cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Fixing build
Date Mon, 12 Oct 2015 09:27:12 GMT
Repository: cxf
Updated Branches:
  refs/heads/master b25170121 -> 6a688edc9


Fixing build


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6a688edc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6a688edc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6a688edc

Branch: refs/heads/master
Commit: 6a688edc96515f73e8133a6e2b012f37c739da77
Parents: b251701
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Oct 12 10:27:02 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Oct 12 10:27:02 2015 +0100

----------------------------------------------------------------------
 .../oidc/rp/AbstractTokenValidator.java         | 40 ++++++++++++++------
 1 file changed, 28 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6a688edc/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
index f56651f..02a7dc2 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
@@ -34,8 +34,8 @@ import org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthJoseJwtConsumer;
 public abstract class AbstractTokenValidator extends AbstractOAuthJoseJwtConsumer {
     private static final String SELF_ISSUED_ISSUER = "https://self-issued.me";
     private String issuerId;
-    private int issuedAtRange;
-    private int clockOffset;
+    private int ttl = 300;
+    private int futureTTL;
     private WebClient jwkSetClient;
     private boolean supportSelfIssuedProvider;
     private ConcurrentHashMap<String, JsonWebKey> keyMap = new ConcurrentHashMap<String,
JsonWebKey>(); 
@@ -63,7 +63,17 @@ public abstract class AbstractTokenValidator extends AbstractOAuthJoseJwtConsume
                 throw new SecurityException("Invalid audience");
             }
     
-            JwtUtils.validateJwtTimeClaims(claims, clockOffset, issuedAtRange, validateClaimsAlways);
+            // If we have no issued time then we need to have an expiry
+            boolean expiredRequired = claims.getIssuedAt() == null;
+            JwtUtils.validateJwtExpiry(claims, expiredRequired);
+            
+            JwtUtils.validateJwtNotBefore(claims, futureTTL, false);
+            
+            // If we have no expiry then we must have an issued at
+            boolean issuedAtRequired = claims.getExpiryTime() == null;
+            if (issuedAtRequired) {
+                JwtUtils.validateJwtTTL(claims, ttl, issuedAtRequired);
+            }
         }
     }
     
@@ -75,10 +85,6 @@ public abstract class AbstractTokenValidator extends AbstractOAuthJoseJwtConsume
         this.jwkSetClient = jwkSetClient;
     }
 
-    public void setIssuedAtRange(int issuedAtRange) {
-        this.issuedAtRange = issuedAtRange;
-    }
-
     @Override
     protected JwsSignatureVerifier getInitializedSignatureVerifier(JwtToken jwt) {
         JsonWebKey key = null;
@@ -120,13 +126,23 @@ public abstract class AbstractTokenValidator extends AbstractOAuthJoseJwtConsume
         return theJwsVerifier;
     }
 
-    public void setClockOffset(int clockOffset) {
-        this.clockOffset = clockOffset;
-    }
-
     public void setSupportSelfIssuedProvider(boolean supportSelfIssuedProvider) {
         this.supportSelfIssuedProvider = supportSelfIssuedProvider;
     }
 
-    
+    public int getTtl() {
+        return ttl;
+    }
+
+    public void setTtl(int ttl) {
+        this.ttl = ttl;
+    }
+
+    public int getFutureTTL() {
+        return futureTTL;
+    }
+
+    public void setFutureTTL(int futureTTL) {
+        this.futureTTL = futureTTL;
+    }
 }


Mime
View raw message