cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Making JWE optional in the Jose session handler
Date Mon, 22 Jun 2015 08:09:13 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 17d710cdb -> dbf8d58d5


Making JWE optional in the Jose session handler


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dbf8d58d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dbf8d58d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dbf8d58d

Branch: refs/heads/master
Commit: dbf8d58d565ba7f3a8c43b917f7e9182cabe5efa
Parents: 17d710c
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Mon Jun 22 09:08:56 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Mon Jun 22 09:08:56 2015 +0100

----------------------------------------------------------------------
 .../provider/JoseSessionTokenProvider.java      | 21 ++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/dbf8d58d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
index 9ef260c..9619710 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
@@ -39,12 +39,13 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide
     private JweEncryptionProvider jweEncryptor;
     private JweDecryptionProvider jweDecryptor;
     private boolean jwsRequired;
+    private boolean jweRequired;
     private int maxDefaultSessionInterval;
     @Override
     public String createSessionToken(MessageContext mc, MultivaluedMap<String, String>
params,
                                      UserSubject subject, OAuthRedirectionState secData)
{
         String stateString = convertStateToString(secData);
-        String sessionToken = encryptStateString(stateString);
+        String sessionToken = protectStateString(stateString);
         return OAuthUtils.setDefaultSessionToken(mc, sessionToken, maxDefaultSessionInterval);
     }
 
@@ -101,12 +102,15 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide
     public void setJwsRequired(boolean jwsRequired) {
         this.jwsRequired = jwsRequired;
     }
+    public void setJweRequired(boolean jweRequired) {
+        this.jweRequired = jweRequired;
+    }
 
     protected JweDecryptionProvider getInitializedDecryptionProvider() {
         if (jweDecryptor != null) {
             return jweDecryptor;    
         } 
-        return JweUtils.loadDecryptionProvider(true);
+        return JweUtils.loadDecryptionProvider(jweRequired);
     }
     protected JwsSignatureVerifier getInitializedSigVerifier() {
         if (jwsVerifier != null) {
@@ -125,14 +129,19 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide
         return stateString;
     }
 
-    private String encryptStateString(String stateString) {
+    private String protectStateString(String stateString) {
         JwsSignatureProvider jws = getInitializedSigProvider();
+        JweEncryptionProvider jwe = getInitializedEncryptionProvider();
+        if (jws == null && jwe == null) {
+            throw new OAuthServiceException("Session token can not be created");
+        }
         if (jws != null) {
             stateString = JwsUtils.sign(jws, stateString, null);
         } 
-        
-        JweEncryptionProvider jwe = getInitializedEncryptionProvider();
-        return jwe.encrypt(StringUtils.toBytesUTF8(stateString), null);
+        if (jwe != null) {
+            stateString = jwe.encrypt(StringUtils.toBytesUTF8(stateString), null);
+        }
+        return stateString;
     }
     
     private OAuthRedirectionState convertStateStringToState(String stateString) {


Mime
View raw message