 @@
protected ClaimCollection claims;
protected Element loginToken;
+ private List<String> roles = Collections.emptyList();
public FederationPrincipalImpl(String username, List<String> roles,
List<Claim> claims, Element loginToken) {
super(username, null, roles);
this.claims = new ClaimCollection(claims);
this.loginToken = loginToken;
+ if (roles != null) {
+ this.roles = roles;
+ }
}
public ClaimCollection getClaims() {
@@ -48,4 +53,7 @@
return loginToken;
}
+ public List<String> getRoleClaims() {
+ return Collections.unmodifiableList(roles);
+ }
}