cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Few more updates to the Hawk validators
Date Wed, 10 Dec 2014 17:13:17 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes ea30a2c24 -> 75d408048


Few more updates to the Hawk validators


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/75d40804
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/75d40804
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/75d40804

Branch: refs/heads/3.0.x-fixes
Commit: 75d40804807fe10c79b78d71be0c885aec490429
Parents: ea30a2c
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Dec 9 13:05:28 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Wed Dec 10 17:13:05 2014 +0000

----------------------------------------------------------------------
 .../hawk/AbstractHawkAccessTokenValidator.java  | 30 +++++++++++++++++---
 .../tokens/hawk/HawkAccessTokenValidator.java   |  8 ++----
 .../hawk/HawkAccessTokenValidatorClient.java    | 20 +++++++++++++
 3 files changed, 48 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/75d40804/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
index 82f655e..9a2e25d 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.rs.security.oauth2.tokens.hawk;
 
+import java.net.URI;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
@@ -38,7 +39,10 @@ import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 
 public abstract class AbstractHawkAccessTokenValidator implements AccessTokenValidator {
+    protected static final String HTTP_VERB = "http.verb";
+    protected static final String HTTP_URI = "http.uri";
     private NonceVerifier nonceVerifier;
+    private boolean remoteSignatureValidation;
     public List<String> getSupportedAuthorizationSchemes() {
         return Collections.singletonList(OAuthConstants.HAWK_AUTHORIZATION_SCHEME);
     }
@@ -50,12 +54,22 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal
         Map<String, String> schemeParams = getSchemeParameters(authSchemeData);
         AccessTokenValidation atv = 
             getAccessTokenValidation(mc, authScheme, authSchemeData, extraProps, schemeParams);
+        if (isRemoteSignatureValidation()) {
+            return atv;
+        }
         
         String macKey = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_KEY);
         String macAlgo = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_ALGORITHM);
-            
-        HttpRequestProperties httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(),
-                                                                    mc.getHttpServletRequest().getMethod());
+        
+        
+        HttpRequestProperties httpProps = null;
+        if (extraProps != null && extraProps.containsKey(HTTP_VERB) && extraProps.containsKey(HTTP_URI))
{
+            httpProps = new HttpRequestProperties(URI.create(extraProps.getFirst(HTTP_URI)),
+                                                  extraProps.getFirst(HTTP_VERB));
+        } else {
+            httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(), 
+                                                  mc.getHttpServletRequest().getMethod());
+        }
         HawkAuthorizationScheme macAuthInfo = new HawkAuthorizationScheme(httpProps, schemeParams);
         String normalizedString = macAuthInfo.getNormalizedRequestString();
         try {
@@ -82,7 +96,7 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal
                                                                       MultivaluedMap<String,
String> extraProps,
                                                                       Map<String, String>
schemeParams);
     
-    private static Map<String, String> getSchemeParameters(String authData) {
+    protected static Map<String, String> getSchemeParameters(String authData) {
         String[] attributePairs = authData.split(",");
         Map<String, String> attributeMap = new HashMap<String, String>();
         for (String pair : attributePairs) {
@@ -101,4 +115,12 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal
     public void setNonceVerifier(NonceVerifier nonceVerifier) {
         this.nonceVerifier = nonceVerifier;
     }
+
+    public boolean isRemoteSignatureValidation() {
+        return remoteSignatureValidation;
+    }
+
+    public void setRemoteSignatureValidation(boolean remoteSignatureValidation) {
+        this.remoteSignatureValidation = remoteSignatureValidation;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/75d40804/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
index 977c531..b80deba 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
@@ -31,7 +31,6 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 
 public class HawkAccessTokenValidator extends AbstractHawkAccessTokenValidator {
     private OAuthDataProvider dataProvider;
-    private boolean remoteSignatureValidation;
         
     protected AccessTokenValidation getAccessTokenValidation(MessageContext mc,
                                                              String authScheme, 
@@ -47,7 +46,7 @@ public class HawkAccessTokenValidator extends AbstractHawkAccessTokenValidator
{
         AccessTokenValidation atv = new AccessTokenValidation(macAccessToken);
         
         // OAuth2 Pop token introspection will likely support returning a JWE-encrypted key
-        if (!remoteSignatureValidation || mc.getSecurityContext().isSecure()) {
+        if (!isRemoteSignatureValidation() || mc.getSecurityContext().isSecure()) {
             atv.getExtraProps().put(OAuthConstants.HAWK_TOKEN_KEY, macAccessToken.getMacKey());
             atv.getExtraProps().put(OAuthConstants.HAWK_TOKEN_ALGORITHM, macAccessToken.getMacAlgorithm());
         }
@@ -55,11 +54,8 @@ public class HawkAccessTokenValidator extends AbstractHawkAccessTokenValidator
{
         return atv;
     }
     
-        
     public void setDataProvider(OAuthDataProvider dataProvider) {
         this.dataProvider = dataProvider;
     }
-    public void setRemoteSignatureValidation(boolean remoteSignatureValidation) {
-        this.remoteSignatureValidation = remoteSignatureValidation;
-    }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/75d40804/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
index 4ab3a0f..3f31bd8 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
@@ -24,13 +24,33 @@ import java.util.Map;
 import javax.ws.rs.core.MultivaluedMap;
 
 import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
 import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 
 public class HawkAccessTokenValidatorClient extends AbstractHawkAccessTokenValidator {
     private AccessTokenValidator validator;
         
+    public AccessTokenValidation validateAccessToken(MessageContext mc,
+                                                     String authScheme, 
+                                                     String authSchemeData, 
+                                                     MultivaluedMap<String, String>
extraProps) 
+        throws OAuthServiceException {
+        if (isRemoteSignatureValidation()) {
+            MultivaluedMap<String, String> map = new MetadataMap<String, String>();
+            if (extraProps != null) {
+                map.putAll(extraProps);
+            }
+            map.putSingle(HTTP_VERB, mc.getRequest().getMethod());
+            map.putSingle(HTTP_URI, mc.getUriInfo().getRequestUri().toString());
+            return validator.validateAccessToken(mc, authScheme, authSchemeData, map);
+        } else {
+            return super.validateAccessToken(mc, authScheme, authSchemeData, extraProps);
+        }
+        
+    }
     protected AccessTokenValidation getAccessTokenValidation(MessageContext mc,
                                                              String authScheme, 
                                                              String authSchemeData, 


Mime
View raw message