cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/3] cxf git commit: Store JWT tokens in the cache
Date Tue, 10 Nov 2015 12:48:56 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 2814cce0d -> 9320bea65


Store JWT tokens in the cache


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/24338419
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/24338419
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/24338419

Branch: refs/heads/3.1.x-fixes
Commit: 243384197f8c395ae001ae0c3ea87aa9724dcda0
Parents: 2814cce
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Nov 10 11:19:49 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Nov 10 12:48:43 2015 +0000

----------------------------------------------------------------------
 .../token/provider/jwt/JWTTokenProvider.java    | 44 ++++++++------------
 .../token/provider/JWTTokenProviderTest.java    | 34 +++++++++++++++
 2 files changed, 52 insertions(+), 26 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/24338419/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
index 0f5a383..5afffda 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java
@@ -42,12 +42,14 @@ import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.sts.STSPropertiesMBean;
 import org.apache.cxf.sts.SignatureProperties;
+import org.apache.cxf.sts.cache.CacheUtils;
 import org.apache.cxf.sts.request.TokenRequirements;
 import org.apache.cxf.sts.token.provider.TokenProvider;
 import org.apache.cxf.sts.token.provider.TokenProviderParameters;
 import org.apache.cxf.sts.token.provider.TokenProviderResponse;
 import org.apache.cxf.sts.token.realm.RealmProperties;
 import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.Merlin;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
@@ -109,31 +111,6 @@ public class JWTTokenProvider implements TokenProvider {
         JwtClaims claims = jwtClaimsProvider.getJwtClaims(jwtClaimsProviderParameters);
         
         try {
-            /*
-            Document doc = DOMUtils.createDocument();
-            SamlAssertionWrapper assertion = createSamlToken(tokenParameters, secret, doc);
-            Element token = assertion.toDOM(doc);
-            
-            // set the token in cache (only if the token is signed)
-            byte[] signatureValue = assertion.getSignatureValue();
-            if (tokenParameters.getTokenStore() != null && signatureValue != null
-                && signatureValue.length > 0) {
-                DateTime validTill = null;
-                if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
-                    validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
-                } else {
-                    validTill = assertion.getSaml1().getConditions().getNotOnOrAfter();
-                }
-                
-                SecurityToken securityToken = 
-                    CacheUtils.createSecurityTokenForStorage(token, assertion.getId(), 
-                        validTill.toDate(), tokenParameters.getPrincipal(), tokenParameters.getRealm(),
-                        tokenParameters.getTokenRequirements().getRenewing());
-                CacheUtils.storeTokenInCache(
-                    securityToken, tokenParameters.getTokenStore(), signatureValue);
-            }
-            */
-            
             JwtToken token = new JwtToken(claims);
             
             String tokenData = signToken(token, jwtRealm, tokenParameters.getStsProperties(),

@@ -147,8 +124,23 @@ public class JWTTokenProvider implements TokenProvider {
             if (claims.getIssuedAt() > 0) {
                 response.setCreated(new Date(claims.getIssuedAt() * 1000L));
             }
+            Date expires = null;
             if (claims.getExpiryTime() > 0) {
-                response.setExpires(new Date(claims.getExpiryTime() * 1000L));
+                expires = new Date(claims.getExpiryTime() * 1000L);
+                response.setExpires(expires);
+            }
+            
+            // set the token in cache (only if the token is signed)
+            if (signToken && tokenParameters.getTokenStore() != null) {
+                SecurityToken securityToken = 
+                    CacheUtils.createSecurityTokenForStorage(null, claims.getTokenId(), 
+                        expires, tokenParameters.getPrincipal(), tokenParameters.getRealm(),
+                        tokenParameters.getTokenRequirements().getRenewing());
+                securityToken.setData(tokenData.getBytes());
+                
+                String signature = tokenData.substring(tokenData.lastIndexOf(".") + 1);
+                CacheUtils.storeTokenInCache(
+                    securityToken, tokenParameters.getTokenStore(), signature.getBytes());
             }
             
             LOG.fine("JWT Token successfully created");

http://git-wip-us.apache.org/repos/asf/cxf/blob/24338419/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
index aed28ef..6273e0e 100644
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
+++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.sts.token.provider;
 
 import java.security.cert.X509Certificate;
+import java.util.Arrays;
 import java.util.Properties;
 
 import org.apache.cxf.jaxws.context.WebServiceContextImpl;
@@ -35,6 +36,7 @@ import org.apache.cxf.sts.request.KeyRequirements;
 import org.apache.cxf.sts.request.TokenRequirements;
 import org.apache.cxf.sts.service.EncryptionProperties;
 import org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
@@ -113,6 +115,38 @@ public class JWTTokenProviderTest extends org.junit.Assert {
         assertTrue(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.RS256));
     }
     
+    @org.junit.Test
+    public void testCachedSignedJWT() throws Exception {
+        TokenProvider jwtTokenProvider = new JWTTokenProvider();
+        ((JWTTokenProvider)jwtTokenProvider).setSignToken(true);
+        
+        TokenProviderParameters providerParameters = createProviderParameters();
+        
+        assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
+        TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId()
!= null);
+
+        String token = (String)providerResponse.getToken();
+        assertNotNull(token);
+        assertTrue(token.split("\\.").length == 3);
+        
+        // Validate the token
+        JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
+        JwtToken jwt = jwtConsumer.getJwtToken();
+        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+        Assert.assertEquals(providerResponse.getTokenId(), jwt.getClaim(JwtConstants.CLAIM_JWT_ID));
+        Assert.assertEquals(providerResponse.getCreated().getTime() / 1000L, 
+                            jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
+        Assert.assertEquals(providerResponse.getExpires().getTime() / 1000L, 
+                            jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
+        
+        // Check that the token is stored correctly in the cache
+        String signature = token.substring(token.lastIndexOf(".") + 1);
+        SecurityToken secToken = tokenStore.getToken(Integer.toString(Arrays.hashCode(signature.getBytes())));
+        Assert.assertNotNull(secToken);
+    }
+    
     private TokenProviderParameters createProviderParameters() throws WSSecurityException
{
         TokenProviderParameters parameters = new TokenProviderParameters();
         


Mime
View raw message