cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Updating SubjectCreator to accept Client too as it may be needed to create UserSubject correctly
Date Mon, 08 Feb 2016 13:23:46 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 81f1f76a7 -> 22ce8ff65


Updating SubjectCreator to accept Client too as it may be needed to create UserSubject correctly


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/22ce8ff6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/22ce8ff6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/22ce8ff6

Branch: refs/heads/master
Commit: 22ce8ff6565f287ab64605125fe2ff03fa7484b4
Parents: 81f1f76
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Feb 8 13:23:31 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Feb 8 13:23:31 2016 +0000

----------------------------------------------------------------------
 .../oauth2/common/OAuthAuthorizationData.java   | 17 +++++++++++++++
 .../oauth2/common/OAuthRedirectionState.java    | 17 ---------------
 .../oauth2/provider/DefaultSubjectCreator.java  |  3 ++-
 .../provider/JoseSessionTokenProvider.java      | 22 ++++++++------------
 .../oauth2/provider/SubjectCreator.java         |  4 +++-
 .../services/AbstractImplicitGrantService.java  |  6 +++---
 .../services/DirectAuthorizationService.java    |  9 ++++----
 .../services/RedirectionBasedGrantService.java  | 14 ++++++-------
 .../security/oidc/idp/OidcImplicitService.java  |  2 +-
 9 files changed, 47 insertions(+), 47 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/22ce8ff6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
index 218ad19..73c154c 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
@@ -39,6 +39,7 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 public class OAuthAuthorizationData extends OAuthRedirectionState implements Serializable
{
     private static final long serialVersionUID = -7755998413495017637L;
     
+    private String clientId;
     private String endUserName;
     private String authenticityToken;
     private String replyTo;
@@ -59,6 +60,22 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
     }
 
     /**
+     * Sets the client id which needs to be retained in a hidden form field
+     * @param clientId the client id
+     */
+    public void setClientId(String clientId) {
+        this.clientId = clientId;
+    }
+
+    /**
+     * Gets the client id which needs to be retained in a hidden form field
+     * @return the client id
+     */
+    public String getClientId() {
+        return clientId;
+    }
+    
+    /**
      * Get the client application name
      * @return application name
      */

http://git-wip-us.apache.org/repos/asf/cxf/blob/22ce8ff6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
index 0ff4d47..761d41f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
@@ -23,7 +23,6 @@ import java.io.Serializable;
 public class OAuthRedirectionState implements Serializable {
     
     private static final long serialVersionUID = -661649302262699347L;
-    private String clientId;
     private String redirectUri;
     private String state;
     private String proposedScope;
@@ -37,22 +36,6 @@ public class OAuthRedirectionState implements Serializable {
 
     
     /**
-     * Sets the client id which needs to be retained in a hidden form field
-     * @param clientId the client id
-     */
-    public void setClientId(String clientId) {
-        this.clientId = clientId;
-    }
-
-    /**
-     * Gets the client id which needs to be retained in a hidden form field
-     * @return the client id
-     */
-    public String getClientId() {
-        return clientId;
-    }
-
-    /**
      * Sets the redirect uri which needs to be retained in a hidden form field
      * @param redirectUri the redirect uri
      */

http://git-wip-us.apache.org/repos/asf/cxf/blob/22ce8ff6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultSubjectCreator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultSubjectCreator.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultSubjectCreator.java
index ae870fb..36afd1b 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultSubjectCreator.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultSubjectCreator.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.rs.security.oauth2.provider;
 
 import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 import org.apache.cxf.security.SecurityContext;
@@ -26,7 +27,7 @@ import org.apache.cxf.security.SecurityContext;
 public class DefaultSubjectCreator implements SubjectCreator {
 
     @Override
-    public UserSubject createUserSubject(MessageContext mc) throws OAuthServiceException
{
+    public UserSubject createUserSubject(MessageContext mc, Client client) throws OAuthServiceException
{
         return OAuthUtils.createSubject(mc, 
                                         (SecurityContext)mc.get(SecurityContext.class.getName()));
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/22ce8ff6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
index 1948c0f..9722e16 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
@@ -147,36 +147,32 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide
     private OAuthRedirectionState convertStateStringToState(String stateString) {
         String[] parts = ModelEncryptionSupport.getParts(stateString);
         OAuthRedirectionState state = new OAuthRedirectionState();
-        state.setClientId(parts[0]);
+        if (!StringUtils.isEmpty(parts[0])) {
+            state.setAudience(parts[0]);
+        }
         if (!StringUtils.isEmpty(parts[1])) {
-            state.setAudience(parts[1]);
+            state.setClientCodeChallenge(parts[1]);
         }
         if (!StringUtils.isEmpty(parts[2])) {
-            state.setClientCodeChallenge(parts[2]);
+            state.setState(parts[2]);
         }
         if (!StringUtils.isEmpty(parts[3])) {
-            state.setState(parts[3]);
+            state.setProposedScope(parts[3]);
         }
         if (!StringUtils.isEmpty(parts[4])) {
-            state.setProposedScope(parts[4]);
+            state.setRedirectUri(parts[4]);
         }
         if (!StringUtils.isEmpty(parts[5])) {
-            state.setRedirectUri(parts[5]);
+            state.setNonce(parts[5]);
         }
         if (!StringUtils.isEmpty(parts[6])) {
-            state.setNonce(parts[6]);
-        }
-        if (!StringUtils.isEmpty(parts[7])) {
-            state.setResponseType(parts[7]);
+            state.setResponseType(parts[6]);
         }
         return state;
     }
     protected String convertStateToString(OAuthRedirectionState secData) {
         //TODO: make it simpler, convert it to JwtClaims -> JSON
         StringBuilder state = new StringBuilder();
-        // 0: client id
-        state.append(ModelEncryptionSupport.tokenizeString(secData.getClientId()));
-        state.append(ModelEncryptionSupport.SEP);
         // 1: client audience
         state.append(ModelEncryptionSupport.tokenizeString(secData.getAudience()));
         state.append(ModelEncryptionSupport.SEP);

http://git-wip-us.apache.org/repos/asf/cxf/blob/22ce8ff6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/SubjectCreator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/SubjectCreator.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/SubjectCreator.java
index 74f9486..e21b4d6 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/SubjectCreator.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/SubjectCreator.java
@@ -20,6 +20,7 @@
 package org.apache.cxf.rs.security.oauth2.provider;
 
 import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 
 /**
@@ -32,8 +33,9 @@ public interface SubjectCreator {
     /**
      * Create a {@link UserSubject} 
      * @param mc the {@link MessageContext} of this request
+     * @param client the client
      * @return {@link UserSubject}
      * @throws OAuthServiceException
      */
-    UserSubject createUserSubject(MessageContext mc) throws OAuthServiceException;
+    UserSubject createUserSubject(MessageContext mc, Client client) throws OAuthServiceException;
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/22ce8ff6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index f3c466b..6c9349d 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -108,16 +108,16 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
             processRefreshToken(sb, token.getRefreshToken());
         }
         
-        return finalizeResponse(sb, state);
+        return finalizeResponse(sb, client, state);
     }
     
-    protected Response finalizeResponse(StringBuilder sb, OAuthRedirectionState state) {
+    protected Response finalizeResponse(StringBuilder sb, Client client, OAuthRedirectionState
state) {
         if (state.getState() != null) {
             sb.append("&");
             sb.append(OAuthConstants.STATE).append("=").append(state.getState());   
         }
         if (reportClientId) {
-            sb.append("&").append(OAuthConstants.CLIENT_ID).append("=").append(state.getClientId());
+            sb.append("&").append(OAuthConstants.CLIENT_ID).append("=").append(client.getClientId());
         }
         
         return Response.seeOther(URI.create(sb.toString())).build();

http://git-wip-us.apache.org/repos/asf/cxf/blob/22ce8ff6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
index f88a85a..c39badb 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
@@ -51,9 +51,10 @@ public class DirectAuthorizationService extends AbstractOAuthService {
     @Produces("text/html")
     public Response authorize(MultivaluedMap<String, String> params) {
         SecurityContext sc = getAndValidateSecurityContext(params);
-        // Create a UserSubject representing the end user 
-        UserSubject userSubject = createUserSubject(sc);
         Client client = getClient(params);
+        // Create a UserSubject representing the end user 
+        UserSubject userSubject = createUserSubject(sc, client);
+        
         
         AccessTokenRegistration reg = new AccessTokenRegistration();
         reg.setClient(client);
@@ -82,10 +83,10 @@ public class DirectAuthorizationService extends AbstractOAuthService {
         checkTransportSecurity();
         return securityContext;
     }
-    protected UserSubject createUserSubject(SecurityContext securityContext) {
+    protected UserSubject createUserSubject(SecurityContext securityContext, Client client)
{
         UserSubject subject = null;
         if (subjectCreator != null) {
-            subject = subjectCreator.createUserSubject(getMessageContext());
+            subject = subjectCreator.createUserSubject(getMessageContext(), client);
             if (subject != null) {
                 return subject; 
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/22ce8ff6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index cb833c9..12b6f2a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -118,9 +118,9 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
     protected Response startAuthorization(MultivaluedMap<String, String> params) {
         // Make sure the end user has authenticated, check if HTTPS is used
         SecurityContext sc = getAndValidateSecurityContext(params);
-        // Create a UserSubject representing the end user 
-        UserSubject userSubject = createUserSubject(sc);
         Client client = getClient(params);
+        // Create a UserSubject representing the end user 
+        UserSubject userSubject = createUserSubject(sc, client);
         return startAuthorization(params, userSubject, client);
     }
         
@@ -277,7 +277,6 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         }
         if (state == null) {
             state = new OAuthRedirectionState();
-            state.setClientId(params.getFirst(OAuthConstants.CLIENT_ID));
             state.setRedirectUri(params.getFirst(OAuthConstants.REDIRECT_URI));
             state.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
             // or if no audience parameter is available, set the list of client
@@ -311,7 +310,9 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
     protected Response completeAuthorization(MultivaluedMap<String, String> params)
{
         // Make sure the end user has authenticated, check if HTTPS is used
         SecurityContext securityContext = getAndValidateSecurityContext(params);
-        UserSubject userSubject = createUserSubject(securityContext);
+        Client client = getClient(params.getFirst(OAuthConstants.CLIENT_ID));
+        
+        UserSubject userSubject = createUserSubject(securityContext, client);
         
         // Make sure the session is valid
         String sessionTokenParamName = params.getFirst(OAuthConstants.SESSION_AUTHENTICITY_TOKEN_PARAM_NAME);
@@ -325,7 +326,6 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         
         OAuthRedirectionState state = 
             recreateRedirectionStateFromSession(userSubject, params, sessionToken);
-        Client client = getClient(state.getClientId());
         String redirectUri = validateRedirectUri(client, state.getRedirectUri());
         
         // Get the end user decision value
@@ -370,10 +370,10 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         this.subjectCreator = creator;
     }
     
-    protected UserSubject createUserSubject(SecurityContext securityContext) {
+    protected UserSubject createUserSubject(SecurityContext securityContext, Client client)
{
         UserSubject subject = null;
         if (subjectCreator != null) {
-            subject = subjectCreator.createUserSubject(getMessageContext());
+            subject = subjectCreator.createUserSubject(getMessageContext(), client);
             if (subject != null) {
                 return subject; 
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/22ce8ff6/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
index f8a72ab..1bbc391 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
@@ -105,7 +105,7 @@ public class OidcImplicitService extends ImplicitGrantService {
             sb.append("&");
             sb.append(OAuthConstants.STATE).append("=").append(state.getState());   
         }
-        return finalizeResponse(sb, state);
+        return finalizeResponse(sb, client, state);
     }
     
     private String getProcessedIdToken(OAuthRedirectionState state, UserSubject subject)
{


Mime
View raw message