Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E4C4E104D8 for ; Wed, 24 Dec 2014 16:32:40 +0000 (UTC) Received: (qmail 90597 invoked by uid 500); 24 Dec 2014 16:32:40 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 90535 invoked by uid 500); 24 Dec 2014 16:32:40 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 90526 invoked by uid 99); 24 Dec 2014 16:32:40 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Dec 2014 16:32:40 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 80655A37B13; Wed, 24 Dec 2014 16:32:40 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sergeyb@apache.org To: commits@cxf.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: Some OISC RP refactoring Date: Wed, 24 Dec 2014 16:32:40 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/master 27c1bb5a1 -> 9511cd40a Some OISC RP refactoring Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9511cd40 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9511cd40 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9511cd40 Branch: refs/heads/master Commit: 9511cd40a9701ee1b46ba28b61154f6f0833b7d9 Parents: 27c1bb5 Author: Sergey Beryozkin Authored: Wed Dec 24 16:31:40 2014 +0000 Committer: Sergey Beryozkin Committed: Wed Dec 24 16:31:40 2014 +0000 ---------------------------------------------------------------------- .../java/demo/jaxrs/server/BigQueryService.java | 28 +++++--------------- .../main/webapp/WEB-INF/applicationContext.xml | 8 +++--- .../oidc/rp/AbstractTokenValidator.java | 2 +- .../rs/security/oidc/rp/IdTokenValidator.java | 2 +- .../cxf/rs/security/oidc/rp/UserInfoClient.java | 8 +++--- 5 files changed, 17 insertions(+), 31 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/9511cd40/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java index 37840d6..5940fa5 100644 --- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java +++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java @@ -42,7 +42,7 @@ import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.rs.security.oidc.common.IdToken; import org.apache.cxf.rs.security.oidc.common.UserInfo; -import org.apache.cxf.rs.security.oidc.rp.IdTokenValidator; +import org.apache.cxf.rs.security.oidc.rp.UserInfoClient; @Path("/service") public class BigQueryService { @@ -54,8 +54,7 @@ public class BigQueryService { private String authorizationServiceUri; private WebClient accessTokenServiceClient; - private WebClient userInfoServiceClient; - private IdTokenValidator tokenValidator; + private UserInfoClient tokenClient; private Consumer consumer; @GET @@ -104,11 +103,10 @@ public class BigQueryService { ClientAccessToken at = getClientAccessToken(consumer, code, postMessage); // Expect and validate id_token - IdToken idToken = tokenValidator.getIdTokenFromJwt(at, - consumer.getKey()); + IdToken idToken = tokenClient.getIdToken(at, consumer.getKey()); - // Get User Profile if needed - UserInfo userInfo = getUserInfo(at, idToken); + // Get User Profile + UserInfo userInfo = tokenClient.getUserInfo(at, idToken); // Complete the request, use 'at' to access some other user's API, // return the response to the user @@ -137,20 +135,8 @@ public class BigQueryService { OAuthConstants.REDIRECT_URI, redirectUri), false); } - private UserInfo getUserInfo(ClientAccessToken at, IdToken idToken) { - if (userInfoServiceClient != null) { - OAuthClientUtils.setAuthorizationHeader(userInfoServiceClient, at); - return userInfoServiceClient.get(UserInfo.class); - } - return null; - } - - public void setUserInfoServiceClient(WebClient userInfoServiceClient) { - this.userInfoServiceClient = userInfoServiceClient; - } - - public void setIdTokenValidator(IdTokenValidator tokenValidator) { - this.tokenValidator = tokenValidator; + public void setUserInfoClient(UserInfoClient tokenClient) { + this.tokenClient = tokenClient; } public void setAuthorizationServiceUri(String authorizationServiceUri) { http://git-wip-us.apache.org/repos/asf/cxf/blob/9511cd40/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml index 51d829e..598e42f 100644 --- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml +++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml @@ -60,7 +60,7 @@ - @@ -89,9 +89,10 @@ - + + @@ -101,8 +102,7 @@ - - + http://git-wip-us.apache.org/repos/asf/cxf/blob/9511cd40/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java index f6e95c6..f468d33 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java @@ -76,7 +76,7 @@ public abstract class AbstractTokenValidator { // validate the provider String issuer = claims.getIssuer(); - if (issuerId == null && validateClaimsAlways || issuerId != null && !issuerId.equals(issuer)) { + if (issuer == null && validateClaimsAlways || issuer != null && !issuer.equals(issuerId)) { throw new SecurityException("Invalid provider"); } JwtUtils.validateJwtTimeClaims(claims, issuedAtRange, validateClaimsAlways); http://git-wip-us.apache.org/repos/asf/cxf/blob/9511cd40/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java index 3d5a1f3..378cbe5 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java @@ -26,7 +26,7 @@ import org.apache.cxf.rs.security.oidc.utils.OidcUtils; public class IdTokenValidator extends AbstractTokenValidator { private boolean requireAtHash = true; - public IdToken getIdTokenFromJwt(ClientAccessToken at, String clientId) { + public IdToken getIdToken(ClientAccessToken at, String clientId) { JwtToken jwt = getIdJwtToken(at, clientId); return getIdTokenFromJwt(jwt, clientId); } http://git-wip-us.apache.org/repos/asf/cxf/blob/9511cd40/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java index bbd98d5..b6cab0c 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java @@ -29,9 +29,9 @@ public class UserInfoClient extends IdTokenValidator { private boolean encryptedOnly; private WebClient profileClient; public UserInfo getUserInfo(ClientAccessToken at, IdToken idToken) { - return getProfile(at, idToken, false); + return getUserInfo(at, idToken, false); } - public UserInfo getProfile(ClientAccessToken at, IdToken idToken, boolean asJwt) { + public UserInfo getUserInfo(ClientAccessToken at, IdToken idToken, boolean asJwt) { OAuthClientUtils.setAuthorizationHeader(profileClient, at); if (asJwt) { String jwt = profileClient.get(String.class); @@ -64,8 +64,8 @@ public class UserInfoClient extends IdTokenValidator { public void setEncryptedOnly(boolean encryptedOnly) { this.encryptedOnly = encryptedOnly; } - public void setProfileClient(WebClient profileClient) { - this.profileClient = profileClient; + public void setUserInfoServiceClient(WebClient client) { + this.profileClient = client; } }