cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Refactoring the OAuth2 client code filter code, adapting it to OIDC
Date Wed, 24 Dec 2014 13:49:41 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 83cce3a23 -> cdb742bac


Refactoring the OAuth2 client code filter code, adapting it to OIDC


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/cdb742ba
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/cdb742ba
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/cdb742ba

Branch: refs/heads/3.0.x-fixes
Commit: cdb742bacf1e98488aecd49d12de6491c6528ea5
Parents: 83cce3a
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Wed Dec 24 13:46:32 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Wed Dec 24 13:49:20 2014 +0000

----------------------------------------------------------------------
 .../oauth2/client/ClientCodeRequest.java        |  56 --------
 .../ClientCodeRequestContextProvider.java       |  31 -----
 .../oauth2/client/ClientCodeRequestFilter.java  |  61 +++++----
 .../client/ClientCodeRequestProvider.java       |  28 ----
 .../oauth2/client/ClientCodeStateManager.java   |  30 +++++
 .../oauth2/client/ClientCodeStateProvider.java  |  32 -----
 .../oauth2/client/ClientTokenContext.java       |  48 +++++++
 .../client/ClientTokenContextManager.java       |  27 ++++
 .../client/ClientTokenContextProvider.java      |  31 +++++
 .../client/JoseClientCodeStateManager.java      | 126 ++++++++++++++++++
 .../client/JoseClientCodeStateProvider.java     | 129 -------------------
 .../client/MemoryClientCodeRequestProvider.java |  50 -------
 .../client/MemoryClientCodeStateManager.java    |  45 +++++++
 .../client/MemoryClientCodeStateProvider.java   |  47 -------
 .../client/MemoryClientTokenContextManager.java |  49 +++++++
 .../oauth2/client/OAuthClientUtils.java         |  20 +++
 .../cxf/rs/security/oidc/rp/UserInfoClient.java |  71 ++++++++++
 .../rs/security/oidc/rp/UserInfoValidator.java  |  65 ----------
 18 files changed, 486 insertions(+), 460 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequest.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequest.java
deleted file mode 100644
index 0a5dd0b..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequest.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.client;
-
-import java.io.Serializable;
-
-import javax.ws.rs.core.MultivaluedMap;
-
-import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
-
-public class ClientCodeRequest implements Serializable {
-    private static final long serialVersionUID = -3501237730333195311L;
-    private ClientAccessToken token;
-    private MultivaluedMap<String, String> state;
-    private String userName;
-    
-    public ClientAccessToken getToken() {
-        return token;
-    }
-
-    public void setToken(ClientAccessToken token) {
-        this.token = token;
-    }
-
-    public MultivaluedMap<String, String> getState() {
-        return state;
-    }
-
-    public void setState(MultivaluedMap<String, String> state) {
-        this.state = state;
-    }
-
-    public String getUserName() {
-        return userName;
-    }
-
-    public void setUserName(String userName) {
-        this.userName = userName;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestContextProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestContextProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestContextProvider.java
deleted file mode 100644
index ee18e2c..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestContextProvider.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.client;
-
-import org.apache.cxf.jaxrs.ext.ContextProvider;
-import org.apache.cxf.message.Message;
-
-public class ClientCodeRequestContextProvider implements ContextProvider<ClientCodeRequest> {
-
-    @Override
-    public ClientCodeRequest createContext(Message m) {
-        return m.getContent(ClientCodeRequest.class);
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index a41dc21..a71f644 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -27,6 +27,7 @@ import javax.ws.rs.Priorities;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.container.PreMatching;
+import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
@@ -34,6 +35,7 @@ import javax.ws.rs.core.SecurityContext;
 import javax.ws.rs.core.UriInfo;
 
 import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.jaxrs.utils.FormUtils;
@@ -46,14 +48,22 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 @PreMatching
 @Priority(Priorities.AUTHENTICATION + 1)
 public class ClientCodeRequestFilter implements ContainerRequestFilter {
-
+    @Context
+    private MessageContext mc;
+    
     private String scopes;
     private String relRedirectUri;
     private String startUri;
     private String authorizationServiceUri;
+<<<<<<< HEAD
     private OAuthClientUtils.Consumer consumer;
     private ClientCodeStateProvider clientStateProvider;
     private ClientCodeRequestProvider clientRequestProvider;
+=======
+    private Consumer consumer;
+    private ClientCodeStateManager clientStateManager;
+    private ClientTokenContextManager clientTokenContextManager;
+>>>>>>> 27c1bb5... Refactoring the OAuth2 client code filter code, adapting it to OIDC
     private WebClient accessTokenService;
     
     @Override
@@ -64,8 +74,8 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
         }
         UriInfo ui = rc.getUriInfo();
         if (ui.getPath().endsWith(startUri)) {
-            if (clientRequestProvider != null) {
-                ClientCodeRequest request = clientRequestProvider.getCodeRequest(sc, ui);
+            if (clientTokenContextManager != null) {
+                ClientTokenContext request = clientTokenContextManager.getClientTokenContext(mc);
                 if (request != null) {
                     setClientCodeRequest(request);
                     rc.setRequestUri(URI.create(relRedirectUri));
@@ -91,7 +101,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
     private URI getAbsoluteRedirectUri(UriInfo ui) {
         return ui.getBaseUriBuilder().path(relRedirectUri).build();
     }
-    private void processCodeResponse(ContainerRequestContext rc, SecurityContext sc, UriInfo ui) {
+    protected void processCodeResponse(ContainerRequestContext rc, SecurityContext sc, UriInfo ui) {
         MultivaluedMap<String, String> params = ui.getQueryParameters();
         String codeParam = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
         AccessTokenGrant grant = new AuthorizationCodeGrant(codeParam, getAbsoluteRedirectUri(ui));
@@ -100,25 +110,28 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
                                                                grant);
         MultivaluedMap<String, String> state = null;
         String stateParam = params.getFirst(OAuthConstants.STATE);
-        if (clientStateProvider != null) {
-            state = clientStateProvider.toState(sc, ui, stateParam);
+        if (clientStateManager != null) {
+            state = clientStateManager.toState(mc, stateParam);
         }
-        ClientCodeRequest request = new ClientCodeRequest();
+        ClientTokenContext request = createTokenContext(at);
         request.setToken(at);
         request.setState(state);
-        request.setUserName(sc.getUserPrincipal().getName());
-        if (clientStateProvider != null) {
-            clientRequestProvider.setCodeRequest(sc, ui, request);
+        if (clientTokenContextManager != null) {
+            clientTokenContextManager.setClientTokenContext(mc, request);
         }
         setClientCodeRequest(request);
     }
     
-    private void setClientCodeRequest(ClientCodeRequest request) {
-        JAXRSUtils.getCurrentMessage().setContent(ClientCodeRequest.class, request);
+    protected ClientTokenContext createTokenContext(ClientAccessToken at) {
+        return new ClientTokenContext();
+    }
+    
+    private void setClientCodeRequest(ClientTokenContext request) {
+        JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, request);
     }
 
     private String createRequestState(ContainerRequestContext rc, SecurityContext sc, UriInfo ui) {
-        if (clientStateProvider == null) {
+        if (clientStateManager == null) {
             return null;
         }
         MultivaluedMap<String, String> state = new MetadataMap<String, String>();
@@ -127,7 +140,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
             String body = FormUtils.readBody(rc.getEntityStream(), "UTF-8");
             FormUtils.populateMapFromString(state, JAXRSUtils.getCurrentMessage(), body, "UTF-8", false);
         }
-        return clientStateProvider.toString(sc, ui, state);
+        return clientStateManager.toString(mc, state);
     }
 
     public void setScopeList(List<String> list) {
@@ -152,10 +165,6 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
         this.authorizationServiceUri = authorizationServiceUri;
     }
 
-    public void setConsumer(OAuthClientUtils.Consumer consumer) {
-        this.consumer = consumer;
-    }
-
     public void setRelativeRedirectUri(String redirectUri) {
         this.relRedirectUri = redirectUri;
     }
@@ -164,11 +173,19 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
         this.accessTokenService = accessTokenService;
     }
 
-    public void setClientStateProvider(ClientCodeStateProvider clientStateProvider) {
-        this.clientStateProvider = clientStateProvider;
+    public void setClientStateManager(ClientCodeStateManager clientStateManager) {
+        this.clientStateManager = clientStateManager;
+    }
+    public void setClientTokenContextManager(ClientTokenContextManager clientTokenContextManager) {
+        this.clientTokenContextManager = clientTokenContextManager;
+    }
+
+    public OAuthClientUtils.Consumer getConsumer() {
+        return consumer;
     }
-    public void setClientRequestProvider(ClientCodeRequestProvider clientRequestProvider) {
-        this.clientRequestProvider = clientRequestProvider;
+
+    public void setConsumer(OAuthClientUtils.Consumer consumer) {
+        this.consumer = consumer;
     }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestProvider.java
deleted file mode 100644
index ec92d25..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestProvider.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.client;
-
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.core.UriInfo;
-
-public interface ClientCodeRequestProvider {
-    void setCodeRequest(SecurityContext sc, UriInfo ui, ClientCodeRequest request);
-    ClientCodeRequest getCodeRequest(SecurityContext sc, UriInfo ui);
-    void removeCodeRequest(ClientCodeRequest request);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateManager.java
new file mode 100644
index 0000000..54c4479
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateManager.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+
+public interface ClientCodeStateManager {
+    String toString(MessageContext mc,
+                    MultivaluedMap<String, String> state);
+    MultivaluedMap<String, String> toState(MessageContext mc,
+                                           String stateParam);
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateProvider.java
deleted file mode 100644
index d51e7b3..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateProvider.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.client;
-
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.core.UriInfo;
-
-public interface ClientCodeStateProvider {
-    String toString(SecurityContext sc, 
-                    UriInfo ui,
-                    MultivaluedMap<String, String> state);
-    MultivaluedMap<String, String> toState(SecurityContext sc, 
-                                           UriInfo ui,
-                                           String stateParam);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContext.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContext.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContext.java
new file mode 100644
index 0000000..db42f8e
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContext.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import java.io.Serializable;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+
+public class ClientTokenContext implements Serializable {
+    private static final long serialVersionUID = -3501237730333195311L;
+    private ClientAccessToken token;
+    private MultivaluedMap<String, String> state;
+    
+    public ClientAccessToken getToken() {
+        return token;
+    }
+
+    public void setToken(ClientAccessToken token) {
+        this.token = token;
+    }
+
+    public MultivaluedMap<String, String> getState() {
+        return state;
+    }
+
+    public void setState(MultivaluedMap<String, String> state) {
+        this.state = state;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextManager.java
new file mode 100644
index 0000000..1034a9a
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextManager.java
@@ -0,0 +1,27 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+
+public interface ClientTokenContextManager {
+    void setClientTokenContext(MessageContext mc, ClientTokenContext ctx);
+    ClientTokenContext getClientTokenContext(MessageContext mc);
+    void removeClientTokenContext(MessageContext mc, ClientTokenContext ctx);
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextProvider.java
new file mode 100644
index 0000000..0231508
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextProvider.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import org.apache.cxf.jaxrs.ext.ContextProvider;
+import org.apache.cxf.message.Message;
+
+public class ClientTokenContextProvider implements ContextProvider<ClientTokenContext> {
+
+    @Override
+    public ClientTokenContext createContext(Message m) {
+        return m.getContent(ClientTokenContext.class);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java
new file mode 100644
index 0000000..e3ed11c
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java
@@ -0,0 +1,126 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider;
+
+public class JoseClientCodeStateManager implements ClientCodeStateManager {
+    
+    private JwsSignatureProvider sigProvider;
+    private JweEncryptionProvider encryptionProvider;
+    private JweDecryptionProvider decryptionProvider;
+    private JwsSignatureVerifier signatureVerifier;
+    private JsonMapObjectReaderWriter jsonp = new JsonMapObjectReaderWriter();
+    @Override
+    public String toString(MessageContext mc, MultivaluedMap<String, String> state) {
+        
+        Map<String, Object> stateMap = CastUtils.cast((Map<?, ?>)state);
+        String json = jsonp.toJson(stateMap);
+        
+        JwsCompactProducer producer = new JwsCompactProducer(json);
+        JwsSignatureProvider theSigProvider = getInitializedSigProvider();
+        String stateParam = producer.signWith(theSigProvider);
+        
+        JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
+        if (theEncryptionProvider != null) {
+            stateParam = theEncryptionProvider.encrypt(StringUtils.toBytesUTF8(stateParam), null);
+        }
+        return stateParam;
+    }
+
+    @Override
+    public MultivaluedMap<String, String> toState(MessageContext mc, String stateParam) {
+        
+        JweDecryptionProvider jwe = getInitializedDecryptionProvider();
+        if (jwe != null) {
+            stateParam = jwe.decrypt(stateParam).getContentText();
+        }
+        JwsCompactConsumer jws = new JwsCompactConsumer(stateParam);
+        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
+        if (!jws.verifySignatureWith(theSigVerifier)) {
+            throw new SecurityException();
+        }
+        String json = jws.getUnsignedEncodedSequence();
+        Map<String, List<String>> map = CastUtils.cast((Map<?, ?>)jsonp.fromJson(json));
+        //CHECKSTYLE:OFF
+        return (MultivaluedMap<String, String>)map;
+        //CHECKSTYLE:ON
+    }
+    
+    public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
+        this.sigProvider = signatureProvider;
+    }
+    
+    protected JwsSignatureProvider getInitializedSigProvider() {
+        if (sigProvider != null) {
+            return sigProvider;    
+        } 
+        JwsSignatureProvider theSigProvider = JwsUtils.loadSignatureProvider(false);
+        if (theSigProvider == null) {
+            theSigProvider = new NoneJwsSignatureProvider();
+        }
+        return theSigProvider;
+    }
+    public void setDecryptionProvider(JweDecryptionProvider decProvider) {
+        this.decryptionProvider = decProvider;
+    }
+    protected JweDecryptionProvider getInitializedDecryptionProvider() {
+        if (decryptionProvider != null) {
+            return decryptionProvider;    
+        } 
+        return JweUtils.loadDecryptionProvider(false);
+    }
+    public void setSignatureVerifier(JwsSignatureVerifier signatureVerifier) {
+        this.signatureVerifier = signatureVerifier;
+    }
+    
+    protected JwsSignatureVerifier getInitializedSigVerifier() {
+        if (signatureVerifier != null) {
+            return signatureVerifier;    
+        } 
+        return JwsUtils.loadSignatureVerifier(false);
+    }
+    public void setEncryptionProvider(JweEncryptionProvider encProvider) {
+        this.encryptionProvider = encProvider;
+    }
+    protected JweEncryptionProvider getInitializedEncryptionProvider() {
+        if (encryptionProvider != null) {
+            return encryptionProvider;    
+        } 
+        return JweUtils.loadEncryptionProvider(false);
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateProvider.java
deleted file mode 100644
index 290d76e..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateProvider.java
+++ /dev/null
@@ -1,129 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.client;
-
-import java.util.List;
-import java.util.Map;
-
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.core.UriInfo;
-
-import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.helpers.CastUtils;
-import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
-import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
-import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-import org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider;
-
-public class JoseClientCodeStateProvider implements ClientCodeStateProvider {
-    
-    private JwsSignatureProvider sigProvider;
-    private JweEncryptionProvider encryptionProvider;
-    private JweDecryptionProvider decryptionProvider;
-    private JwsSignatureVerifier signatureVerifier;
-    private JsonMapObjectReaderWriter jsonp = new JsonMapObjectReaderWriter();
-    @Override
-    public String toString(SecurityContext sc, UriInfo ui,
-            MultivaluedMap<String, String> state) {
-        
-        Map<String, Object> stateMap = CastUtils.cast((Map<?, ?>)state);
-        String json = jsonp.toJson(stateMap);
-        
-        JwsCompactProducer producer = new JwsCompactProducer(json);
-        JwsSignatureProvider theSigProvider = getInitializedSigProvider();
-        String stateParam = producer.signWith(theSigProvider);
-        
-        JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
-        if (theEncryptionProvider != null) {
-            stateParam = theEncryptionProvider.encrypt(StringUtils.toBytesUTF8(stateParam), null);
-        }
-        return stateParam;
-    }
-
-    @Override
-    public MultivaluedMap<String, String> toState(SecurityContext sc,
-            UriInfo ui, String stateParam) {
-        
-        JweDecryptionProvider jwe = getInitializedDecryptionProvider();
-        if (jwe != null) {
-            stateParam = jwe.decrypt(stateParam).getContentText();
-        }
-        JwsCompactConsumer jws = new JwsCompactConsumer(stateParam);
-        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
-        if (!jws.verifySignatureWith(theSigVerifier)) {
-            throw new SecurityException();
-        }
-        String json = jws.getUnsignedEncodedSequence();
-        Map<String, List<String>> map = CastUtils.cast((Map<?, ?>)jsonp.fromJson(json));
-        //CHECKSTYLE:OFF
-        return (MultivaluedMap<String, String>)map;
-        //CHECKSTYLE:ON
-    }
-    
-    public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
-        this.sigProvider = signatureProvider;
-    }
-    
-    protected JwsSignatureProvider getInitializedSigProvider() {
-        if (sigProvider != null) {
-            return sigProvider;    
-        } 
-        JwsSignatureProvider theSigProvider = JwsUtils.loadSignatureProvider(false);
-        if (theSigProvider == null) {
-            theSigProvider = new NoneJwsSignatureProvider();
-        }
-        return theSigProvider;
-    }
-    public void setDecryptionProvider(JweDecryptionProvider decProvider) {
-        this.decryptionProvider = decProvider;
-    }
-    protected JweDecryptionProvider getInitializedDecryptionProvider() {
-        if (decryptionProvider != null) {
-            return decryptionProvider;    
-        } 
-        return JweUtils.loadDecryptionProvider(false);
-    }
-    public void setSignatureVerifier(JwsSignatureVerifier signatureVerifier) {
-        this.signatureVerifier = signatureVerifier;
-    }
-    
-    protected JwsSignatureVerifier getInitializedSigVerifier() {
-        if (signatureVerifier != null) {
-            return signatureVerifier;    
-        } 
-        return JwsUtils.loadSignatureVerifier(false);
-    }
-    public void setEncryptionProvider(JweEncryptionProvider encProvider) {
-        this.encryptionProvider = encProvider;
-    }
-    protected JweEncryptionProvider getInitializedEncryptionProvider() {
-        if (encryptionProvider != null) {
-            return encryptionProvider;    
-        } 
-        return JweUtils.loadEncryptionProvider(false);
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeRequestProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeRequestProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeRequestProvider.java
deleted file mode 100644
index 09412b0..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeRequestProvider.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.client;
-
-import java.util.concurrent.ConcurrentHashMap;
-
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.core.UriInfo;
-
-public class MemoryClientCodeRequestProvider implements ClientCodeRequestProvider {
-    private ConcurrentHashMap<String, ClientCodeRequest> map = 
-            new ConcurrentHashMap<String, ClientCodeRequest>();
-
-    @Override
-    public void setCodeRequest(SecurityContext sc, UriInfo ui, ClientCodeRequest request) {
-        map.put(getKey(sc), request);
-        
-    }
-
-    private String getKey(SecurityContext sc) {
-        return sc.getUserPrincipal().getName();
-    }
-
-    @Override
-    public ClientCodeRequest getCodeRequest(SecurityContext sc, UriInfo ui) {
-        // TODO: support an automatic removal based on the token expires property
-        return map.remove(getKey(sc));
-    }
-
-    @Override
-    public void removeCodeRequest(ClientCodeRequest request) {
-        map.remove(request.getUserName());
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
new file mode 100644
index 0000000..f6a23b2
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+
+public class MemoryClientCodeStateManager implements ClientCodeStateManager {
+    private ConcurrentHashMap<String, MultivaluedMap<String, String>> map = 
+            new ConcurrentHashMap<String, MultivaluedMap<String, String>>();
+    
+    @Override
+    public String toString(MessageContext mc, MultivaluedMap<String, String> state) {
+        String name = mc.getSecurityContext().getUserPrincipal().getName();
+        String hashCode = Integer.toString(name.hashCode());
+        map.put(hashCode, state);
+        return hashCode;
+    }
+
+    @Override
+    public MultivaluedMap<String, String> toState(MessageContext mc, String stateParam) {
+        String name = mc.getSecurityContext().getUserPrincipal().getName();
+        String hashCode = Integer.toString(name.hashCode());
+        return map.remove(hashCode);
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateProvider.java
deleted file mode 100644
index ecc147b..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateProvider.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.client;
-
-import java.util.concurrent.ConcurrentHashMap;
-
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.core.UriInfo;
-
-public class MemoryClientCodeStateProvider implements ClientCodeStateProvider {
-    private ConcurrentHashMap<String, MultivaluedMap<String, String>> map = 
-            new ConcurrentHashMap<String, MultivaluedMap<String, String>>();
-    
-    @Override
-    public String toString(SecurityContext sc, UriInfo ui,
-            MultivaluedMap<String, String> state) {
-        String name = sc.getUserPrincipal().getName();
-        String hashCode = Integer.toString(name.hashCode());
-        map.put(hashCode, state);
-        return hashCode;
-    }
-
-    @Override
-    public MultivaluedMap<String, String> toState(SecurityContext sc,
-            UriInfo ui, String stateParam) {
-        String name = sc.getUserPrincipal().getName();
-        String hashCode = Integer.toString(name.hashCode());
-        return map.remove(hashCode);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
new file mode 100644
index 0000000..a10191e
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+
+public class MemoryClientTokenContextManager implements ClientTokenContextManager {
+    private ConcurrentHashMap<String, ClientTokenContext> map = 
+            new ConcurrentHashMap<String, ClientTokenContext>();
+
+    @Override
+    public void setClientTokenContext(MessageContext mc, ClientTokenContext request) {
+        map.put(getKey(mc), request);
+        
+    }
+
+    private String getKey(MessageContext mc) {
+        return mc.getSecurityContext().getUserPrincipal().getName();
+    }
+
+    @Override
+    public ClientTokenContext getClientTokenContext(MessageContext mc) {
+        // TODO: support an automatic removal based on the token expires property
+        return map.remove(getKey(mc));
+    }
+
+    @Override
+    public void removeClientTokenContext(MessageContext mc, ClientTokenContext request) {
+        map.remove(getKey(mc));
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
index 19258ac..5a4bf78 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
@@ -36,6 +36,7 @@ import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.OAuthError;
+import org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrant;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.tokens.hawk.HawkAuthorizationScheme;
@@ -210,6 +211,25 @@ public final class OAuthClientUtils {
         return getAccessToken(accessTokenService, consumer, grant, extraParams, 
                               null, setAuthorizationHeader);
     }
+    public static ClientAccessToken refreshAccessToken(WebClient accessTokenService,
+                                                       ClientAccessToken at) {
+        return refreshAccessToken(accessTokenService, null, at, null, true);
+    }
+    public static ClientAccessToken refreshAccessToken(WebClient accessTokenService,
+                                                       Consumer consumer,
+                                                       ClientAccessToken at) {
+        return refreshAccessToken(accessTokenService, consumer, at, null, true);
+    }
+    public static ClientAccessToken refreshAccessToken(WebClient accessTokenService,
+                                                       Consumer consumer,
+                                                       ClientAccessToken at,
+                                                       String scope,
+                                                       boolean setAuthorizationHeader) 
+        throws OAuthServiceException {
+        RefreshTokenGrant grant = new RefreshTokenGrant(at.getRefreshToken(), scope); 
+        return getAccessToken(accessTokenService, consumer, grant, null, 
+                              at.getTokenType(), setAuthorizationHeader);
+    }
         
     /**
      * Obtains the access token from OAuth AccessToken Service 

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
new file mode 100644
index 0000000..bbd98d5
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.rp;
+
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
+import org.apache.cxf.rs.security.oidc.common.UserInfo;
+
+public class UserInfoClient extends IdTokenValidator {
+    private boolean encryptedOnly;
+    private WebClient profileClient;
+    public UserInfo getUserInfo(ClientAccessToken at, IdToken idToken) {
+        return getProfile(at, idToken, false);
+    }
+    public UserInfo getProfile(ClientAccessToken at, IdToken idToken, boolean asJwt) {
+        OAuthClientUtils.setAuthorizationHeader(profileClient, at);
+        if (asJwt) {
+            String jwt = profileClient.get(String.class);
+            return getUserInfoFromJwt(jwt, idToken);
+        } else {
+            UserInfo profile = profileClient.get(UserInfo.class);
+            validateUserInfo(profile, idToken);
+            return profile;
+        }
+    }
+    public UserInfo getUserInfoFromJwt(String profileJwtToken, IdToken idToken) {
+        JwtToken jwt = getUserInfoJwt(profileJwtToken, idToken);
+        return getUserInfoFromJwt(jwt, idToken);
+    }
+    public UserInfo getUserInfoFromJwt(JwtToken jwt, IdToken idToken) {
+        UserInfo profile = new UserInfo(jwt.getClaims().asMap());
+        validateUserInfo(profile, idToken);
+        return profile;
+    }
+    public JwtToken getUserInfoJwt(String profileJwtToken, IdToken idToken) {
+        return getJwtToken(profileJwtToken, idToken.getAudience(), (String)idToken.getProperty("kid"), encryptedOnly);
+    }
+    public void validateUserInfo(UserInfo profile, IdToken idToken) {
+        validateJwtClaims(profile, idToken.getAudience(), false);
+        // validate subject
+        if (!idToken.getSubject().equals(profile.getSubject())) {
+            throw new SecurityException("Invalid subject");
+        }
+    }
+    public void setEncryptedOnly(boolean encryptedOnly) {
+        this.encryptedOnly = encryptedOnly;
+    }
+    public void setProfileClient(WebClient profileClient) {
+        this.profileClient = profileClient;
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/cdb742ba/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java
deleted file mode 100644
index 5908a6f..0000000
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oidc.rp;
-
-import org.apache.cxf.jaxrs.client.WebClient;
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
-import org.apache.cxf.rs.security.oidc.common.IdToken;
-import org.apache.cxf.rs.security.oidc.common.UserInfo;
-
-public class UserInfoValidator extends AbstractTokenValidator {
-    private boolean encryptedOnly;
-    
-    public UserInfo getUserInfo(WebClient profileClient, IdToken idToken) {
-        return getProfile(profileClient, idToken, false);
-    }
-    public UserInfo getProfile(WebClient profileClient, IdToken idToken, boolean asJwt) {
-        if (asJwt) {
-            String jwt = profileClient.get(String.class);
-            return getUserInfoFromJwt(jwt, idToken);
-        } else {
-            UserInfo profile = profileClient.get(UserInfo.class);
-            validateUserInfo(profile, idToken);
-            return profile;
-        }
-    }
-    public UserInfo getUserInfoFromJwt(String profileJwtToken, IdToken idToken) {
-        JwtToken jwt = getUserInfoJwt(profileJwtToken, idToken);
-        return getUserInfoFromJwt(jwt, idToken);
-    }
-    public UserInfo getUserInfoFromJwt(JwtToken jwt, IdToken idToken) {
-        UserInfo profile = new UserInfo(jwt.getClaims().asMap());
-        validateUserInfo(profile, idToken);
-        return profile;
-    }
-    public JwtToken getUserInfoJwt(String profileJwtToken, IdToken idToken) {
-        return getJwtToken(profileJwtToken, idToken.getAudience(), (String)idToken.getProperty("kid"), encryptedOnly);
-    }
-    public void validateUserInfo(UserInfo profile, IdToken idToken) {
-        validateJwtClaims(profile, idToken.getAudience(), false);
-        // validate subject
-        if (!idToken.getSubject().equals(profile.getSubject())) {
-            throw new SecurityException("Invalid subject");
-        }
-    }
-    public void setEncryptedOnly(boolean encryptedOnly) {
-        this.encryptedOnly = encryptedOnly;
-    }
-    
-}


Mime
View raw message