cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-5607] More work around oidc authentication only
Date Thu, 25 Jun 2015 15:09:40 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 8312517ac -> 3f90ae5d1


[CXF-5607] More work around oidc authentication only


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3f90ae5d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3f90ae5d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3f90ae5d

Branch: refs/heads/3.0.x-fixes
Commit: 3f90ae5d136643791944a81ca40392b01aeab00e
Parents: 8312517
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Jun 25 16:04:25 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Jun 25 16:09:19 2015 +0100

----------------------------------------------------------------------
 .../oidc/rp/OidcClientTokenContextImpl.java     |  6 ++
 .../security/oidc/rp/OidcIdTokenProvider.java   |  7 +-
 .../oidc/rp/OidcIdTokenRequestFilter.java       | 74 ++++++++++++++++++++
 .../oidc/rp/OidcRpAuthenticationService.java    | 22 ++----
 .../security/oidc/rp/OidcSecurityContext.java   |  4 ++
 5 files changed, 94 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/3f90ae5d/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientTokenContextImpl.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientTokenContextImpl.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientTokenContextImpl.java
index 47164a7..c18be13 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientTokenContextImpl.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientTokenContextImpl.java
@@ -26,6 +26,12 @@ public class OidcClientTokenContextImpl extends ClientTokenContextImpl
implement
     private static final long serialVersionUID = 117239739331303618L;
     private IdToken idToken;
     private UserInfo userInfo;
+    public OidcClientTokenContextImpl() {
+        
+    }
+    public OidcClientTokenContextImpl(IdToken idToken) {
+        this.idToken = idToken;
+    }
     public IdToken getIdToken() {
         return idToken;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/3f90ae5d/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
index 496a92c..fab9ae8 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java
@@ -26,6 +26,11 @@ import org.apache.cxf.rs.security.oidc.common.IdToken;
 public class OidcIdTokenProvider implements ContextProvider<IdToken> {
     @Override
     public IdToken createContext(Message m) {
-        return ((OidcClientTokenContext)m.getContent(ClientTokenContext.class)).getIdToken();
+        
+        OidcClientTokenContext ctx = (OidcClientTokenContext)m.getContent(ClientTokenContext.class);
+        if (ctx != null) {
+            return ctx.getIdToken();
+        }
+        return m.getContent(IdToken.class);
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/3f90ae5d/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
new file mode 100644
index 0000000..9b51cb3
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.rp;
+
+import java.io.IOException;
+
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.jaxrs.impl.MetadataMap;
+import org.apache.cxf.jaxrs.utils.FormUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.rs.security.oauth2.client.ClientTokenContext;
+import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
+
+public class OidcIdTokenRequestFilter implements ContainerRequestFilter {
+    private String tokenFormParameter = "idtoken"; 
+    private IdTokenValidator idTokenValidator;
+    private OAuthClientUtils.Consumer consumer;
+    
+    @Override
+    public void filter(ContainerRequestContext requestContext) throws IOException {
+        MultivaluedMap<String, String> form = toFormData(requestContext);
+        String idTokenParamValue = form.getFirst(tokenFormParameter);
+        if (idTokenParamValue == null) {
+            requestContext.abortWith(Response.status(401).build());
+            return;
+        }
+        
+        IdToken idToken = idTokenValidator.getIdToken(idTokenParamValue, consumer.getKey());
+        JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, idToken);
+        requestContext.setSecurityContext(new OidcSecurityContext(idToken));
+        
+    }
+    private MultivaluedMap<String, String> toFormData(ContainerRequestContext rc) {
+        MultivaluedMap<String, String> requestState = new MetadataMap<String, String>();
+        if (MediaType.APPLICATION_FORM_URLENCODED_TYPE.isCompatible(rc.getMediaType())) {
+            String body = FormUtils.readBody(rc.getEntityStream(), "UTF-8");
+            FormUtils.populateMapFromString(requestState, JAXRSUtils.getCurrentMessage(),
body, 
+                                            "UTF-8", false);
+        }
+        return requestState;
+    }
+    public void setIdTokenValidator(IdTokenValidator validator) {
+        this.idTokenValidator = validator;
+    }
+    public void setTokenFormParameter(String tokenFormParameter) {
+        this.tokenFormParameter = tokenFormParameter;
+    }
+
+    public void setConsumer(OAuthClientUtils.Consumer consumer) {
+        this.consumer = consumer;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/3f90ae5d/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
index 58a3f59..26f2366 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
@@ -32,29 +32,22 @@ import javax.ws.rs.core.UriBuilder;
 
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth2.client.ClientTokenContextManager;
-import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
+
 
 @Path("rp")
 public class OidcRpAuthenticationService {
     private ClientTokenContextManager stateManager;
     private String defaultLocation;
-    private String tokenFormParameter = "idtoken"; 
     @Context
     private MessageContext mc; 
-    private IdTokenValidator idTokenValidator;
-    private OAuthClientUtils.Consumer consumer;
-    
-    public void setIdTokenValidator(IdTokenValidator validator) {
-        this.idTokenValidator = validator;
-    }
     
     @POST
     @Path("signin")
     @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
-    public Response completeScriptAuthentication(MultivaluedMap<String, String> map)
{
-        String idTokenParamValue = map.getFirst(tokenFormParameter);
+    public Response completeScriptAuthentication(@Context IdToken idToken) {
         OidcClientTokenContextImpl ctx = new OidcClientTokenContextImpl();
-        ctx.setIdToken(idTokenValidator.getIdToken(idTokenParamValue, consumer.getKey()));
+        ctx.setIdToken(idToken);
         return completeAuthentication(ctx);   
     }
     
@@ -82,11 +75,4 @@ public class OidcRpAuthenticationService {
         this.stateManager = stateManager;
     }
 
-    public void setTokenFormParameter(String tokenFormParameter) {
-        this.tokenFormParameter = tokenFormParameter;
-    }
-
-    public void setConsumer(OAuthClientUtils.Consumer consumer) {
-        this.consumer = consumer;
-    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/3f90ae5d/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
index f8b8045..14dd8c3 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
@@ -23,9 +23,13 @@ import javax.ws.rs.core.SecurityContext;
 import org.apache.cxf.common.security.SimpleSecurityContext;
 import org.apache.cxf.jaxrs.utils.HttpUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
 
 public class OidcSecurityContext extends SimpleSecurityContext implements SecurityContext
{
     private OidcClientTokenContext oidcContext;
+    public OidcSecurityContext(IdToken token) {
+        this(new OidcClientTokenContextImpl());
+    }
     public OidcSecurityContext(OidcClientTokenContext oidcContext) {
         super(getUserName(oidcContext));
         this.oidcContext = oidcContext;


Mime
View raw message