Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 20C7E182BA for ; Tue, 8 Mar 2016 11:34:26 +0000 (UTC) Received: (qmail 5558 invoked by uid 500); 8 Mar 2016 11:34:25 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 5492 invoked by uid 500); 8 Mar 2016 11:34:25 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 5483 invoked by uid 99); 8 Mar 2016 11:34:25 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Mar 2016 11:34:25 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 0C7A9DFA26; Tue, 8 Mar 2016 11:34:25 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sergeyb@apache.org To: commits@cxf.apache.org Message-Id: <64bd2ce50689477cb70f7f9b00004d87@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: Saving response_type in the access token Date: Tue, 8 Mar 2016 11:34:25 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/3.1.x-fixes c77ce1ad3 -> 7d51f38de Saving response_type in the access token Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7d51f38d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7d51f38d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7d51f38d Branch: refs/heads/3.1.x-fixes Commit: 7d51f38def4160e441ec293c7b924efaaecda91f Parents: c77ce1a Author: Sergey Beryozkin Authored: Tue Mar 8 11:33:05 2016 +0000 Committer: Sergey Beryozkin Committed: Tue Mar 8 11:34:03 2016 +0000 ---------------------------------------------------------------------- .../oauth2/common/AccessTokenRegistration.java | 17 +++++++++++++++ .../oauth2/common/ServerAccessToken.java | 22 ++++++++++++++++++++ .../code/AuthorizationCodeGrantHandler.java | 1 + .../provider/AbstractOAuthDataProvider.java | 1 + .../services/AbstractImplicitGrantService.java | 2 +- .../oidc/idp/IdTokenResponseFilter.java | 4 ++++ .../rs/security/oidc/idp/OidcHybridService.java | 2 +- 7 files changed, 47 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/7d51f38d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java index 0a00ec4..1b862c0 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java @@ -35,6 +35,7 @@ public class AccessTokenRegistration { private List audiences = new LinkedList(); private String nonce; private String clientCodeVerifier; + private String responseType; private Map extraProperties = new LinkedHashMap(); /** @@ -142,6 +143,22 @@ public class AccessTokenRegistration { this.nonce = nonce; } + /** + * Set the response type + * @param responseType the response type + */ + public void setResponseType(String responseType) { + this.responseType = responseType; + } + + /** + * Get the response type + * @return the response type, null if no redirection flow was used + */ + public String getResponseType() { + return responseType; + } + public Map getExtraProperties() { return extraProperties; } http://git-wip-us.apache.org/repos/asf/cxf/blob/7d51f38d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java index 515568c..9833787 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java @@ -40,6 +40,7 @@ public abstract class ServerAccessToken extends AccessToken { private List audiences = new LinkedList(); private String clientCodeVerifier; private String nonce; + private String responseType; private Map extraProperties = new LinkedHashMap(); protected ServerAccessToken() { @@ -74,6 +75,10 @@ public abstract class ServerAccessToken extends AccessToken { this.scopes = token.getScopes(); this.audiences = token.getAudiences(); this.subject = token.getSubject(); + this.responseType = token.getResponseType(); + this.clientCodeVerifier = token.getClientCodeVerifier(); + this.nonce = token.getNonce(); + } /** @@ -139,6 +144,23 @@ public abstract class ServerAccessToken extends AccessToken { public String getGrantType() { return grantType; } + + /** + * Set the response type + * @param responseType the response type + */ + public void setResponseType(String responseType) { + this.responseType = responseType; + } + + /** + * Get the response type + * @return the response type, null if no redirection flow was used + */ + public String getResponseType() { + return responseType; + } + public List getAudiences() { return audiences; http://git-wip-us.apache.org/repos/asf/cxf/blob/7d51f38d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java index 32ba9d1..12e90fe 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java @@ -139,6 +139,7 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler { } reg.setAudiences(audiences); reg.setClientCodeVerifier(codeVerifier); + reg.setGrantType(OAuthConstants.CODE_RESPONSE_TYPE); return getDataProvider().createAccessToken(reg); } http://git-wip-us.apache.org/repos/asf/cxf/blob/7d51f38d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java index f5a8457..50dbe54 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java @@ -72,6 +72,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl at.setSubject(atReg.getSubject()); at.setClientCodeVerifier(atReg.getClientCodeVerifier()); at.setNonce(atReg.getNonce()); + at.setResponseType(atReg.getResponseType()); at.getExtraProperties().putAll(atReg.getExtraProperties()); return at; } http://git-wip-us.apache.org/repos/asf/cxf/blob/7d51f38d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java index 99db2eb..3a18a66 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java @@ -127,10 +127,10 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant AccessTokenRegistration reg = new AccessTokenRegistration(); reg.setClient(client); reg.setGrantType(super.getSupportedGrantType()); + reg.setResponseType(state.getResponseType()); reg.setSubject(userSubject); reg.setRequestedScope(requestedScope); reg.setApprovedScope(getApprovedScope(requestedScope, approvedScope)); - reg.setAudiences(Collections.singletonList(state.getAudience())); reg.setNonce(state.getNonce()); return reg; http://git-wip-us.apache.org/repos/asf/cxf/blob/7d51f38d/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java index 963aab2..ac35fbc 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java @@ -38,6 +38,10 @@ public class IdTokenResponseFilter extends OAuthServerJoseJwtProducer implements private IdTokenProvider idTokenProvider; @Override public void process(ClientAccessToken ct, ServerAccessToken st) { + if (st.getResponseType() != null + && OAuthConstants.TOKEN_RESPONSE_TYPE.equals(st.getResponseType())) { + return; + } // Only add an IdToken if the client has the "openid" scope if (ct.getApprovedScope() == null || !ct.getApprovedScope().contains(OidcUtils.OPENID_SCOPE)) { return; http://git-wip-us.apache.org/repos/asf/cxf/blob/7d51f38d/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java index 0ceda9c..d73f2ea 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java @@ -87,7 +87,7 @@ public class OidcHybridService extends OidcImplicitService { StringBuilder sb = super.prepareGrant(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); - if (actualResponseType.startsWith(OAuthConstants.AUTHORIZATION_CODE_VALUE)) { + if (actualResponseType.startsWith(OAuthConstants.CODE_RESPONSE_TYPE)) { state.setResponseType(OAuthConstants.CODE_RESPONSE_TYPE); String code = codeService.getGrantCode(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);