cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-5607] Remaning UserIdToken to IdToken to match the OIDC terms closer
Date Thu, 18 Dec 2014 12:16:47 GMT
Repository: cxf
Updated Branches:
  refs/heads/master b3d603d4e -> 9148f0447


[CXF-5607] Remaning UserIdToken to IdToken to match the OIDC terms closer


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9148f044
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9148f044
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9148f044

Branch: refs/heads/master
Commit: 9148f044720c45fc64964841bb55b76f3fa74002
Parents: b3d603d
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Dec 18 12:16:30 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Dec 18 12:16:30 2014 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/oidc/common/IdToken.java    | 61 ++++++++++++++++++++
 .../cxf/rs/security/oidc/common/UserToken.java  | 61 --------------------
 .../oidc/idp/UserInfoCodeResponseFilter.java    |  6 +-
 .../rs/security/oidc/idp/UserInfoProvider.java  |  4 +-
 .../rs/security/oidc/rp/IdTokenValidator.java   | 48 +++++++++++++++
 .../rs/security/oidc/rp/UserInfoValidator.java  | 14 ++---
 .../rs/security/oidc/rp/UserTokenValidator.java | 48 ---------------
 7 files changed, 121 insertions(+), 121 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/9148f044/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/IdToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/IdToken.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/IdToken.java
new file mode 100644
index 0000000..f805128
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/IdToken.java
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.common;
+
+import java.util.Map;
+
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+
+public class IdToken extends JwtClaims {
+    public static final String AUTH_TIME_CLAIM = "auth_time";
+    public static final String NONCE_CLAIM = "nonce";
+    public static final String ACR_CLAIM = "acr";
+    public static final String AZP_CLAIM = "azp";
+    
+    public IdToken() {
+    }
+    
+    public IdToken(Map<String, Object> claims) {
+        super(claims);
+    }
+    public void setAuthenticationTime(Long time) {
+        setProperty(AUTH_TIME_CLAIM, time);
+    }
+    public Long getAuthenticationTime() {
+        return getLongProperty(AUTH_TIME_CLAIM);
+    }
+    public void setNonce(String nonce) {
+        setProperty(NONCE_CLAIM, nonce);
+    }
+    public String getNonce() {
+        return (String)getProperty(NONCE_CLAIM);
+    }
+    public void setAuthenticationContextRef(String ref) {
+        setProperty(ACR_CLAIM, ref);
+    }
+    public String getAuthenticationContextRef() {
+        return (String)getProperty(ACR_CLAIM);
+    }
+    public void setAuthorizedParty(String azp) {
+        setProperty(AZP_CLAIM, azp);
+    }
+    public String getAuthorizedParty() {
+        return (String)getProperty(AZP_CLAIM);
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9148f044/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/UserToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/UserToken.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/UserToken.java
deleted file mode 100644
index 7654b23..0000000
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/UserToken.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oidc.common;
-
-import java.util.Map;
-
-import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
-
-public class UserToken extends JwtClaims {
-    public static final String AUTH_TIME_CLAIM = "auth_time";
-    public static final String NONCE_CLAIM = "nonce";
-    public static final String ACR_CLAIM = "acr";
-    public static final String AZP_CLAIM = "azp";
-    
-    public UserToken() {
-    }
-    
-    public UserToken(Map<String, Object> claims) {
-        super(claims);
-    }
-    public void setAuthenticationTime(Long time) {
-        setProperty(AUTH_TIME_CLAIM, time);
-    }
-    public Long getAuthenticationTime() {
-        return getLongProperty(AUTH_TIME_CLAIM);
-    }
-    public void setNonce(String nonce) {
-        setProperty(NONCE_CLAIM, nonce);
-    }
-    public String getNonce() {
-        return (String)getProperty(NONCE_CLAIM);
-    }
-    public void setAuthenticationContextRef(String ref) {
-        setProperty(ACR_CLAIM, ref);
-    }
-    public String getAuthenticationContextRef() {
-        return (String)getProperty(ACR_CLAIM);
-    }
-    public void setAuthorizedParty(String azp) {
-        setProperty(AZP_CLAIM, azp);
-    }
-    public String getAuthorizedParty() {
-        return (String)getProperty(AZP_CLAIM);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9148f044/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoCodeResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoCodeResponseFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoCodeResponseFilter.java
index e0b5a3e..42bf9ff 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoCodeResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoCodeResponseFilter.java
@@ -25,7 +25,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.provider.AccessTokenResponseFilter;
-import org.apache.cxf.rs.security.oidc.common.UserToken;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
 import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
 
 public class UserInfoCodeResponseFilter extends AbstractJwsJweProducer implements AccessTokenResponseFilter
{
@@ -33,8 +33,8 @@ public class UserInfoCodeResponseFilter extends AbstractJwsJweProducer implement
     private String issuer;
     @Override
     public void process(ClientAccessToken ct, ServerAccessToken st) {
-        UserToken token = 
-            userInfoProvider.getUserToken(st.getClient().getClientId(), st.getSubject(),
st.getScopes());
+        IdToken token = 
+            userInfoProvider.getIdToken(st.getClient().getClientId(), st.getSubject(), st.getScopes());
         token.setIssuer(issuer);
         token.setAudience(st.getClient().getClientId());
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/9148f044/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoProvider.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoProvider.java
index 0fa9c22..0a3320a 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoProvider.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoProvider.java
@@ -22,10 +22,10 @@ import java.util.List;
 
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
 import org.apache.cxf.rs.security.oidc.common.UserInfo;
-import org.apache.cxf.rs.security.oidc.common.UserToken;
 
 public interface UserInfoProvider {
-    UserToken getUserToken(String clientId, UserSubject authenticatedUser, List<OAuthPermission>
scopes);
+    IdToken getIdToken(String clientId, UserSubject authenticatedUser, List<OAuthPermission>
scopes);
     UserInfo getUserInfo(String clientId, UserSubject authenticatedUser, List<OAuthPermission>
scopes);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/9148f044/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
new file mode 100644
index 0000000..3d5a1f3
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.rp;
+
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
+import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
+
+public class IdTokenValidator extends AbstractTokenValidator {
+    private boolean requireAtHash = true;
+    
+    public IdToken getIdTokenFromJwt(ClientAccessToken at, String clientId) {
+        JwtToken jwt = getIdJwtToken(at, clientId);
+        return getIdTokenFromJwt(jwt, clientId);
+    }
+    public IdToken getIdTokenFromJwt(JwtToken jwt, String clientId) {
+        //TODO: do the extra validation if needed
+        return new IdToken(jwt.getClaims().asMap());
+    }
+    public JwtToken getIdJwtToken(ClientAccessToken at, String clientId) {
+        String idJwtToken = at.getParameters().get(OidcUtils.ID_TOKEN);
+        JwtToken jwt = getJwtToken(idJwtToken, clientId, null, false);
+        validateJwtClaims(jwt.getClaims(), clientId, true);
+        OidcUtils.validateAccessTokenHash(at, jwt, requireAtHash);
+        return jwt;
+    }
+
+    public void setRequireAtHash(boolean requireAtHash) {
+        this.requireAtHash = requireAtHash;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9148f044/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java
index e3dec47..5908a6f 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java
@@ -20,16 +20,16 @@ package org.apache.cxf.rs.security.oidc.rp;
 
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
 import org.apache.cxf.rs.security.oidc.common.UserInfo;
-import org.apache.cxf.rs.security.oidc.common.UserToken;
 
 public class UserInfoValidator extends AbstractTokenValidator {
     private boolean encryptedOnly;
     
-    public UserInfo getUserInfo(WebClient profileClient, UserToken idToken) {
+    public UserInfo getUserInfo(WebClient profileClient, IdToken idToken) {
         return getProfile(profileClient, idToken, false);
     }
-    public UserInfo getProfile(WebClient profileClient, UserToken idToken, boolean asJwt)
{
+    public UserInfo getProfile(WebClient profileClient, IdToken idToken, boolean asJwt) {
         if (asJwt) {
             String jwt = profileClient.get(String.class);
             return getUserInfoFromJwt(jwt, idToken);
@@ -39,19 +39,19 @@ public class UserInfoValidator extends AbstractTokenValidator {
             return profile;
         }
     }
-    public UserInfo getUserInfoFromJwt(String profileJwtToken, UserToken idToken) {
+    public UserInfo getUserInfoFromJwt(String profileJwtToken, IdToken idToken) {
         JwtToken jwt = getUserInfoJwt(profileJwtToken, idToken);
         return getUserInfoFromJwt(jwt, idToken);
     }
-    public UserInfo getUserInfoFromJwt(JwtToken jwt, UserToken idToken) {
+    public UserInfo getUserInfoFromJwt(JwtToken jwt, IdToken idToken) {
         UserInfo profile = new UserInfo(jwt.getClaims().asMap());
         validateUserInfo(profile, idToken);
         return profile;
     }
-    public JwtToken getUserInfoJwt(String profileJwtToken, UserToken idToken) {
+    public JwtToken getUserInfoJwt(String profileJwtToken, IdToken idToken) {
         return getJwtToken(profileJwtToken, idToken.getAudience(), (String)idToken.getProperty("kid"),
encryptedOnly);
     }
-    public void validateUserInfo(UserInfo profile, UserToken idToken) {
+    public void validateUserInfo(UserInfo profile, IdToken idToken) {
         validateJwtClaims(profile, idToken.getAudience(), false);
         // validate subject
         if (!idToken.getSubject().equals(profile.getSubject())) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/9148f044/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserTokenValidator.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserTokenValidator.java
deleted file mode 100644
index 74d6b23..0000000
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserTokenValidator.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oidc.rp;
-
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
-import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
-import org.apache.cxf.rs.security.oidc.common.UserToken;
-import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
-
-public class UserTokenValidator extends AbstractTokenValidator {
-    private boolean requireAtHash = true;
-    
-    public UserToken getIdTokenFromJwt(ClientAccessToken at, String clientId) {
-        JwtToken jwt = getIdJwtToken(at, clientId);
-        return getIdTokenFromJwt(jwt, clientId);
-    }
-    public UserToken getIdTokenFromJwt(JwtToken jwt, String clientId) {
-        //TODO: do the extra validation if needed
-        return new UserToken(jwt.getClaims().asMap());
-    }
-    public JwtToken getIdJwtToken(ClientAccessToken at, String clientId) {
-        String idJwtToken = at.getParameters().get(OidcUtils.ID_TOKEN);
-        JwtToken jwt = getJwtToken(idJwtToken, clientId, null, false);
-        validateJwtClaims(jwt.getClaims(), clientId, true);
-        OidcUtils.validateAccessTokenHash(at, jwt, requireAtHash);
-        return jwt;
-    }
-
-    public void setRequireAtHash(boolean requireAtHash) {
-        this.requireAtHash = requireAtHash;
-    }
-}


Mime
View raw message