cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/4] cxf git commit: Allow setting claims directly for JWT
Date Wed, 14 Oct 2015 11:46:20 GMT
Allow setting claims directly for JWT


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2e449383
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2e449383
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2e449383

Branch: refs/heads/3.0.x-fixes
Commit: 2e4493830c9471313307a5550c8cb525d11c1b09
Parents: 66acc5e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Oct 14 11:06:47 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Oct 14 12:46:11 2015 +0100

----------------------------------------------------------------------
 .../cxf/rs/security/jose/jwt/JwtConstants.java  |  1 +
 .../jaxrs/JwtAuthenticationClientFilter.java    | 43 ++++++++++++++++++--
 2 files changed, 41 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/2e449383/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java
b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java
index bdbb544..d0a663d 100644
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java
+++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtConstants.java
@@ -30,6 +30,7 @@ public final class JwtConstants {
     public static final String CLAIM_JWT_ID = "jti";
     
     public static final String JWT_TOKEN = "jwt.token";
+    public static final String JWT_CLAIMS = "jwt.claims";
     
         
     private JwtConstants() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/2e449383/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
b/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
index 72b53ef..16622ef 100644
--- a/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
+++ b/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
@@ -33,8 +33,12 @@ import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.apache.cxf.rs.security.jose.common.JoseException;
+import org.apache.cxf.rs.security.jose.common.JoseType;
 import org.apache.cxf.rs.security.jose.common.JoseUtils;
+import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
 import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
@@ -57,7 +61,7 @@ public class JwtAuthenticationClientFilter extends AbstractJoseJwtProducer
                 JwtClaims claims = new JwtClaims();
                 claims.setSubject(ap.getUserName());
                 claims.setClaim("password", ap.getPassword());
-                claims.setIssuedAt(System.currentTimeMillis() / 1000);
+                claims.setIssuedAt(System.currentTimeMillis() / 1000L);
                 jwt = new JwtToken(new JweHeaders(), claims);
             }
         }
@@ -70,16 +74,49 @@ public class JwtAuthenticationClientFilter extends AbstractJoseJwtProducer
         requestContext.getHeaders().putSingle(HttpHeaders.AUTHORIZATION, 
                                               authScheme + " " + data);
     }
+    
     protected JwtToken getJwtToken(ClientRequestContext requestContext) {
         // Try the filter properties first, then the message properties
         JwtToken token = (JwtToken)requestContext.getProperty(JwtConstants.JWT_TOKEN);
+        if (token == null) {
+            Message m = PhaseInterceptorChain.getCurrentMessage();
+            token = (JwtToken)m.getContextualProperty(JwtConstants.JWT_TOKEN);
+        }
+        
         if (token != null) {
             return token;
         }
         
-        Message m = PhaseInterceptorChain.getCurrentMessage();
-        return (JwtToken)m.getContextualProperty(JwtConstants.JWT_TOKEN);
+        // Otherwise check to see if we have some claims + construct the header ourselves
+        JwtClaims claims = (JwtClaims)requestContext.getProperty(JwtConstants.JWT_CLAIMS);
+        if (claims == null) {
+            Message m = PhaseInterceptorChain.getCurrentMessage();
+            claims = (JwtClaims)m.getContextualProperty(JwtConstants.JWT_CLAIMS);
+        }
+        
+        if (claims != null) {
+            if (super.isJwsRequired()) {
+                JwsHeaders headers = new JwsHeaders();
+                headers.setType(JoseType.JWT);
+                
+                Message m = PhaseInterceptorChain.getCurrentMessage();
+                // TODO revisit this constant
+                String signatureAlgorithm = 
+                    (String)m.getContextualProperty("rs.security.jws.content.signature.algorithm");
+                if (signatureAlgorithm == null) {
+                    signatureAlgorithm = AlgorithmUtils.RS_SHA_256_ALGO;
+                }
+                headers.setSignatureAlgorithm(SignatureAlgorithm.getAlgorithm(signatureAlgorithm));
+                
+                token = new JwtToken(headers, claims);
+            } else {
+                // TODO
+            }
+        }
+        
+        return token;
     }
+    
     protected String getContextPropertyValue() {
         return Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(16));
     }


Mime
View raw message