- String principalName = tresp.getPrincipal().getName();
- if(principalName.equals(id) // We do trust our own App Components: if a trust entry is made with self, always accept
- || lur.fish(tresp.getPrincipal(), perm)) { // Have Perm set by Config.CADI_TRUST_PERM
- String desc = " " + flds[0] + " validated using " + flds[2] + " by " + flds[1] + ',';
- return new TrustTafResp(tresp, new TrustPrincipal(tresp.getPrincipal(), flds[0]), desc);
- } else if(principalName.equals(flds[0])) { // Ignore if same identity
- return tresp;
- } else {
- String desc = tresp.getPrincipal().getName() + " requested trust as " + flds[0] + ", but does not have Authorization";
- return new TrustNotTafResp(tresp, desc);
- }
- }
+ String[] info = Split.split(',', user_info);
+ String[] flds = Split.splitTrim(':', info[0]);
+ if (flds.length < 4) {
+ return tresp;
+ }
+ if (!("AS".equals(flds[3]))) { // is it set for "AS"
+ return tresp;
+ }
+
+ String principalName = tresp.getPrincipal().getName();
+ if (principalName.equals(id) // We do trust our own App Components: if a trust entry is made with self, always accept
+ || lur.fish(tresp.getPrincipal(), perm)) { // Have Perm set by Config.CADI_TRUST_PERM
+ String desc = " " + flds[0] + " validated using " + flds[2] + " by " + flds[1] + ',';
+ return new TrustTafResp(tresp, new TrustPrincipal(tresp.getPrincipal(), flds[0]), desc);
+ } else if (principalName.equals(flds[0])) { // Ignore if same identity
+ return tresp;
+ } else {
+ String desc = tresp.getPrincipal().getName() + " requested trust as " + flds[0] + ", but does not have Authorization";
+ return new TrustNotTafResp(tresp, desc);
+ }
+ }