cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf-fediz git commit: Starting to use the introspecttion protocol
Date Fri, 15 Jan 2016 16:55:45 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 89ac63f2b -> a7aa8170a


Starting to use the introspecttion protocol


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a7aa8170
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a7aa8170
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a7aa8170

Branch: refs/heads/master
Commit: a7aa8170ac85130f69c18de06e28c615a4439eaa
Parents: 89ac63f
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Fri Jan 15 16:55:29 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Fri Jan 15 16:55:29 2016 +0000

----------------------------------------------------------------------
 .../service/oidc/FedizAccessTokenValidator.java | 63 --------------------
 .../main/webapp/WEB-INF/applicationContext.xml  | 10 +---
 2 files changed, 2 insertions(+), 71 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a7aa8170/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizAccessTokenValidator.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizAccessTokenValidator.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizAccessTokenValidator.java
deleted file mode 100644
index 76f0cfa..0000000
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizAccessTokenValidator.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.oidc;
-
-import java.util.Collections;
-import java.util.List;
-
-import javax.ws.rs.core.MultivaluedMap;
-
-import org.apache.cxf.jaxrs.ext.MessageContext;
-import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-
-public class FedizAccessTokenValidator implements AccessTokenValidator {
-
-    private OAuthDataManager dataProvider;
-    
-    @Override
-    public List<String> getSupportedAuthorizationSchemes() {
-        return Collections.singletonList(OAuthConstants.BEARER_AUTHORIZATION_SCHEME);
-    }
-
-    @Override
-    public AccessTokenValidation validateAccessToken(MessageContext mc, String authScheme,
String authSchemeData,
-            MultivaluedMap<String, String> extraProps) throws OAuthServiceException
{
-        
-        // This is the access token used by a 3rd party client when accessing a REST service

-        ServerAccessToken token = dataProvider.getAccessToken(authSchemeData);
-        
-        String idToken = token.getSubject().getProperties().get("id_token");
-        if (idToken != null) {
-            //TODO: validate the user behind this id_token is still a valid user ?
-        }
-        // Do some Fediz specific token validation ? 
-        // and
-        // Let CXF do the core validation (is access token still valid, etc)
-        return new AccessTokenValidation(token);
-    }
-
-    public void setDataProvider(OAuthDataManager dataProvider) {
-        this.dataProvider = dataProvider;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a7aa8170/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
index 4e3b004..9bdf677 100644
--- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
@@ -135,21 +135,15 @@
         <property name="grantHandler" ref="refreshTokenHandler"/>
         <property name="canSupportPublicClients" value="true"/>
     </bean>
-    <bean id="fedizTokenValidator" class="org.apache.cxf.fediz.service.oidc.FedizAccessTokenValidator">
+    <bean id="accessTokenIntrospectionService" class="org.apache.cxf.rs.security.oauth2.services.TokenIntrospectionService">
         <property name="dataProvider" ref="oauthProvider"/>
-    </bean>
-    <bean id="accessTokenValidatorService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenValidatorService">
-        <property name="tokenValidator" ref="fedizTokenValidator"/>
-        <!-- Setting this property allows RS to avoid authenticating with AS when RS 
-             requests a token validation, should be avoided in the production
-        -->
         <property name="blockUnauthorizedRequests" value="false"/> 
     </bean>
     <bean id="oauthJsonProvider" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
     <jaxrs:server address="/oauth2">
         <jaxrs:serviceBeans>
             <ref bean="accessTokenService"/>
-            <ref bean="accessTokenValidatorService"/>
+            <ref bean="accessTokenIntrospectionService"/>
         </jaxrs:serviceBeans>
         <jaxrs:providers>
            <ref bean="oauthJsonProvider"/>


Mime
View raw message