From 68bc4c3f8a7d40b3350b23322f7d5310a6a3228e Mon Sep 17 00:00:00 2001
From: Benjamin Sousa <benjamin.sousa@wisc.edu>
Date: Fri, 30 Sep 2016 11:21:44 -0500
Subject: [PATCH] Consume isMemberOf attribute as single value with semi-colon
 delimited list of manifest groups

---
 .../PreauthenticatedUserDetailsAttributeMapper.java | 13 ++++++++++++-
 ...authenticatedUserDetailsAttributeMapperTest.java |  6 ++----
 .../UWUserDetailsAuthenticationFilterTest.java      |  2 +-
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/uw-spring-security-core/src/main/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapper.java b/uw-spring-security-core/src/main/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapper.java
index cae33e0..5f49a42 100644
--- a/uw-spring-security-core/src/main/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapper.java
+++ b/uw-spring-security-core/src/main/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapper.java
@@ -85,7 +85,18 @@ public interface PreauthenticatedUserDetailsAttributeMapper {
       String emplid = request.getHeader(isisEmplidHeader);
       Collection<String> uddsMembership = safeGetHeaders(request, uddsHeader);
       String email = request.getHeader(emailAddressHeader);
-      Collection<String> manifestGroups = safeGetHeaders(request, manifestHeader);
+
+      Collection<String> manifestGroups = new ArrayList<>();
+      String manifestValue = request.getHeader(manifestHeader);
+      if (manifestValue != null) {
+        String[] manifestGroupStrings = manifestValue.split(";");
+        for (String manifestGroupString : manifestGroupStrings) {
+          if (!manifestGroupString.trim().isEmpty()) {
+            manifestGroups.add(manifestGroupString.trim());
+          }
+        }
+      }
+
       UWUserDetailsImpl result = UWUserDetailsImpl.newInstance(pvi, uid, "", cn, email, uddsMembership, manifestGroups);
       result.setSource("edu.wisc.uwss.preauth");
       result.setEppn(eppn);
diff --git a/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapperTest.java b/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapperTest.java
index 76f0501..08aa10d 100644
--- a/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapperTest.java
+++ b/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/PreauthenticatedUserDetailsAttributeMapperTest.java
@@ -73,8 +73,7 @@ public class PreauthenticatedUserDetailsAttributeMapperTest {
   @Test
   public void mapUser_isMemberOf_contains_blank_values() {
     MockHttpServletRequest request = mockRequest();
-    request.addHeader("isMemberOf", "");
-    request.addHeader("isMemberOf", "      ");
+    request.addHeader("isMemberOf", ";    ");
 
     UWUserDetails result = filter.mapUser(request);
     assertNotNull(result);
@@ -88,8 +87,7 @@ public class PreauthenticatedUserDetailsAttributeMapperTest {
   @Test
   public void mapUser_multipleManifestGroups() {
     MockHttpServletRequest request = mockRequest();
-    request.addHeader("isMemberOf", "uw:domain:onegroup");
-    request.addHeader("isMemberOf", "uw:domain:anothergroup");
+    request.addHeader("isMemberOf", "uw:domain:onegroup;uw:domain:anothergroup");
 
     UWUserDetails result = filter.mapUser(request);
     assertNotNull(result);
diff --git a/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/UWUserDetailsAuthenticationFilterTest.java b/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/UWUserDetailsAuthenticationFilterTest.java
index 539d7fb..324dbd6 100644
--- a/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/UWUserDetailsAuthenticationFilterTest.java
+++ b/uw-spring-security-core/src/test/java/edu/wisc/uwss/preauth/UWUserDetailsAuthenticationFilterTest.java
@@ -38,7 +38,7 @@ public class UWUserDetailsAuthenticationFilterTest {
 		when(request.getHeader("cn")).thenReturn("Bucky Badger");
 		when(request.getHeaders("wisceduudds")).thenReturn(Collections.enumeration(Arrays.asList("A061234")));
 		when(request.getHeader("mail")).thenReturn("foo@foo.wisc.edu");
-    when(request.getHeaders("isMemberOf")).thenReturn(Collections.enumeration(Arrays.asList("somegroup")));
+    when(request.getHeader("isMemberOf")).thenReturn("somegroup");
 		UWUserDetails userDetails = filter.getPreAuthenticatedPrincipal(request);
 		assertEquals("bbadger", userDetails.getUsername());
 		assertEquals("bbadger@wisc.edu", userDetails.getEppn());
-- 
GitLab