cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-5607] Adding an IdToken provider for the auth cases only, and removing some redundndant interfaces
Date Thu, 25 Jun 2015 11:20:13 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 8ac5e5a83 -> a9a1305a9


[CXF-5607] Adding an IdToken provider for the auth cases only, and removing some redundndant
interfaces


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a9a1305a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a9a1305a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a9a1305a

Branch: refs/heads/master
Commit: a9a1305a9588d2c886d763d0c1ef892c2b9b0b71
Parents: 8ac5e5a
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Jun 25 12:19:53 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Jun 25 12:19:53 2015 +0100

----------------------------------------------------------------------
 .../main/webapp/WEB-INF/applicationContext.xml  |  2 +-
 .../oauth2/client/ClientCodeRequestFilter.java  |  2 +-
 .../client/ClientTokenContextManager.java       |  2 +-
 .../client/MemoryClientCodeStateManager.java    |  7 ++-
 .../client/MemoryClientTokenContextManager.java | 20 ++++----
 .../provider/JoseSessionTokenProvider.java      |  4 +-
 .../services/RedirectionBasedGrantService.java  |  4 +-
 .../rs/security/oauth2/utils/OAuthUtils.java    | 37 ++++++++++-----
 .../oidc/rp/MemoryOidcRpStateManager.java       | 49 --------------------
 .../security/oidc/rp/OidcIdTokenProvider.java   | 31 +++++++++++++
 .../oidc/rp/OidcRpAuthenticationFilter.java     | 23 ++++-----
 .../oidc/rp/OidcRpAuthenticationService.java    | 12 ++---
 .../rs/security/oidc/rp/OidcRpStateManager.java | 27 -----------
 13 files changed, 93 insertions(+), 127 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/a9a1305a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
index e23c012..9da7e37 100644
--- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
@@ -120,7 +120,7 @@
         </jaxrs:features>
      </jaxrs:server>
      
-     <bean id="stateManager" class="org.apache.cxf.rs.security.oidc.rp.MemoryOidcRpStateManager"/>
+     <bean id="stateManager" class="org.apache.cxf.rs.security.oauth2.client.MemoryClientTokenContextManager"/>
      
      <bean id="oidcRpFilter" class="org.apache.cxf.rs.security.oidc.rp.OidcRpAuthenticationFilter">
          <property name="stateManager" ref="stateManager"/>

http://git-wip-us.apache.org/repos/asf/cxf/blob/a9a1305a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index 05c9f28..72b2655 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -239,7 +239,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
             if (ctx != null) {
                 ClientAccessToken newAt = refreshAccessTokenIfExpired(ctx.getToken());
                 if (newAt != null) {
-                    clientTokenContextManager.removeClientTokenContext(mc, ctx);
+                    clientTokenContextManager.removeClientTokenContext(mc);
                     ClientTokenContext newCtx = initializeClientTokenContext(rc, newAt, ctx.getState());
           
                     clientTokenContextManager.setClientTokenContext(mc, newCtx);
                     ctx = newCtx;

http://git-wip-us.apache.org/repos/asf/cxf/blob/a9a1305a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextManager.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextManager.java
index 1034a9a..3ec9256 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextManager.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextManager.java
@@ -23,5 +23,5 @@ import org.apache.cxf.jaxrs.ext.MessageContext;
 public interface ClientTokenContextManager {
     void setClientTokenContext(MessageContext mc, ClientTokenContext ctx);
     ClientTokenContext getClientTokenContext(MessageContext mc);
-    void removeClientTokenContext(MessageContext mc, ClientTokenContext ctx);
+    ClientTokenContext removeClientTokenContext(MessageContext mc);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a9a1305a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
index 994a842..727839b 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
@@ -24,6 +24,7 @@ import javax.ws.rs.core.MultivaluedMap;
 
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 
@@ -36,7 +37,7 @@ public class MemoryClientCodeStateManager implements ClientCodeStateManager
{
                                                           MultivaluedMap<String, String>
requestState) {
         String stateParam = OAuthUtils.generateRandomTokenKey();
         map.put(stateParam, requestState);
-        
+        OAuthUtils.setSessionToken(mc, stateParam, "state", 0);
         MultivaluedMap<String, String> redirectMap = new MetadataMap<String, String>();
         redirectMap.putSingle(OAuthConstants.STATE, stateParam);
         return redirectMap;
@@ -46,6 +47,10 @@ public class MemoryClientCodeStateManager implements ClientCodeStateManager
{
     public MultivaluedMap<String, String> fromRedirectState(MessageContext mc, 
                                                             MultivaluedMap<String, String>
redirectState) {
         String stateParam = redirectState.getFirst(OAuthConstants.STATE);
+        String sessionToken = OAuthUtils.getSessionToken(mc, "state");
+        if (!sessionToken.equals(stateParam)) {
+            throw new OAuthServiceException("Invalid session token");
+        }
         return map.remove(stateParam);
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a9a1305a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
index a10191e..da85e11 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
@@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.oauth2.client;
 import java.util.concurrent.ConcurrentHashMap;
 
 import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 
 public class MemoryClientTokenContextManager implements ClientTokenContextManager {
     private ConcurrentHashMap<String, ClientTokenContext> map = 
@@ -28,22 +29,23 @@ public class MemoryClientTokenContextManager implements ClientTokenContextManage
 
     @Override
     public void setClientTokenContext(MessageContext mc, ClientTokenContext request) {
-        map.put(getKey(mc), request);
+        String stateParam = OAuthUtils.generateRandomTokenKey();
+        OAuthUtils.setSessionToken(mc, stateParam, "org.apache.cxf.websso.context", 0);
+        map.put(stateParam, request);
         
     }
 
-    private String getKey(MessageContext mc) {
-        return mc.getSecurityContext().getUserPrincipal().getName();
-    }
-
     @Override
     public ClientTokenContext getClientTokenContext(MessageContext mc) {
-        // TODO: support an automatic removal based on the token expires property
-        return map.remove(getKey(mc));
+        return map.get(getKey(mc, false));
     }
 
     @Override
-    public void removeClientTokenContext(MessageContext mc, ClientTokenContext request) {
-        map.remove(getKey(mc));
+    public ClientTokenContext removeClientTokenContext(MessageContext mc) {
+        return map.remove(getKey(mc, true));
+    }
+    
+    private String getKey(MessageContext mc, boolean remove) {
+        return OAuthUtils.getSessionToken(mc, "org.apache.cxf.websso.context", remove);
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a9a1305a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
index 10dbdc3..0575f06 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
@@ -46,13 +46,13 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide
                                      UserSubject subject, OAuthRedirectionState secData)
{
         String stateString = convertStateToString(secData);
         String sessionToken = protectStateString(stateString);
-        return OAuthUtils.setDefaultSessionToken(mc, sessionToken, maxDefaultSessionInterval);
+        return OAuthUtils.setSessionToken(mc, sessionToken, maxDefaultSessionInterval);
     }
 
     @Override
     public String getSessionToken(MessageContext mc, MultivaluedMap<String, String>
params,
                                   UserSubject subject) {
-        return OAuthUtils.getDefaultSessionToken(mc);
+        return OAuthUtils.getSessionToken(mc);
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/cxf/blob/a9a1305a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index be09cc0..821e70e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -380,7 +380,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
                                                                                subject,
                                                                                secData);
         } else {
-            sessionToken = OAuthUtils.setDefaultSessionToken(getMessageContext(), maxDefaultSessionInterval);
+            sessionToken = OAuthUtils.setSessionToken(getMessageContext(), maxDefaultSessionInterval);
         }
         secData.setAuthenticityToken(sessionToken);
     }
@@ -394,7 +394,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
                                                                                params,
                                                                                subject);
         } else {
-            sessionToken = OAuthUtils.getDefaultSessionToken(getMessageContext());
+            sessionToken = OAuthUtils.getSessionToken(getMessageContext());
         }
         if (StringUtils.isEmpty(sessionToken)) {
             return false;

http://git-wip-us.apache.org/repos/asf/cxf/blob/a9a1305a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index e989ba8..1560830 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -53,28 +53,41 @@ public final class OAuthUtils {
     private OAuthUtils() {
     }
     
-    public static String setDefaultSessionToken(MessageContext mc) {
-        return setDefaultSessionToken(mc, 0);
+    public static String setSessionToken(MessageContext mc) {
+        return setSessionToken(mc, 0);
     }
-    public static String setDefaultSessionToken(MessageContext mc, int maxInactiveInterval)
{
-        return setDefaultSessionToken(mc, generateRandomTokenKey());
+    public static String setSessionToken(MessageContext mc, int maxInactiveInterval) {
+        return setSessionToken(mc, generateRandomTokenKey());
     }
-    public static String setDefaultSessionToken(MessageContext mc, String sessionToken) {
-        return setDefaultSessionToken(mc, sessionToken, 0);
+    public static String setSessionToken(MessageContext mc, String sessionToken) {
+        return setSessionToken(mc, sessionToken, 0);
     }
-    public static String setDefaultSessionToken(MessageContext mc, String sessionToken, int
maxInactiveInterval) {
+    public static String setSessionToken(MessageContext mc, String sessionToken, int maxInactiveInterval)
{
+        return setSessionToken(mc, sessionToken, null, 0);
+    }
+    public static String setSessionToken(MessageContext mc, String sessionToken, 
+                                                String attribute, int maxInactiveInterval)
{    
         HttpSession session = mc.getHttpServletRequest().getSession();
         if (maxInactiveInterval > 0) {
             session.setMaxInactiveInterval(maxInactiveInterval);
         }
-        session.setAttribute(OAuthConstants.SESSION_AUTHENTICITY_TOKEN, sessionToken);
+        String theAttribute = attribute == null ? OAuthConstants.SESSION_AUTHENTICITY_TOKEN
: attribute;
+        session.setAttribute(theAttribute, sessionToken);
         return sessionToken;
     }
-    public static String getDefaultSessionToken(MessageContext mc) {
+
+    public static String getSessionToken(MessageContext mc) {
+        return getSessionToken(mc, null);
+    }
+    public static String getSessionToken(MessageContext mc, String attribute) {
+        return getSessionToken(mc, attribute, true);
+    }
+    public static String getSessionToken(MessageContext mc, String attribute, boolean remove)
{    
         HttpSession session = mc.getHttpServletRequest().getSession();
-        String sessionToken = (String)session.getAttribute(OAuthConstants.SESSION_AUTHENTICITY_TOKEN);
-        if (sessionToken != null) {
-            session.removeAttribute(OAuthConstants.SESSION_AUTHENTICITY_TOKEN);    
+        String theAttribute = attribute == null ? OAuthConstants.SESSION_AUTHENTICITY_TOKEN
: attribute;  
+        String sessionToken = (String)session.getAttribute(theAttribute);
+        if (sessionToken != null && remove) {
+            session.removeAttribute(theAttribute);    
         }
         return sessionToken;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a9a1305a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java
deleted file mode 100644
index 3b60bc4..0000000
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oidc.rp;
-
-import java.io.IOException;
-import java.util.concurrent.ConcurrentHashMap;
-
-
-public class MemoryOidcRpStateManager implements OidcRpStateManager {
-    private ConcurrentHashMap<String, OidcClientTokenContext> map2 = 
-        new ConcurrentHashMap<String, OidcClientTokenContext>();
-    @Override
-    public void close() throws IOException {
-        // TODO Auto-generated method stub
-        
-    }
-
-    @Override
-    public void setTokenContext(String contextKey, OidcClientTokenContext state) {
-        map2.put(contextKey, state);
-        
-    }
-
-    @Override
-    public OidcClientTokenContext getTokenContext(String contextKey) {
-        return map2.get(contextKey);
-    }
-
-    @Override
-    public OidcClientTokenContext removeTokenContext(String contextKey) {
-        return map2.remove(contextKey);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/a9a1305a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
new file mode 100644
index 0000000..496a92c
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.rp;
+
+import org.apache.cxf.jaxrs.ext.ContextProvider;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.oauth2.client.ClientTokenContext;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
+
+public class OidcIdTokenProvider implements ContextProvider<IdToken> {
+    @Override
+    public IdToken createContext(Message m) {
+        return ((OidcClientTokenContext)m.getContent(ClientTokenContext.class)).getIdToken();
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/a9a1305a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
index 87ccb07..52df086 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
@@ -18,30 +18,31 @@
  */
 package org.apache.cxf.rs.security.oidc.rp;
 
-import java.util.Map;
-
 import javax.annotation.Priority;
 import javax.ws.rs.Priorities;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.container.PreMatching;
-import javax.ws.rs.core.Cookie;
+import javax.ws.rs.core.Context;
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 
+import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.jaxrs.utils.FormUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rs.security.oauth2.client.ClientTokenContext;
+import org.apache.cxf.rs.security.oauth2.client.ClientTokenContextManager;
 
 @PreMatching
 @Priority(Priorities.AUTHENTICATION)
 public class OidcRpAuthenticationFilter implements ContainerRequestFilter {
-    
-    private OidcRpStateManager stateManager;
+    @Context
+    private MessageContext mc;
+    private ClientTokenContextManager stateManager;
     private String rpServiceAddress;
     
     public void filter(ContainerRequestContext rc) {
@@ -56,15 +57,7 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter
{
         }
     }
     protected boolean checkSecurityContext(ContainerRequestContext rc) {
-        Map<String, Cookie> cookies = rc.getCookies();
-        
-        Cookie securityContextCookie = cookies.get("org.apache.cxf.websso.context");
-        if (securityContextCookie == null) {
-            return false;
-        }
-        String contextKey = securityContextCookie.getValue();
-        
-        OidcClientTokenContext tokenContext = stateManager.getTokenContext(contextKey);
+        OidcClientTokenContext tokenContext = (OidcClientTokenContext)stateManager.getClientTokenContext(mc);
         if (tokenContext == null) {
             return false;
         }
@@ -90,7 +83,7 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter
{
     public void setRpServiceAddress(String rpServiceAddress) {
         this.rpServiceAddress = rpServiceAddress;
     }
-    public void setStateManager(OidcRpStateManager stateManager) {
+    public void setStateManager(ClientTokenContextManager stateManager) {
         this.stateManager = stateManager;
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a9a1305a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
index 3320f7f..f7001b7 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
@@ -31,12 +31,12 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 
 import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth2.client.ClientTokenContextManager;
 import org.apache.cxf.rs.security.oauth2.client.Consumer;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 
 @Path("rp")
 public class OidcRpAuthenticationService {
-    private OidcRpStateManager stateManager;
+    private ClientTokenContextManager stateManager;
     private String defaultLocation;
     private String tokenFormParameter = "idtoken"; 
     @Context
@@ -61,8 +61,7 @@ public class OidcRpAuthenticationService {
     @GET
     @Path("complete")
     public Response completeAuthentication(@Context OidcClientTokenContext oidcContext) {
-        String key = OAuthUtils.generateRandomTokenKey();
-        stateManager.setTokenContext(key, oidcContext);
+        stateManager.setClientTokenContext(mc, oidcContext);
         URI redirectUri = null;
         String location = oidcContext.getState().getFirst("state");
         if (location == null) {
@@ -71,15 +70,14 @@ public class OidcRpAuthenticationService {
         } else {
             redirectUri = URI.create(location);
         }
-        return Response.seeOther(redirectUri).header("Set-Cookie", 
-                                                     "org.apache.cxf.websso.context=" + key
+ ";Path=/").build();
+        return Response.seeOther(redirectUri).build();
     }
 
     public void setDefaultLocation(String defaultLocation) {
         this.defaultLocation = defaultLocation;
     }
 
-    public void setStateManager(OidcRpStateManager stateManager) {
+    public void setStateManager(ClientTokenContextManager stateManager) {
         this.stateManager = stateManager;
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/a9a1305a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java
deleted file mode 100644
index 645d424..0000000
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oidc.rp;
-
-import java.io.Closeable;
-
-public interface OidcRpStateManager extends Closeable {
-    void setTokenContext(String contextKey, OidcClientTokenContext state);
-    OidcClientTokenContext getTokenContext(String contextKey);
-    OidcClientTokenContext removeTokenContext(String contextKey);
-}


Mime
View raw message