cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Reverting some nonce related changes for now
Date Wed, 27 Jan 2016 15:49:47 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 8e9c9571f -> cbcdc107d


Reverting some nonce related changes for now


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/cbcdc107
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/cbcdc107
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/cbcdc107

Branch: refs/heads/3.1.x-fixes
Commit: cbcdc107da88f28e772f3a943013743a033781de
Parents: 8e9c957
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Jan 27 15:48:13 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Jan 27 15:49:19 2016 +0000

----------------------------------------------------------------------
 .../oauth2/grants/code/AbstractCodeDataProvider.java        | 9 +++------
 .../oauth2/grants/code/DefaultEHCacheCodeDataProvider.java  | 2 +-
 .../security/oauth2/provider/AbstractOAuthDataProvider.java | 7 +------
 .../cxf/rs/security/oidc/idp/IdTokenResponseFilter.java     | 2 +-
 4 files changed, 6 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/cbcdc107/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
index b89c247..c03ccf3 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
@@ -39,7 +39,7 @@ public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider
     
     protected ServerAuthorizationCodeGrant doCreateCodeGrant(AuthorizationCodeRegistration
reg)
         throws OAuthServiceException {
-        return AbstractCodeDataProvider.initCodeGrant(reg, codeLifetime, !isSupportPreauthorizedTokens());
+        return AbstractCodeDataProvider.initCodeGrant(reg, codeLifetime);
     }
     
     public void setCodeLifetime(long codeLifetime) {
@@ -51,8 +51,7 @@ public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider
         }
     }
     public static ServerAuthorizationCodeGrant initCodeGrant(AuthorizationCodeRegistration
reg, 
-                                                             long lifetime,
-                                                             boolean useNonce) {
+                                                             long lifetime) {
         ServerAuthorizationCodeGrant grant = new ServerAuthorizationCodeGrant(reg.getClient(),
lifetime);
         grant.setRedirectUri(reg.getRedirectUri());
         grant.setSubject(reg.getSubject());
@@ -61,9 +60,7 @@ public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider
         grant.setApprovedScopes(reg.getApprovedScope());
         grant.setAudience(reg.getAudience());
         grant.setClientCodeChallenge(reg.getClientCodeChallenge());
-        if (useNonce) {
-            grant.setNonce(reg.getNonce());
-        }
+        grant.setNonce(reg.getNonce());
         return grant;
     }
     protected abstract void saveCodeGrant(ServerAuthorizationCodeGrant grant);

http://git-wip-us.apache.org/repos/asf/cxf/blob/cbcdc107/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
index f43d69e..12edf9b 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
@@ -79,7 +79,7 @@ public class DefaultEHCacheCodeDataProvider extends DefaultEHCacheOAuthDataProvi
     
     protected ServerAuthorizationCodeGrant doCreateCodeGrant(AuthorizationCodeRegistration
reg)
         throws OAuthServiceException {
-        return AbstractCodeDataProvider.initCodeGrant(reg, codeLifetime, !isSupportPreauthorizedTokens());
+        return AbstractCodeDataProvider.initCodeGrant(reg, codeLifetime);
     }
 
     public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c, UserSubject sub)
{

http://git-wip-us.apache.org/repos/asf/cxf/blob/cbcdc107/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index ecc06b3..813efda 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -71,12 +71,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
         at.setScopes(thePermissions);
         at.setSubject(atReg.getSubject());
         at.setClientCodeVerifier(atReg.getClientCodeVerifier());
-        if (!isSupportPreauthorizedTokens()) {
-            // if the nonce is persisted and the same token is reused then in some cases
-            // (when ID token is returned) the old nonce will be copied to ID token which
-            // may cause the validation failure at the cliend side
-            at.setNonce(atReg.getNonce());
-        }
+        at.setNonce(atReg.getNonce());
         return at;
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/cbcdc107/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index ec3f364..509648a 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -63,7 +63,7 @@ public class IdTokenResponseFilter extends AbstractOAuthServerJoseJwtProducer
im
         }
     }
     private void setAtHashAndNonce(IdToken idToken, ServerAccessToken st) {
-        if (idToken.getAccessTokenHash() != null) {
+        if (idToken.getAccessTokenHash() == null) {
             Properties props = JwsUtils.loadSignatureOutProperties(false);
             SignatureAlgorithm sigAlgo = null;
             if (super.isSignWithClientSecret()) {


Mime
View raw message