Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 936899CE6 for ; Tue, 9 Dec 2014 13:05:44 +0000 (UTC) Received: (qmail 83008 invoked by uid 500); 9 Dec 2014 13:05:44 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 82949 invoked by uid 500); 9 Dec 2014 13:05:44 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 82934 invoked by uid 99); 9 Dec 2014 13:05:44 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Dec 2014 13:05:44 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 33523A20583; Tue, 9 Dec 2014 13:05:44 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sergeyb@apache.org To: commits@cxf.apache.org Message-Id: <1981e2dd4a6a4edd90fc2e00ca989ea5@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: Few more updates to the Hawk validators Date: Tue, 9 Dec 2014 13:05:44 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/master 982bff937 -> 3898cf18c Few more updates to the Hawk validators Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3898cf18 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3898cf18 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3898cf18 Branch: refs/heads/master Commit: 3898cf18c620e109fbc5cb65a08604ea2ed06d81 Parents: 982bff9 Author: Sergey Beryozkin Authored: Tue Dec 9 13:05:28 2014 +0000 Committer: Sergey Beryozkin Committed: Tue Dec 9 13:05:28 2014 +0000 ---------------------------------------------------------------------- .../hawk/AbstractHawkAccessTokenValidator.java | 30 +++++++++++++++++--- .../tokens/hawk/HawkAccessTokenValidator.java | 8 ++---- .../hawk/HawkAccessTokenValidatorClient.java | 20 +++++++++++++ 3 files changed, 48 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/3898cf18/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java index 82f655e..9a2e25d 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java @@ -18,6 +18,7 @@ */ package org.apache.cxf.rs.security.oauth2.tokens.hawk; +import java.net.URI; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; @@ -38,7 +39,10 @@ import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; public abstract class AbstractHawkAccessTokenValidator implements AccessTokenValidator { + protected static final String HTTP_VERB = "http.verb"; + protected static final String HTTP_URI = "http.uri"; private NonceVerifier nonceVerifier; + private boolean remoteSignatureValidation; public List getSupportedAuthorizationSchemes() { return Collections.singletonList(OAuthConstants.HAWK_AUTHORIZATION_SCHEME); } @@ -50,12 +54,22 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal Map schemeParams = getSchemeParameters(authSchemeData); AccessTokenValidation atv = getAccessTokenValidation(mc, authScheme, authSchemeData, extraProps, schemeParams); + if (isRemoteSignatureValidation()) { + return atv; + } String macKey = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_KEY); String macAlgo = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_ALGORITHM); - - HttpRequestProperties httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(), - mc.getHttpServletRequest().getMethod()); + + + HttpRequestProperties httpProps = null; + if (extraProps != null && extraProps.containsKey(HTTP_VERB) && extraProps.containsKey(HTTP_URI)) { + httpProps = new HttpRequestProperties(URI.create(extraProps.getFirst(HTTP_URI)), + extraProps.getFirst(HTTP_VERB)); + } else { + httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(), + mc.getHttpServletRequest().getMethod()); + } HawkAuthorizationScheme macAuthInfo = new HawkAuthorizationScheme(httpProps, schemeParams); String normalizedString = macAuthInfo.getNormalizedRequestString(); try { @@ -82,7 +96,7 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal MultivaluedMap extraProps, Map schemeParams); - private static Map getSchemeParameters(String authData) { + protected static Map getSchemeParameters(String authData) { String[] attributePairs = authData.split(","); Map attributeMap = new HashMap(); for (String pair : attributePairs) { @@ -101,4 +115,12 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal public void setNonceVerifier(NonceVerifier nonceVerifier) { this.nonceVerifier = nonceVerifier; } + + public boolean isRemoteSignatureValidation() { + return remoteSignatureValidation; + } + + public void setRemoteSignatureValidation(boolean remoteSignatureValidation) { + this.remoteSignatureValidation = remoteSignatureValidation; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/3898cf18/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java index 977c531..b80deba 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java @@ -31,7 +31,6 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; public class HawkAccessTokenValidator extends AbstractHawkAccessTokenValidator { private OAuthDataProvider dataProvider; - private boolean remoteSignatureValidation; protected AccessTokenValidation getAccessTokenValidation(MessageContext mc, String authScheme, @@ -47,7 +46,7 @@ public class HawkAccessTokenValidator extends AbstractHawkAccessTokenValidator { AccessTokenValidation atv = new AccessTokenValidation(macAccessToken); // OAuth2 Pop token introspection will likely support returning a JWE-encrypted key - if (!remoteSignatureValidation || mc.getSecurityContext().isSecure()) { + if (!isRemoteSignatureValidation() || mc.getSecurityContext().isSecure()) { atv.getExtraProps().put(OAuthConstants.HAWK_TOKEN_KEY, macAccessToken.getMacKey()); atv.getExtraProps().put(OAuthConstants.HAWK_TOKEN_ALGORITHM, macAccessToken.getMacAlgorithm()); } @@ -55,11 +54,8 @@ public class HawkAccessTokenValidator extends AbstractHawkAccessTokenValidator { return atv; } - public void setDataProvider(OAuthDataProvider dataProvider) { this.dataProvider = dataProvider; } - public void setRemoteSignatureValidation(boolean remoteSignatureValidation) { - this.remoteSignatureValidation = remoteSignatureValidation; - } + } http://git-wip-us.apache.org/repos/asf/cxf/blob/3898cf18/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java index 4ab3a0f..3f31bd8 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java @@ -24,13 +24,33 @@ import java.util.Map; import javax.ws.rs.core.MultivaluedMap; import org.apache.cxf.jaxrs.ext.MessageContext; +import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation; import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator; +import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; public class HawkAccessTokenValidatorClient extends AbstractHawkAccessTokenValidator { private AccessTokenValidator validator; + public AccessTokenValidation validateAccessToken(MessageContext mc, + String authScheme, + String authSchemeData, + MultivaluedMap extraProps) + throws OAuthServiceException { + if (isRemoteSignatureValidation()) { + MultivaluedMap map = new MetadataMap(); + if (extraProps != null) { + map.putAll(extraProps); + } + map.putSingle(HTTP_VERB, mc.getRequest().getMethod()); + map.putSingle(HTTP_URI, mc.getUriInfo().getRequestUri().toString()); + return validator.validateAccessToken(mc, authScheme, authSchemeData, map); + } else { + return super.validateAccessToken(mc, authScheme, authSchemeData, extraProps); + } + + } protected AccessTokenValidation getAccessTokenValidation(MessageContext mc, String authScheme, String authSchemeData,