cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Few more OIDC RP changes
Date Fri, 30 Oct 2015 14:38:24 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 7557d5fcf -> 2c4907143


Few more OIDC RP changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2c490714
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2c490714
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2c490714

Branch: refs/heads/3.0.x-fixes
Commit: 2c4907143d59297a3f94fdd8cf096863535bc9c6
Parents: 7557d5f
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Fri Oct 30 14:37:19 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Fri Oct 30 14:38:07 2015 +0000

----------------------------------------------------------------------
 .../security/oidc/rp/OidcSecurityContext.java   | 11 ++++++++---
 .../cxf/rs/security/oidc/utils/OidcUtils.java   | 20 +++++++++++---------
 2 files changed, 19 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/2c490714/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
index df0242f..d31c189 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java
@@ -31,17 +31,22 @@ public class OidcSecurityContext extends SimpleSecurityContext implements
Securi
         this(new OidcClientTokenContextImpl(token));
     }
     public OidcSecurityContext(OidcClientTokenContext oidcContext) {
-        super(getUserName(oidcContext));
+        super(getPrincipalName(oidcContext));
         this.oidcContext = oidcContext;
     }
     public OidcClientTokenContext getOidcContext() {
         return oidcContext;
     }
-    private static String getUserName(OidcClientTokenContext oidcContext) {
+    private static String getPrincipalName(OidcClientTokenContext oidcContext) {
         if (oidcContext.getUserInfo() != null) {
             return oidcContext.getUserInfo().getEmail();
         } else {
-            return oidcContext.getIdToken().getEmail();
+            IdToken token = oidcContext.getIdToken();
+            String name = token.getEmail();
+            if (name == null) {
+                name = token.getSubject();
+            }
+            return name;
         }
     }
     @Override

http://git-wip-us.apache.org/repos/asf/cxf/blob/2c490714/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index 1a0c3de..ccad6d7 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -92,21 +92,23 @@ public final class OidcUtils {
         validateAccessTokenHash(at, jwt, true);
     }
     public static void validateAccessTokenHash(ClientAccessToken at, JwtToken jwt, boolean
required) {
-        validateHash(at.getTokenKey(),
-                     (String)jwt.getClaims().getClaim("at_hash"),
-                     jwt.getHeaders().getAlgorithm(),
-                     required);
+        if (required) {
+            validateHash(at.getTokenKey(),
+                         (String)jwt.getClaims().getClaim("at_hash"),
+                         jwt.getHeaders().getAlgorithm());
+        }
     }
     public static void validateCodeHash(String code, JwtToken jwt) {
         validateCodeHash(code, jwt, true);
     }
     public static void validateCodeHash(String code, JwtToken jwt, boolean required) {
-        validateHash(code,
-                     (String)jwt.getClaims().getClaim("c_hash"),
-                     jwt.getHeaders().getAlgorithm(),
-                     required);
+        if (required) {
+            validateHash(code,
+                         (String)jwt.getClaims().getClaim("c_hash"),
+                         jwt.getHeaders().getAlgorithm());
+        }
     }
-    private static void validateHash(String value, String theHash, String joseAlgo, boolean
required) {
+    private static void validateHash(String value, String theHash, String joseAlgo) {
         String hash = calculateHash(value, joseAlgo);
         if (!hash.equals(theHash)) {
             throw new SecurityException("Invalid hash");


Mime
View raw message