cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-5607] Simplifying the oidc filter code for now
Date Wed, 24 Jun 2015 15:21:50 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes b39688086 -> de570e564


[CXF-5607] Simplifying the oidc filter code for now


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/de570e56
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/de570e56
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/de570e56

Branch: refs/heads/3.0.x-fixes
Commit: de570e56463af9afd09db8d9b5dc1ede143c4628
Parents: b396880
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Wed Jun 24 16:19:34 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Wed Jun 24 16:21:33 2015 +0100

----------------------------------------------------------------------
 .../security/oidc/rp/MemoryOidcRpStateManager.java  | 14 --------------
 .../oidc/rp/OidcRpAuthenticationFilter.java         | 16 ++++++++--------
 .../oidc/rp/OidcRpAuthenticationService.java        |  5 ++---
 .../cxf/rs/security/oidc/rp/OidcRpStateManager.java |  5 -----
 4 files changed, 10 insertions(+), 30 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/de570e56/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java
index baa7e80..3b60bc4 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java
@@ -21,12 +21,8 @@ package org.apache.cxf.rs.security.oidc.rp;
 import java.io.IOException;
 import java.util.concurrent.ConcurrentHashMap;
 
-import javax.ws.rs.core.MultivaluedMap;
-
 
 public class MemoryOidcRpStateManager implements OidcRpStateManager {
-    private ConcurrentHashMap<String, MultivaluedMap<String, String>> map = 
-        new ConcurrentHashMap<String, MultivaluedMap<String, String>>();
     private ConcurrentHashMap<String, OidcClientTokenContext> map2 = 
         new ConcurrentHashMap<String, OidcClientTokenContext>();
     @Override
@@ -36,16 +32,6 @@ public class MemoryOidcRpStateManager implements OidcRpStateManager {
     }
 
     @Override
-    public void setRequestState(String token, MultivaluedMap<String, String> state)
{
-        map.put(token, state);
-    }
-
-    @Override
-    public MultivaluedMap<String, String> removeRequestState(String token) {
-        return map.remove(token);
-    }
-
-    @Override
     public void setTokenContext(String contextKey, OidcClientTokenContext state) {
         map2.put(contextKey, state);
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/de570e56/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
index 01b95a3..87ccb07 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
@@ -35,7 +35,7 @@ import javax.ws.rs.core.UriBuilder;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.jaxrs.utils.FormUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+import org.apache.cxf.rs.security.oauth2.client.ClientTokenContext;
 
 @PreMatching
 @Priority(Priorities.AUTHENTICATION)
@@ -48,11 +48,7 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter
{
         if (checkSecurityContext(rc)) {
             return;
         } else {
-            String token = OAuthUtils.generateRandomTokenKey();
-            MultivaluedMap<String, String> state = toRequestState(rc);
-            stateManager.setRequestState(token, state);
             UriBuilder ub = rc.getUriInfo().getBaseUriBuilder().path(rpServiceAddress);
-            ub.queryParam("state", token);
             rc.abortWith(Response.seeOther(ub.build())
                            .header(HttpHeaders.CACHE_CONTROL, "no-cache, no-store")
                            .header("Pragma", "no-cache") 
@@ -69,11 +65,16 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter
{
         String contextKey = securityContextCookie.getValue();
         
         OidcClientTokenContext tokenContext = stateManager.getTokenContext(contextKey);
-        
         if (tokenContext == null) {
             return false;
         }
-        rc.setSecurityContext(new OidcSecurityContext(tokenContext));
+        OidcClientTokenContextImpl newTokenContext = new OidcClientTokenContextImpl();
+        newTokenContext.setToken(tokenContext.getToken());
+        newTokenContext.setIdToken(tokenContext.getIdToken());
+        newTokenContext.setUserInfo(tokenContext.getUserInfo());
+        newTokenContext.setState(toRequestState(rc));
+        JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, newTokenContext);
+        rc.setSecurityContext(new OidcSecurityContext(newTokenContext));
         return true;
     }
     private MultivaluedMap<String, String> toRequestState(ContainerRequestContext rc)
{
@@ -84,7 +85,6 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter
{
             FormUtils.populateMapFromString(requestState, JAXRSUtils.getCurrentMessage(),
body, 
                                             "UTF-8", true);
         }
-        requestState.putSingle("location", rc.getUriInfo().getRequestUri().toString());
         return requestState;
     }
     public void setRpServiceAddress(String rpServiceAddress) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/de570e56/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
index 1d939fa..49388e0 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
@@ -33,8 +33,7 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 public class OidcRpAuthenticationService {
     private OidcRpStateManager stateManager;
     private String defaultLocation;
-    
-    
+        
     @GET
     @Path("complete")
     public Response completeAuthentication(@Context OidcClientTokenContext context,
@@ -42,7 +41,7 @@ public class OidcRpAuthenticationService {
         String key = OAuthUtils.generateRandomTokenKey();
         stateManager.setTokenContext(key, context);
         URI redirectUri = null;
-        String location = context.getState().getFirst("location");
+        String location = context.getState().getFirst("state");
         if (location == null) {
             String basePath = (String)mc.get("http.base.path");
             redirectUri = UriBuilder.fromUri(basePath).path(defaultLocation).build();

http://git-wip-us.apache.org/repos/asf/cxf/blob/de570e56/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java
index 564e53e..645d424 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java
@@ -20,12 +20,7 @@ package org.apache.cxf.rs.security.oidc.rp;
 
 import java.io.Closeable;
 
-import javax.ws.rs.core.MultivaluedMap;
-
 public interface OidcRpStateManager extends Closeable {
-    void setRequestState(String token, MultivaluedMap<String, String> state);
-    MultivaluedMap<String, String> removeRequestState(String token);
-    
     void setTokenContext(String contextKey, OidcClientTokenContext state);
     OidcClientTokenContext getTokenContext(String contextKey);
     OidcClientTokenContext removeTokenContext(String contextKey);


Mime
View raw message