cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: Add a way of sending the client home realm to the IdP
Date Tue, 17 Nov 2015 17:40:28 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 268bc2af0 -> d40a62f6d


Add a way of sending the client home realm to the IdP


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/d40a62f6
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/d40a62f6
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/d40a62f6

Branch: refs/heads/master
Commit: d40a62f6de44a9d341c166c23c88f00ed0d85e86
Parents: 268bc2a
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Nov 17 17:39:55 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Nov 17 17:40:20 2015 +0000

----------------------------------------------------------------------
 .../service/oidc/ClientRegistrationService.java |  6 +-
 .../cxf/fediz/service/oidc/FedizClient.java     | 58 +++++++++++++++++++
 .../service/oidc/HomeRealmCallbackHandler.java  | 60 ++++++++++++++++++++
 .../fediz/service/oidc/OAuthDataManager.java    |  2 +-
 .../oidc/src/main/resources/data-manager.xml    | 43 ++++++++++++++
 .../main/webapp/WEB-INF/applicationContext.xml  | 15 +----
 .../webapp/WEB-INF/views/registerClient.jsp     | 10 ++++
 7 files changed, 178 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d40a62f6/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
index 4fdf7a2..f5f6721 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
@@ -66,12 +66,14 @@ public class ClientRegistrationService {
     public Consumers registerForm(@FormParam("appName") String appName,
                                  @FormParam("appDescription") String appDesc,
                                  @FormParam("appType") String appType,
-                                 @FormParam("redirectURI") String redirectURI) {
+                                 @FormParam("redirectURI") String redirectURI,
+                                 @FormParam("homeRealm") String homeRealm) {
         String clientId = generateClientId();
         boolean isConfidential = "confidential".equals(appType);
         String clientSecret = isConfidential ? generateClientSecret() : null;
         
-        Client newClient = new Client(clientId, clientSecret, isConfidential, appName, null);
+        FedizClient newClient = new FedizClient(clientId, clientSecret, isConfidential, appName,
null);
+        newClient.setHomeRealm(homeRealm);
         newClient.setApplicationDescription(appDesc);
         if (!StringUtils.isEmpty(redirectURI)) {
             newClient.setRedirectUris(Collections.singletonList(redirectURI));

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d40a62f6/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizClient.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizClient.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizClient.java
new file mode 100644
index 0000000..fe07277
--- /dev/null
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizClient.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.oidc;
+
+import org.apache.cxf.rs.security.oauth2.common.Client;
+
+/**
+ * Extends the OAuth Client by associating a client with a particular realm.
+ */
+public class FedizClient extends Client {
+    
+    private static final long serialVersionUID = -6186868745413555170L;
+    private String homeRealm;
+    
+    public FedizClient() {
+        super();
+    }
+    
+    public FedizClient(String clientId, String clientSecret, boolean isConfidential) {
+        super(clientId, clientSecret, isConfidential);
+    }
+
+    public FedizClient(String clientId, 
+                  String clientSecret,
+                  boolean isConfidential,
+                  String applicationName,
+                  String applicationWebUri) {
+        super(clientId, clientSecret, isConfidential, applicationName, applicationWebUri);
+        
+    }
+
+    public String getHomeRealm() {
+        return homeRealm;
+    }
+
+    public void setHomeRealm(String homeRealm) {
+        this.homeRealm = homeRealm;
+    }
+    
+}
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d40a62f6/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/HomeRealmCallbackHandler.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/HomeRealmCallbackHandler.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/HomeRealmCallbackHandler.java
new file mode 100644
index 0000000..7d85a9d
--- /dev/null
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/HomeRealmCallbackHandler.java
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.oidc;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.cxf.fediz.core.spi.HomeRealmCallback;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+
+public class HomeRealmCallbackHandler implements CallbackHandler {
+
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof HomeRealmCallback) {
+                HomeRealmCallback callback = (HomeRealmCallback) callbacks[i];
+                
+                @SuppressWarnings("resource")
+                ApplicationContext ctx = new ClassPathXmlApplicationContext("data-manager.xml");
+                OAuthDataManager dataManager = (OAuthDataManager)ctx.getBean("oauthProvider");
+                
+                HttpServletRequest request = callback.getRequest();
+                String clientId = request.getParameter("client_id");
+                
+                if (clientId != null) {
+                    Client client = dataManager.getClient(clientId);
+                    if (client instanceof FedizClient) {
+                        callback.setHomeRealm(((FedizClient)client).getHomeRealm());
+                    }
+                }
+            } else {
+                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+            }
+        }
+    }
+
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d40a62f6/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
index 8522680..036bef0 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
@@ -54,7 +54,7 @@ public class OAuthDataManager extends AbstractCodeDataProvider {
     private Map<String, OAuthPermission> permissionMap = new HashMap<String, OAuthPermission>();
     private MessageContext messageContext;
     private SamlTokenConverter tokenConverter = new LocalSamlTokenConverter();
-    private Map<String, Client> clients = new ConcurrentHashMap<String, Client>();
+    private static Map<String, Client> clients = new ConcurrentHashMap<String, Client>();
     private Map<String, ServerAccessToken> accessTokens = new ConcurrentHashMap<String,
ServerAccessToken>();
     private Map<String, RefreshToken> refreshTokens = new ConcurrentHashMap<String,
RefreshToken>();
     private Map<String, ServerAuthorizationCodeGrant> codeGrants = 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d40a62f6/services/oidc/src/main/resources/data-manager.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/resources/data-manager.xml b/services/oidc/src/main/resources/data-manager.xml
new file mode 100644
index 0000000..9bfa4b5
--- /dev/null
+++ b/services/oidc/src/main/resources/data-manager.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:jaxrs="http://cxf.apache.org/jaxrs" 
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+        http://cxf.apache.org/jaxrs
+        http://cxf.apache.org/schemas/jaxrs.xsd">
+
+    <bean id="oauthProvider" class="org.apache.cxf.fediz.service.oidc.OAuthDataManager">
+    <!--
+        <property name="scopes">
+          <map>
+            <entry key="scopeName" value="scopeDescription" />
+          </map>
+        </property>
+    -->
+    <!--
+        <property name="signIdTokenWithClientSecret" value="true"/>
+    -->
+    </bean>
+    
+</beans>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d40a62f6/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
index ba56b40..2ebfc87 100644
--- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
@@ -26,6 +26,8 @@
         http://cxf.apache.org/jaxrs
         http://cxf.apache.org/schemas/jaxrs.xsd">
 
+    <import resource="classpath:data-manager.xml" />
+    
     <jaxrs:server address="/idp">
         <jaxrs:serviceBeans>
            <bean id="oidcService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
@@ -91,18 +93,5 @@
         </jaxrs:providers>
      </jaxrs:server>
      
-    <bean id="oauthProvider" class="org.apache.cxf.fediz.service.oidc.OAuthDataManager">
-    <!--
-        <property name="scopes">
-          <map>
-            <entry key="scopeName" value="scopeDescription" />
-          </map>
-        </property>
-    -->
-    <!--
-        <property name="signIdTokenWithClientSecret" value="true"/>
-    -->
-    </bean>
-    
 </beans>
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d40a62f6/services/oidc/src/main/webapp/WEB-INF/views/registerClient.jsp
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/views/registerClient.jsp b/services/oidc/src/main/webapp/WEB-INF/views/registerClient.jsp
index c6b0ff3..e32630e 100644
--- a/services/oidc/src/main/webapp/WEB-INF/views/registerClient.jsp
+++ b/services/oidc/src/main/webapp/WEB-INF/views/registerClient.jsp
@@ -65,6 +65,16 @@
             </td>
         </tr>
         <tr>
+            <td colspan="2">&nbsp;</td>
+        </tr>
+        <tr>
+            <td><big><big><big>Home Realm URI:</big></big></big></td>
+            <td>
+              <input type="text" size="50" name="homeRealm" 
+                     value=""/>
+            </td>
+        </tr>
+        <tr>
             <td>
               &nbsp;
             </td>


Mime
View raw message