cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Fixing build
Date Fri, 09 Oct 2015 14:40:52 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 25c187e27 -> 0773feaea


Fixing build


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0773feae
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0773feae
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0773feae

Branch: refs/heads/master
Commit: 0773feaea1a4d9d0c48e76fdbe4ac5acac062926
Parents: 25c187e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Oct 9 15:40:43 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Oct 9 15:40:43 2015 +0100

----------------------------------------------------------------------
 .../oauth2/grants/jwt/AbstractJwtHandler.java   | 31 +++++++++++++++++++-
 .../oauth2/tokens/jwt/JwtAccessTokenUtils.java  | 15 ++++++++--
 2 files changed, 43 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/0773feae/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java
index ddc4af0..baafd5f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java
@@ -38,6 +38,8 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 public abstract class AbstractJwtHandler extends AbstractGrantHandler {
     private Set<String> supportedIssuers; 
     private JwsSignatureVerifier jwsVerifier;
+    private int ttl = 300;
+    private int futureTTL;
         
     protected AbstractJwtHandler(List<String> grants) {
         super(grants);
@@ -54,7 +56,18 @@ public abstract class AbstractJwtHandler extends AbstractGrantHandler {
         validateIssuer(claims.getIssuer());
         validateSubject(client, claims.getSubject());
         validateAudience(client, claims.getAudience());
-        JwtUtils.validateJwtTimeClaims(claims);    
+        
+        // If we have no issued time then we need to have an expiry
+        boolean expiredRequired = claims.getIssuedAt() == null;
+        JwtUtils.validateJwtExpiry(claims, expiredRequired);
+        
+        JwtUtils.validateJwtNotBefore(claims, futureTTL, false);
+        
+        // If we have no expiry then we must have an issued at
+        boolean issuedAtRequired = claims.getExpiryTime() == null;
+        if (issuedAtRequired) {
+            JwtUtils.validateJwtTTL(claims, ttl, issuedAtRequired);
+        }
     }
 
     protected void validateIssuer(String issuer) {
@@ -82,4 +95,20 @@ public abstract class AbstractJwtHandler extends AbstractGrantHandler {
         } 
         return JwsUtils.loadSignatureVerifier(true);
     }
+    
+    public int getTtl() {
+        return ttl;
+    }
+
+    public void setTtl(int ttl) {
+        this.ttl = ttl;
+    }
+
+    public int getFutureTTL() {
+        return futureTTL;
+    }
+
+    public void setFutureTTL(int futureTTL) {
+        this.futureTTL = futureTTL;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/0773feae/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java
index 1a28191..a88d96f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java
@@ -110,9 +110,20 @@ public final class JwtAccessTokenUtils {
             throw new SecurityException();
         }
     }
-    public static void validateJwtClaims(JwtClaims claims, Client c) {
+    public static void validateJwtClaims(JwtClaims claims, int ttl, int futureTTL, Client
c) {
         validateJwtSubjectAndAudience(claims, c);
-        JwtUtils.validateJwtTimeClaims(claims);
+        
+        // If we have no issued time then we need to have an expiry
+        boolean expiredRequired = claims.getIssuedAt() == null;
+        JwtUtils.validateJwtExpiry(claims, expiredRequired);
+        
+        JwtUtils.validateJwtNotBefore(claims, futureTTL, false);
+        
+        // If we have no expiry then we must have an issued at
+        boolean issuedAtRequired = claims.getExpiryTime() == null;
+        if (issuedAtRequired) {
+            JwtUtils.validateJwtTTL(claims, ttl, issuedAtRequired);
+        }
     }
     
     private static void validateJwtSubjectAndAudience(JwtClaims claims, Client c) {


Mime
View raw message