cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5944] Minor updates to JWS filters
Date Wed, 24 Sep 2014 09:12:05 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 3c5cf13be -> ad3a779a2


[CXF-5944] Minor updates to JWS filters


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ad3a779a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ad3a779a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ad3a779a

Branch: refs/heads/3.0.x-fixes
Commit: ad3a779a276b84a610dc88b6aefb187f63376114
Parents: 3c5cf13
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Wed Sep 24 10:08:37 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Wed Sep 24 10:11:45 2014 +0100

----------------------------------------------------------------------
 .../cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java    | 4 +++-
 .../cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java  | 6 +++++-
 2 files changed, 8 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/ad3a779a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
index aeaa742..53cb5d2 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsClientResponseFilter.java
@@ -38,7 +38,9 @@ public class JwsClientResponseFilter extends AbstractJwsReaderProvider implement
         JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
         JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(res.getEntityStream()),

                                                       getSigProperties());
-        p.verifySignatureWith(theSigVerifier);
+        if (!p.verifySignatureWith(theSigVerifier)) {
+            throw new SecurityException();
+        }
         byte[] bytes = p.getDecodedJwsPayloadBytes();
         res.setEntityStream(new ByteArrayInputStream(bytes));
         res.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));

http://git-wip-us.apache.org/repos/asf/cxf/blob/ad3a779a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
index d80aa38..4938706 100644
--- a/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2-jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
@@ -27,6 +27,7 @@ import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.container.PreMatching;
 
 import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
 import org.apache.cxf.rs.security.jose.jwt.JwtUtils;
@@ -40,7 +41,10 @@ public class JwsContainerRequestFilter extends AbstractJwsReaderProvider
impleme
         JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
         JwsCompactConsumer p = new JwsCompactConsumer(IOUtils.readStringFromStream(context.getEntityStream()),

                                                       getSigProperties());
-        p.verifySignatureWith(theSigVerifier);
+        if (!p.verifySignatureWith(theSigVerifier)) {
+            context.abortWith(JAXRSUtils.toResponse(400));
+            return;
+        }
         byte[] bytes = p.getDecodedJwsPayloadBytes();
         context.setEntityStream(new ByteArrayInputStream(bytes));
         context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));


Mime
View raw message