cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/4] cxf git commit: Allow role processing from JWT tokens
Date Mon, 12 Oct 2015 16:27:00 GMT
Allow role processing from JWT tokens

Conflicts:
	rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/20723dbc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/20723dbc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/20723dbc

Branch: refs/heads/3.0.x-fixes
Commit: 20723dbc198538345b9e7a7a35d19aca973810d4
Parents: f7d923a
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Oct 12 14:44:27 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Oct 12 17:26:19 2015 +0100

----------------------------------------------------------------------
 .../jose/jaxrs/JwtAuthenticationFilter.java     | 26 ++++++++-
 .../jose/jaxrs/JwtTokenSecurityContext.java     | 59 ++++++++++++++++++--
 2 files changed, 78 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/20723dbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
index 295879d..3c68633 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
@@ -45,7 +45,11 @@ public class JwtAuthenticationFilter extends AbstractJoseJwtConsumer implements
     private static final String DEFAULT_AUTH_SCHEME = "JWT";
     private String expectedAuthScheme = DEFAULT_AUTH_SCHEME;
     private int clockOffset;
+<<<<<<< HEAD
     private int ttl;
+=======
+    private String roleClaim;
+>>>>>>> d2d8f6d... Allow role processing from JWT tokens
     
     @Override
     public void filter(ContainerRequestContext requestContext) throws IOException {
@@ -56,9 +60,19 @@ public class JwtAuthenticationFilter extends AbstractJoseJwtConsumer implements
         }
         JwtToken token = super.getJwtToken(parts[1]);
         JoseUtils.setMessageContextProperty(token.getHeaders());
-        JAXRSUtils.getCurrentMessage().put(SecurityContext.class, new JwtTokenSecurityContext(token));
+        
+        SecurityContext securityContext = configureSecurityContext(token);
+        if (securityContext != null) {
+            JAXRSUtils.getCurrentMessage().put(SecurityContext.class, securityContext);
+        }
+
     }
     
+    protected SecurityContext configureSecurityContext(JwtToken jwt) {
+        return new JwtTokenSecurityContext(jwt, roleClaim);
+    }
+
+    
     public void setExpectedAuthScheme(String expectedAuthScheme) {
         this.expectedAuthScheme = expectedAuthScheme;
     }
@@ -83,6 +97,7 @@ public class JwtAuthenticationFilter extends AbstractJoseJwtConsumer implements
     public void setClockOffset(int clockOffset) {
         this.clockOffset = clockOffset;
     }
+<<<<<<< HEAD
 
     public int getTtl() {
         return ttl;
@@ -90,5 +105,14 @@ public class JwtAuthenticationFilter extends AbstractJoseJwtConsumer implements
 
     public void setTtl(int ttl) {
         this.ttl = ttl;
+=======
+    
+    public String getRoleClaim() {
+        return roleClaim;
+    }
+
+    public void setRoleClaim(String roleClaim) {
+        this.roleClaim = roleClaim;
+>>>>>>> d2d8f6d... Allow role processing from JWT tokens
     }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/20723dbc/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtTokenSecurityContext.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtTokenSecurityContext.java
b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtTokenSecurityContext.java
index 11a2c94..f100228 100644
--- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtTokenSecurityContext.java
+++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtTokenSecurityContext.java
@@ -18,17 +18,64 @@
  */
 package org.apache.cxf.rs.security.jose.jaxrs;
 
-import org.apache.cxf.common.security.SimpleSecurityContext;
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.apache.cxf.common.security.SimpleGroup;
+import org.apache.cxf.common.security.SimplePrincipal;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.security.LoginSecurityContext;
 
-public class JwtTokenSecurityContext extends SimpleSecurityContext {
-    private JwtToken token;
-    public JwtTokenSecurityContext(JwtToken jwt) {
-        super(jwt.getClaims().getSubject());
+public class JwtTokenSecurityContext implements LoginSecurityContext {
+    private final JwtToken token;
+    private final Principal principal;
+    private final Set<Principal> roles;
+    
+    public JwtTokenSecurityContext(JwtToken jwt, String roleClaim) {
+        principal = new SimplePrincipal(jwt.getClaims().getSubject());
         this.token = jwt;
+        if (roleClaim != null && jwt.getClaims().containsProperty(roleClaim)) {
+            roles = new HashSet<>();
+            String role = jwt.getClaims().getStringProperty(roleClaim).trim();
+            for (String r : role.split(",")) {
+                roles.add(new SimpleGroup(r));
+            }
+        } else {
+            roles = Collections.emptySet();
+        }
     }
+    
     public JwtToken getToken() {
         return token;
     }
-    
+
+    @Override
+    public Subject getSubject() {
+        return null;
+    }
+
+    @Override
+    public Set<Principal> getUserRoles() {
+        return Collections.unmodifiableSet(roles);
+    }
+
+    @Override
+    public Principal getUserPrincipal() {
+        return principal;
+    }
+
+    @Override
+    public boolean isUserInRole(String role) {
+        for (Principal principalRole : roles) {
+            if (principalRole != principal && principalRole.getName().equals(role))
{
+                return true;
+            }
+        }
+        return false;
+    }
+
 }


Mime
View raw message