cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf-fediz git commit: Removing the nonce related code now that the id token filter sets it
Date Mon, 14 Dec 2015 10:58:05 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master f1a7b9684 -> 7c6707f8a


Removing the nonce related code now that the id token filter sets it


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/7c6707f8
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/7c6707f8
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/7c6707f8

Branch: refs/heads/master
Commit: 7c6707f8a5c2b346fa77df9a41f9fb4c1fecc8a7
Parents: f1a7b96
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Dec 14 10:57:50 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Dec 14 10:57:50 2015 +0000

----------------------------------------------------------------------
 .../apache/cxf/fediz/service/oidc/OAuthDataManager.java  | 11 ++++-------
 .../cxf/fediz/service/oidc/SamlTokenConverter.java       |  8 +++-----
 2 files changed, 7 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7c6707f8/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
index 51c5296..f8d7584 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
@@ -48,8 +48,7 @@ public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
         throws OAuthServiceException {
         ServerAuthorizationCodeGrant grant = super.doCreateCodeGrant(reg);
         OidcUserSubject oidcSub = createOidcSubject(grant.getClient(), 
-                                                    grant.getSubject(), 
-                                                    reg.getNonce());
+                                                    grant.getSubject());
         grant.setSubject(oidcSub);
         return grant;
     }
@@ -60,8 +59,7 @@ public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
         ServerAccessToken token = super.doCreateAccessToken(reg);
         if (OAuthConstants.IMPLICIT_GRANT.equals(reg.getGrantType())) {
             OidcUserSubject oidcSub = createOidcSubject(token.getClient(), 
-                                                        token.getSubject(), 
-                                                        reg.getNonce());
+                                                        token.getSubject());
             token.setSubject(oidcSub);
         }
         return token;
@@ -75,7 +73,7 @@ public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
         return super.convertScopeToPermissions(client, requestedScopes);
     }
     
-    protected OidcUserSubject createOidcSubject(Client client, UserSubject subject, String
nonce) {
+    protected OidcUserSubject createOidcSubject(Client client, UserSubject subject) {
         Principal principal = getMessageContext().getSecurityContext().getUserPrincipal();
         
         if (!(principal instanceof FedizPrincipal)) {
@@ -85,8 +83,7 @@ public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
         IdToken idToken = tokenConverter.convertToIdToken(fedizPrincipal.getLoginToken(),
                                                fedizPrincipal.getName(), 
                                                fedizPrincipal.getClaims(),
-                                               client.getClientId(),
-                                               nonce);
+                                               client.getClientId());
         
         //TODO: Consider populating UserInfo at this point too, with UserInfo having few
more claims
         // from the claims collection, and setting it on OidcUserSubject

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7c6707f8/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
index 5e4a363..4178017 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.fediz.service.oidc;
 
 import org.w3c.dom.Element;
+
 import org.apache.cxf.fediz.core.Claim;
 import org.apache.cxf.fediz.core.ClaimCollection;
 import org.apache.cxf.fediz.core.ClaimTypes;
@@ -29,6 +30,7 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.opensaml.saml.saml2.core.Assertion;
 import org.opensaml.saml.saml2.core.Issuer;
 
+
 public class SamlTokenConverter {
 
     private String issuer;
@@ -36,8 +38,7 @@ public class SamlTokenConverter {
     public IdToken convertToIdToken(Element samlToken, 
                                     String subjectName, 
                                     ClaimCollection claims,
-                                    String clientId,
-                                    String nonce) {
+                                    String clientId) {
         IdToken idToken = new IdToken();
         idToken.setSubject(subjectName);
         idToken.setAudience(clientId);
@@ -92,9 +93,6 @@ public class SamlTokenConverter {
             }
         }
         
-        if (nonce != null) {
-            idToken.setNonce(nonce);
-        }
         if (issuer != null) {
             idToken.setIssuer(issuer);
         } else if (saml2Assertion != null) {


Mime
View raw message