cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Prototyping some code supporting an implicit link between a JWT user token encoded as a header and a signed payload
Date Tue, 18 Nov 2014 22:28:18 GMT
Repository: cxf
Updated Branches:
  refs/heads/master ba48172e9 -> c4595f21f


Prototyping some code supporting an implicit link between a JWT user token encoded as a header
and a signed payload


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c4595f21
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c4595f21
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c4595f21

Branch: refs/heads/master
Commit: c4595f21f88a1129df4bf1e10898d36e375529aa
Parents: ba48172
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Nov 18 23:27:54 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Nov 18 23:27:54 2014 +0100

----------------------------------------------------------------------
 .../security/jose/jaxrs/AbstractJwsWriterProvider.java  |  8 +++++++-
 .../security/jose/jaxrs/JwsContainerRequestFilter.java  | 12 ++++++++++++
 .../rs/security/jose/jaxrs/JwsWriterInterceptor.java    |  1 +
 3 files changed, 20 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/c4595f21/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
index ff0a5aa..139f20f 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java
@@ -35,7 +35,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 public class AbstractJwsWriterProvider {
     private static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties";
     private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties";
-    
+    private static final String JWS_CONTEXT_PROPERTY = "org.apache.cxf.jws.context";
     private JwsSignatureProvider sigProvider;
     
     public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
@@ -56,6 +56,12 @@ public class AbstractJwsWriterProvider {
         headers.setAlgorithm(theSigProvider.getAlgorithm());
         return theSigProvider;
     }
+    protected void setRequestContextProperty(Message m, JoseHeaders headers) {    
+        String context = (String)m.getContextualProperty(JWS_CONTEXT_PROPERTY);
+        if (context != null) {
+            headers.setHeader(JWS_CONTEXT_PROPERTY, context);
+        }
+    }
     protected void writeJws(JwsCompactProducer p, JwsSignatureProvider theSigProvider, OutputStream
os) 
         throws IOException {
         p.signWith(theSigProvider);

http://git-wip-us.apache.org/repos/asf/cxf/blob/c4595f21/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
index e3b4ba4..6ced711 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
@@ -36,6 +36,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
 @PreMatching
 @Priority(Priorities.JWS_SERVER_READ_PRIORITY)
 public class JwsContainerRequestFilter extends AbstractJwsReaderProvider implements ContainerRequestFilter
{
+    private static final String JWS_CONTEXT_PROPERTY = "org.apache.cxf.jws.context";
     @Override
     public void filter(ContainerRequestContext context) throws IOException {
         if (HttpMethod.GET.equals(context.getMethod())) {
@@ -47,6 +48,7 @@ public class JwsContainerRequestFilter extends AbstractJwsReaderProvider
impleme
             context.abortWith(JAXRSUtils.toResponse(400));
             return;
         }
+        validateRequestContextProperty(p);
         byte[] bytes = p.getDecodedJwsPayloadBytes();
         context.setEntityStream(new ByteArrayInputStream(bytes));
         context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length));
@@ -56,4 +58,14 @@ public class JwsContainerRequestFilter extends AbstractJwsReaderProvider
impleme
             context.getHeaders().putSingle("Content-Type", ct);
         }
     }
+    protected void validateRequestContextProperty(JwsCompactConsumer c) {
+        String context = (String)JAXRSUtils.getCurrentMessage().get(JWS_CONTEXT_PROPERTY);
+        if (context != null) {
+            String headerCtx = (String)c.getJoseHeaders().getHeader(JWS_CONTEXT_PROPERTY);
+            if (headerCtx == null || !headerCtx.equals(context)) {
+                throw new SecurityException();
+            }
+        }
+        
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/c4595f21/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java
index c79f305..44eb42f 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java
@@ -102,6 +102,7 @@ public class JwsWriterInterceptor extends AbstractJwsWriterProvider implements
W
             }
         }
     }
+    
     private void setJoseMediaType(WriterInterceptorContext ctx) {
         MediaType joseMediaType = JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE);
         ctx.setMediaType(joseMediaType);


Mime
View raw message