cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbernha...@apache.org
Subject cxf git commit: [CXF-6736] Support login_hint at OidcClientCodeRequestFilter
Date Wed, 06 Jan 2016 14:49:19 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 409188bcc -> 3ee69e940


[CXF-6736] Support login_hint at OidcClientCodeRequestFilter


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3ee69e94
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3ee69e94
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3ee69e94

Branch: refs/heads/3.1.x-fixes
Commit: 3ee69e9404d3ffed74e84b223d7d284c081f7fb4
Parents: 409188b
Author: Jan Bernhardt <jbernhardt@talend.com>
Authored: Wed Jan 6 15:05:41 2016 +0100
Committer: Jan Bernhardt <jbernhardt@talend.com>
Committed: Wed Jan 6 15:48:41 2016 +0100

----------------------------------------------------------------------
 .../oauth2/client/ClientCodeRequestFilter.java  |  9 ++++++-
 .../oidc/rp/OidcClientCodeRequestFilter.java    | 26 +++++++++++++++++++-
 2 files changed, 33 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/3ee69e94/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index eb47180..2845ba6 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -111,6 +111,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
             throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
     }
+    
     private void checkSecurityContextEnd(ContainerRequestContext rc,
                                          MultivaluedMap<String, String> requestParams)
{
         String codeParam = requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
@@ -153,6 +154,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
             ub.queryParam("response_mode", "form_post");
         }
     }
+    
     protected void setCodeVerifier(UriBuilder ub, MultivaluedMap<String, String> redirectState)
{
         if (codeVerifierTransformer != null) {
             String codeVerifier = redirectState.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER);
@@ -162,10 +164,10 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
                           codeVerifierTransformer.getChallengeMethod());
         }
     }
+    
     protected void setAdditionalCodeRequestParams(UriBuilder ub, MultivaluedMap<String,
String> redirectState) {
     }
     
-    
     private URI getAbsoluteRedirectUri(UriInfo ui) {
         if (redirectUri != null) {
             return URI.create(redirectUri);
@@ -176,6 +178,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
             return ui.getAbsolutePath();
         }
     }
+    
     protected void processCodeResponse(ContainerRequestContext rc, 
                                        UriInfo ui,
                                        MultivaluedMap<String, String> requestParams)
{
@@ -237,9 +240,11 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
         }
         return redirectState;
     }
+    
     protected MultivaluedMap<String, String> toCodeRequestState(ContainerRequestContext
rc, UriInfo ui) {
         return toRequestState(rc, ui);
     }
+    
     protected MultivaluedMap<String, String> toRequestState(ContainerRequestContext
rc, UriInfo ui) {
         MultivaluedMap<String, String> requestState = new MetadataMap<String, String>();
         requestState.putAll(ui.getQueryParameters(decodeRequestParameters));
@@ -261,6 +266,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
         }
         setScopes(sb.toString());
     }
+    
     public void setScopes(String scopes) {
         this.scopes = scopes.trim();
     }
@@ -291,6 +297,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
     public void setConsumer(Consumer consumer) {
         this.consumer = consumer;
     }
+    
     public Consumer getConsumer() {
         return consumer;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/3ee69e94/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
index 7d90457..0191779 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
@@ -39,8 +39,9 @@ import org.apache.cxf.rs.security.oidc.common.IdToken;
 public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter {
     
     private static final String ACR_PARAMETER = "acr_values";
-    private static final String PROMPT_PARAMETER = "prompt";
+    private static final String LOGIN_HINT_PARAMETER = "login_hint";
     private static final String MAX_AGE_PARAMETER = "max_age";
+    private static final String PROMPT_PARAMETER = "prompt";
     private static final List<String> PROMPTS = Arrays.asList("none", "consent", "login",
"select_account");
     private IdTokenReader idTokenReader;
     private UserInfoClient userInfoClient;
@@ -53,6 +54,7 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter
{
     public void setAuthenticationContextRef(String acr) {
         this.authenticationContextRef = Arrays.asList(StringUtils.split(acr, " "));
     }
+
     @Override
     protected ClientTokenContext createTokenContext(ContainerRequestContext rc, 
                                                     ClientAccessToken at,
@@ -77,6 +79,18 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter
{
         
         return ctx;
     }
+    
+    @Override
+    protected MultivaluedMap<String, String> createRedirectState(ContainerRequestContext
rc, UriInfo ui) {
+        MultivaluedMap<String, String> redirectState = super.createRedirectState(rc,
ui);
+        MultivaluedMap<String, String> codeRequestState = toRequestState(rc, ui);
+        String loginHint = codeRequestState.getFirst(LOGIN_HINT_PARAMETER);
+        if (loginHint != null) {
+            redirectState.putSingle(LOGIN_HINT_PARAMETER, loginHint);
+        }
+        return redirectState;
+    }
+
     @Override
     protected MultivaluedMap<String, String> toCodeRequestState(ContainerRequestContext
rc, UriInfo ui) {
         MultivaluedMap<String, String> state = super.toCodeRequestState(rc, ui);
@@ -85,6 +99,7 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter
{
         }
         return state;
     }
+
     private void validateIdToken(IdToken idToken, MultivaluedMap<String, String> state)
{
         
         String nonce = state.getFirst(IdToken.NONCE_CLAIM);
@@ -110,6 +125,7 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter
{
     public void setIdTokenReader(IdTokenReader idTokenReader) {
         this.idTokenReader = idTokenReader;
     }
+
     public void setUserInfoClient(UserInfoClient userInfoClient) {
         this.userInfoClient = userInfoClient; 
     }
@@ -121,6 +137,7 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter
{
             throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
     }
+
     @Override
     protected void setAdditionalCodeRequestParams(UriBuilder ub, MultivaluedMap<String,
String> redirectState) {
         if (claims != null) {
@@ -143,6 +160,10 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter
{
         if (promptLogin != null) {
             ub.queryParam(PROMPT_PARAMETER, promptLogin);
         }
+        String loginHint = redirectState.getFirst(LOGIN_HINT_PARAMETER);
+        if (loginHint != null) {
+            ub.queryParam(LOGIN_HINT_PARAMETER, loginHint);
+        }
     }
     
     public void setPromptLogin(String promptLogin) {
@@ -152,12 +173,15 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter
{
             throw new IllegalArgumentException("Illegal prompt value");
         }
     }
+
     public void setMaxAgeOffset(Long maxAgeOffset) {
         this.maxAgeOffset = maxAgeOffset;
     }
+
     public void setClaims(String claims) {
         this.claims = claims;
     }
+
     public void setClaimsLocales(String claimsLocales) {
         this.claimsLocales = claimsLocales;
     }


Mime
View raw message