cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] cxf git commit: Avoid having to specify a JwsHeader at all when submitting a JwtToken
Date Thu, 15 Oct 2015 13:48:49 GMT
Avoid having to specify a JwsHeader at all when submitting a JwtToken


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2f9874b4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2f9874b4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2f9874b4

Branch: refs/heads/master
Commit: 2f9874b4a02f5dfe90c55f97bc6570d92331dd7d
Parents: 1c16f52
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Oct 15 14:33:36 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Oct 15 14:33:36 2015 +0100

----------------------------------------------------------------------
 .../security/jose/jws/JwsCompactProducer.java   | 16 ++++++++++++++
 .../cxf/rs/security/jose/jws/JwsUtils.java      |  2 +-
 .../jaxrs/JwtAuthenticationClientFilter.java    | 22 +-------------------
 3 files changed, 18 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/2f9874b4/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
index a74960a..06e1dbd 100644
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
+++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsCompactProducer.java
@@ -19,10 +19,15 @@
 package org.apache.cxf.rs.security.jose.jws;
 
 import java.security.PrivateKey;
+import java.util.Properties;
 
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.PhaseInterceptorChain;
+import org.apache.cxf.rs.security.jose.common.JoseConstants;
+import org.apache.cxf.rs.security.jose.common.KeyManagementUtils;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 
@@ -131,6 +136,17 @@ public class JwsCompactProducer {
     }
     private void checkAlgorithm() {
         if (getAlgorithm() == null) {
+            Message m = PhaseInterceptorChain.getCurrentMessage();
+            Properties props = KeyManagementUtils.loadStoreProperties(m, false, 
+                                                                      JoseConstants.RSSEC_SIGNATURE_OUT_PROPS,

+                                                                      JoseConstants.RSSEC_SIGNATURE_PROPS);
+            String signatureAlgo = JwsUtils.getSignatureAlgo(m, props, null, null);
+            if (signatureAlgo != null) {
+                getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.getAlgorithm(signatureAlgo));
+            }
+        }
+        
+        if (getAlgorithm() == null) {
             throw new JwsException(JwsException.Error.INVALID_ALGORITHM);
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2f9874b4/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index 914f315..7142ffc 100644
--- a/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose/jose-core/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -358,7 +358,7 @@ public final class JwsUtils {
     }
     
     @SuppressWarnings("deprecation")
-    private static String getSignatureAlgo(Message m, Properties props, String algo, String
defaultAlgo) {
+    public static String getSignatureAlgo(Message m, Properties props, String algo, String
defaultAlgo) {
         if (algo == null) {
             if (defaultAlgo == null) {
                 defaultAlgo = AlgorithmUtils.RS_SHA_256_ALGO;

http://git-wip-us.apache.org/repos/asf/cxf/blob/2f9874b4/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
b/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
index dfb5223..8fd87ab 100644
--- a/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
+++ b/rt/rs/security/jose/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
@@ -32,12 +32,8 @@ import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.apache.cxf.rs.security.jose.common.JoseException;
-import org.apache.cxf.rs.security.jose.common.JoseType;
 import org.apache.cxf.rs.security.jose.common.JoseUtils;
-import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
-import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
-import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
 import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
@@ -94,23 +90,7 @@ public class JwtAuthenticationClientFilter extends AbstractJoseJwtProducer
         }
         
         if (claims != null) {
-            if (super.isJwsRequired()) {
-                JwsHeaders headers = new JwsHeaders();
-                headers.setType(JoseType.JWT);
-                
-                Message m = PhaseInterceptorChain.getCurrentMessage();
-                // TODO revisit this constant
-                String signatureAlgorithm = 
-                    (String)m.getContextualProperty("rs.security.jws.content.signature.algorithm");
-                if (signatureAlgorithm == null) {
-                    signatureAlgorithm = AlgorithmUtils.RS_SHA_256_ALGO;
-                }
-                headers.setSignatureAlgorithm(SignatureAlgorithm.getAlgorithm(signatureAlgorithm));
-                
-                token = new JwtToken(headers, claims);
-            } else {
-                // TODO
-            }
+            token = new JwtToken(claims);
         }
         
         return token;


Mime
View raw message