cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf-fediz git commit: Some more OAuthDataManager cleanup
Date Wed, 09 Dec 2015 10:48:23 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 807c00235 -> 3eaac56a8


Some more OAuthDataManager cleanup


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3eaac56a
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3eaac56a
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3eaac56a

Branch: refs/heads/master
Commit: 3eaac56a8093fda8d0c130b0fb7a2ee6a49bef8c
Parents: 807c002
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Dec 9 10:48:04 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Dec 9 10:48:04 2015 +0000

----------------------------------------------------------------------
 .../service/oidc/LocalSamlTokenConverter.java   | 119 -------------------
 .../fediz/service/oidc/OAuthDataManager.java    |  36 +++---
 .../fediz/service/oidc/SamlTokenConverter.java  |  97 +++++++++++++--
 .../src/main/webapp/WEB-INF/data-manager.xml    |   2 +-
 4 files changed, 107 insertions(+), 147 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3eaac56a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
deleted file mode 100644
index 82505a8..0000000
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
+++ /dev/null
@@ -1,119 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.oidc;
-
-import org.w3c.dom.Element;
-import org.apache.cxf.fediz.core.Claim;
-import org.apache.cxf.fediz.core.ClaimCollection;
-import org.apache.cxf.fediz.core.ClaimTypes;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
-import org.apache.cxf.rs.security.oidc.common.IdToken;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.opensaml.saml.saml2.core.Assertion;
-import org.opensaml.saml.saml2.core.Issuer;
-
-
-
-
-public class LocalSamlTokenConverter implements SamlTokenConverter {
-
-    private String issuer;
-    
-    @Override
-    public IdToken convertToIdToken(Element samlToken, 
-                                    String subjectName, 
-                                    ClaimCollection claims,
-                                    String clientId,
-                                    String nonce) {
-        IdToken idToken = new IdToken();
-        idToken.setSubject(subjectName);
-        idToken.setAudience(clientId);
-        
-        long currentTimeInSeconds = System.currentTimeMillis() / 1000L;
-        idToken.setIssuedAt(currentTimeInSeconds);
-        idToken.setExpiryTime(currentTimeInSeconds + 60000L);
-        
-        Assertion saml2Assertion = null;
-        // Set the authInstant
-        try {
-            SamlAssertionWrapper wrapper = new SamlAssertionWrapper(samlToken);
-            saml2Assertion = wrapper.getSaml2();
-            if (saml2Assertion != null && !saml2Assertion.getAuthnStatements().isEmpty())
{
-                long authInstant = 
-                    saml2Assertion.getAuthnStatements().get(0).getAuthnInstant().getMillis();
-                idToken.setAuthenticationTime(authInstant / 1000L);
-            }
-        } catch (WSSecurityException ex) {
-            throw new OAuthServiceException("Error converting SAML token", ex);
-        }
-        
-        // Map claims
-        if (claims != null) {
-            String firstName = null;
-            String lastName = null;
-            for (Claim c : claims) {
-                if (!(c.getValue() instanceof String)) {
-                    continue;
-                }
-                if (ClaimTypes.FIRSTNAME.equals(c.getClaimType())) {
-                    idToken.setGivenName((String)c.getValue());
-                    firstName = (String)c.getValue();
-                } else if (ClaimTypes.LASTNAME.equals(c.getClaimType())) {
-                    idToken.setFamilyName((String)c.getValue());
-                    lastName = (String)c.getValue();
-                } else if (ClaimTypes.EMAILADDRESS.equals(c.getClaimType())) {
-                    idToken.setEmail((String)c.getValue());
-                } else if (ClaimTypes.DATEOFBIRTH.equals(c.getClaimType())) {
-                    idToken.setBirthDate((String)c.getValue());
-                } else if (ClaimTypes.HOMEPHONE.equals(c.getClaimType())) {
-                    idToken.setPhoneNumber((String)c.getValue());
-                } else if (ClaimTypes.GENDER.equals(c.getClaimType())) {
-                    idToken.setGender((String)c.getValue());
-                } else if (ClaimTypes.WEB_PAGE.equals(c.getClaimType())) {
-                    idToken.setWebsite((String)c.getValue());
-                }
-            }
-            
-            if (firstName != null && lastName != null) {
-                idToken.setName(firstName + " " + lastName);
-            }
-        }
-        
-        if (nonce != null) {
-            idToken.setNonce(nonce);
-        }
-        if (issuer != null) {
-            idToken.setIssuer(issuer);
-        } else if (saml2Assertion != null) {
-            Issuer assertionIssuer = saml2Assertion.getIssuer();
-            if (assertionIssuer != null) {
-                idToken.setIssuer(assertionIssuer.getValue());
-            }
-        }
-        
-        return idToken;
-    }
-
-    
-    public void setIssuer(String issuer) {
-        this.issuer = issuer;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3eaac56a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
index 5c373b4..51c5296 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
@@ -38,7 +38,7 @@ import org.apache.cxf.rs.security.oidc.idp.OidcUserSubject;
 import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
 
 public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
-    private SamlTokenConverter tokenConverter = new LocalSamlTokenConverter();
+    private SamlTokenConverter tokenConverter = new SamlTokenConverter();
     
     public OAuthDataManager() {
     }
@@ -76,30 +76,26 @@ public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
     }
     
     protected OidcUserSubject createOidcSubject(Client client, UserSubject subject, String
nonce) {
-        IdToken idToken = getIdToken(client, nonce);
-        if (idToken != null) {
-            OidcUserSubject oidcSub = new OidcUserSubject(subject);
-            oidcSub.setIdToken(idToken);
-            return oidcSub;
-        }
-        return null;
-    }
-    
-    protected IdToken getIdToken(Client client, String nonce) {
         Principal principal = getMessageContext().getSecurityContext().getUserPrincipal();
         
-        if (principal instanceof FedizPrincipal) {
-            FedizPrincipal fedizPrincipal = (FedizPrincipal)principal; 
-            return tokenConverter.convertToIdToken(fedizPrincipal.getLoginToken(),
-                                                   fedizPrincipal.getName(), 
-                                                   fedizPrincipal.getClaims(),
-                                                   client.getClientId(),
-                                                   nonce);
-        } else {
+        if (!(principal instanceof FedizPrincipal)) {
             throw new OAuthServiceException("Unsupported Principal");
         }
+        FedizPrincipal fedizPrincipal = (FedizPrincipal)principal; 
+        IdToken idToken = tokenConverter.convertToIdToken(fedizPrincipal.getLoginToken(),
+                                               fedizPrincipal.getName(), 
+                                               fedizPrincipal.getClaims(),
+                                               client.getClientId(),
+                                               nonce);
+        
+        //TODO: Consider populating UserInfo at this point too, with UserInfo having few
more claims
+        // from the claims collection, and setting it on OidcUserSubject
+        
+        OidcUserSubject oidcSub = new OidcUserSubject(subject);
+        oidcSub.setIdToken(idToken);
+        return oidcSub;
     }
-
+    
     public void setTokenConverter(SamlTokenConverter tokenConverter) {
         this.tokenConverter = tokenConverter;
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3eaac56a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
index 2ef225b..5e4a363 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
@@ -19,14 +19,97 @@
 package org.apache.cxf.fediz.service.oidc;
 
 import org.w3c.dom.Element;
+import org.apache.cxf.fediz.core.Claim;
 import org.apache.cxf.fediz.core.ClaimCollection;
+import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.opensaml.saml.saml2.core.Assertion;
+import org.opensaml.saml.saml2.core.Issuer;
+
+public class SamlTokenConverter {
+
+    private String issuer;
+    
+    public IdToken convertToIdToken(Element samlToken, 
+                                    String subjectName, 
+                                    ClaimCollection claims,
+                                    String clientId,
+                                    String nonce) {
+        IdToken idToken = new IdToken();
+        idToken.setSubject(subjectName);
+        idToken.setAudience(clientId);
+        
+        long currentTimeInSeconds = System.currentTimeMillis() / 1000L;
+        idToken.setIssuedAt(currentTimeInSeconds);
+        idToken.setExpiryTime(currentTimeInSeconds + 60000L);
+        
+        Assertion saml2Assertion = null;
+        // Set the authInstant
+        try {
+            SamlAssertionWrapper wrapper = new SamlAssertionWrapper(samlToken);
+            saml2Assertion = wrapper.getSaml2();
+            if (saml2Assertion != null && !saml2Assertion.getAuthnStatements().isEmpty())
{
+                long authInstant = 
+                    saml2Assertion.getAuthnStatements().get(0).getAuthnInstant().getMillis();
+                idToken.setAuthenticationTime(authInstant / 1000L);
+            }
+        } catch (WSSecurityException ex) {
+            throw new OAuthServiceException("Error converting SAML token", ex);
+        }
+        
+        // Map claims
+        if (claims != null) {
+            String firstName = null;
+            String lastName = null;
+            for (Claim c : claims) {
+                if (!(c.getValue() instanceof String)) {
+                    continue;
+                }
+                if (ClaimTypes.FIRSTNAME.equals(c.getClaimType())) {
+                    idToken.setGivenName((String)c.getValue());
+                    firstName = (String)c.getValue();
+                } else if (ClaimTypes.LASTNAME.equals(c.getClaimType())) {
+                    idToken.setFamilyName((String)c.getValue());
+                    lastName = (String)c.getValue();
+                } else if (ClaimTypes.EMAILADDRESS.equals(c.getClaimType())) {
+                    idToken.setEmail((String)c.getValue());
+                } else if (ClaimTypes.DATEOFBIRTH.equals(c.getClaimType())) {
+                    idToken.setBirthDate((String)c.getValue());
+                } else if (ClaimTypes.HOMEPHONE.equals(c.getClaimType())) {
+                    idToken.setPhoneNumber((String)c.getValue());
+                } else if (ClaimTypes.GENDER.equals(c.getClaimType())) {
+                    idToken.setGender((String)c.getValue());
+                } else if (ClaimTypes.WEB_PAGE.equals(c.getClaimType())) {
+                    idToken.setWebsite((String)c.getValue());
+                }
+            }
+            
+            if (firstName != null && lastName != null) {
+                idToken.setName(firstName + " " + lastName);
+            }
+        }
+        
+        if (nonce != null) {
+            idToken.setNonce(nonce);
+        }
+        if (issuer != null) {
+            idToken.setIssuer(issuer);
+        } else if (saml2Assertion != null) {
+            Issuer assertionIssuer = saml2Assertion.getIssuer();
+            if (assertionIssuer != null) {
+                idToken.setIssuer(assertionIssuer.getValue());
+            }
+        }
+        
+        return idToken;
+    }
+
+    
+    public void setIssuer(String issuer) {
+        this.issuer = issuer;
+    }
 
- 
-public interface SamlTokenConverter {
-    IdToken convertToIdToken(Element samlToken, 
-                             String subjectName,
-                             ClaimCollection claims,
-                             String audience, 
-                             String nonce);
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3eaac56a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
index 33789ee..da299c0 100644
--- a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
@@ -26,7 +26,7 @@
 
     <bean id="applicationContextProvider" class="org.apache.cxf.fediz.service.oidc.ApplicationContextProvider"/>
 
-    <bean id="samlTokenConverter" class="org.apache.cxf.fediz.service.oidc.LocalSamlTokenConverter">
+    <bean id="samlTokenConverter" class="org.apache.cxf.fediz.service.oidc.SamlTokenConverter">
         <property name="issuer" value="accounts.fediz.com"/>
     </bean>
     <bean id="oauthProvider" class="org.apache.cxf.fediz.service.oidc.OAuthDataManager"


Mime
View raw message