cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Making sure an implicit or code nonce is available to OAuthDataProviders
Date Thu, 19 Nov 2015 13:16:24 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 248c8f045 -> 4b0ba1a12


Making sure an implicit or code nonce is available to OAuthDataProviders


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4b0ba1a1
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4b0ba1a1
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4b0ba1a1

Branch: refs/heads/master
Commit: 4b0ba1a1207ea1e73f08266e64ae42268b9f1797
Parents: 248c8f0
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Nov 19 13:16:06 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Nov 19 13:16:06 2015 +0000

----------------------------------------------------------------------
 .../security/oauth2/common/AccessTokenRegistration.java  |  9 +++++++++
 .../rs/security/oauth2/common/OAuthRedirectionState.java | 11 +++++++++++
 .../grants/code/AuthorizationCodeRegistration.java       |  7 +++++++
 .../oauth2/provider/JoseSessionTokenProvider.java        |  7 +++++++
 .../oauth2/services/AbstractImplicitGrantService.java    |  1 +
 .../oauth2/services/AuthorizationCodeGrantService.java   |  1 +
 .../oauth2/services/RedirectionBasedGrantService.java    |  1 +
 .../cxf/rs/security/oauth2/utils/OAuthConstants.java     |  1 +
 8 files changed, 38 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/4b0ba1a1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
index b2641fc..db443da 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
@@ -31,6 +31,7 @@ public class AccessTokenRegistration {
     private String grantType;
     private UserSubject subject;
     private String audience;
+    private String nonce;
     private String clientCodeVerifier;
     
     /**
@@ -129,5 +130,13 @@ public class AccessTokenRegistration {
     public void setClientCodeVerifier(String clientCodeVerifier) {
         this.clientCodeVerifier = clientCodeVerifier;
     }
+
+    public String getNonce() {
+        return nonce;
+    }
+
+    public void setNonce(String nonce) {
+        this.nonce = nonce;
+    }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/4b0ba1a1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
index 0f05abd..4acc109 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
@@ -28,6 +28,7 @@ public class OAuthRedirectionState implements Serializable {
     private String state;
     private String proposedScope;
     private String audience;
+    private String nonce;
     private String clientCodeChallenge;
     
     public OAuthRedirectionState() {
@@ -112,4 +113,14 @@ public class OAuthRedirectionState implements Serializable {
     public void setClientCodeChallenge(String clientCodeChallenge) {
         this.clientCodeChallenge = clientCodeChallenge;
     }
+
+
+    public String getNonce() {
+        return nonce;
+    }
+
+
+    public void setNonce(String nonce) {
+        this.nonce = nonce;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/4b0ba1a1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
index a7126b4..1319cad 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
@@ -35,6 +35,7 @@ public class AuthorizationCodeRegistration {
     private String redirectUri;
     private UserSubject subject;
     private String audience;
+    private String nonce;
     private String clientCodeChallenge;
     
     /**
@@ -126,4 +127,10 @@ public class AuthorizationCodeRegistration {
     public void setClientCodeChallenge(String clientCodeChallenge) {
         this.clientCodeChallenge = clientCodeChallenge;
     }
+    public String getNonce() {
+        return nonce;
+    }
+    public void setNonce(String nonce) {
+        this.nonce = nonce;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/4b0ba1a1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
index 0575f06..a6a1c4c 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
@@ -163,6 +163,9 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide
         if (!StringUtils.isEmpty(parts[5])) {
             state.setRedirectUri(parts[5]);
         }
+        if (!StringUtils.isEmpty(parts[6])) {
+            state.setRedirectUri(parts[6]);
+        }
         return state;
     }
     protected String convertStateToString(OAuthRedirectionState secData) {
@@ -184,6 +187,10 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide
         state.append(ModelEncryptionSupport.SEP);
         // 5: redirect uri
         state.append(ModelEncryptionSupport.tokenizeString(secData.getRedirectUri()));
+        state.append(ModelEncryptionSupport.SEP);
+        // 6: nonce
+        state.append(ModelEncryptionSupport.tokenizeString(secData.getNonce()));
+        
         return state.toString();
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/4b0ba1a1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index d78feaf..139c05b 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -78,6 +78,7 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
                     reg.setApprovedScope(approvedScope);
                 }
                 reg.setAudience(state.getAudience());
+                reg.setNonce(state.getNonce());
                 token = getDataProvider().createAccessToken(reg);
             }
         } else {

http://git-wip-us.apache.org/repos/asf/cxf/blob/4b0ba1a1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index b782880..79559c7 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -113,6 +113,7 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
         }
         codeReg.setSubject(userSubject);
         codeReg.setAudience(state.getAudience());
+        codeReg.setNonce(state.getNonce());
         codeReg.setClientCodeChallenge(state.getClientCodeChallenge());
         
         ServerAuthorizationCodeGrant grant = null;

http://git-wip-us.apache.org/repos/asf/cxf/blob/4b0ba1a1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 887facb..4d96f9a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -211,6 +211,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         secData.setState(params.getFirst(OAuthConstants.STATE));
         secData.setRedirectUri(redirectUri);
         secData.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
+        secData.setNonce(params.getFirst(OAuthConstants.NONCE));
         secData.setClientId(client.getClientId());
         secData.setProposedScope(params.getFirst(OAuthConstants.SCOPE));
         if (!authorizationCanBeSkipped) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/4b0ba1a1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
index b835e02..8a5d457 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
@@ -27,6 +27,7 @@ public final class OAuthConstants {
     public static final String CLIENT_ID = "client_id";
     public static final String CLIENT_SECRET = "client_secret";
     public static final String CLIENT_AUDIENCE = "audience";
+    public static final String NONCE = "nonce";
     
     public static final String REDIRECT_URI = "redirect_uri";
     public static final String SCOPE = "scope";


Mime
View raw message