cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-5607] More work around oidc authentication only
Date Thu, 25 Jun 2015 15:04:47 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 557dc292f -> e617a2c58


[CXF-5607] More work around oidc authentication only


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e617a2c5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e617a2c5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e617a2c5

Branch: refs/heads/master
Commit: e617a2c5865cf3d11d0d344a23dc2d493ff4809b
Parents: 557dc29
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Jun 25 16:04:25 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Jun 25 16:04:25 2015 +0100

----------------------------------------------------------------------
 .../main/webapp/WEB-INF/applicationContext.xml  |  2 -
 .../oidc/rp/OidcClientTokenContextImpl.java     |  6 ++
 .../security/oidc/rp/OidcIdTokenProvider.java   |  7 +-
 .../oidc/rp/OidcIdTokenRequestFilter.java       | 74 ++++++++++++++++++++
 .../oidc/rp/OidcRpAuthenticationService.java    | 22 +-----
 .../security/oidc/rp/OidcSecurityContext.java   |  4 ++
 6 files changed, 93 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e617a2c5/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
index 528aa50..9da7e37 100644
--- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
@@ -130,8 +130,6 @@
      <bean id="oidcRpService" class="org.apache.cxf.rs.security.oidc.rp.OidcRpAuthenticationService">
          <property name="stateManager" ref="stateManager"/>
          <property name="defaultLocation" value="/forms/startSearch.jsp"/>
-         <property name="idTokenValidator" ref="userInfoClient"/>
-         <property name="consumer" ref="consumer"/>
      </bean>
      
      <jaxrs:server id="oidcRpServer" address="/oidc">

http://git-wip-us.apache.org/repos/asf/cxf/blob/e617a2c5/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientTokenContextImpl.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientTokenContextImpl.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientTokenContextImpl.java
index 47164a7..c18be13 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientTokenContextImpl.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientTokenContextImpl.java
@@ -26,6 +26,12 @@ public class OidcClientTokenContextImpl extends ClientTokenContextImpl
implement
     private static final long serialVersionUID = 117239739331303618L;
     private IdToken idToken;
     private UserInfo userInfo;
+    public OidcClientTokenContextImpl() {
+        
+    }
+    public OidcClientTokenContextImpl(IdToken idToken) {
+        this.idToken = idToken;
+    }
     public IdToken getIdToken() {
         return idToken;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e617a2c5/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
index 496a92c..fab9ae8 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
@@ -26,6 +26,11 @@ import org.apache.cxf.rs.security.oidc.common.IdToken;
 public class OidcIdTokenProvider implements ContextProvider<IdToken> {
     @Override
     public IdToken createContext(Message m) {
-        return ((OidcClientTokenContext)m.getContent(ClientTokenContext.class)).getIdToken();
+        
+        OidcClientTokenContext ctx = (OidcClientTokenContext)m.getContent(ClientTokenContext.class);
+        if (ctx != null) {
+            return ctx.getIdToken();
+        }
+        return m.getContent(IdToken.class);
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e617a2c5/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
new file mode 100644
index 0000000..922a3d0
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.rp;
+
+import java.io.IOException;
+
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.jaxrs.impl.MetadataMap;
+import org.apache.cxf.jaxrs.utils.FormUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.rs.security.oauth2.client.ClientTokenContext;
+import org.apache.cxf.rs.security.oauth2.client.Consumer;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
+
+public class OidcIdTokenRequestFilter implements ContainerRequestFilter {
+    private String tokenFormParameter = "idtoken"; 
+    private IdTokenValidator idTokenValidator;
+    private Consumer consumer;
+    
+    @Override
+    public void filter(ContainerRequestContext requestContext) throws IOException {
+        MultivaluedMap<String, String> form = toFormData(requestContext);
+        String idTokenParamValue = form.getFirst(tokenFormParameter);
+        if (idTokenParamValue == null) {
+            requestContext.abortWith(Response.status(401).build());
+            return;
+        }
+        
+        IdToken idToken = idTokenValidator.getIdToken(idTokenParamValue, consumer.getKey());
+        JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, idToken);
+        requestContext.setSecurityContext(new OidcSecurityContext(idToken));
+        
+    }
+    private MultivaluedMap<String, String> toFormData(ContainerRequestContext rc) {
+        MultivaluedMap<String, String> requestState = new MetadataMap<String, String>();
+        if (MediaType.APPLICATION_FORM_URLENCODED_TYPE.isCompatible(rc.getMediaType())) {
+            String body = FormUtils.readBody(rc.getEntityStream(), "UTF-8");
+            FormUtils.populateMapFromString(requestState, JAXRSUtils.getCurrentMessage(),
body, 
+                                            "UTF-8", false);
+        }
+        return requestState;
+    }
+    public void setIdTokenValidator(IdTokenValidator validator) {
+        this.idTokenValidator = validator;
+    }
+    public void setTokenFormParameter(String tokenFormParameter) {
+        this.tokenFormParameter = tokenFormParameter;
+    }
+
+    public void setConsumer(Consumer consumer) {
+        this.consumer = consumer;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/e617a2c5/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
index 70a7224..1c4eebe 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
@@ -32,29 +32,21 @@ import javax.ws.rs.core.UriBuilder;
 
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth2.client.ClientTokenContextManager;
-import org.apache.cxf.rs.security.oauth2.client.Consumer;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
 
 @Path("rp")
 public class OidcRpAuthenticationService {
     private ClientTokenContextManager stateManager;
     private String defaultLocation;
-    private String tokenFormParameter = "idtoken"; 
     @Context
     private MessageContext mc; 
-    private IdTokenValidator idTokenValidator;
-    private Consumer consumer;
-    
-    public void setIdTokenValidator(IdTokenValidator validator) {
-        this.idTokenValidator = validator;
-    }
     
     @POST
     @Path("signin")
     @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
-    public Response completeScriptAuthentication(MultivaluedMap<String, String> map)
{
-        String idTokenParamValue = map.getFirst(tokenFormParameter);
+    public Response completeScriptAuthentication(@Context IdToken idToken) {
         OidcClientTokenContextImpl ctx = new OidcClientTokenContextImpl();
-        ctx.setIdToken(idTokenValidator.getIdToken(idTokenParamValue, consumer.getKey()));
+        ctx.setIdToken(idToken);
         return completeAuthentication(ctx);   
     }
     
@@ -81,12 +73,4 @@ public class OidcRpAuthenticationService {
     public void setStateManager(ClientTokenContextManager stateManager) {
         this.stateManager = stateManager;
     }
-
-    public void setTokenFormParameter(String tokenFormParameter) {
-        this.tokenFormParameter = tokenFormParameter;
-    }
-
-    public void setConsumer(Consumer consumer) {
-        this.consumer = consumer;
-    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e617a2c5/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
index f8b8045..14dd8c3 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
@@ -23,9 +23,13 @@ import javax.ws.rs.core.SecurityContext;
 import org.apache.cxf.common.security.SimpleSecurityContext;
 import org.apache.cxf.jaxrs.utils.HttpUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
 
 public class OidcSecurityContext extends SimpleSecurityContext implements SecurityContext
{
     private OidcClientTokenContext oidcContext;
+    public OidcSecurityContext(IdToken token) {
+        this(new OidcClientTokenContextImpl());
+    }
     public OidcSecurityContext(OidcClientTokenContext oidcContext) {
         super(getUserName(oidcContext));
         this.oidcContext = oidcContext;


Mime
View raw message