CAS-1352: Usename attribute should not be required in the list of all…

…owed attributes Specifying the username attribute in the service registry for a given service currently requires that the same attribute exist in the list of allowed attributes. https://issues.jasig.org/browse/CAS-1352
apereo · Sep 12, 2013 · 21a0f23 · 21a0f23
1 parent d0adc14
commit 21a0f23
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 6 deletions.
diff --git a/cas-server-core/src/main/java/org/jasig/cas/CentralAuthenticationServiceImpl.java b/cas-server-core/src/main/java/org/jasig/cas/CentralAuthenticationServiceImpl.java
@@ -441,8 +441,7 @@ private String determinePrincipalIdForRegisteredService(final Principal principa
         } else if (StringUtils.isBlank(serviceUsernameAttribute)) {
             principalId = principal.getId();
         } else {
-            if ((registeredService.isIgnoreAttributes() || registeredService.getAllowedAttributes().contains(serviceUsernameAttribute)) &&
-                 principal.getAttributes().containsKey(serviceUsernameAttribute)) {
+            if (principal.getAttributes().containsKey(serviceUsernameAttribute)) {
                 principalId = principal.getAttributes().get(registeredService.getUsernameAttribute()).toString();
             } else {
                 principalId = principal.getId();

diff --git a/cas-server-core/src/test/java/org/jasig/cas/CentralAuthenticationServiceImplTests.java b/cas-server-core/src/test/java/org/jasig/cas/CentralAuthenticationServiceImplTests.java
@@ -350,17 +350,17 @@ public void testValidateServiceTicketWithUsernameAttribute() throws TicketExcept
 
     @Test
     public void testValidateServiceTicketWithInvalidUsernameAttribute() throws TicketException {
-        UsernamePasswordCredentials cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
+        final UsernamePasswordCredentials cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
         final String ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);
 
-        Service svc = TestUtils.getService("eduPersonTestInvalid");
+        final Service svc = TestUtils.getService("eduPersonTestInvalid");
         final String serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket, svc);
 
         final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket, svc);
         final Authentication auth = assertion.getChainedAuthentications().get(0);
 
         /*
-         * The attribute specified for this service is not allows in the list of returned attributes.
+         * The attribute specified for this service does not resolve.
          * Therefore, we expect the default to be returned. 
          */
         assertEquals(auth.getPrincipal().getId(), cred.getUsername());

diff --git a/cas-server-core/src/test/resources/applicationContext.xml b/cas-server-core/src/test/resources/applicationContext.xml
@@ -103,7 +103,7 @@
                     <property name="name" value="EduPerson Test Invalid Service" />
                     <property name="serviceId" value="eduPersonTestInvalid" />
                     <property name="evaluationOrder" value="4" />
-                    <property name="usernameAttribute" value="eduPersonAffiliation" />
+                    <property name="usernameAttribute" value="nonExistentAttributeName" />
                     <property name="allowedAttributes">
                     	<list>
                     		<value>groupMembership</value>