cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-6165, CXF-5607] Cleaning up the demo a bit, minor OIDC RP code refactoring
Date Tue, 07 Jul 2015 14:24:55 GMT
Repository: cxf
Updated Branches:
  refs/heads/master e92477bc8 -> f3cfadb6e


[CXF-6165,CXF-5607] Cleaning up the demo a bit, minor OIDC RP code refactoring


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f3cfadb6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f3cfadb6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f3cfadb6

Branch: refs/heads/master
Commit: f3cfadb6e7bae9233a03fa6bf862ed8eb64ce237
Parents: e92477b
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Jul 7 15:24:31 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Jul 7 15:24:31 2015 +0100

----------------------------------------------------------------------
 .../java/demo/jaxrs/server/BigQueryService.java |  11 +-
 .../main/webapp/WEB-INF/applicationContext.xml  | 205 ++++++++++---------
 .../cxf/rs/security/oidc/rp/IdTokenReader.java  |  55 +++++
 .../rs/security/oidc/rp/IdTokenValidator.java   |  55 -----
 .../oidc/rp/OidcClientCodeRequestFilter.java    |  17 +-
 .../oidc/rp/OidcIdTokenRequestFilter.java       |   8 +-
 .../oidc/rp/OidcRpAuthenticationService.java    |  25 +--
 .../cxf/rs/security/oidc/rp/UserInfoClient.java |   2 +-
 8 files changed, 194 insertions(+), 184 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f3cfadb6/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java
----------------------------------------------------------------------
diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java
b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java
index 00151d9..2c1932f 100644
--- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java
+++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java
@@ -67,12 +67,21 @@ public class BigQueryService {
         String searchWord = state.getFirst("word");
         String maxResults = state.getFirst("maxResults");
         
-        BigQueryResponse bigQueryResponse = new BigQueryResponse(context.getUserInfo().getName(),
+        BigQueryResponse bigQueryResponse = new BigQueryResponse(getUserInfo(context),
                                                                  searchWord);
         bigQueryResponse.setTexts(getMatchingTexts(bigQueryClient, accessToken, searchWord,
maxResults));
         return bigQueryResponse;
     }
 
+    private String getUserInfo(OidcClientTokenContext context) {
+        if (context.getUserInfo() != null) {
+            return context.getUserInfo().getName();
+        } else {
+            return context.getIdToken().getSubject();
+        }
+        
+    }
+
     public void setBigQueryClient(WebClient bigQueryClient) {
         this.bigQueryClient = bigQueryClient;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f3cfadb6/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
index b004067..e6d20df 100644
--- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml
@@ -6,24 +6,119 @@
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:jaxrs="http://cxf.apache.org/jaxrs"
       xmlns:jaxrsclient="http://cxf.apache.org/jaxrs-client"
-      xmlns:http="http://cxf.apache.org/transports/http/configuration"
-      xmlns:sec="http://cxf.apache.org/configuration/security"
       xsi:schemaLocation="
          http://www.springframework.org/schema/beans 
          http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
          http://cxf.apache.org/jaxrs
          http://cxf.apache.org/schemas/jaxrs.xsd
          http://cxf.apache.org/jaxrs-client
-         http://cxf.apache.org/schemas/jaxrs-client.xsd
-         http://cxf.apache.org/transports/http/configuration
-         http://cxf.apache.org/schemas/configuration/http-conf.xsd
-         http://cxf.apache.org/configuration/security
-         http://cxf.apache.org/schemas/configuration/security.xsd">
+         http://cxf.apache.org/schemas/jaxrs-client.xsd">
 
-     
      <!-- CXF Logging Feature -->
      <bean id="loggingFeature" class="org.apache.cxf.feature.LoggingFeature"/>
 
+     <!-- 
+        1. Big Query Client Application: 
+        accepts a form query and uses an OAuth2 access token to query BigQuery service
+        with a bigQueryClient client  
+     -->
+     <jaxrs:server id="bigQueryServer" address="/search">
+        <jaxrs:serviceBeans>
+           <ref bean="bigQueryService"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+           <!-- Checks that a client is authenticated with Google -->
+           <ref bean="oidcRpFilter"/>
+           
+           <!-- supports the mapping of the big query search result to HTML --> 
+           <ref bean="searchView"/>
+           
+           <!-- JAX-RS provider that makes OidcClientTokenContext available as JAX-RS
@Context -->
+           <ref bean="clientTokenContextProvider"/>
+        </jaxrs:providers>
+        <jaxrs:features>
+           <ref bean="loggingFeature"/>
+        </jaxrs:features>
+     </jaxrs:server> 
+     
+     <!-- JAX-RS provider that makes OidcClientTokenContext available as JAX-RS @Context
-->
+     <bean id="clientTokenContextProvider" class="org.apache.cxf.rs.security.oauth2.client.ClientTokenContextProvider"/>
+     
+     <bean id="bigQueryService" class="demo.jaxrs.server.BigQueryService">
+         <property name="bigQueryClient" ref="bigQueryClient"/>
+     </bean>
+
+     <jaxrsclient:client id="bigQueryClient" threadSafe="true" 
+        address="https://www.googleapis.com/bigquery/v2/projects/${project_id}/queries"
+        serviceClass="org.apache.cxf.jaxrs.client.WebClient">
+        <jaxrsclient:headers>
+            <entry key="Accept" value="application/json"/>
+            <entry key="Content-Type" value="application/json"/>
+        </jaxrsclient:headers>
+        <jaxrsclient:providers>
+           <bean class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/>
+        </jaxrsclient:providers>
+     </jaxrsclient:client>
+     
+     <bean id="searchView" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider">
+         <property name="useClassNames" value="true"/>
+         <property name="locationPrefix" value="/forms/"/>
+     </bean>
+     
+     <bean id="oidcRpFilter" class="org.apache.cxf.rs.security.oidc.rp.OidcRpAuthenticationFilter">
+         <!-- 
+              This state manager is shared between this filter and the RP endpoint, 
+              the RP endpoint sets an OIDC context on it and this filter checks the context
is available 
+         -->
+         <property name="stateManager" ref="stateManager"/>
+         
+         <!-- RP endpoint address to redirect to if no OIDC context is available -->
+         <property name="rpServiceAddress" value="oidc/rp"/>    
+     </bean>
+     
+     <!-- 
+        2. OIDC RP endpoint: authenticates a user by redirecting a user to Google, and redirects
the user 
+                             to the initial application form once the authentication is done
+     -->                        
+     <jaxrs:server id="oidcRpServer" address="/oidc">
+        <jaxrs:serviceBeans>
+           <ref bean="oidcRpService"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+           <!-- the filter which does the actual work for obtaining an OIDC context -->
+           <ref bean="rpOidcRequestFilter"/>
+           
+           <!-- JAX-RS provider that makes OidcClientTokenContext available as JAX-RS
@Context -->
+           <ref bean="clientTokenContextProvider"/>
+        </jaxrs:providers>
+        <jaxrs:features>
+           <ref bean="loggingFeature"/>
+        </jaxrs:features>
+     </jaxrs:server>
+     
+     <bean id="oidcRpService" class="org.apache.cxf.rs.security.oidc.rp.OidcRpAuthenticationService">
+         <!-- This state manager is shared between this RP endpoint and the oidcRpFilter
which protects
+              the application endpoint, the RP endpoint sets an OIDC context on it and the
filter checks 
+              the context is available -->
+         <property name="stateManager" ref="stateManager"/>
+         <!-- Where to redirect to once the authentication is complete -->
+         <property name="defaultLocation" value="/forms/startSearch.jsp"/>
+     </bean>
+     <!-- The state manager shared between the RP and application endpoints -->
+     <bean id="stateManager" class="org.apache.cxf.rs.security.oauth2.client.MemoryClientTokenContextManager"/>
+     
+     <bean id="rpOidcRequestFilter" class="org.apache.cxf.rs.security.oidc.rp.OidcClientCodeRequestFilter">
+         <property name="clientCodeStateManager" ref="rpClientCodeStateManager"/>
+         <property name="scopes" value="openid email profile https://www.googleapis.com/auth/bigquery.readonly"/>
+         <property name="accessTokenServiceClient" ref="atServiceClient"/>
+         <property name="idTokenReader" ref="userInfoClient"/>
+         <property name="consumer" ref="consumer"/>
+         <property name="authorizationServiceUri" value="https://accounts.google.com/o/oauth2/auth"/>
+         <property name="startUri" value="rp"/>
+         <property name="completeUri" value="rp/complete"/>
+     </bean>
+     <bean id="rpClientCodeStateManager" class="org.apache.cxf.rs.security.oauth2.client.MemoryClientCodeStateManager"/>
+     
      <!-- WebClient for requesting an OAuth2 Access token --> 
      
      <jaxrsclient:client id="atServiceClient" threadSafe="true" 
@@ -78,100 +173,10 @@
          <property name="userInfoServiceClient" ref="userInfoServiceClient"/>
          <property name="clockOffset" value="10"/>
      </bean>
-
+     
      <bean id="consumer" class="org.apache.cxf.rs.security.oauth2.client.Consumer">
          <property name="key" value="${client_id}"/> 
          <property name="secret" value="${client_secret}"/>
-     </bean>
-     <bean id="clientCodeStateManager" class="org.apache.cxf.rs.security.oauth2.client.MemoryClientCodeStateManager"/>
-     
-     <bean id="bigQueryService" class="demo.jaxrs.server.BigQueryService">
-         <property name="bigQueryClient" ref="bigQueryClient"/>
-     </bean>
-     
-     <!-- BigQuery WebClient -->
-     <jaxrsclient:client id="bigQueryClient" threadSafe="true" 
-        address="https://www.googleapis.com/bigquery/v2/projects/${project_id}/queries"
-        serviceClass="org.apache.cxf.jaxrs.client.WebClient">
-        <jaxrsclient:headers>
-            <entry key="Accept" value="application/json"/>
-            <entry key="Content-Type" value="application/json"/>
-        </jaxrsclient:headers>
-        <jaxrsclient:providers>
-           <bean class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/>
-        </jaxrsclient:providers>
-     </jaxrsclient:client>
-     
-     <bean id="searchView" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider">
-         <property name="useClassNames" value="true"/>
-         <property name="locationPrefix" value="/forms/"/>
-     </bean>
-     <jaxrs:server id="bigQueryServer" address="/search">
-        <jaxrs:serviceBeans>
-           <ref bean="bigQueryService"/>
-        </jaxrs:serviceBeans>
-        <jaxrs:providers>
-           <ref bean="oidcRpFilter"/>
-           <ref bean="searchView"/>
-           <bean class="org.apache.cxf.rs.security.oauth2.client.ClientTokenContextProvider"/>
-        </jaxrs:providers>
-        <jaxrs:features>
-           <ref bean="loggingFeature"/>
-        </jaxrs:features>
-     </jaxrs:server>
-     
-     <bean id="stateManager" class="org.apache.cxf.rs.security.oauth2.client.MemoryClientTokenContextManager"/>
-     
-     <bean id="oidcRpFilter" class="org.apache.cxf.rs.security.oidc.rp.OidcRpAuthenticationFilter">
-         <property name="stateManager" ref="stateManager"/>
-         <property name="rpServiceAddress" value="oidc/rp"/>    
-     </bean>
-     
-     <bean id="oidcRpService" class="org.apache.cxf.rs.security.oidc.rp.OidcRpAuthenticationService">
-         <property name="stateManager" ref="stateManager"/>
-         <property name="defaultLocation" value="/forms/startSearch.jsp"/>
-         <!--
-         <property name="useRedirect" value="false"/>
-         -->
-     </bean>
-     
-     <jaxrs:server id="oidcRpServer" address="/oidc">
-        <jaxrs:serviceBeans>
-           <ref bean="oidcRpService"/>
-        </jaxrs:serviceBeans>
-        <jaxrs:providers>
-           <!--
-           <ref bean="rpOidcRequestFilter"/>
-           -->
-           <ref bean="rpOidcTokenFilter"/>
-           <!--
-           <ref bean="searchView"/>
-           -->
-           <!--
-           <bean class="org.apache.cxf.rs.security.oauth2.client.ClientTokenContextProvider"/>
-           -->
-           <bean class="org.apache.cxf.rs.security.oidc.rp.OidcIdTokenProvider"/>
-        </jaxrs:providers>
-        <jaxrs:features>
-           <ref bean="loggingFeature"/>
-        </jaxrs:features>
-     </jaxrs:server>
-     
-     <bean id="rpClientCodeStateManager" class="org.apache.cxf.rs.security.oauth2.client.MemoryClientCodeStateManager"/>
-     <bean id="rpOidcRequestFilter" class="org.apache.cxf.rs.security.oidc.rp.OidcClientCodeRequestFilter">
-         <property name="clientCodeStateManager" ref="rpClientCodeStateManager"/>
-         <property name="scopes" value="openid email profile https://www.googleapis.com/auth/bigquery.readonly"/>
-         <property name="accessTokenServiceClient" ref="atServiceClient"/>
-         <property name="userInfoClient" ref="userInfoClient"/>
-         <property name="consumer" ref="consumer"/>
-         <property name="authorizationServiceUri" value="https://accounts.google.com/o/oauth2/auth"/>
-         <property name="startUri" value="rp"/>
-         <property name="completeUri" value="rp/complete"/>
-     </bean>
-     <bean id="rpOidcTokenFilter" class="org.apache.cxf.rs.security.oidc.rp.OidcIdTokenRequestFilter">
-         <property name="idTokenValidator" ref="userInfoClient"/>
-         <property name="consumer" ref="consumer"/>
-     </bean>
-          
+     </bean>     
 </beans>
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/f3cfadb6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
new file mode 100644
index 0000000..35c2456
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.rp;
+
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
+import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
+
+public class IdTokenReader extends AbstractTokenValidator {
+    private boolean requireAtHash = true;
+    
+    public IdToken getIdToken(ClientAccessToken at, String clientId) {
+        JwtToken jwt = getIdJwtToken(at, clientId);
+        return getIdTokenFromJwt(jwt);
+    }
+    public IdToken getIdToken(String idJwtToken, String clientId) {
+        JwtToken jwt = getIdJwtToken(idJwtToken, clientId);
+        return getIdTokenFromJwt(jwt);
+    }
+    public JwtToken getIdJwtToken(ClientAccessToken at, String clientId) {
+        String idJwtToken = at.getParameters().get(OidcUtils.ID_TOKEN);
+        JwtToken jwt = getIdJwtToken(idJwtToken, clientId); 
+        OidcUtils.validateAccessTokenHash(at, jwt, requireAtHash);
+        return jwt;
+    }
+    public JwtToken getIdJwtToken(String idJwtToken, String clientId) {
+        JwtToken jwt = getJwtToken(idJwtToken, null, false);
+        validateJwtClaims(jwt.getClaims(), clientId, true);
+        return jwt;
+    }
+    public IdToken getIdTokenFromJwt(JwtToken jwt) {
+        //TODO: do the extra validation if needed
+        return new IdToken(jwt.getClaims().asMap());
+    }
+    public void setRequireAtHash(boolean requireAtHash) {
+        this.requireAtHash = requireAtHash;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/f3cfadb6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
deleted file mode 100644
index 214a5b1..0000000
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oidc.rp;
-
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
-import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
-import org.apache.cxf.rs.security.oidc.common.IdToken;
-import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
-
-public class IdTokenValidator extends AbstractTokenValidator {
-    private boolean requireAtHash = true;
-    
-    public IdToken getIdToken(ClientAccessToken at, String clientId) {
-        JwtToken jwt = getIdJwtToken(at, clientId);
-        return getIdTokenFromJwt(jwt);
-    }
-    public IdToken getIdToken(String idJwtToken, String clientId) {
-        JwtToken jwt = getIdJwtToken(idJwtToken, clientId);
-        return getIdTokenFromJwt(jwt);
-    }
-    public JwtToken getIdJwtToken(ClientAccessToken at, String clientId) {
-        String idJwtToken = at.getParameters().get(OidcUtils.ID_TOKEN);
-        JwtToken jwt = getIdJwtToken(idJwtToken, clientId); 
-        OidcUtils.validateAccessTokenHash(at, jwt, requireAtHash);
-        return jwt;
-    }
-    public JwtToken getIdJwtToken(String idJwtToken, String clientId) {
-        JwtToken jwt = getJwtToken(idJwtToken, null, false);
-        validateJwtClaims(jwt.getClaims(), clientId, true);
-        return jwt;
-    }
-    public IdToken getIdTokenFromJwt(JwtToken jwt) {
-        //TODO: do the extra validation if needed
-        return new IdToken(jwt.getClaims().asMap());
-    }
-    public void setRequireAtHash(boolean requireAtHash) {
-        this.requireAtHash = requireAtHash;
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/f3cfadb6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
index a509be9..1e96b7d 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
@@ -28,8 +28,8 @@ import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 
 public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter {
 
-    private UserInfoClient userInfoClient;
-    private boolean userInfoRequired = true; 
+    private IdTokenReader idTokenReader;
+    
     @Override
     protected ClientTokenContext createTokenContext(ContainerRequestContext rc, ClientAccessToken
at) {
         if (rc.getSecurityContext() instanceof OidcSecurityContext) {
@@ -37,8 +37,9 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter
{
         }
         OidcClientTokenContextImpl ctx = new OidcClientTokenContextImpl();
         if (at != null) {
-            ctx.setIdToken(userInfoClient.getIdToken(at, getConsumer().getKey()));
-            if (userInfoRequired) {
+            ctx.setIdToken(idTokenReader.getIdToken(at, getConsumer().getKey()));
+            if (idTokenReader instanceof UserInfoClient) {
+                UserInfoClient userInfoClient = (UserInfoClient)idTokenReader;
                 ctx.setUserInfo(userInfoClient.getUserInfo(at, ctx.getIdToken()));
             }
             rc.setSecurityContext(new OidcSecurityContext(ctx));
@@ -46,12 +47,10 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter
{
         
         return ctx;
     }
-    public void setUserInfoClient(UserInfoClient userInfoClient) {
-        this.userInfoClient = userInfoClient;
-    }
-    public void setUserInfoRequired(boolean userInfoRequired) {
-        this.userInfoRequired = userInfoRequired;
+    public void setIdTokenReader(IdTokenReader idTokenReader) {
+        this.idTokenReader = idTokenReader;
     }
+    
     @Override
     protected void checkSecurityContextStart(ContainerRequestContext rc) {
         SecurityContext sc = rc.getSecurityContext();

http://git-wip-us.apache.org/repos/asf/cxf/blob/f3cfadb6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
index e7a6e64..d075b0b 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java
@@ -34,7 +34,7 @@ import org.apache.cxf.rs.security.oidc.common.IdToken;
 
 public class OidcIdTokenRequestFilter implements ContainerRequestFilter {
     private String tokenFormParameter = "idtoken"; 
-    private IdTokenValidator idTokenValidator;
+    private IdTokenReader idTokenReader;
     private Consumer consumer;
     
     @Override
@@ -46,7 +46,7 @@ public class OidcIdTokenRequestFilter implements ContainerRequestFilter
{
             return;
         }
         
-        IdToken idToken = idTokenValidator.getIdToken(idTokenParamValue, consumer.getKey());
+        IdToken idToken = idTokenReader.getIdToken(idTokenParamValue, consumer.getKey());
         JAXRSUtils.getCurrentMessage().setContent(IdToken.class, idToken);
         requestContext.setSecurityContext(new OidcSecurityContext(idToken));
         
@@ -60,8 +60,8 @@ public class OidcIdTokenRequestFilter implements ContainerRequestFilter
{
         }
         return requestState;
     }
-    public void setIdTokenValidator(IdTokenValidator validator) {
-        this.idTokenValidator = validator;
+    public void setIdTokenReader(IdTokenReader idTokenReader) {
+        this.idTokenReader = idTokenReader;
     }
     public void setTokenFormParameter(String tokenFormParameter) {
         this.tokenFormParameter = tokenFormParameter;

http://git-wip-us.apache.org/repos/asf/cxf/blob/f3cfadb6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
index 74cccf0..0bb5239 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java
@@ -38,7 +38,6 @@ import org.apache.cxf.rs.security.oidc.common.IdToken;
 public class OidcRpAuthenticationService {
     private ClientTokenContextManager stateManager;
     private String defaultLocation;
-    private boolean useRedirect;
     @Context
     private MessageContext mc; 
     
@@ -55,16 +54,17 @@ public class OidcRpAuthenticationService {
     @Path("complete")
     public Response completeAuthentication(@Context OidcClientTokenContext oidcContext) {
         stateManager.setClientTokenContext(mc, oidcContext);
-        if (useRedirect) {
-            URI redirectUri = null;
-            MultivaluedMap<String, String> state = oidcContext.getState();
-            String location = state != null ? state.getFirst("state") : null;
-            if (location == null) {
-                String basePath = (String)mc.get("http.base.path");
-                redirectUri = UriBuilder.fromUri(basePath).path(defaultLocation).build();
-            } else {
-                redirectUri = URI.create(location);
-            }
+        
+        URI redirectUri = null;
+        MultivaluedMap<String, String> state = oidcContext.getState();
+        String location = state != null ? state.getFirst("state") : null;
+        if (location == null && defaultLocation != null) {
+            String basePath = (String)mc.get("http.base.path");
+            redirectUri = UriBuilder.fromUri(basePath).path(defaultLocation).build();
+        } else {
+            redirectUri = URI.create(location);
+        }
+        if (redirectUri != null) {
             return Response.seeOther(redirectUri).build();
         } else {
             return Response.ok(oidcContext).build();
@@ -79,7 +79,4 @@ public class OidcRpAuthenticationService {
         this.stateManager = stateManager;
     }
 
-    public void setUseRedirect(boolean useRedirect) {
-        this.useRedirect = useRedirect;
-    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f3cfadb6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
index 20cf640..1823f12 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
@@ -25,7 +25,7 @@ import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
 import org.apache.cxf.rs.security.oidc.common.UserInfo;
 
-public class UserInfoClient extends IdTokenValidator {
+public class UserInfoClient extends IdTokenReader {
     private boolean encryptedOnly;
     private WebClient profileClient;
     public UserInfo getUserInfo(ClientAccessToken at, IdToken idToken) {


Mime
View raw message