[
https://issues.apache.org/jira/browse/CXF-4062?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13218228#comment-13218228
]
Jan Bernhardt commented on CXF-4062:
------------------------------------
Hi Colm,
[
https://issues.apache.org/jira/browse/CXF-4062?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13218138#comment-13218138
]
Colm O hEigeartaigh commented on CXF-4062:
------------------------------------------
Hi Jan,
Thanks for your patch.
According to the spec: "This profile defines the ic:ClaimType element for use
as a child of the wst:Claims element." - it doesn't say anything about
ClaimValue, unless I'm missing something.
If you have a look into the schema definition you will find ClaimValueType and
others.
http://docs.oasis-open.org/imi/identity/v1.0/os/identity-1.0-errata-os.xsd
I'd prefer to see the following changes to your patch - if you disagree feel
free to argue with me ;-)
a) Make the claimParser map in RequestParser configurable - you should be able
to spring load different implementations of the ClaimParser interface.
I fully agree, I just did not know the best place to do this. How / where would
you do this? ClaimParsing happens quite deep in the STS, further changes would
be necessary...
b) Do not add the IdentityClaimParser as a default parser. As I stated above, I
don't believe that it's standard to have ClaimValue children of the wst:Claims
Element. Instead, this parser should be configurable.
I just added this Parser as my default parser, since I had no way to configure
it via spring, so I got the desired handling by default.
c) The dialect of the default claims parser should be the standard namespace.
What is the standard Namespace?
http://schemas.xmlsoap.org/ws/2005/05/identity/claims is used in all examples I
have seen so far. And for this Namespace my IdentityClaimParser would be a good
starting point (since it is not complete according to the schema).
d) Please add a test as part of this patch to show how to plug in a custom
ClaimParser.
I could do this, after completion of a).
The RequestClaim class should be replaced by a more flexible interface
supporting any kind of custom claim dialects. But this change would have an
effect for current ClaimHandler, so this can not be done "silent"...
Best wishes
Jan
Thanks,
Colm.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
> Enabling custom claim parser
> ----------------------------
>
> Key: CXF-4062
> URL: https://issues.apache.org/jira/browse/CXF-4062
> Project: CXF
> Issue Type: Improvement
> Affects Versions: 2.5.2
> Reporter: Jan Bernhardt
> Labels: Claims, STS
> Attachments: claimParer.patch
>
>
> STS-core:
> Currently there is now way to use a custom dialect in requested claims. Even
> http://schemas.xmlsoap.org/ws/2005/05/identity/claims is not fully supported
> (only ClaimType element).
> Therefore I introduced a new Interface ClaimParser, and a DefaultClaimParser
> with the current parsing logic. This parser is called by default within
> RequestParser, so that the normal cxf behavior has not changed. But to make
> this process more flexible it is possible (with this patch) to register any
> kind of ClaimParser supporting a specific dialect. I implemented a
> IdentityClaimParser which is currently able to parser CustomType and
> CustomValueType elements within the wst:claims element. Since the current
> RequestClaim does not support any claim values, except of the Uri attribute,
> I created a SubClass ClaimValueType to also pass the claim value to the claim
> handler.
> This patch is just a starting point. I think there should be a more complex
> redesign of the current claim handling implementation, because it is
> currently focused on only one Use-Case. The following improvements should be
> made:
> * The RequestClaim class should be replaced by a more flexible interface
> supporting any kind of parsing and handling custom dialects.
> * It should be possible to include/configure custom claimparser via spring
> config
> * A fully supported implementation of
> http://schemas.xmlsoap.org/ws/2005/05/identity/claims dialect would be great
> Here is an example of a claims STS request which is supported by applying
> this patch:
> <wst:Claims Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity";
> xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity";>
> <ic:ClaimValue
> Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"/>admin</ic:ClaimValue>
> </wst:Claims>
> Thank you for this great product!! I hope this patch can help to further
> improve CXF.
> Best regards
> Jan
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
