cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Making it simpler to deal with the in-scope access tokens as suggested by Jan
Date Mon, 14 Dec 2015 14:34:22 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 2d3592e66 -> f6a96430b


Making it simpler to deal with the in-scope access tokens as suggested by Jan


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f6a96430
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f6a96430
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f6a96430

Branch: refs/heads/3.1.x-fixes
Commit: f6a96430b8b6742065bd8ca0cda44f2e256c4e0b
Parents: 2d3592e
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Dec 14 14:33:02 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Dec 14 14:34:07 2015 +0000

----------------------------------------------------------------------
 .../oauth2/client/AbstractAuthSupplier.java     |  2 +-
 .../oauth2/client/BearerClientFilter.java       | 43 --------------------
 .../rs/security/oauth2/client/OAuthInvoker.java | 16 ++++++--
 .../oauth2/client/StaticClientTokenContext.java | 37 +++++++++++++++++
 .../provider/JoseSessionTokenProvider.java      |  7 ++++
 5 files changed, 57 insertions(+), 48 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f6a96430/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AbstractAuthSupplier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AbstractAuthSupplier.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AbstractAuthSupplier.java
index 3c5310d..34911a1 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AbstractAuthSupplier.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AbstractAuthSupplier.java
@@ -31,7 +31,7 @@ public abstract class AbstractAuthSupplier {
         clientAccessToken.setTokenKey(accessToken);
     }
     protected String createAuthorizationHeader() {
-        return OAuthClientUtils.createAuthorizationHeader(clientAccessToken);
+        return OAuthClientUtils.createAuthorizationHeader(getClientAccessToken());
     }
     protected ClientAccessToken getClientAccessToken() {
         return clientAccessToken;

http://git-wip-us.apache.org/repos/asf/cxf/blob/f6a96430/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerClientFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerClientFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerClientFilter.java
deleted file mode 100644
index 30a7eeb..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerClientFilter.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.rs.security.oauth2.client;
-
-import java.io.IOException;
-
-import javax.ws.rs.client.ClientRequestContext;
-import javax.ws.rs.client.ClientRequestFilter;
-import javax.ws.rs.core.HttpHeaders;
-
-import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-
-public class BearerClientFilter extends AbstractAuthSupplier implements ClientRequestFilter
{
-
-    public BearerClientFilter() {
-        super(OAuthConstants.BEARER_AUTHORIZATION_SCHEME);
-    }
-    
-    @Override
-    public void filter(ClientRequestContext requestContext) throws IOException {
-        requestContext.getHeaders().putSingle(HttpHeaders.AUTHORIZATION, 
-                                              createAuthorizationHeader());
-        
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/f6a96430/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthInvoker.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthInvoker.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthInvoker.java
index 8bd49ab..9a831a3 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthInvoker.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthInvoker.java
@@ -38,12 +38,16 @@ public class OAuthInvoker extends JAXRSInvoker {
     @Override
     protected Object performInvocation(Exchange exchange, final Object serviceObject, Method
m,
                                        Object[] paramArray) throws Exception {
+        Message inMessage = exchange.getInMessage();
+        ClientTokenContext tokenContext = inMessage.getContent(ClientTokenContext.class);
         try {
+            if (tokenContext != null) {
+                StaticClientTokenContext.setClientTokenContext(tokenContext);       
+            }
+            
             return super.performInvocation(exchange, serviceObject, m, paramArray);
         } catch (InvocationTargetException ex) {
-            if (ex.getCause() instanceof NotAuthorizedException) {
-                Message inMessage = exchange.getInMessage();
-                ClientTokenContext tokenContext = inMessage.getContent(ClientTokenContext.class);
+            if (tokenContext != null && ex.getCause() instanceof NotAuthorizedException)
{
                 ClientAccessToken accessToken = tokenContext.getToken();
                 String refreshToken  = accessToken.getRefreshToken();
                 if (refreshToken != null) {
@@ -57,8 +61,12 @@ public class OAuthInvoker extends JAXRSInvoker {
                     //retry
                     return super.performInvocation(exchange, serviceObject, m, paramArray);
                 }
-            }
+            } 
             throw ex;
+        } finally {
+            if (tokenContext != null) {
+                StaticClientTokenContext.removeClientTokenContext();
+            }
         }
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/f6a96430/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/StaticClientTokenContext.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/StaticClientTokenContext.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/StaticClientTokenContext.java
new file mode 100644
index 0000000..ee95ffb
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/StaticClientTokenContext.java
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+public final class StaticClientTokenContext {
+    private static final ThreadLocal<ClientTokenContext> STATIC_CONTEXT = new ThreadLocal<ClientTokenContext>();
+    
+    private StaticClientTokenContext() {
+        
+    }
+    
+    public static void setClientTokenContext(ClientTokenContext ctx) {
+        STATIC_CONTEXT.set(ctx);
+    }
+    public static ClientTokenContext getClientTokenContext() {
+        return STATIC_CONTEXT.get();
+    }
+    public static void removeClientTokenContext() {
+        STATIC_CONTEXT.remove();
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/f6a96430/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
index fd25fa7..1948c0f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
@@ -166,9 +166,13 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide
         if (!StringUtils.isEmpty(parts[6])) {
             state.setNonce(parts[6]);
         }
+        if (!StringUtils.isEmpty(parts[7])) {
+            state.setResponseType(parts[7]);
+        }
         return state;
     }
     protected String convertStateToString(OAuthRedirectionState secData) {
+        //TODO: make it simpler, convert it to JwtClaims -> JSON
         StringBuilder state = new StringBuilder();
         // 0: client id
         state.append(ModelEncryptionSupport.tokenizeString(secData.getClientId()));
@@ -190,6 +194,9 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide
         state.append(ModelEncryptionSupport.SEP);
         // 6: nonce
         state.append(ModelEncryptionSupport.tokenizeString(secData.getNonce()));
+        state.append(ModelEncryptionSupport.SEP);
+        // 7: response_type
+        state.append(ModelEncryptionSupport.tokenizeString(secData.getResponseType()));
         
         return state.toString();
     }


Mime
View raw message