cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Removing the obsolete JwtClaims.setAudience as agreed with Colm
Date Thu, 03 Dec 2015 14:27:59 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 84187a303 -> 54aa48c0a


Removing the obsolete JwtClaims.setAudience as agreed with Colm


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/54aa48c0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/54aa48c0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/54aa48c0

Branch: refs/heads/3.0.x-fixes
Commit: 54aa48c0a1f8e6652a1ff75998ee2d95c70274f3
Parents: 84187a3
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Dec 3 13:49:38 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Dec 3 14:27:41 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/jose/jwt/JwtClaims.java     | 10 ++----
 .../jose/jws/JwsCompactReaderWriterTest.java    |  3 +-
 .../oidc/idp/IdTokenResponseFilter.java         |  4 ++-
 .../rs/security/oidc/idp/UserInfoService.java   |  4 ++-
 .../oidc/rp/AbstractTokenValidator.java         |  5 +--
 .../cxf/rs/security/oidc/rp/IdTokenReader.java  |  3 --
 .../security/jose/jwt/JWTAlgorithmTest.java     | 34 ++++++++++++--------
 .../security/jose/jwt/JWTAuthnAuthzTest.java    | 16 ++++++---
 8 files changed, 45 insertions(+), 34 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/54aa48c0/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
index fe5b08a..a3c77b9 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
@@ -23,6 +23,7 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.jaxrs.json.basic.JsonMapObject;
 
 
@@ -53,24 +54,19 @@ public class JwtClaims extends JsonMapObject {
         return (String)getClaim(JwtConstants.CLAIM_SUBJECT);
     }
     
-    public void setAudience(String audience) {
-        setAudiences(Collections.singletonList(audience));
-    }
-    
     public void setAudiences(List<String> audiences) {
         setClaim(JwtConstants.CLAIM_AUDIENCE, audiences);
     }
     
-    @SuppressWarnings("unchecked")
     public List<String> getAudiences() {
         Object audiences = getClaim(JwtConstants.CLAIM_AUDIENCE);
         if (audiences instanceof List<?>) {
-            return (List<String>)audiences;
+            return CastUtils.cast((List<?>)audiences);
         } else if (audiences instanceof String) {
             return Collections.singletonList((String)audiences);
         }
         
-        return Collections.emptyList();
+        return null;
     }
     
     public void setExpiryTime(Long expiresIn) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/54aa48c0/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
index 0e6c7ba..4bc45d4 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
@@ -24,6 +24,7 @@ import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
 import java.security.interfaces.RSAPublicKey;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
@@ -148,7 +149,7 @@ public class JwsCompactReaderWriterTest extends Assert {
         JwtClaims claims = new JwtClaims();
         claims.setIssuer("https://jwt-idp.example.com");
         claims.setSubject("mailto:mike@example.com");
-        claims.setAudience("https://jwt-rp.example.net");
+        claims.setAudiences(Collections.singletonList("https://jwt-rp.example.net"));
         claims.setNotBefore(1300815780L);
         claims.setExpiryTime(1300819380L);
         claims.setClaim("http://claims.example.com/member", true);

http://git-wip-us.apache.org/repos/asf/cxf/blob/54aa48c0/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index 08853fb..e2cd6ee 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -18,6 +18,8 @@
  */
 package org.apache.cxf.rs.security.oidc.idp;
 
+import java.util.Collections;
+
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
@@ -36,7 +38,7 @@ public class IdTokenResponseFilter extends AbstractOAuthServerJoseJwtProducer
im
             IdToken token = 
                 userInfoProvider.getIdToken(st.getClient().getClientId(), st.getSubject(),
st.getScopes());
             token.setIssuer(issuer);
-            token.setAudience(st.getClient().getClientId());
+            token.setAudiences(Collections.singletonList(st.getClient().getClientId()));
             
             String responseEntity = super.processJwt(new JwtToken(token), 
                                                      st.getClient());

http://git-wip-us.apache.org/repos/asf/cxf/blob/54aa48c0/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
index 7e3ef8f..1f5d99d 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
@@ -18,6 +18,8 @@
  */
 package org.apache.cxf.rs.security.oidc.idp;
 
+import java.util.Collections;
+
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
@@ -49,7 +51,7 @@ public class UserInfoService extends AbstractOAuthServerJoseJwtProducer
{
         if (userInfo != null) {
             userInfo.setIssuer(issuer);
         }
-        userInfo.setAudience(oauth.getClientId());
+        userInfo.setAudiences(Collections.singletonList(oauth.getClientId()));
         Object responseEntity = userInfo;
         if (super.isJwsRequired() || super.isJweRequired()) {
             responseEntity = super.processJwt(new JwtToken(userInfo),

http://git-wip-us.apache.org/repos/asf/cxf/blob/54aa48c0/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
index 8fc0022..0db3541 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/AbstractTokenValidator.java
@@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.oidc.rp;
 import java.util.List;
 import java.util.concurrent.ConcurrentHashMap;
 
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
@@ -68,8 +69,8 @@ public abstract class AbstractTokenValidator extends AbstractOAuthJoseJwtConsume
             }
             // validate audience
             List<String> audiences = claims.getAudiences();
-            if (audiences.isEmpty() && validateClaimsAlways 
-                || !audiences.isEmpty() && !audiences.contains(clientId)) {
+            if (StringUtils.isEmpty(audiences) && validateClaimsAlways 
+                || !StringUtils.isEmpty(audiences) && !audiences.contains(clientId))
{
                 throw new SecurityException("Invalid audience");
             }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/54aa48c0/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
index 7cbb392..035c2dd 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
@@ -42,9 +42,6 @@ public class IdTokenReader extends AbstractTokenValidator {
     }
     public JwtToken getIdJwtToken(String idJwtToken, OAuthClientUtils.Consumer client) {
         JwtToken jwt = getJwtToken(idJwtToken, client.getClientSecret());
-        if (jwt.getClaims().getAudiences().size() > 1) {
-            throw new SecurityException("Invalid audience");
-        }
         validateJwtClaims(jwt.getClaims(), client.getClientId(), true);
         return jwt;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/54aa48c0/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
index e9857ee..8487b1d 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
@@ -22,6 +22,7 @@ package org.apache.cxf.systest.jaxrs.security.jose.jwt;
 import java.net.URL;
 import java.security.Security;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
@@ -40,6 +41,7 @@ import org.apache.cxf.systest.jaxrs.security.Book;
 import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 
@@ -102,7 +104,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -120,6 +122,10 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         assertEquals(returnedBook.getId(), 123L);
     }
     
+    private List<String> toList(String address) {
+        return Collections.singletonList(address);
+    }
+
     @org.junit.Test
     public void testEncryptionDynamic() throws Exception {
         
@@ -146,7 +152,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -193,7 +199,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -235,7 +241,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -278,7 +284,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -318,7 +324,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -355,7 +361,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -395,7 +401,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -431,7 +437,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -469,7 +475,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -510,7 +516,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
 
         JwtToken token = new JwtToken(claims);
 
@@ -548,7 +554,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
         
@@ -584,7 +590,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
         
@@ -623,7 +629,7 @@ public class JWTAlgorithmTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/54aa48c0/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java
index 45d109d..0e012e7 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java
@@ -22,6 +22,7 @@ package org.apache.cxf.systest.jaxrs.security.jose.jwt;
 import java.net.URL;
 import java.security.Security;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
@@ -39,6 +40,7 @@ import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.systest.jaxrs.security.Book;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 
@@ -84,7 +86,7 @@ public class JWTAuthnAuthzTest extends AbstractBusClientServerTestBase {
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -105,6 +107,10 @@ public class JWTAuthnAuthzTest extends AbstractBusClientServerTestBase
{
         assertEquals(returnedBook.getId(), 123L);
     }
     
+    private List<String> toList(String address) {
+        return Collections.singletonList(address);
+    }
+    
     @org.junit.Test
     public void testAuthenticationFailure() throws Exception {
 
@@ -124,7 +130,7 @@ public class JWTAuthnAuthzTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -162,7 +168,7 @@ public class JWTAuthnAuthzTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         // The endpoint requires a role of "boss"
         claims.setProperty("role", "boss");
         
@@ -204,7 +210,7 @@ public class JWTAuthnAuthzTest extends AbstractBusClientServerTestBase
{
         claims.setSubject("alice");
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 
@@ -241,7 +247,7 @@ public class JWTAuthnAuthzTest extends AbstractBusClientServerTestBase
{
         claims.setIssuer("DoubleItSTSIssuer");
         claims.setIssuedAt(new Date().getTime() / 1000L);
         claims.setProperty("role", "manager");
-        claims.setAudience(address);
+        claims.setAudiences(toList(address));
         
         JwtToken token = new JwtToken(claims);
 


Mime
View raw message