cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Trying to make it simpler to start jose-processing IdTokens only at the AT response time
Date Mon, 07 Dec 2015 11:05:29 GMT
Repository: cxf
Updated Branches:
  refs/heads/master cdd1a9c9b -> 7d02ad7fc


Trying to make it simpler to start jose-processing IdTokens only at the AT response time


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7d02ad7f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7d02ad7f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7d02ad7f

Branch: refs/heads/master
Commit: 7d02ad7fc862eb1413ae34d10d8cd2d4f20e35f3
Parents: cdd1a9c
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Dec 7 11:05:08 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Dec 7 11:05:08 2015 +0000

----------------------------------------------------------------------
 .../oidc/idp/IdTokenResponseFilter.java         | 33 +++++++++---------
 .../rs/security/oidc/idp/OidcUserSubject.java   | 35 ++++++++++++++++++++
 .../rs/security/oidc/idp/UserInfoService.java   | 10 ------
 3 files changed, 50 insertions(+), 28 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/7d02ad7f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index da93213..0d10d4e 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -18,8 +18,6 @@
  */
 package org.apache.cxf.rs.security.oidc.idp;
 
-import java.util.Collections;
-
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
@@ -30,29 +28,28 @@ import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
 
 public class IdTokenResponseFilter extends AbstractOAuthServerJoseJwtProducer implements
AccessTokenResponseFilter {
     private UserInfoProvider userInfoProvider;
-    private String issuer;
     @Override
     public void process(ClientAccessToken ct, ServerAccessToken st) {
         
-        // This may also be done directly inside a data provider code creating the server
token
+        String idToken = getProcessedIdToken(st);
+        if (idToken != null) {
+            ct.getParameters().put(OidcUtils.ID_TOKEN, idToken);
+        } 
+        
+    }
+    private String getProcessedIdToken(ServerAccessToken st) {
         if (userInfoProvider != null) {
             IdToken token = 
                 userInfoProvider.getIdToken(st.getClient().getClientId(), st.getSubject(),
st.getScopes());
-            token.setIssuer(issuer);
-            token.setAudiences(Collections.singletonList(st.getClient().getClientId()));
-            
-            String responseEntity = super.processJwt(new JwtToken(token), 
-                                                     st.getClient());
-            ct.getParameters().put(OidcUtils.ID_TOKEN, responseEntity);
-        } else if (st.getSubject().getProperties().containsKey("id_token")) {
-            ct.getParameters().put(OidcUtils.ID_TOKEN, 
-                                   st.getSubject().getProperties().get("id_token"));
+            return super.processJwt(new JwtToken(token), st.getClient());
+        } else if (st.getSubject().getProperties().containsKey(OidcUtils.ID_TOKEN)) {
+            return st.getSubject().getProperties().get(OidcUtils.ID_TOKEN);
+        } else if (st.getSubject() instanceof OidcUserSubject) {
+            OidcUserSubject sub = (OidcUserSubject)st.getSubject();
+            return super.processJwt(new JwtToken(sub.getIdToken()), st.getClient());
+        } else {
+            return null;
         }
-        
-    }
-    
-    public void setIssuer(String issuer) {
-        this.issuer = issuer;
     }
     public void setUserInfoProvider(UserInfoProvider userInfoProvider) {
         this.userInfoProvider = userInfoProvider;

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d02ad7f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcUserSubject.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcUserSubject.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcUserSubject.java
new file mode 100644
index 0000000..6c9690b
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcUserSubject.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.idp;
+
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
+
+public class OidcUserSubject extends UserSubject {
+    
+    private static final long serialVersionUID = 8806727177012442229L;
+    private IdToken idToken;
+    public IdToken getIdToken() {
+        return idToken;
+    }
+    public void setIdToken(IdToken idToken) {
+        this.idToken = idToken;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/7d02ad7f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
index 1f5d99d..ae22b22 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
@@ -18,8 +18,6 @@
  */
 package org.apache.cxf.rs.security.oidc.idp;
 
-import java.util.Collections;
-
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
@@ -38,7 +36,6 @@ import org.apache.cxf.rs.security.oidc.common.UserInfo;
 public class UserInfoService extends AbstractOAuthServerJoseJwtProducer {
     private UserInfoProvider userInfoProvider;
     private OAuthDataProvider oauthDataProvider;
-    private String issuer;
     
     @Context
     private MessageContext mc;
@@ -48,10 +45,6 @@ public class UserInfoService extends AbstractOAuthServerJoseJwtProducer
{
         OAuthContext oauth = OAuthContextUtils.getContext(mc);
         UserInfo userInfo = 
             userInfoProvider.getUserInfo(oauth.getClientId(), oauth.getSubject(), oauth.getPermissions());
-        if (userInfo != null) {
-            userInfo.setIssuer(issuer);
-        }
-        userInfo.setAudiences(Collections.singletonList(oauth.getClientId()));
         Object responseEntity = userInfo;
         if (super.isJwsRequired() || super.isJweRequired()) {
             responseEntity = super.processJwt(new JwtToken(userInfo),
@@ -61,9 +54,6 @@ public class UserInfoService extends AbstractOAuthServerJoseJwtProducer
{
         
     }
     
-    public void setIssuer(String issuer) {
-        this.issuer = issuer;
-    }
     public void setUserInfoProvider(UserInfoProvider userInfoProvider) {
         this.userInfoProvider = userInfoProvider;
     }


Mime
View raw message