cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Prototyping OAuth2 JWS Code filter, draft-ietf-oauth-jwsreq-01.txt
Date Thu, 27 Nov 2014 18:34:55 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 8e378c3d5 -> e80db09d3


Prototyping OAuth2 JWS Code filter, draft-ietf-oauth-jwsreq-01.txt


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e80db09d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e80db09d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e80db09d

Branch: refs/heads/3.0.x-fixes
Commit: e80db09d37d99d540cdbef7114efeb26317e3a52
Parents: 8e378c3
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Nov 27 18:31:53 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Nov 27 18:33:45 2014 +0000

----------------------------------------------------------------------
 .../cxf/jaxrs/provider/json/JsonMapObject.java  |  9 ++-
 .../grants/code/JwtRequestCodeFilter.java       | 72 ++++++++++++++++++++
 .../AuthorizationCodeRequestFilter.java         |  5 +-
 .../services/AuthorizationCodeGrantService.java |  8 ++-
 .../services/RedirectionBasedGrantService.java  |  8 ++-
 5 files changed, 94 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e80db09d/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObject.java
----------------------------------------------------------------------
diff --git a/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObject.java
b/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObject.java
index cfc98f2..88094c6 100644
--- a/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObject.java
+++ b/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObject.java
@@ -77,7 +77,14 @@ public class JsonMapObject {
             return null;
         }
     }
-    
+    public String getStringProperty(String name) {
+        Object value = getProperty(name);
+        if (value != null) {
+            return value.toString();
+        } else {
+            return null;
+        }
+    }
     public int hashCode() { 
         return values.hashCode();
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e80db09d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
new file mode 100644
index 0000000..5beb360
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
@@ -0,0 +1,72 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.grants.code;
+
+import java.util.Map;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.jaxrs.impl.MetadataMap;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.provider.AuthorizationCodeRequestFilter;
+
+public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter {
+    private static final String REQUEST_PARAM = "request";
+    private JweDecryptionProvider jweDecryptor;
+    private JwsSignatureVerifier jwsVerifier;
+    @Override
+    public MultivaluedMap<String, String> process(MultivaluedMap<String, String>
params, 
+                                                  UserSubject endUser,
+                                                  Client client) {
+        String requestToken = params.getFirst(REQUEST_PARAM);
+        if (requestToken != null) {
+            // there may be Client specific keys so we can have a map of
+            // client id to JWS and JWE handlers
+            if (jweDecryptor != null) {
+                requestToken = jweDecryptor.decrypt(requestToken).getContentText();
+            }
+            JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(requestToken);
+            if (!consumer.verifySignatureWith(jwsVerifier)) {
+                throw new SecurityException("Invalid Signature");
+            }
+            JwtClaims claims = consumer.getJwtClaims();
+            // TODO: validate claim issuer and audience
+            MultivaluedMap<String, String> newParams = new MetadataMap<String, String>();
+            Map<String, Object> claimsMap = claims.asMap();
+            for (Map.Entry<String, Object> entry : claimsMap.entrySet()) {
+                newParams.putSingle(entry.getKey(), entry.getValue().toString());
+            }
+            return newParams;
+        } else {
+            return params;
+        }
+    }
+    public void setJweDecryptor(JweDecryptionProvider jweDecryptor) {
+        this.jweDecryptor = jweDecryptor;
+    }
+
+    public void setJweVerifier(JwsSignatureVerifier theJwsVerifier) {
+        this.jwsVerifier = theJwsVerifier;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/e80db09d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java
index d9d4442..646861c 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java
@@ -20,8 +20,11 @@ package org.apache.cxf.rs.security.oauth2.provider;
 
 import javax.ws.rs.core.MultivaluedMap;
 
+import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 
 public interface AuthorizationCodeRequestFilter {
-    MultivaluedMap<String, String> process(MultivaluedMap<String, String> params,
UserSubject endUser);
+    MultivaluedMap<String, String> process(MultivaluedMap<String, String> params,

+                                           UserSubject endUser,
+                                           Client client);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e80db09d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index ec2bf75..19d3710 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -58,11 +58,13 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
     public AuthorizationCodeGrantService() {
         super(OAuthConstants.CODE_RESPONSE_TYPE, OAuthConstants.AUTHORIZATION_CODE_GRANT);
     }
-    protected Response startAuthorization(MultivaluedMap<String, String> params, UserSubject
userSubject) {
+    protected Response startAuthorization(MultivaluedMap<String, String> params, 
+                                          UserSubject userSubject,
+                                          Client client) {
         if (codeRequestFilter != null) {
-            params = codeRequestFilter.process(params, userSubject);
+            params = codeRequestFilter.process(params, userSubject, client);
         }
-        return super.startAuthorization(params, userSubject);
+        return super.startAuthorization(params, userSubject, client);
     }
     protected Response createGrant(MultivaluedMap<String, String> params,
                                    Client client,

http://git-wip-us.apache.org/repos/asf/cxf/blob/e80db09d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 351993c..3168f75 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -111,11 +111,13 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         SecurityContext sc = getAndValidateSecurityContext(params);
         // Create a UserSubject representing the end user 
         UserSubject userSubject = createUserSubject(sc);
-        return startAuthorization(params, userSubject);
+        Client client = getClient(params);
+        return startAuthorization(params, userSubject, client);
     }
         
-    protected Response startAuthorization(MultivaluedMap<String, String> params, UserSubject
userSubject) {    
-        Client client = getClient(params);
+    protected Response startAuthorization(MultivaluedMap<String, String> params, 
+                                          UserSubject userSubject,
+                                          Client client) {    
         
         // Validate the provided request URI, if any, against the ones Client provided
         // during the registration


Mime
View raw message