cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-5607] Simplifying the oidc filter code for now
Date Wed, 24 Jun 2015 15:19:50 GMT
Repository: cxf
Updated Branches:
  refs/heads/master d97610790 -> 8c22c4cee


[CXF-5607] Simplifying the oidc filter code for now


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8c22c4ce
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8c22c4ce
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8c22c4ce

Branch: refs/heads/master
Commit: 8c22c4cee5ab1b31a4c8e843601627b3445da312
Parents: d976107
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Wed Jun 24 16:19:34 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Wed Jun 24 16:19:34 2015 +0100

----------------------------------------------------------------------
 .../java/demo/jaxrs/server/BigQueryService.java | 10 +++++++-
 .../main/webapp/WEB-INF/applicationContext.xml  | 24 +++-----------------
 .../src/main/webapp/forms/startSearch.jsp       |  2 +-
 .../oidc/rp/MemoryOidcRpStateManager.java       | 14 ------------
 .../oidc/rp/OidcRpAuthenticationFilter.java     | 16 ++++++-------
 .../oidc/rp/OidcRpAuthenticationService.java    |  5 ++--
 .../rs/security/oidc/rp/OidcRpStateManager.java |  5 ----
 7 files changed, 23 insertions(+), 53 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/8c22c4ce/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java
----------------------------------------------------------------------
diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java
b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java
index d400ebe..00151d9 100644
--- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java
+++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java
@@ -23,6 +23,7 @@ import java.util.List;
 import java.util.Map;
 
 import javax.ws.rs.GET;
+import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
@@ -47,10 +48,17 @@ public class BigQueryService {
     
     private WebClient bigQueryClient;
     
+    @POST
+    @Path("/complete")
+    @Produces("text/html")
+    public BigQueryResponse completeBigQueryPost(@Context OidcClientTokenContext context)
{
+        return completeBigQueryGet(context);
+    }
+    
     @GET
     @Path("/complete")
     @Produces("text/html")
-    public BigQueryResponse completeBigQuery(@Context OidcClientTokenContext context) {
+    public BigQueryResponse completeBigQueryGet(@Context OidcClientTokenContext context)
{
         
         ClientAccessToken accessToken = context.getToken();
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/8c22c4ce/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
index 7f59a63..e23c012 100644
--- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
@@ -84,20 +84,6 @@
          <property name="secret" value="${client_secret}"/>
      </bean>
      <bean id="clientCodeStateManager" class="org.apache.cxf.rs.security.oauth2.client.MemoryClientCodeStateManager"/>
-     <bean id="oidcRequestFilter" class="org.apache.cxf.rs.security.oidc.rp.OidcClientCodeRequestFilter">
-         <property name="clientCodeStateManager" ref="clientCodeStateManager"/>
-         <!-- Use it if no incremental authorization if enabled --> 
-         <property name="scopes" value="openid email profile https://www.googleapis.com/auth/bigquery.readonly"/>
-         <!--
-         <property name="scopes" value="https://www.googleapis.com/auth/bigquery.readonly"/>
-         -->
-         <property name="accessTokenServiceClient" ref="atServiceClient"/>
-         <property name="userInfoClient" ref="userInfoClient"/>
-         <property name="consumer" ref="consumer"/>
-         <property name="authorizationServiceUri" value="https://accounts.google.com/o/oauth2/auth"/>
-         <property name="startUri" value="search"/>
-         <property name="completeUri" value="complete"/>
-     </bean>
      
      <bean id="bigQueryService" class="demo.jaxrs.server.BigQueryService">
          <property name="bigQueryClient" ref="bigQueryClient"/>
@@ -125,11 +111,7 @@
            <ref bean="bigQueryService"/>
         </jaxrs:serviceBeans>
         <jaxrs:providers>
-           <!-- disable "oidcRpFilter" if the RP endpoint is not available 
            <ref bean="oidcRpFilter"/>
-           -->
-           
-           <ref bean="oidcRequestFilter"/>
            <ref bean="searchView"/>
            <bean class="org.apache.cxf.rs.security.oauth2.client.ClientTokenContextProvider"/>
         </jaxrs:providers>
@@ -137,7 +119,7 @@
            <ref bean="loggingFeature"/>
         </jaxrs:features>
      </jaxrs:server>
-     <!--
+     
      <bean id="stateManager" class="org.apache.cxf.rs.security.oidc.rp.MemoryOidcRpStateManager"/>
      
      <bean id="oidcRpFilter" class="org.apache.cxf.rs.security.oidc.rp.OidcRpAuthenticationFilter">
@@ -166,7 +148,7 @@
      <bean id="rpClientCodeStateManager" class="org.apache.cxf.rs.security.oauth2.client.MemoryClientCodeStateManager"/>
      <bean id="rpOidcRequestFilter" class="org.apache.cxf.rs.security.oidc.rp.OidcClientCodeRequestFilter">
          <property name="clientCodeStateManager" ref="rpClientCodeStateManager"/>
-         <property name="scopes" value="openid email profile"/>
+         <property name="scopes" value="openid email profile https://www.googleapis.com/auth/bigquery.readonly"/>
          <property name="accessTokenServiceClient" ref="atServiceClient"/>
          <property name="userInfoClient" ref="userInfoClient"/>
          <property name="consumer" ref="consumer"/>
@@ -174,6 +156,6 @@
          <property name="startUri" value="rp"/>
          <property name="completeUri" value="rp/complete"/>
      </bean>
-     -->     
+          
 </beans>
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/8c22c4ce/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/startSearch.jsp
----------------------------------------------------------------------
diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/startSearch.jsp
b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/startSearch.jsp
index d19f911..23269f4 100644
--- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/startSearch.jsp
+++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/startSearch.jsp
@@ -16,7 +16,7 @@
 <em></em>
 <p>
  <table>
-     <form action="https://localhost:8080/bigquery/service/search" method="POST">
+     <form action="https://localhost:8080/bigquery/service/search/complete" method="POST">
         <tr>
             <td><big><big><big>Text Word:</big></big></big></td>
             <td>

http://git-wip-us.apache.org/repos/asf/cxf/blob/8c22c4ce/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java
index baa7e80..3b60bc4 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java
@@ -21,12 +21,8 @@ package org.apache.cxf.rs.security.oidc.rp;
 import java.io.IOException;
 import java.util.concurrent.ConcurrentHashMap;
 
-import javax.ws.rs.core.MultivaluedMap;
-
 
 public class MemoryOidcRpStateManager implements OidcRpStateManager {
-    private ConcurrentHashMap<String, MultivaluedMap<String, String>> map = 
-        new ConcurrentHashMap<String, MultivaluedMap<String, String>>();
     private ConcurrentHashMap<String, OidcClientTokenContext> map2 = 
         new ConcurrentHashMap<String, OidcClientTokenContext>();
     @Override
@@ -36,16 +32,6 @@ public class MemoryOidcRpStateManager implements OidcRpStateManager {
     }
 
     @Override
-    public void setRequestState(String token, MultivaluedMap<String, String> state)
{
-        map.put(token, state);
-    }
-
-    @Override
-    public MultivaluedMap<String, String> removeRequestState(String token) {
-        return map.remove(token);
-    }
-
-    @Override
     public void setTokenContext(String contextKey, OidcClientTokenContext state) {
         map2.put(contextKey, state);
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/8c22c4ce/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
index 01b95a3..87ccb07 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java
@@ -35,7 +35,7 @@ import javax.ws.rs.core.UriBuilder;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.jaxrs.utils.FormUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+import org.apache.cxf.rs.security.oauth2.client.ClientTokenContext;
 
 @PreMatching
 @Priority(Priorities.AUTHENTICATION)
@@ -48,11 +48,7 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter
{
         if (checkSecurityContext(rc)) {
             return;
         } else {
-            String token = OAuthUtils.generateRandomTokenKey();
-            MultivaluedMap<String, String> state = toRequestState(rc);
-            stateManager.setRequestState(token, state);
             UriBuilder ub = rc.getUriInfo().getBaseUriBuilder().path(rpServiceAddress);
-            ub.queryParam("state", token);
             rc.abortWith(Response.seeOther(ub.build())
                            .header(HttpHeaders.CACHE_CONTROL, "no-cache, no-store")
                            .header("Pragma", "no-cache") 
@@ -69,11 +65,16 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter
{
         String contextKey = securityContextCookie.getValue();
         
         OidcClientTokenContext tokenContext = stateManager.getTokenContext(contextKey);
-        
         if (tokenContext == null) {
             return false;
         }
-        rc.setSecurityContext(new OidcSecurityContext(tokenContext));
+        OidcClientTokenContextImpl newTokenContext = new OidcClientTokenContextImpl();
+        newTokenContext.setToken(tokenContext.getToken());
+        newTokenContext.setIdToken(tokenContext.getIdToken());
+        newTokenContext.setUserInfo(tokenContext.getUserInfo());
+        newTokenContext.setState(toRequestState(rc));
+        JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, newTokenContext);
+        rc.setSecurityContext(new OidcSecurityContext(newTokenContext));
         return true;
     }
     private MultivaluedMap<String, String> toRequestState(ContainerRequestContext rc)
{
@@ -84,7 +85,6 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter
{
             FormUtils.populateMapFromString(requestState, JAXRSUtils.getCurrentMessage(),
body, 
                                             "UTF-8", true);
         }
-        requestState.putSingle("location", rc.getUriInfo().getRequestUri().toString());
         return requestState;
     }
     public void setRpServiceAddress(String rpServiceAddress) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/8c22c4ce/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
index 1d939fa..49388e0 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
@@ -33,8 +33,7 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 public class OidcRpAuthenticationService {
     private OidcRpStateManager stateManager;
     private String defaultLocation;
-    
-    
+        
     @GET
     @Path("complete")
     public Response completeAuthentication(@Context OidcClientTokenContext context,
@@ -42,7 +41,7 @@ public class OidcRpAuthenticationService {
         String key = OAuthUtils.generateRandomTokenKey();
         stateManager.setTokenContext(key, context);
         URI redirectUri = null;
-        String location = context.getState().getFirst("location");
+        String location = context.getState().getFirst("state");
         if (location == null) {
             String basePath = (String)mc.get("http.base.path");
             redirectUri = UriBuilder.fromUri(basePath).path(defaultLocation).build();

http://git-wip-us.apache.org/repos/asf/cxf/blob/8c22c4ce/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java
index 564e53e..645d424 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java
@@ -20,12 +20,7 @@ package org.apache.cxf.rs.security.oidc.rp;
 
 import java.io.Closeable;
 
-import javax.ws.rs.core.MultivaluedMap;
-
 public interface OidcRpStateManager extends Closeable {
-    void setRequestState(String token, MultivaluedMap<String, String> state);
-    MultivaluedMap<String, String> removeRequestState(String token);
-    
     void setTokenContext(String contextKey, OidcClientTokenContext state);
     OidcClientTokenContext getTokenContext(String contextKey);
     OidcClientTokenContext removeTokenContext(String contextKey);


Mime
View raw message