cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-6165, CXF-5607] Cleaning up the demo a bit, minor OIDC RP code refactoring
Date Tue, 07 Jul 2015 14:33:57 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes cf10e17aa -> 2604c6060


[CXF-6165,CXF-5607] Cleaning up the demo a bit, minor OIDC RP code refactoring


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2604c606
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2604c606
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2604c606

Branch: refs/heads/3.0.x-fixes
Commit: 2604c60609d0beee42ecb27df56dc87078bdfc63
Parents: cf10e17
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Jul 7 15:24:31 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Jul 7 15:33:32 2015 +0100

----------------------------------------------------------------------
 .../cxf/rs/security/oidc/rp/IdTokenReader.java  | 55 ++++++++++++++++++++
 .../rs/security/oidc/rp/IdTokenValidator.java   | 55 --------------------
 .../oidc/rp/OidcClientCodeRequestFilter.java    | 17 +++---
 .../oidc/rp/OidcIdTokenRequestFilter.java       |  8 +--
 .../oidc/rp/OidcRpAuthenticationService.java    |  8 ++-
 .../cxf/rs/security/oidc/rp/UserInfoClient.java |  2 +-
 6 files changed, 74 insertions(+), 71 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/2604c606/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
new file mode 100644
index 0000000..35c2456
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.rp;
+
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
+import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
+
+public class IdTokenReader extends AbstractTokenValidator {
+    private boolean requireAtHash = true;
+    
+    public IdToken getIdToken(ClientAccessToken at, String clientId) {
+        JwtToken jwt = getIdJwtToken(at, clientId);
+        return getIdTokenFromJwt(jwt);
+    }
+    public IdToken getIdToken(String idJwtToken, String clientId) {
+        JwtToken jwt = getIdJwtToken(idJwtToken, clientId);
+        return getIdTokenFromJwt(jwt);
+    }
+    public JwtToken getIdJwtToken(ClientAccessToken at, String clientId) {
+        String idJwtToken = at.getParameters().get(OidcUtils.ID_TOKEN);
+        JwtToken jwt = getIdJwtToken(idJwtToken, clientId); 
+        OidcUtils.validateAccessTokenHash(at, jwt, requireAtHash);
+        return jwt;
+    }
+    public JwtToken getIdJwtToken(String idJwtToken, String clientId) {
+        JwtToken jwt = getJwtToken(idJwtToken, null, false);
+        validateJwtClaims(jwt.getClaims(), clientId, true);
+        return jwt;
+    }
+    public IdToken getIdTokenFromJwt(JwtToken jwt) {
+        //TODO: do the extra validation if needed
+        return new IdToken(jwt.getClaims().asMap());
+    }
+    public void setRequireAtHash(boolean requireAtHash) {
+        this.requireAtHash = requireAtHash;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2604c606/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
deleted file mode 100644
index 214a5b1..0000000
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oidc.rp;
-
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
-import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
-import org.apache.cxf.rs.security.oidc.common.IdToken;
-import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
-
-public class IdTokenValidator extends AbstractTokenValidator {
-    private boolean requireAtHash = true;
-    
-    public IdToken getIdToken(ClientAccessToken at, String clientId) {
-        JwtToken jwt = getIdJwtToken(at, clientId);
-        return getIdTokenFromJwt(jwt);
-    }
-    public IdToken getIdToken(String idJwtToken, String clientId) {
-        JwtToken jwt = getIdJwtToken(idJwtToken, clientId);
-        return getIdTokenFromJwt(jwt);
-    }
-    public JwtToken getIdJwtToken(ClientAccessToken at, String clientId) {
-        String idJwtToken = at.getParameters().get(OidcUtils.ID_TOKEN);
-        JwtToken jwt = getIdJwtToken(idJwtToken, clientId); 
-        OidcUtils.validateAccessTokenHash(at, jwt, requireAtHash);
-        return jwt;
-    }
-    public JwtToken getIdJwtToken(String idJwtToken, String clientId) {
-        JwtToken jwt = getJwtToken(idJwtToken, null, false);
-        validateJwtClaims(jwt.getClaims(), clientId, true);
-        return jwt;
-    }
-    public IdToken getIdTokenFromJwt(JwtToken jwt) {
-        //TODO: do the extra validation if needed
-        return new IdToken(jwt.getClaims().asMap());
-    }
-    public void setRequireAtHash(boolean requireAtHash) {
-        this.requireAtHash = requireAtHash;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/2604c606/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
index a509be9..1e96b7d 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
@@ -28,8 +28,8 @@ import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 
 public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter {
 
-    private UserInfoClient userInfoClient;
-    private boolean userInfoRequired = true; 
+    private IdTokenReader idTokenReader;
+    
     @Override
     protected ClientTokenContext createTokenContext(ContainerRequestContext rc, ClientAccessToken
at) {
         if (rc.getSecurityContext() instanceof OidcSecurityContext) {
@@ -37,8 +37,9 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter
{
         }
         OidcClientTokenContextImpl ctx = new OidcClientTokenContextImpl();
         if (at != null) {
-            ctx.setIdToken(userInfoClient.getIdToken(at, getConsumer().getKey()));
-            if (userInfoRequired) {
+            ctx.setIdToken(idTokenReader.getIdToken(at, getConsumer().getKey()));
+            if (idTokenReader instanceof UserInfoClient) {
+                UserInfoClient userInfoClient = (UserInfoClient)idTokenReader;
                 ctx.setUserInfo(userInfoClient.getUserInfo(at, ctx.getIdToken()));
             }
             rc.setSecurityContext(new OidcSecurityContext(ctx));
@@ -46,12 +47,10 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter
{
         
         return ctx;
     }
-    public void setUserInfoClient(UserInfoClient userInfoClient) {
-        this.userInfoClient = userInfoClient;
-    }
-    public void setUserInfoRequired(boolean userInfoRequired) {
-        this.userInfoRequired = userInfoRequired;
+    public void setIdTokenReader(IdTokenReader idTokenReader) {
+        this.idTokenReader = idTokenReader;
     }
+    
     @Override
     protected void checkSecurityContextStart(ContainerRequestContext rc) {
         SecurityContext sc = rc.getSecurityContext();

http://git-wip-us.apache.org/repos/asf/cxf/blob/2604c606/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
index 26845e0..57c6b24 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
@@ -34,7 +34,7 @@ import org.apache.cxf.rs.security.oidc.common.IdToken;
 
 public class OidcIdTokenRequestFilter implements ContainerRequestFilter {
     private String tokenFormParameter = "idtoken"; 
-    private IdTokenValidator idTokenValidator;
+    private IdTokenReader idTokenReader;
     private OAuthClientUtils.Consumer consumer;
     
     @Override
@@ -46,7 +46,7 @@ public class OidcIdTokenRequestFilter implements ContainerRequestFilter
{
             return;
         }
         
-        IdToken idToken = idTokenValidator.getIdToken(idTokenParamValue, consumer.getKey());
+        IdToken idToken = idTokenReader.getIdToken(idTokenParamValue, consumer.getKey());
         JAXRSUtils.getCurrentMessage().setContent(IdToken.class, idToken);
         requestContext.setSecurityContext(new OidcSecurityContext(idToken));
         
@@ -60,8 +60,8 @@ public class OidcIdTokenRequestFilter implements ContainerRequestFilter
{
         }
         return requestState;
     }
-    public void setIdTokenValidator(IdTokenValidator validator) {
-        this.idTokenValidator = validator;
+    public void setIdTokenReader(IdTokenReader idTokenReader) {
+        this.idTokenReader = idTokenReader;
     }
     public void setTokenFormParameter(String tokenFormParameter) {
         this.tokenFormParameter = tokenFormParameter;

http://git-wip-us.apache.org/repos/asf/cxf/blob/2604c606/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
index 26f2366..5857159 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
@@ -58,13 +58,17 @@ public class OidcRpAuthenticationService {
         URI redirectUri = null;
         MultivaluedMap<String, String> state = oidcContext.getState();
         String location = state != null ? state.getFirst("state") : null;
-        if (location == null) {
+        if (location == null && defaultLocation != null) {
             String basePath = (String)mc.get("http.base.path");
             redirectUri = UriBuilder.fromUri(basePath).path(defaultLocation).build();
         } else {
             redirectUri = URI.create(location);
         }
-        return Response.seeOther(redirectUri).build();
+        if (redirectUri != null) {
+            return Response.seeOther(redirectUri).build();
+        } else {
+            return Response.ok(oidcContext).build();
+        }
     }
 
     public void setDefaultLocation(String defaultLocation) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/2604c606/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
index 20cf640..1823f12 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
@@ -25,7 +25,7 @@ import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
 import org.apache.cxf.rs.security.oidc.common.UserInfo;
 
-public class UserInfoClient extends IdTokenValidator {
+public class UserInfoClient extends IdTokenReader {
     private boolean encryptedOnly;
     private WebClient profileClient;
     public UserInfo getUserInfo(ClientAccessToken at, IdToken idToken) {


Mime
View raw message