cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Saving response_type in the access token
Date Tue, 08 Mar 2016 11:33:32 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 34db96d90 -> e91ec44a4


Saving response_type in the access token


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e91ec44a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e91ec44a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e91ec44a

Branch: refs/heads/master
Commit: e91ec44a4ee22a0427d140d3016343b9d5a015ad
Parents: 34db96d
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Tue Mar 8 11:33:05 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Tue Mar 8 11:33:05 2016 +0000

----------------------------------------------------------------------
 .../oauth2/common/AccessTokenRegistration.java  | 17 +++++++++++++++
 .../oauth2/common/ServerAccessToken.java        | 22 ++++++++++++++++++++
 .../code/AuthorizationCodeGrantHandler.java     |  1 +
 .../provider/AbstractOAuthDataProvider.java     |  1 +
 .../services/AbstractImplicitGrantService.java  |  2 +-
 .../oidc/idp/IdTokenResponseFilter.java         |  4 ++++
 .../rs/security/oidc/idp/OidcHybridService.java |  2 +-
 7 files changed, 47 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e91ec44a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
index 0a00ec4..1b862c0 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
@@ -35,6 +35,7 @@ public class AccessTokenRegistration {
     private List<String> audiences = new LinkedList<String>();
     private String nonce;
     private String clientCodeVerifier;
+    private String responseType;
     private Map<String, String> extraProperties = new LinkedHashMap<String, String>();
     
     /**
@@ -142,6 +143,22 @@ public class AccessTokenRegistration {
         this.nonce = nonce;
     }
 
+    /**
+     * Set the response type
+     * @param responseType the response type
+     */
+    public void setResponseType(String responseType) {
+        this.responseType = responseType;
+    }
+
+    /**
+     * Get the response type
+     * @return the response type, null if no redirection flow was used
+     */
+    public String getResponseType() {
+        return responseType;
+    }
+    
     public Map<String, String> getExtraProperties() {
         return extraProperties;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e91ec44a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
index 515568c..9833787 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
@@ -40,6 +40,7 @@ public abstract class ServerAccessToken extends AccessToken {
     private List<String> audiences = new LinkedList<String>();
     private String clientCodeVerifier;
     private String nonce;
+    private String responseType;
     private Map<String, String> extraProperties = new LinkedHashMap<String, String>();
     
     protected ServerAccessToken() {
@@ -74,6 +75,10 @@ public abstract class ServerAccessToken extends AccessToken {
         this.scopes = token.getScopes();
         this.audiences = token.getAudiences();
         this.subject = token.getSubject();
+        this.responseType = token.getResponseType();
+        this.clientCodeVerifier = token.getClientCodeVerifier();
+        this.nonce = token.getNonce();
+        
     }
 
     /**
@@ -139,6 +144,23 @@ public abstract class ServerAccessToken extends AccessToken {
     public String getGrantType() {
         return grantType;
     }
+    
+    /**
+     * Set the response type
+     * @param responseType the response type
+     */
+    public void setResponseType(String responseType) {
+        this.responseType = responseType;
+    }
+
+    /**
+     * Get the response type
+     * @return the response type, null if no redirection flow was used
+     */
+    public String getResponseType() {
+        return responseType;
+    }
+    
 
     public List<String> getAudiences() {
         return audiences;

http://git-wip-us.apache.org/repos/asf/cxf/blob/e91ec44a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index 9844a30..d89c14c 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -138,6 +138,7 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler
{
         }
         reg.setAudiences(audiences);
         reg.setClientCodeVerifier(codeVerifier);
+        reg.setGrantType(OAuthConstants.CODE_RESPONSE_TYPE);
         return getDataProvider().createAccessToken(reg);
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/e91ec44a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 275081a..e12e066 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -72,6 +72,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
         at.setSubject(atReg.getSubject());
         at.setClientCodeVerifier(atReg.getClientCodeVerifier());
         at.setNonce(atReg.getNonce());
+        at.setResponseType(atReg.getResponseType()); 
         at.getExtraProperties().putAll(atReg.getExtraProperties());
         return at;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e91ec44a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index 99db2eb..3a18a66 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -127,10 +127,10 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
         AccessTokenRegistration reg = new AccessTokenRegistration();
         reg.setClient(client);
         reg.setGrantType(super.getSupportedGrantType());
+        reg.setResponseType(state.getResponseType());
         reg.setSubject(userSubject);
         reg.setRequestedScope(requestedScope);        
         reg.setApprovedScope(getApprovedScope(requestedScope, approvedScope));
-        
         reg.setAudiences(Collections.singletonList(state.getAudience()));
         reg.setNonce(state.getNonce());
         return reg;

http://git-wip-us.apache.org/repos/asf/cxf/blob/e91ec44a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index 963aab2..ac35fbc 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -38,6 +38,10 @@ public class IdTokenResponseFilter extends OAuthServerJoseJwtProducer implements
     private IdTokenProvider idTokenProvider;
     @Override
     public void process(ClientAccessToken ct, ServerAccessToken st) {
+        if (st.getResponseType() != null
+            && OAuthConstants.TOKEN_RESPONSE_TYPE.equals(st.getResponseType())) {
+            return;
+        }
         // Only add an IdToken if the client has the "openid" scope
         if (ct.getApprovedScope() == null || !ct.getApprovedScope().contains(OidcUtils.OPENID_SCOPE))
{
             return;

http://git-wip-us.apache.org/repos/asf/cxf/blob/e91ec44a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
index 0ceda9c..d73f2ea 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
@@ -87,7 +87,7 @@ public class OidcHybridService extends OidcImplicitService {
         StringBuilder sb = super.prepareGrant(state, client, requestedScope, 
                                                           approvedScope, userSubject, preAuthorizedToken);
    
-        if (actualResponseType.startsWith(OAuthConstants.AUTHORIZATION_CODE_VALUE)) {
+        if (actualResponseType.startsWith(OAuthConstants.CODE_RESPONSE_TYPE)) {
             state.setResponseType(OAuthConstants.CODE_RESPONSE_TYPE);
             String code = codeService.getGrantCode(state, client, requestedScope,
                                                    approvedScope, userSubject, preAuthorizedToken);


Mime
View raw message