cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-6722] Passing an optional user subject ref too to allow for more optimal queries in some cases
Date Mon, 25 Jan 2016 14:17:07 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 838c97fdf -> 2b1766a22


[CXF-6722] Passing an optional user subject ref too to allow for more optimal queries in some
cases


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2b1766a2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2b1766a2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2b1766a2

Branch: refs/heads/3.1.x-fixes
Commit: 2b1766a22b17beb4cd462c728d3234be04dfaeee
Parents: 838c97f
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Jan 25 14:16:02 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Jan 25 14:16:49 2016 +0000

----------------------------------------------------------------------
 .../grants/code/AbstractCodeDataProvider.java     |  2 +-
 .../code/AuthorizationCodeDataProvider.java       |  4 +++-
 .../code/DefaultEHCacheCodeDataProvider.java      | 10 +++++++---
 .../code/DefaultEncryptingCodeDataProvider.java   | 12 ++++++++----
 .../provider/AbstractOAuthDataProvider.java       |  4 ++--
 .../provider/DefaultEHCacheOAuthDataProvider.java | 18 ++++++++++++++----
 .../DefaultEncryptingOAuthDataProvider.java       | 18 ++++++++++++++----
 .../oauth2/provider/OAuthDataProvider.java        |  6 ++++--
 .../services/RedirectionBasedGrantService.java    |  3 ++-
 .../oauth2/grants/OAuthDataProviderImpl.java      |  4 ++--
 .../crypto/CodeGrantEncryptingDataProvider.java   |  3 ++-
 .../utils/crypto/EncryptingDataProvider.java      |  4 ++--
 .../oidc/idp/OidcAuthorizationCodeService.java    |  2 ++
 .../rs/security/oidc/idp/OidcImplicitService.java |  1 +
 14 files changed, 64 insertions(+), 27 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/2b1766a2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
index f6d0cf9..de61bb8 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
@@ -46,7 +46,7 @@ public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider
         this.codeLifetime = codeLifetime;
     }
     protected void removeClientCodeGrants(Client c) {
-        for (ServerAuthorizationCodeGrant grant : getCodeGrants(c)) {
+        for (ServerAuthorizationCodeGrant grant : getCodeGrants(c, null)) {
             removeCodeGrant(grant.getCode());
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2b1766a2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeDataProvider.java
index de63a39..ff3f8c5 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeDataProvider.java
@@ -22,6 +22,7 @@ package org.apache.cxf.rs.security.oauth2.grants.code;
 import java.util.List;
 
 import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 
@@ -56,9 +57,10 @@ public interface AuthorizationCodeDataProvider extends OAuthDataProvider
{
     /**
      * Return the list of code grants associated with a given client
      * @param client the client
+     * @param subject the user subject, can be null
      * @return the list of grants
      * @throws OAuthServiceException
      * @see ServerAuthorizationCodeGrant
      */
-    List<ServerAuthorizationCodeGrant> getCodeGrants(Client c) throws OAuthServiceException;
+    List<ServerAuthorizationCodeGrant> getCodeGrants(Client c, UserSubject subject)
throws OAuthServiceException;
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2b1766a2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
index 9c0216c..12edf9b 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
@@ -27,6 +27,7 @@ import org.apache.cxf.Bus;
 import org.apache.cxf.BusFactory;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.provider.DefaultEHCacheOAuthDataProvider;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 
@@ -63,7 +64,7 @@ public class DefaultEHCacheCodeDataProvider extends DefaultEHCacheOAuthDataProvi
     }
     
     protected void removeClientCodeGrants(Client c) {
-        for (ServerAuthorizationCodeGrant grant : getCodeGrants(c)) {
+        for (ServerAuthorizationCodeGrant grant : getCodeGrants(c, null)) {
             removeCodeGrant(grant.getCode());
         }
     }
@@ -81,14 +82,17 @@ public class DefaultEHCacheCodeDataProvider extends DefaultEHCacheOAuthDataProvi
         return AbstractCodeDataProvider.initCodeGrant(reg, codeLifetime);
     }
 
-    public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c) {
+    public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c, UserSubject sub)
{
         List<String> keys = CastUtils.cast(codeGrantCache.getKeys());
         List<ServerAuthorizationCodeGrant> grants = 
             new ArrayList<ServerAuthorizationCodeGrant>(keys.size());
         for (String key : keys) {
             ServerAuthorizationCodeGrant grant = getCodeGrant(key);
             if (c == null || grant.getClient().getClientId().equals(c.getClientId())) {
-                grants.add(grant);
+                UserSubject grantSub = grant.getSubject();
+                if (sub == null || grantSub != null && grantSub.getLogin().equals(sub.getLogin()))
{
+                    grants.add(grant);
+                }
             }
         }
         return grants;

http://git-wip-us.apache.org/repos/asf/cxf/blob/2b1766a2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
index 63c1e26..a3ff5b3 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
@@ -27,6 +27,7 @@ import java.util.Set;
 import javax.crypto.SecretKey;
 
 import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.provider.DefaultEncryptingOAuthDataProvider;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
@@ -54,7 +55,7 @@ public class DefaultEncryptingCodeDataProvider extends DefaultEncryptingOAuthDat
     }
     
     protected void removeClientCodeGrants(Client c) {
-        for (ServerAuthorizationCodeGrant grant : getCodeGrants(c)) {
+        for (ServerAuthorizationCodeGrant grant : getCodeGrants(c, null)) {
             removeCodeGrant(grant.getCode());
         }
     }
@@ -66,13 +67,16 @@ public class DefaultEncryptingCodeDataProvider extends DefaultEncryptingOAuthDat
         return grant;
     }
 
-    public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c) {
+    public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c, UserSubject sub)
{
         List<ServerAuthorizationCodeGrant> list = 
             new ArrayList<ServerAuthorizationCodeGrant>(grants.size());
         for (String key : grants) {
             ServerAuthorizationCodeGrant grant = getCodeGrant(key);
-            if (grant.getClient().getClientId().equals(c.getClientId())) {
-                list.add(grant);
+            if (c == null || grant.getClient().getClientId().equals(c.getClientId())) {
+                UserSubject grantSub = grant.getSubject();
+                if (sub == null || grantSub != null && grantSub.getLogin().equals(sub.getLogin()))
{
+                    list.add(grant);
+                }
             }
         }
         return list;

http://git-wip-us.apache.org/repos/asf/cxf/blob/2b1766a2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 73ec127..5bd99ca 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -290,10 +290,10 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
     }
     
     protected void removeClientTokens(Client c) {
-        for (RefreshToken rt : getRefreshTokens(c)) {
+        for (RefreshToken rt : getRefreshTokens(c, null)) {
             revokeRefreshToken(rt.getTokenKey());
         }
-        for (ServerAccessToken at : getAccessTokens(c)) {
+        for (ServerAccessToken at : getAccessTokens(c, null)) {
             revokeAccessToken(at.getTokenKey());
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2b1766a2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
index 1f6ac00..3bf487e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
@@ -108,12 +108,12 @@ public class DefaultEHCacheOAuthDataProvider extends AbstractOAuthDataProvider
{
     }
 
     @Override
-    public List<ServerAccessToken> getAccessTokens(Client c) {
+    public List<ServerAccessToken> getAccessTokens(Client c, UserSubject sub) {
         List<String> keys = CastUtils.cast(accessTokenCache.getKeys());
         List<ServerAccessToken> tokens = new ArrayList<ServerAccessToken>(keys.size());
         for (String key : keys) {
             ServerAccessToken token = getAccessToken(key);
-            if (c == null || token.getClient().getClientId().equals(c.getClientId())) {
+            if (isTokenMatched(token, c, sub)) {
                 tokens.add(token);
             }
         }
@@ -121,18 +121,28 @@ public class DefaultEHCacheOAuthDataProvider extends AbstractOAuthDataProvider
{
     }
 
     @Override
-    public List<RefreshToken> getRefreshTokens(Client c) {
+    public List<RefreshToken> getRefreshTokens(Client c, UserSubject sub) {
         List<String> keys = CastUtils.cast(refreshTokenCache.getKeys());
         List<RefreshToken> tokens = new ArrayList<RefreshToken>(keys.size());
         for (String key : keys) {
             RefreshToken token = getRefreshToken(key);
-            if (c == null || token.getClient().getClientId().equals(c.getClientId())) {
+            if (isTokenMatched(token, c, sub)) {
                 tokens.add(token);
             }
         }
         return tokens;
     }
     
+    protected static boolean isTokenMatched(ServerAccessToken token, Client c, UserSubject
sub) {
+        if (c == null || token.getClient().getClientId().equals(c.getClientId())) {
+            UserSubject tokenSub = token.getSubject();
+            if (sub == null || tokenSub != null && tokenSub.getLogin().equals(sub.getLogin()))
{
+                return true;
+            }
+        }
+        return false;
+    }
+
     @Override
     public ServerAccessToken getAccessToken(String accessToken) throws OAuthServiceException
{
         return getCacheValue(accessTokenCache, accessToken, ServerAccessToken.class);

http://git-wip-us.apache.org/repos/asf/cxf/blob/2b1766a2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
index 7b4f88f..fa675f6 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
@@ -82,27 +82,37 @@ public class DefaultEncryptingOAuthDataProvider extends AbstractOAuthDataProvide
         return clients;
     }
     @Override
-    public List<ServerAccessToken> getAccessTokens(Client c) {
+    public List<ServerAccessToken> getAccessTokens(Client c, UserSubject sub) {
         List<ServerAccessToken> list = new ArrayList<ServerAccessToken>(tokens.size());
         for (String tokenKey : tokens) {
             ServerAccessToken token = getAccessToken(tokenKey);
-            if (token.getClient().getClientId().equals(c.getClientId())) {
+            if (isTokenMatched(token, c, sub)) {
                 list.add(token);
             }
         }
         return list;
     }
     @Override
-    public List<RefreshToken> getRefreshTokens(Client c) {
+    public List<RefreshToken> getRefreshTokens(Client c, UserSubject sub) {
         List<RefreshToken> list = new ArrayList<RefreshToken>(refreshTokens.size());
         for (String tokenKey : tokens) {
             RefreshToken token = getRefreshToken(tokenKey);
-            if (token.getClient().getClientId().equals(c.getClientId())) {
+            if (isTokenMatched(token, c, sub)) {
                 list.add(token);
             }
         }
         return list;
     }
+    
+    protected static boolean isTokenMatched(ServerAccessToken token, Client c, UserSubject
sub) {
+        if (c == null || token.getClient().getClientId().equals(c.getClientId())) {
+            UserSubject tokenSub = token.getSubject();
+            if (sub == null || tokenSub != null && tokenSub.getLogin().equals(sub.getLogin()))
{
+                return true;
+            }
+        }
+        return false;
+    }
     @Override
     public ServerAccessToken getAccessToken(String accessToken) throws OAuthServiceException
{
         try {

http://git-wip-us.apache.org/repos/asf/cxf/blob/2b1766a2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
index d46e6da..cc42bb2 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
@@ -98,18 +98,20 @@ public interface OAuthDataProvider {
     /**
      * Return all access tokens associated with a given client
      * @param client the client
+     * @param subject the user subject, can be null
      * @return list of access tokens
      * @throws OAuthServiceException
      */
-    List<ServerAccessToken> getAccessTokens(Client client) throws OAuthServiceException;
+    List<ServerAccessToken> getAccessTokens(Client client, UserSubject subject) throws
OAuthServiceException;
     
     /**
      * Return all refresh tokens associated with a given client
      * @param client the client
+     * @param subject the user subject, can be null
      * @return list of refresh tokens
      * @throws OAuthServiceException
      */
-    List<RefreshToken> getRefreshTokens(Client client) throws OAuthServiceException;
+    List<RefreshToken> getRefreshTokens(Client client, UserSubject subject) throws
OAuthServiceException;
     
     /**
      * Revokes a refresh or access token

http://git-wip-us.apache.org/repos/asf/cxf/blob/2b1766a2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 5b050df..be1bcc1 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -172,7 +172,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
             client, requestedScope, userSubject, supportedGrantType);
         final boolean authorizationCanBeSkipped = 
             preAuthorizedToken != null 
-            || canAuthorizationBeSkipped(client, requestedScope, requestedPermissions);
+            || canAuthorizationBeSkipped(client, userSubject, requestedScope, requestedPermissions);
         
         // Populate the authorization challenge data 
         OAuthAuthorizationData data = 
@@ -195,6 +195,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
     }
     
     protected boolean canAuthorizationBeSkipped(Client client, 
+                                                UserSubject userSubject,
                                                 List<String> requestedScope, 
                                                 List<OAuthPermission> permissions)
{
         return false;

http://git-wip-us.apache.org/repos/asf/cxf/blob/2b1766a2/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/OAuthDataProviderImpl.java
b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/OAuthDataProviderImpl.java
index 99143c0..303ffb2 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/OAuthDataProviderImpl.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/OAuthDataProviderImpl.java
@@ -84,13 +84,13 @@ public class OAuthDataProviderImpl implements OAuthDataProvider {
     }
 
     @Override
-    public List<ServerAccessToken> getAccessTokens(Client client) throws OAuthServiceException
{
+    public List<ServerAccessToken> getAccessTokens(Client client, UserSubject sub)
throws OAuthServiceException {
         // TODO Auto-generated method stub
         return null;
     }
 
     @Override
-    public List<RefreshToken> getRefreshTokens(Client client) throws OAuthServiceException
{
+    public List<RefreshToken> getRefreshTokens(Client client, UserSubject sub) throws
OAuthServiceException {
         // TODO Auto-generated method stub
         return null;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2b1766a2/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CodeGrantEncryptingDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CodeGrantEncryptingDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CodeGrantEncryptingDataProvider.java
index 3f4d7da..80b09ec 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CodeGrantEncryptingDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CodeGrantEncryptingDataProvider.java
@@ -23,6 +23,7 @@ import java.util.List;
 import java.util.Set;
 
 import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider;
 import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
 import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
@@ -56,7 +57,7 @@ public class CodeGrantEncryptingDataProvider extends EncryptingDataProvider
     }
 
     @Override
-    public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c) throws OAuthServiceException
{
+    public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c, UserSubject sub)
throws OAuthServiceException {
         // TODO Auto-generated method stub
         return null;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2b1766a2/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
index 4363325..3e5fa5f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
@@ -149,13 +149,13 @@ public class EncryptingDataProvider implements OAuthDataProvider {
     }
 
     @Override
-    public List<ServerAccessToken> getAccessTokens(Client client) throws OAuthServiceException
{
+    public List<ServerAccessToken> getAccessTokens(Client client, UserSubject sub)
throws OAuthServiceException {
         // TODO Auto-generated method stub
         return null;
     }
 
     @Override
-    public List<RefreshToken> getRefreshTokens(Client client) throws OAuthServiceException
{
+    public List<RefreshToken> getRefreshTokens(Client client, UserSubject sub) throws
OAuthServiceException {
         // TODO Auto-generated method stub
         return null;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/2b1766a2/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
index 99fda9f..67a7118 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
@@ -22,6 +22,7 @@ import java.util.List;
 
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService;
 
 public class OidcAuthorizationCodeService extends AuthorizationCodeGrantService {
@@ -29,6 +30,7 @@ public class OidcAuthorizationCodeService extends AuthorizationCodeGrantService
     private boolean skipAuthorizationWithOidcScope;
     @Override
     protected boolean canAuthorizationBeSkipped(Client client,
+                                                UserSubject userSubject,
                                                 List<String> requestedScope,
                                                 List<OAuthPermission> permissions)
{
         // No need to challenge the authenticated user with the authorization form 

http://git-wip-us.apache.org/repos/asf/cxf/blob/2b1766a2/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
index edf8e98..b53c352 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
@@ -67,6 +67,7 @@ public class OidcImplicitService extends ImplicitGrantService {
     
     @Override
     protected boolean canAuthorizationBeSkipped(Client client,
+                                                UserSubject userSubject,
                                                 List<String> requestedScope,
                                                 List<OAuthPermission> permissions)
{
         // No need to challenge the authenticated user with the authorization form 


Mime
View raw message