Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-4062

Enabling custom claim parser

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.5.2
    • 2.5.3
    • Services
    • Moderate

    Description

      STS-core:
      Currently there is now way to use a custom dialect in requested claims. Even http://schemas.xmlsoap.org/ws/2005/05/identity/claims is not fully supported (only ClaimType element).

      Therefore I introduced a new Interface ClaimParser, and a DefaultClaimParser with the current parsing logic. This parser is called by default within RequestParser, so that the normal cxf behavior has not changed. But to make this process more flexible it is possible (with this patch) to register any kind of ClaimParser supporting a specific dialect. I implemented a IdentityClaimParser which is currently able to parser CustomType and CustomValueType elements within the wst:claims element. Since the current RequestClaim does not support any claim values, except of the Uri attribute, I created a SubClass ClaimValueType to also pass the claim value to the claim handler.

      This patch is just a starting point. I think there should be a more complex redesign of the current claim handling implementation, because it is currently focused on only one Use-Case. The following improvements should be made:

      • The RequestClaim class should be replaced by a more flexible interface supporting any kind of parsing and handling custom dialects.
      • It should be possible to include/configure custom claimparser via spring config
      • A fully supported implementation of http://schemas.xmlsoap.org/ws/2005/05/identity/claims dialect would be great

      Here is an example of a claims STS request which is supported by applying this patch:
      <wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity" xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity">
      <ic:ClaimValue Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"/>admin</ic:ClaimValue>
      </wst:Claims>

      Thank you for this great product!! I hope this patch can help to further improve CXF.

      Best regards
      Jan

      Attachments

        1. claimParer.patch
          40 kB
          Jan Bernhardt
        2. cxf-sts-claims.patch
          48 kB
          Jan Bernhardt
        3. cxf-sts-claims.patch
          14 kB
          Jan Bernhardt

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            coheigea Colm O hEigeartaigh
            jan4talend Jan Bernhardt
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Issue deployment