cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Throw an exception if the client specifies another value with "none" for "prompt"
Date Mon, 23 May 2016 14:04:23 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 5e11c6d98 -> e2f9b7da6


Throw an exception if the client specifies another value with "none" for "prompt"


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e2f9b7da
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e2f9b7da
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e2f9b7da

Branch: refs/heads/master
Commit: e2f9b7da6a5e3c9a678c0b45415ac87735bd0494
Parents: 5e11c6d
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon May 23 15:03:46 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon May 23 15:04:19 2016 +0100

----------------------------------------------------------------------
 .../oidc/idp/OidcAuthorizationCodeService.java  | 29 ++++++++++++++++++++
 .../security/oidc/idp/OidcImplicitService.java  | 18 ++++++++++++
 .../jaxrs/security/oidc/OIDCNegativeTest.java   |  2 --
 3 files changed, 47 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e2f9b7da/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
index 9b6f4f8..a4e9ed5 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
@@ -19,19 +19,26 @@
 package org.apache.cxf.rs.security.oidc.idp;
 
 import java.util.List;
+import java.util.logging.Level;
 
 import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
 
 import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.OAuthError;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
 import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
 
 public class OidcAuthorizationCodeService extends AuthorizationCodeGrantService {
+    private static final String PROMPT_PARAMETER = "prompt";
+    
     private boolean skipAuthorizationWithOidcScope;
     @Override
     protected boolean canAuthorizationBeSkipped(Client client,
@@ -47,6 +54,28 @@ public class OidcAuthorizationCodeService extends AuthorizationCodeGrantService
     public void setSkipAuthorizationWithOidcScope(boolean skipAuthorizationWithOidcScope)
{
         this.skipAuthorizationWithOidcScope = skipAuthorizationWithOidcScope;
     }
+    
+    @Override
+    protected Response startAuthorization(MultivaluedMap<String, String> params, 
+                                          UserSubject userSubject,
+                                          Client client) {    
+        // Validate the prompt - if it contains "none" then an error is returned with any
other value
+        String prompt = params.getFirst(PROMPT_PARAMETER);
+        if (prompt != null) {
+            String[] promptValues = prompt.trim().split(" ");
+            if (promptValues.length > 1) {
+                for (String promptValue : promptValues) {
+                    if ("none".equals(promptValue)) {
+                        LOG.log(Level.FINE, "The prompt value {} is invalid", prompt);
+                        throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
+                    }
+                }
+            }
+        }
+        
+        return super.startAuthorization(params, userSubject, client);
+    }
+    
     protected AuthorizationCodeRegistration createCodeRegistration(OAuthRedirectionState
state, 
                                                                    Client client, 
                                                                    List<String> requestedScope,


http://git-wip-us.apache.org/repos/asf/cxf/blob/e2f9b7da/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
index 558dfd8..c35526c 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
@@ -23,6 +23,7 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Properties;
 import java.util.Set;
+import java.util.logging.Level;
 
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
@@ -48,6 +49,8 @@ import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
 
 
 public class OidcImplicitService extends ImplicitGrantService {
+    private static final String PROMPT_PARAMETER = "prompt";
+    
     private boolean skipAuthorizationWithOidcScope;
     private OAuthJoseJwtProducer idTokenHandler;
     private IdTokenProvider idTokenProvider;
@@ -74,6 +77,21 @@ public class OidcImplicitService extends ImplicitGrantService {
             LOG.fine("A nonce is required for the Implicit flow");
             throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
         }
+        
+        // Validate the prompt - if it contains "none" then an error is returned with any
other value
+        String prompt = params.getFirst(PROMPT_PARAMETER);
+        if (prompt != null) {
+            String[] promptValues = prompt.trim().split(" ");
+            if (promptValues.length > 1) {
+                for (String promptValue : promptValues) {
+                    if ("none".equals(promptValue)) {
+                        LOG.log(Level.FINE, "The prompt value {} is invalid", prompt);
+                        throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
+                    }
+                }
+            }
+        }
+        
         return super.startAuthorization(params, userSubject, client);
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/e2f9b7da/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
index 3f5d247..d24576b 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
@@ -60,9 +60,7 @@ public class OIDCNegativeTest extends AbstractBusClientServerTestBase {
         );
     }
     
-    // TODO
     @org.junit.Test
-    @org.junit.Ignore
     public void testImplicitFlowPromptNone() throws Exception {
         URL busFile = OIDCFlowTest.class.getResource("client.xml");
         


Mime
View raw message