Merge branch 'split_manifest_header' into 'master'

Consume isMemberOf attribute as single value with semi-colon delimited list of manifest groups

In the List Library application, which is attempting to consume Manifest groups as UW Spring Security authorities, we discovered that multiple Manifest groups are not provided by the login server as multiple isMemberOf headers but as one string with the Manifest groups delimited by semi-colons.

This PR revises the default Preauth mapper to split the isMemberOf string apart into a Java collection, which is the correct format for the authorities argument to the UWUserDetailsImpl constructor.

Notify: @paul.erickson @ahoffmann @gutkowski @bkeen

See merge request !24

uw-spring-security-core/src/main/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapper.java

@@ -85,7 +85,18 @@ public interface PreauthenticatedUserDetailsAttributeMapper {
       String emplid = request.getHeader(isisEmplidHeader);
       Collection<String> uddsMembership = safeGetHeaders(request, uddsHeader);
       String email = request.getHeader(emailAddressHeader);
-      Collection<String> manifestGroups = safeGetHeaders(request, manifestHeader);
+
+      Collection<String> manifestGroups = new ArrayList<>();
+      String manifestValue = request.getHeader(manifestHeader);
+      if (manifestValue != null) {
+        String[] manifestGroupStrings = manifestValue.split(";");
+        for (String manifestGroupString : manifestGroupStrings) {
+          if (!manifestGroupString.trim().isEmpty()) {
+            manifestGroups.add(manifestGroupString.trim());
+          }
+        }
+      }
+
       UWUserDetailsImpl result = UWUserDetailsImpl.newInstance(pvi, uid, "", cn, email, uddsMembership, manifestGroups);
       result.setSource("edu.wisc.uwss.preauth");
       result.setEppn(eppn);

uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapperTest.java

@@ -73,8 +73,7 @@ public class PreauthenticatedUserDetailsAttributeMapperTest {
   @Test
   public void mapUser_isMemberOf_contains_blank_values() {
     MockHttpServletRequest request = mockRequest();
-    request.addHeader("isMemberOf", "");
-    request.addHeader("isMemberOf", "      ");
+    request.addHeader("isMemberOf", ";    ");
 
     UWUserDetails result = filter.mapUser(request);
     assertNotNull(result);
@@ -88,8 +87,7 @@ public class PreauthenticatedUserDetailsAttributeMapperTest {
   @Test
   public void mapUser_multipleManifestGroups() {
     MockHttpServletRequest request = mockRequest();
-    request.addHeader("isMemberOf", "uw:domain:onegroup");
-    request.addHeader("isMemberOf", "uw:domain:anothergroup");
+    request.addHeader("isMemberOf", "uw:domain:onegroup;uw:domain:anothergroup");
 
     UWUserDetails result = filter.mapUser(request);
     assertNotNull(result);

uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/UWUserDetailsAuthenticationFilterTest.java

@@ -38,7 +38,7 @@ public class UWUserDetailsAuthenticationFilterTest {
 		when(request.getHeader("cn")).thenReturn("Bucky Badger");
 		when(request.getHeaders("wisceduudds")).thenReturn(Collections.enumeration(Arrays.asList("A061234")));
 		when(request.getHeader("mail")).thenReturn("foo@foo.wisc.edu");
-    when(request.getHeaders("isMemberOf")).thenReturn(Collections.enumeration(Arrays.asList("somegroup")));
+    when(request.getHeader("isMemberOf")).thenReturn("somegroup");
 		UWUserDetails userDetails = filter.getPreAuthenticatedPrincipal(request);
 		assertEquals("bbadger", userDetails.getUsername());
 		assertEquals("bbadger@wisc.edu", userDetails.getEppn());