cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf-fediz git commit: [FEDIZ-134] Making the nonce available to the data provider
Date Thu, 19 Nov 2015 16:46:51 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 355dceb1d -> 1f7749cec


[FEDIZ-134] Making the nonce available to the data provider


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/1f7749ce
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/1f7749ce
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/1f7749ce

Branch: refs/heads/master
Commit: 1f7749cec7eccb0c0bc33da783e233742102cb48
Parents: 355dceb
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Nov 19 16:46:36 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Nov 19 16:46:36 2015 +0000

----------------------------------------------------------------------
 .../service/oidc/LocalSamlTokenConverter.java   |  7 +++-
 .../fediz/service/oidc/OAuthDataManager.java    | 39 ++++++++++++--------
 .../fediz/service/oidc/SamlTokenConverter.java  |  3 +-
 .../WEB-INF/views/oAuthAuthorizationData.jsp    |  8 ++++
 4 files changed, 40 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1f7749ce/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
index 0c1bb1d..001c537 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
@@ -35,7 +35,8 @@ public class LocalSamlTokenConverter implements SamlTokenConverter {
     public IdToken convertToIdToken(Element samlToken, 
                                     String subjectName, 
                                     ClaimCollection claims,
-                                    String clientId) {
+                                    String clientId,
+                                    String nonce) {
         IdToken idToken = new IdToken();
         idToken.setSubject(subjectName);
         idToken.setAudience(clientId);
@@ -90,6 +91,10 @@ public class LocalSamlTokenConverter implements SamlTokenConverter {
             }
         }
         
+        if (nonce != null) {
+            idToken.setNonce(nonce);
+        }
+        
         return idToken;
     }
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1f7749ce/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
index a207b17..d9d90fb 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
@@ -30,11 +30,13 @@ import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.grants.code.AbstractCodeDataProvider;
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
 import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
@@ -81,17 +83,19 @@ public class OAuthDataManager extends AbstractCodeDataProvider {
 
     // Grants
     @Override
-    protected void saveCodeGrant(ServerAuthorizationCodeGrant grant) {
-        createIdToken(grant.getClient(), grant.getSubject());
-        doSaveCodeGrant(grant);
+    public ServerAuthorizationCodeGrant createCodeGrant(AuthorizationCodeRegistration reg)

+        throws OAuthServiceException {
+        ServerAuthorizationCodeGrant grant = super.createCodeGrant(reg);
+        createIdToken(grant.getClient(), grant.getSubject(), reg.getNonce());
+        return grant;
     }
-
-    protected void doSaveCodeGrant(ServerAuthorizationCodeGrant grant) {
+    
+    @Override
+    protected void saveCodeGrant(ServerAuthorizationCodeGrant grant) {
         codeGrants.put(grant.getCode(), grant);
-        
     }
-    
 
+    
     @Override
     public ServerAuthorizationCodeGrant removeCodeGrant(String code) throws OAuthServiceException
{
         return codeGrants.remove(code);
@@ -99,15 +103,19 @@ public class OAuthDataManager extends AbstractCodeDataProvider {
 
     // Access Tokens
     @Override
-    protected void saveAccessToken(ServerAccessToken token) {
-        createIdToken(token.getClient(), token.getSubject());
-        doSaveAccessToken(token);
+    public ServerAccessToken createAccessToken(AccessTokenRegistration reg)
+        throws OAuthServiceException {
+        ServerAccessToken token = super.createAccessToken(reg);
+        createIdToken(token.getClient(), token.getSubject(), reg.getNonce());
+        return token;
     }
     
-    protected void doSaveAccessToken(ServerAccessToken token) {
+    @Override
+    protected void saveAccessToken(ServerAccessToken token) {
         accessTokens.put(token.getTokenKey(), token);
     }
 
+    
     @Override
     protected boolean revokeAccessToken(String tokenKey) {
         return accessTokens.remove(tokenKey) != null;
@@ -166,23 +174,24 @@ public class OAuthDataManager extends AbstractCodeDataProvider {
         }
     }
 
-    protected void createIdToken(Client client, UserSubject subject) {
+    protected void createIdToken(Client client, UserSubject subject, String nonce) {
         if (subject != null && !subject.getProperties().containsKey(OidcUtils.ID_TOKEN))
{
             Principal principal = messageContext.getSecurityContext().getUserPrincipal();
             
             if (principal instanceof FedizPrincipal) {
-                String joseIdToken = getJoseIdToken((FedizPrincipal)principal, client);
+                String joseIdToken = getJoseIdToken((FedizPrincipal)principal, client, nonce);
                 subject.getProperties().put(OidcUtils.ID_TOKEN, joseIdToken);
             }
         }
         
     }
     
-    protected String getJoseIdToken(FedizPrincipal principal, Client client) {
+    protected String getJoseIdToken(FedizPrincipal principal, Client client, String nonce)
{
         IdToken idToken = tokenConverter.convertToIdToken(principal.getLoginToken(),
                                                           principal.getName(), 
                                                           principal.getClaims(),
-                                                          client.getClientId());
+                                                          client.getClientId(),
+                                                          nonce);
         JwsJwtCompactProducer p = new JwsJwtCompactProducer(idToken);
         return p.signWith(getJwsSignatureProvider(client));
         // the JWS compact output may also need to be encrypted

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1f7749ce/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
index 1fbb087..2ef225b 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
@@ -27,5 +27,6 @@ public interface SamlTokenConverter {
     IdToken convertToIdToken(Element samlToken, 
                              String subjectName,
                              ClaimCollection claims,
-                             String audience);
+                             String audience, 
+                             String nonce);
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1f7749ce/services/oidc/src/main/webapp/WEB-INF/views/oAuthAuthorizationData.jsp
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/views/oAuthAuthorizationData.jsp b/services/oidc/src/main/webapp/WEB-INF/views/oAuthAuthorizationData.jsp
index e601099..6468eed 100644
--- a/services/oidc/src/main/webapp/WEB-INF/views/oAuthAuthorizationData.jsp
+++ b/services/oidc/src/main/webapp/WEB-INF/views/oAuthAuthorizationData.jsp
@@ -37,6 +37,14 @@
                                value="<%= data.getClientCodeChallenge() %>"/>
                         <%
                             }
+                        %>
+                        <%
+                            if (data.getNonce() != null) {
+                        %>       
+                        <input type="hidden" name="nonce"
+                               value="<%= data.getNonce() %>"/>
+                        <%
+                            }
                         %>       
                         <input type="hidden" name="scope"
                                value="<%= data.getProposedScope() %>"/>


Mime
View raw message