in plugins/websphere/src/main/java/org/apache/cxf/fediz/was/tai/FedizInterceptor.java [501:555]
protected List<String> groupIdsFromTokenRoles(FedizResponse federationResponse) {
List<String> localGroups = mapper.groupsFromRoles(federationResponse.getRoles());
int size = (localGroups == null) ? 0 : localGroups.size();
List<String> groupIds = new ArrayList<>(size);
if (size > 0) {
if (directGroupMapping) {
LOG.debug("Direct Group Mapping was set in interceptor. Thus UserRegistry will not be invoked to get "
+ "GrouUID");
groupIds.addAll(localGroups);
} else {
InitialContext ctx = null;
try {
ctx = new InitialContext();
UserRegistry userRegistry = (UserRegistry)ctx.lookup(Constants.USER_REGISTRY_JNDI_NAME);
if (localGroups != null) {
LOG.debug("Converting {} group names to uids", size);
for (String localGroup : localGroups) {
try {
String guid = convertGroupNameToUniqueId(userRegistry, localGroup);
LOG.debug("Group '{}' maps to guid: {}", localGroup, guid);
groupIds.add(guid);
} catch (EntryNotFoundException e) {
LOG.warn("Group entry '{}' could not be found in UserRegistry for user '{}'",
localGroup, federationResponse.getUsername());
}
}
}
} catch (NamingException ex) {
LOG.error("User Registry could not be loaded via JNDI context.");
LOG.warn("Group mapping failed for user '{}'", federationResponse.getUsername());
LOG.info("To switch to direct GroupUID Mapping without UserRegistry being involved set "
+ "fedizDirectGroupMapping=\"true\" in TAI Interceptor properties.");
} catch (RemoteException e) {
LOG.error("RemoteException in UserRegistry", e);
LOG.warn("Group mapping failed for user '{}'", federationResponse.getUsername());
} catch (CustomRegistryException e) {
LOG.error("CustomRegistryException in UserRegistry", e);
LOG.warn("Group mapping failed for user '{}'", federationResponse.getUsername());
} finally {
if (ctx != null) {
try {
ctx.close();
} catch (NamingException e) {
// Ignore
}
}
}
}
}
LOG.debug("Group list: {}", groupIds);
return groupIds;
}