cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Passing the nonce via a TL storage too
Date Wed, 27 Jan 2016 16:55:15 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 45f3d5944 -> ee76fe358


Passing the nonce via a TL storage too


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ee76fe35
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ee76fe35
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ee76fe35

Branch: refs/heads/master
Commit: ee76fe358aeb36d95204ec10f8cec674163b8fcf
Parents: 45f3d59
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Jan 27 16:55:00 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Jan 27 16:55:00 2016 +0000

----------------------------------------------------------------------
 .../oauth2/grants/code/AuthorizationCodeGrantHandler.java    | 4 ++++
 .../oauth2/services/AbstractImplicitGrantService.java        | 4 ++++
 .../cxf/rs/security/oidc/idp/IdTokenResponseFilter.java      | 8 +++++++-
 3 files changed, 15 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/ee76fe35/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index c8e6655..9844a30 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -24,6 +24,7 @@ import java.util.List;
 
 import javax.ws.rs.core.MultivaluedMap;
 
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
@@ -111,6 +112,9 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler
{
                                                             grant.getRequestedScopes(), 
                                                             getAudiences(client, grant.getAudience()));
             if (token != null) {
+                if (grant.getNonce() != null) {
+                    JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE,
grant.getNonce());
+                }
                 return token;
             } else {
                 // the grant was issued based on the authorization time check confirming
the

http://git-wip-us.apache.org/repos/asf/cxf/blob/ee76fe35/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index 6f8a01f..5133374 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -30,6 +30,7 @@ import javax.ws.rs.core.Response;
 
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.utils.HttpUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
@@ -84,6 +85,9 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
             }
         } else {
             token = preAuthorizedToken;
+            if (state.getNonce() != null) {
+                JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, state.getNonce());
+            }
         }
         
         ClientAccessToken clientToken = null;

http://git-wip-us.apache.org/repos/asf/cxf/blob/ee76fe35/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index 509648a..6edcc7a 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -20,6 +20,8 @@ package org.apache.cxf.rs.security.oidc.idp;
 
 import java.util.Properties;
 
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
@@ -27,6 +29,7 @@ import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthServerJoseJwtProducer;
 import org.apache.cxf.rs.security.oauth2.provider.AccessTokenResponseFilter;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
 import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
@@ -76,7 +79,10 @@ public class IdTokenResponseFilter extends AbstractOAuthServerJoseJwtProducer
im
                 idToken.setAccessTokenHash(atHash);
             }
         }
-        if (idToken.getNonce() == null && st.getNonce() != null) {
+        Message m = JAXRSUtils.getCurrentMessage();
+        if (m != null && m.getExchange().containsKey(OAuthConstants.NONCE)) {
+            idToken.setNonce((String)m.getExchange().get(OAuthConstants.NONCE));
+        } else if (st.getNonce() != null) {
             idToken.setNonce(st.getNonce());
         }
         


Mime
View raw message