cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Prototyping a code to make it much easier for confoidential client webapps to deal with OAuth2 authorization code flows
Date Tue, 23 Dec 2014 18:11:08 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 969eb031f -> b2db2a2b5


Prototyping a code to make it much easier for confoidential client webapps to deal with OAuth2
authorization code flows


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b2db2a2b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b2db2a2b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b2db2a2b

Branch: refs/heads/master
Commit: b2db2a2b5fa4ce39a5026731d5200881f5b0bf4a
Parents: 969eb03
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Dec 23 18:10:52 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Dec 23 18:10:52 2014 +0000

----------------------------------------------------------------------
 .../jose/jws/NoneJwsSignatureVerifier.java      |  35 ++++
 .../oauth2/client/ClientCodeRequest.java        |  56 ++++++
 .../ClientCodeRequestContextProvider.java       |  31 ++++
 .../oauth2/client/ClientCodeRequestFilter.java  | 174 +++++++++++++++++++
 .../client/ClientCodeRequestProvider.java       |  28 +++
 .../oauth2/client/ClientCodeStateProvider.java  |  32 ++++
 .../client/JoseClientCodeStateProvider.java     | 129 ++++++++++++++
 .../client/MemoryClientCodeRequestProvider.java |  50 ++++++
 .../client/MemoryClientCodeStateProvider.java   |  47 +++++
 9 files changed, 582 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/b2db2a2b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java
new file mode 100644
index 0000000..99cb770
--- /dev/null
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/NoneJwsSignatureVerifier.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jws;
+
+import org.apache.cxf.rs.security.jose.JoseHeaders;
+
+public class NoneJwsSignatureVerifier implements JwsSignatureVerifier {
+
+    @Override
+    public boolean verify(JoseHeaders headers, String unsignedText, byte[] signature) {
+        return headers.getAlgorithm().equals(getAlgorithm()) && signature.length
== 0;
+    }
+
+    @Override
+    public String getAlgorithm() {
+        return "none";
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b2db2a2b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequest.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequest.java
new file mode 100644
index 0000000..0a5dd0b
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequest.java
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import java.io.Serializable;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+
+public class ClientCodeRequest implements Serializable {
+    private static final long serialVersionUID = -3501237730333195311L;
+    private ClientAccessToken token;
+    private MultivaluedMap<String, String> state;
+    private String userName;
+    
+    public ClientAccessToken getToken() {
+        return token;
+    }
+
+    public void setToken(ClientAccessToken token) {
+        this.token = token;
+    }
+
+    public MultivaluedMap<String, String> getState() {
+        return state;
+    }
+
+    public void setState(MultivaluedMap<String, String> state) {
+        this.state = state;
+    }
+
+    public String getUserName() {
+        return userName;
+    }
+
+    public void setUserName(String userName) {
+        this.userName = userName;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b2db2a2b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestContextProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestContextProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestContextProvider.java
new file mode 100644
index 0000000..ee18e2c
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestContextProvider.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import org.apache.cxf.jaxrs.ext.ContextProvider;
+import org.apache.cxf.message.Message;
+
+public class ClientCodeRequestContextProvider implements ContextProvider<ClientCodeRequest>
{
+
+    @Override
+    public ClientCodeRequest createContext(Message m) {
+        return m.getContent(ClientCodeRequest.class);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b2db2a2b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
new file mode 100644
index 0000000..663d37d
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -0,0 +1,174 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import java.io.IOException;
+import java.net.URI;
+import java.util.List;
+
+import javax.annotation.Priority;
+import javax.ws.rs.Priorities;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.container.PreMatching;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.SecurityContext;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.jaxrs.impl.MetadataMap;
+import org.apache.cxf.jaxrs.utils.ExceptionUtils;
+import org.apache.cxf.jaxrs.utils.FormUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+@PreMatching
+@Priority(Priorities.AUTHENTICATION + 1)
+public class ClientCodeRequestFilter implements ContainerRequestFilter {
+
+    private String scopes;
+    private String relRedirectUri;
+    private String startUri;
+    private String authorizationServiceUri;
+    private Consumer consumer;
+    private ClientCodeStateProvider clientStateProvider;
+    private ClientCodeRequestProvider clientRequestProvider;
+    private WebClient accessTokenService;
+    
+    @Override
+    public void filter(ContainerRequestContext rc) throws IOException {
+        SecurityContext sc = rc.getSecurityContext();
+        if (sc == null || sc.getUserPrincipal() == null) {
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
+        }
+        UriInfo ui = rc.getUriInfo();
+        if (ui.getPath().endsWith(startUri)) {
+            if (clientRequestProvider != null) {
+                ClientCodeRequest request = clientRequestProvider.getCodeRequest(sc, ui);
+                if (request != null) {
+                    setClientCodeRequest(request);
+                    rc.setRequestUri(URI.create(relRedirectUri));
+                    return;
+                }
+            }
+            Response codeResponse = createCodeResponse(rc, sc, ui);
+            rc.abortWith(codeResponse);
+        } else if (ui.getPath().endsWith(relRedirectUri)) {
+            processCodeResponse(rc, sc, ui);
+        }
+    }
+
+    private Response createCodeResponse(ContainerRequestContext rc, SecurityContext sc, UriInfo
ui) {
+        URI uri = OAuthClientUtils.getAuthorizationURI(authorizationServiceUri, 
+                                             consumer.getKey(), 
+                                             getAbsoluteRedirectUri(ui).toString(), 
+                                             createRequestState(rc, sc, ui), 
+                                             scopes);
+        return Response.seeOther(uri).build();
+    }
+
+    private URI getAbsoluteRedirectUri(UriInfo ui) {
+        return ui.getBaseUriBuilder().path(relRedirectUri).build();
+    }
+    private void processCodeResponse(ContainerRequestContext rc, SecurityContext sc, UriInfo
ui) {
+        MultivaluedMap<String, String> params = ui.getQueryParameters();
+        String codeParam = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
+        AccessTokenGrant grant = new AuthorizationCodeGrant(codeParam, getAbsoluteRedirectUri(ui));
+        ClientAccessToken at = OAuthClientUtils.getAccessToken(accessTokenService, 
+                                                               consumer, 
+                                                               grant);
+        MultivaluedMap<String, String> state = null;
+        String stateParam = params.getFirst(OAuthConstants.STATE);
+        if (clientStateProvider != null) {
+            state = clientStateProvider.toState(sc, ui, stateParam);
+        }
+        ClientCodeRequest request = new ClientCodeRequest();
+        request.setToken(at);
+        request.setState(state);
+        request.setUserName(sc.getUserPrincipal().getName());
+        if (clientStateProvider != null) {
+            clientRequestProvider.setCodeRequest(sc, ui, request);
+        }
+        setClientCodeRequest(request);
+    }
+    
+    private void setClientCodeRequest(ClientCodeRequest request) {
+        JAXRSUtils.getCurrentMessage().setContent(ClientCodeRequest.class, request);
+    }
+
+    private String createRequestState(ContainerRequestContext rc, SecurityContext sc, UriInfo
ui) {
+        if (clientStateProvider == null) {
+            return null;
+        }
+        MultivaluedMap<String, String> state = new MetadataMap<String, String>();
+        state.putAll(ui.getQueryParameters(false));
+        if (MediaType.APPLICATION_FORM_URLENCODED_TYPE.isCompatible(rc.getMediaType())) {
+            String body = FormUtils.readBody(rc.getEntityStream(), "UTF-8");
+            FormUtils.populateMapFromString(state, JAXRSUtils.getCurrentMessage(), body,
"UTF-8", false);
+        }
+        return clientStateProvider.toString(sc, ui, state);
+    }
+
+    public void setScopeList(List<String> list) {
+        StringBuilder sb = new StringBuilder();
+        for (String s : list) {
+            if (sb.length() > 0) {
+                sb.append(" ");
+            }
+            sb.append(s);
+        }
+        setScopeString(sb.toString());
+    }
+    public void setScopeString(String scopesString) {
+        this.scopes = scopesString;
+    }
+
+    public void setStartUri(String startUri) {
+        this.startUri = startUri;
+    }
+
+    public void setAuthorizationServiceUri(String authorizationServiceUri) {
+        this.authorizationServiceUri = authorizationServiceUri;
+    }
+
+    public void setConsumer(Consumer consumer) {
+        this.consumer = consumer;
+    }
+
+    public void setRelativeRedirectUri(String redirectUri) {
+        this.relRedirectUri = redirectUri;
+    }
+
+    public void setAccessTokenService(WebClient accessTokenService) {
+        this.accessTokenService = accessTokenService;
+    }
+
+    public void setClientStateProvider(ClientCodeStateProvider clientStateProvider) {
+        this.clientStateProvider = clientStateProvider;
+    }
+    public void setClientRequestProvider(ClientCodeRequestProvider clientRequestProvider)
{
+        this.clientRequestProvider = clientRequestProvider;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b2db2a2b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestProvider.java
new file mode 100644
index 0000000..ec92d25
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestProvider.java
@@ -0,0 +1,28 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import javax.ws.rs.core.SecurityContext;
+import javax.ws.rs.core.UriInfo;
+
+public interface ClientCodeRequestProvider {
+    void setCodeRequest(SecurityContext sc, UriInfo ui, ClientCodeRequest request);
+    ClientCodeRequest getCodeRequest(SecurityContext sc, UriInfo ui);
+    void removeCodeRequest(ClientCodeRequest request);
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b2db2a2b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateProvider.java
new file mode 100644
index 0000000..d51e7b3
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateProvider.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.SecurityContext;
+import javax.ws.rs.core.UriInfo;
+
+public interface ClientCodeStateProvider {
+    String toString(SecurityContext sc, 
+                    UriInfo ui,
+                    MultivaluedMap<String, String> state);
+    MultivaluedMap<String, String> toState(SecurityContext sc, 
+                                           UriInfo ui,
+                                           String stateParam);
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b2db2a2b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateProvider.java
new file mode 100644
index 0000000..290d76e
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateProvider.java
@@ -0,0 +1,129 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.SecurityContext;
+import javax.ws.rs.core.UriInfo;
+
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider;
+
+public class JoseClientCodeStateProvider implements ClientCodeStateProvider {
+    
+    private JwsSignatureProvider sigProvider;
+    private JweEncryptionProvider encryptionProvider;
+    private JweDecryptionProvider decryptionProvider;
+    private JwsSignatureVerifier signatureVerifier;
+    private JsonMapObjectReaderWriter jsonp = new JsonMapObjectReaderWriter();
+    @Override
+    public String toString(SecurityContext sc, UriInfo ui,
+            MultivaluedMap<String, String> state) {
+        
+        Map<String, Object> stateMap = CastUtils.cast((Map<?, ?>)state);
+        String json = jsonp.toJson(stateMap);
+        
+        JwsCompactProducer producer = new JwsCompactProducer(json);
+        JwsSignatureProvider theSigProvider = getInitializedSigProvider();
+        String stateParam = producer.signWith(theSigProvider);
+        
+        JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
+        if (theEncryptionProvider != null) {
+            stateParam = theEncryptionProvider.encrypt(StringUtils.toBytesUTF8(stateParam),
null);
+        }
+        return stateParam;
+    }
+
+    @Override
+    public MultivaluedMap<String, String> toState(SecurityContext sc,
+            UriInfo ui, String stateParam) {
+        
+        JweDecryptionProvider jwe = getInitializedDecryptionProvider();
+        if (jwe != null) {
+            stateParam = jwe.decrypt(stateParam).getContentText();
+        }
+        JwsCompactConsumer jws = new JwsCompactConsumer(stateParam);
+        JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
+        if (!jws.verifySignatureWith(theSigVerifier)) {
+            throw new SecurityException();
+        }
+        String json = jws.getUnsignedEncodedSequence();
+        Map<String, List<String>> map = CastUtils.cast((Map<?, ?>)jsonp.fromJson(json));
+        //CHECKSTYLE:OFF
+        return (MultivaluedMap<String, String>)map;
+        //CHECKSTYLE:ON
+    }
+    
+    public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
+        this.sigProvider = signatureProvider;
+    }
+    
+    protected JwsSignatureProvider getInitializedSigProvider() {
+        if (sigProvider != null) {
+            return sigProvider;    
+        } 
+        JwsSignatureProvider theSigProvider = JwsUtils.loadSignatureProvider(false);
+        if (theSigProvider == null) {
+            theSigProvider = new NoneJwsSignatureProvider();
+        }
+        return theSigProvider;
+    }
+    public void setDecryptionProvider(JweDecryptionProvider decProvider) {
+        this.decryptionProvider = decProvider;
+    }
+    protected JweDecryptionProvider getInitializedDecryptionProvider() {
+        if (decryptionProvider != null) {
+            return decryptionProvider;    
+        } 
+        return JweUtils.loadDecryptionProvider(false);
+    }
+    public void setSignatureVerifier(JwsSignatureVerifier signatureVerifier) {
+        this.signatureVerifier = signatureVerifier;
+    }
+    
+    protected JwsSignatureVerifier getInitializedSigVerifier() {
+        if (signatureVerifier != null) {
+            return signatureVerifier;    
+        } 
+        return JwsUtils.loadSignatureVerifier(false);
+    }
+    public void setEncryptionProvider(JweEncryptionProvider encProvider) {
+        this.encryptionProvider = encProvider;
+    }
+    protected JweEncryptionProvider getInitializedEncryptionProvider() {
+        if (encryptionProvider != null) {
+            return encryptionProvider;    
+        } 
+        return JweUtils.loadEncryptionProvider(false);
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b2db2a2b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeRequestProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeRequestProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeRequestProvider.java
new file mode 100644
index 0000000..09412b0
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeRequestProvider.java
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.ws.rs.core.SecurityContext;
+import javax.ws.rs.core.UriInfo;
+
+public class MemoryClientCodeRequestProvider implements ClientCodeRequestProvider {
+    private ConcurrentHashMap<String, ClientCodeRequest> map = 
+            new ConcurrentHashMap<String, ClientCodeRequest>();
+
+    @Override
+    public void setCodeRequest(SecurityContext sc, UriInfo ui, ClientCodeRequest request)
{
+        map.put(getKey(sc), request);
+        
+    }
+
+    private String getKey(SecurityContext sc) {
+        return sc.getUserPrincipal().getName();
+    }
+
+    @Override
+    public ClientCodeRequest getCodeRequest(SecurityContext sc, UriInfo ui) {
+        // TODO: support an automatic removal based on the token expires property
+        return map.remove(getKey(sc));
+    }
+
+    @Override
+    public void removeCodeRequest(ClientCodeRequest request) {
+        map.remove(request.getUserName());
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/b2db2a2b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateProvider.java
new file mode 100644
index 0000000..ecc147b
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateProvider.java
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.SecurityContext;
+import javax.ws.rs.core.UriInfo;
+
+public class MemoryClientCodeStateProvider implements ClientCodeStateProvider {
+    private ConcurrentHashMap<String, MultivaluedMap<String, String>> map = 
+            new ConcurrentHashMap<String, MultivaluedMap<String, String>>();
+    
+    @Override
+    public String toString(SecurityContext sc, UriInfo ui,
+            MultivaluedMap<String, String> state) {
+        String name = sc.getUserPrincipal().getName();
+        String hashCode = Integer.toString(name.hashCode());
+        map.put(hashCode, state);
+        return hashCode;
+    }
+
+    @Override
+    public MultivaluedMap<String, String> toState(SecurityContext sc,
+            UriInfo ui, String stateParam) {
+        String name = sc.getUserPrincipal().getName();
+        String hashCode = Integer.toString(name.hashCode());
+        return map.remove(hashCode);
+    }
+}


Mime
View raw message