cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf-fediz git commit: Further simplifying OAuthDataManager code
Date Tue, 19 Jan 2016 13:24:26 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master c820b5a5e -> 941e81db3


Further simplifying OAuthDataManager code


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/941e81db
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/941e81db
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/941e81db

Branch: refs/heads/master
Commit: 941e81db3e6577d2096578eaa294b15f5ca59a69
Parents: c820b5a
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Tue Jan 19 13:24:08 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Tue Jan 19 13:24:08 2016 +0000

----------------------------------------------------------------------
 .../fediz/service/oidc/OAuthDataManager.java    | 36 ++------------------
 .../main/webapp/WEB-INF/applicationContext.xml  |  2 +-
 .../src/main/webapp/WEB-INF/data-manager.xml    | 13 +++++--
 3 files changed, 15 insertions(+), 36 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/941e81db/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
index f8d7584..3f9b955 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
@@ -19,13 +19,10 @@
 package org.apache.cxf.fediz.service.oidc;
 
 import java.security.Principal;
-import java.util.List;
-import java.util.Map;
 
 import org.apache.cxf.fediz.core.FedizPrincipal;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
 import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
@@ -35,7 +32,6 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oidc.common.IdToken;
 import org.apache.cxf.rs.security.oidc.idp.OidcUserSubject;
-import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
 
 public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
     private SamlTokenConverter tokenConverter = new SamlTokenConverter();
@@ -65,14 +61,6 @@ public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
         return token;
     }
     
-    @Override
-    public List<OAuthPermission> convertScopeToPermissions(Client client, List<String>
requestedScopes) {
-        if (!requestedScopes.contains(OidcUtils.OPENID_SCOPE)) {
-            throw new OAuthServiceException("Required scope is missing");    
-        }
-        return super.convertScopeToPermissions(client, requestedScopes);
-    }
-    
     protected OidcUserSubject createOidcSubject(Client client, UserSubject subject) {
         Principal principal = getMessageContext().getSecurityContext().getUserPrincipal();
         
@@ -85,33 +73,15 @@ public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
                                                fedizPrincipal.getClaims(),
                                                client.getClientId());
         
-        //TODO: Consider populating UserInfo at this point too, with UserInfo having few
more claims
-        // from the claims collection, and setting it on OidcUserSubject
-        
         OidcUserSubject oidcSub = new OidcUserSubject(subject);
         oidcSub.setIdToken(idToken);
+        // UserInfo can be populated and set on OidcUserSubject too.
+        
+        
         return oidcSub;
     }
     
     public void setTokenConverter(SamlTokenConverter tokenConverter) {
         this.tokenConverter = tokenConverter;
     }
-
-    @Override 
-    public void init() {
-        super.init();
-        Map<String, OAuthPermission> perms = super.getPermissionMap();
-        if (!perms.containsKey(OidcUtils.OPENID_SCOPE)) {
-            perms.put(OidcUtils.OPENID_SCOPE,
-                new OAuthPermission(OidcUtils.OPENID_SCOPE, "Access the authentication claims"));
-        }
-        perms.get(OidcUtils.OPENID_SCOPE).setDefault(true);
-        
-        if (!perms.containsKey(OAuthConstants.REFRESH_TOKEN_SCOPE)) {
-            perms.put(OAuthConstants.REFRESH_TOKEN_SCOPE, 
-                new OAuthPermission(OAuthConstants.REFRESH_TOKEN_SCOPE, "Refresh access tokens"));
-        }
-        perms.get(OAuthConstants.REFRESH_TOKEN_SCOPE).setInvisibleToClient(true);
-        
-    }
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/941e81db/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
index baa2861..76a0730 100644
--- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
@@ -95,7 +95,7 @@
     <bean id="clientRegService" init-method="init" class="org.apache.cxf.fediz.service.oidc.ClientRegistrationService">
        <property name="dataProvider" ref="oauthProvider"/>
        <!-- 
-           <property name="clientScopes" ref="acceptedScopes"/>
+           <property name="clientScopes" ref="supportedScopes"/>
        -->
        <property name="homeRealms">
           <map>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/941e81db/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
index 7804d38..0e4f16d 100644
--- a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
@@ -32,13 +32,22 @@
     <bean id="samlTokenConverter" class="org.apache.cxf.fediz.service.oidc.SamlTokenConverter">
         <property name="issuer" value="accounts.fediz.com"/>
     </bean>
-    <util:map id="acceptedScopes">
+    <util:map id="supportedScopes">
         <entry key="openid" value="Access the authentication claims" />
         <entry key="refreshToken" value="Refresh access tokens" />
     </util:map>
+    <util:list id="coreScopes">
+        <value>openid</value>
+    </util:list>
+    <util:list id="invisibleToClientScopes">
+        <value>refreshToken</value>
+    </util:list>
     <bean id="oauthProvider" class="org.apache.cxf.fediz.service.oidc.OAuthDataManager"
           init-method="init" destroy-method="close">
-        <property name="scopes" ref="acceptedScopes"/>
+        <property name="supportedScopes" ref="supportedScopes"/>
+        <property name="requiredScopes" ref="coreScopes"/>
+        <property name="defaultScopes" ref="coreScopes"/>
+        <property name="invisibleToClientScopes" ref="invisibleToClientScopes"/>
     <!--
         <property name="accessTokenLifetime" value="3600"/>
     -->


Mime
View raw message