cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-5607] Prototyping the code for supporting the script sending a jwt id token
Date Wed, 24 Jun 2015 16:18:20 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 529dd5b52 -> 8ac5e5a83


[CXF-5607] Prototyping the code for supporting the script sending a jwt id token


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8ac5e5a8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8ac5e5a8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8ac5e5a8

Branch: refs/heads/master
Commit: 8ac5e5a837ab6d1769207a086919b14bb0fd1e3d
Parents: 529dd5b
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Wed Jun 24 17:18:02 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Wed Jun 24 17:18:02 2015 +0100

----------------------------------------------------------------------
 .../oidc/rp/AbstractTokenValidator.java         |  1 -
 .../rs/security/oidc/rp/IdTokenValidator.java   | 21 +++++++----
 .../oidc/rp/OidcRpAuthenticationService.java    | 37 +++++++++++++++++---
 .../cxf/rs/security/oidc/rp/UserInfoClient.java |  2 +-
 4 files changed, 47 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/8ac5e5a8/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
index 74c0c00..6037c53 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
@@ -43,7 +43,6 @@ public abstract class AbstractTokenValidator {
     private ConcurrentHashMap<String, JsonWebKey> keyMap = new ConcurrentHashMap<String,
JsonWebKey>(); 
     
     protected JwtToken getJwtToken(String wrappedJwtToken, 
-                                   String clientId,
                                    String idTokenKid, 
                                    boolean jweOnly) {
         if (wrappedJwtToken == null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/8ac5e5a8/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
index 378cbe5..214a5b1 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
@@ -28,20 +28,27 @@ public class IdTokenValidator extends AbstractTokenValidator {
     
     public IdToken getIdToken(ClientAccessToken at, String clientId) {
         JwtToken jwt = getIdJwtToken(at, clientId);
-        return getIdTokenFromJwt(jwt, clientId);
+        return getIdTokenFromJwt(jwt);
     }
-    public IdToken getIdTokenFromJwt(JwtToken jwt, String clientId) {
-        //TODO: do the extra validation if needed
-        return new IdToken(jwt.getClaims().asMap());
+    public IdToken getIdToken(String idJwtToken, String clientId) {
+        JwtToken jwt = getIdJwtToken(idJwtToken, clientId);
+        return getIdTokenFromJwt(jwt);
     }
     public JwtToken getIdJwtToken(ClientAccessToken at, String clientId) {
         String idJwtToken = at.getParameters().get(OidcUtils.ID_TOKEN);
-        JwtToken jwt = getJwtToken(idJwtToken, clientId, null, false);
-        validateJwtClaims(jwt.getClaims(), clientId, true);
+        JwtToken jwt = getIdJwtToken(idJwtToken, clientId); 
         OidcUtils.validateAccessTokenHash(at, jwt, requireAtHash);
         return jwt;
     }
-
+    public JwtToken getIdJwtToken(String idJwtToken, String clientId) {
+        JwtToken jwt = getJwtToken(idJwtToken, null, false);
+        validateJwtClaims(jwt.getClaims(), clientId, true);
+        return jwt;
+    }
+    public IdToken getIdTokenFromJwt(JwtToken jwt) {
+        //TODO: do the extra validation if needed
+        return new IdToken(jwt.getClaims().asMap());
+    }
     public void setRequireAtHash(boolean requireAtHash) {
         this.requireAtHash = requireAtHash;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8ac5e5a8/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
index 49388e0..3320f7f 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
@@ -20,28 +20,51 @@ package org.apache.cxf.rs.security.oidc.rp;
 
 import java.net.URI;
 
+import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
+import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 
 import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth2.client.Consumer;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 
 @Path("rp")
 public class OidcRpAuthenticationService {
     private OidcRpStateManager stateManager;
     private String defaultLocation;
-        
+    private String tokenFormParameter = "idtoken"; 
+    @Context
+    private MessageContext mc; 
+    private UserInfoClient userInfoClient;
+    private Consumer consumer;
+    
+    public void setUserInfoClient(UserInfoClient userInfoClient) {
+        this.userInfoClient = userInfoClient;
+    }
+    
+    @POST
+    @Path("complete")
+    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    public Response completeScriptAuthentication(MultivaluedMap<String, String> map)
{
+        String idTokenParamValue = map.getFirst(tokenFormParameter);
+        OidcClientTokenContextImpl ctx = new OidcClientTokenContextImpl();
+        ctx.setIdToken(userInfoClient.getIdToken(idTokenParamValue, consumer.getKey()));
+        return completeAuthentication(ctx);   
+    }
+    
     @GET
     @Path("complete")
-    public Response completeAuthentication(@Context OidcClientTokenContext context,
-                                           @Context MessageContext mc) {
+    public Response completeAuthentication(@Context OidcClientTokenContext oidcContext) {
         String key = OAuthUtils.generateRandomTokenKey();
-        stateManager.setTokenContext(key, context);
+        stateManager.setTokenContext(key, oidcContext);
         URI redirectUri = null;
-        String location = context.getState().getFirst("state");
+        String location = oidcContext.getState().getFirst("state");
         if (location == null) {
             String basePath = (String)mc.get("http.base.path");
             redirectUri = UriBuilder.fromUri(basePath).path(defaultLocation).build();
@@ -59,4 +82,8 @@ public class OidcRpAuthenticationService {
     public void setStateManager(OidcRpStateManager stateManager) {
         this.stateManager = stateManager;
     }
+
+    public void setTokenFormParameter(String tokenFormParameter) {
+        this.tokenFormParameter = tokenFormParameter;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8ac5e5a8/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
index b6cab0c..20cf640 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
@@ -52,7 +52,7 @@ public class UserInfoClient extends IdTokenValidator {
         return profile;
     }
     public JwtToken getUserInfoJwt(String profileJwtToken, IdToken idToken) {
-        return getJwtToken(profileJwtToken, idToken.getAudience(), (String)idToken.getProperty("kid"),
encryptedOnly);
+        return getJwtToken(profileJwtToken, (String)idToken.getProperty("kid"), encryptedOnly);
     }
     public void validateUserInfo(UserInfo profile, IdToken idToken) {
         validateJwtClaims(profile, idToken.getAudience(), false);


Mime
View raw message