cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Prototyping a jws jwt auth filter
Date Wed, 19 Nov 2014 15:34:53 GMT
Repository: cxf
Updated Branches:
  refs/heads/master c4595f21f -> 4ca438df7


Prototyping a jws jwt auth filter


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4ca438df
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4ca438df
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4ca438df

Branch: refs/heads/master
Commit: 4ca438df70c5773598202c5a854df06518a44b05
Parents: c4595f2
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Wed Nov 19 16:34:09 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Wed Nov 19 16:34:09 2014 +0100

----------------------------------------------------------------------
 .../jose/jaxrs/JwsContainerRequestFilter.java   | 16 +++--
 .../jose/jaxrs/JwtJwsAuthenticationFilter.java  | 68 ++++++++++++++++++++
 .../jose/jaxrs/JwtTokenSecurityContext.java     | 34 ++++++++++
 3 files changed, 112 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/4ca438df/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
index 6ced711..1b5f5d2 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java
@@ -59,13 +59,17 @@ public class JwsContainerRequestFilter extends AbstractJwsReaderProvider
impleme
         }
     }
     protected void validateRequestContextProperty(JwsCompactConsumer c) {
-        String context = (String)JAXRSUtils.getCurrentMessage().get(JWS_CONTEXT_PROPERTY);
-        if (context != null) {
-            String headerCtx = (String)c.getJoseHeaders().getHeader(JWS_CONTEXT_PROPERTY);
-            if (headerCtx == null || !headerCtx.equals(context)) {
-                throw new SecurityException();
-            }
+        Object requestContext = JAXRSUtils.getCurrentMessage().get(JWS_CONTEXT_PROPERTY);
+        Object headerContext = c.getJoseHeaders().getHeader(JWS_CONTEXT_PROPERTY);
+        if (requestContext == null && headerContext == null) {
+            return;
+        }
+        if (requestContext == null && headerContext != null
+            || requestContext != null && headerContext == null
+            || !requestContext.equals(headerContext)) {
+            throw new SecurityException();
         }
         
+        
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/4ca438df/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtJwsAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtJwsAuthenticationFilter.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtJwsAuthenticationFilter.java
new file mode 100644
index 0000000..68d222f
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtJwsAuthenticationFilter.java
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import java.io.IOException;
+
+import javax.annotation.Priority;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.container.PreMatching;
+import javax.ws.rs.core.HttpHeaders;
+
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.security.SecurityContext;
+
+@PreMatching
+@Priority(Priorities.JWS_SERVER_READ_PRIORITY)
+public class JwtJwsAuthenticationFilter extends AbstractJwsReaderProvider implements ContainerRequestFilter
{
+    private static final String JWS_CONTEXT_PROPERTY = "org.apache.cxf.jws.context";
+    private static final String JWT_SCHEME_PROPERTY = "JWT";
+    @Override
+    public void filter(ContainerRequestContext context) throws IOException {
+        String authHeader = context.getHeaderString(HttpHeaders.AUTHORIZATION);
+        String[] schemeData = authHeader.split(" ");
+        if (schemeData.length != 2 || !JWT_SCHEME_PROPERTY.equals(schemeData[0])) {
+            throw new SecurityException();
+        }
+        
+        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
+        JwsJwtCompactConsumer p = new JwsJwtCompactConsumer(schemeData[1]);
+        if (!p.verifySignatureWith(theSigVerifier)) {
+            context.abortWith(JAXRSUtils.toResponse(400));
+            return;
+        }
+        Message m = JAXRSUtils.getCurrentMessage();
+        setRequestContextProperty(m, p);
+        JwtToken token = p.getJwtToken();
+        m.put(SecurityContext.class, new JwtTokenSecurityContext(token));
+        
+    }
+    protected void setRequestContextProperty(Message m, JwsCompactConsumer c) {
+        Object headerContext = c.getJoseHeaders().getHeader(JWS_CONTEXT_PROPERTY);
+        if (headerContext != null) {
+            m.put(JWS_CONTEXT_PROPERTY, headerContext);
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4ca438df/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtTokenSecurityContext.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtTokenSecurityContext.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtTokenSecurityContext.java
new file mode 100644
index 0000000..11a2c94
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtTokenSecurityContext.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jaxrs;
+
+import org.apache.cxf.common.security.SimpleSecurityContext;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+
+public class JwtTokenSecurityContext extends SimpleSecurityContext {
+    private JwtToken token;
+    public JwtTokenSecurityContext(JwtToken jwt) {
+        super(jwt.getClaims().getSubject());
+        this.token = jwt;
+    }
+    public JwtToken getToken() {
+        return token;
+    }
+    
+}


Mime
View raw message