cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-7152] More FormResponse work
Date Wed, 30 Nov 2016 16:26:13 GMT
Repository: cxf
Updated Branches:
  refs/heads/master bddf16d73 -> 5b6b0947a


[CXF-7152] More FormResponse work


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5b6b0947
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5b6b0947
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5b6b0947

Branch: refs/heads/master
Commit: 5b6b0947a07a4bc6962d1069afbc4bbc28a19e55
Parents: bddf16d
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Nov 30 16:25:58 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Nov 30 16:25:58 2016 +0000

----------------------------------------------------------------------
 .../common/AbstractAuthorizationResponse.java   | 41 ++++++++
 .../common/AbstractFormImplicitResponse.java    | 48 ++++++++++
 .../common/FormAuthorizationResponse.java       | 40 ++++++++
 .../oauth2/common/FormTokenResponse.java        | 50 ++++++++++
 .../oauth2/common/OOBAuthorizationResponse.java | 29 +-----
 .../services/AbstractImplicitGrantService.java  | 98 ++++++++++++++------
 .../services/AuthorizationCodeGrantService.java | 30 +++---
 .../services/RedirectionBasedGrantService.java  |  8 ++
 .../security/oidc/idp/FormHybridResponse.java   | 42 +++++++++
 .../security/oidc/idp/FormIdTokenResponse.java  | 33 +++++++
 .../rs/security/oidc/idp/OidcHybridService.java | 56 +++++++++--
 .../security/oidc/idp/OidcImplicitService.java  | 28 +++++-
 12 files changed, 421 insertions(+), 82 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/5b6b0947/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AbstractAuthorizationResponse.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AbstractAuthorizationResponse.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AbstractAuthorizationResponse.java
new file mode 100644
index 0000000..eaf46f4
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AbstractAuthorizationResponse.java
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.common;
+
+
+public abstract class AbstractAuthorizationResponse {
+    private String authorizationCode;
+    private long expiresIn;
+    public String getAuthorizationCode() {
+        return authorizationCode;
+    }
+
+    public void setAuthorizationCode(String authorizationCode) {
+        this.authorizationCode = authorizationCode;
+    }
+
+    
+    public long getExpiresIn() {
+        return expiresIn;
+    }
+
+    public void setExpiresIn(long lifetime) {
+        this.expiresIn = lifetime;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/5b6b0947/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AbstractFormImplicitResponse.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AbstractFormImplicitResponse.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AbstractFormImplicitResponse.java
new file mode 100644
index 0000000..3fa841f
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AbstractFormImplicitResponse.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.common;
+
+
+public abstract class AbstractFormImplicitResponse {
+    private String responseType;
+    private String redirectUri;
+    private String state;
+    public String getRedirectUri() {
+        return redirectUri;
+    }
+
+    public void setRedirectUri(String redirectUri) {
+        this.redirectUri = redirectUri;
+    }
+
+    public String getResponseType() {
+        return responseType;
+    }
+
+    public void setResponseType(String responseType) {
+        this.responseType = responseType;
+    }
+    public String getState() {
+        return state;
+    }
+
+    public void setState(String state) {
+        this.state = state;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/5b6b0947/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/FormAuthorizationResponse.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/FormAuthorizationResponse.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/FormAuthorizationResponse.java
new file mode 100644
index 0000000..5ba6364
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/FormAuthorizationResponse.java
@@ -0,0 +1,40 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.common;
+
+
+public class FormAuthorizationResponse extends AbstractAuthorizationResponse {
+    private String redirectUri;
+    private String state;
+    public String getRedirectUri() {
+        return redirectUri;
+    }
+
+    public void setRedirectUri(String redirectUri) {
+        this.redirectUri = redirectUri;
+    }
+
+    public String getState() {
+        return state;
+    }
+
+    public void setState(String state) {
+        this.state = state;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/5b6b0947/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/FormTokenResponse.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/FormTokenResponse.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/FormTokenResponse.java
new file mode 100644
index 0000000..459da82
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/FormTokenResponse.java
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.common;
+
+
+public class FormTokenResponse extends AbstractFormImplicitResponse {
+    private String accessToken;
+    private String accessTokenType;
+    private long accessTokenExpiresIn;
+
+    public String getAccessToken() {
+        return accessToken;
+    }
+
+    public void setAccessToken(String accessToken) {
+        this.accessToken = accessToken;
+    }
+
+    public String getAccessTokenType() {
+        return accessTokenType;
+    }
+
+    public void setAccessTokenType(String accessTokenType) {
+        this.accessTokenType = accessTokenType;
+    }
+
+    public long getAccessTokenExpiresIn() {
+        return accessTokenExpiresIn;
+    }
+
+    public void setAccessTokenExpiresIn(long accessTokenExpiresIn) {
+        this.accessTokenExpiresIn = accessTokenExpiresIn;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/5b6b0947/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java
index 673c2b0..6220258 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OOBAuthorizationResponse.java
@@ -19,21 +19,10 @@
 package org.apache.cxf.rs.security.oauth2.common;
 
 
-public class OOBAuthorizationResponse {
-    private String authorizationCode;
+public class OOBAuthorizationResponse extends AbstractAuthorizationResponse {
     private String clientId;
     private String clientDescription;
     private String userId;
-    private long expiresIn;
-    private String redirectUri;
-    public String getAuthorizationCode() {
-        return authorizationCode;
-    }
-
-    public void setAuthorizationCode(String authorizationCode) {
-        this.authorizationCode = authorizationCode;
-    }
-
     public String getClientId() {
         return clientId;
     }
@@ -50,14 +39,7 @@ public class OOBAuthorizationResponse {
         this.userId = userId;
     }
 
-    public long getExpiresIn() {
-        return expiresIn;
-    }
-
-    public void setExpiresIn(long lifetime) {
-        this.expiresIn = lifetime;
-    }
-
+    
     public String getClientDescription() {
         return clientDescription;
     }
@@ -66,12 +48,5 @@ public class OOBAuthorizationResponse {
         this.clientDescription = clientDescription;
     }
 
-    public String getRedirectUri() {
-        return redirectUri;
-    }
-
-    public void setRedirectUri(String redirectUri) {
-        this.redirectUri = redirectUri;
-    }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5b6b0947/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index 0beae41..75966fb 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -31,9 +31,11 @@ import javax.ws.rs.core.Response;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.utils.HttpUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.rs.security.oauth2.common.AbstractFormImplicitResponse;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.FormTokenResponse;
 import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
@@ -57,41 +59,30 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
     }
     
     protected Response createGrant(OAuthRedirectionState state,
-                                          Client client,
-                                          List<String> requestedScope,
-                                          List<String> approvedScope,
-                                          UserSubject userSubject,
-                                          ServerAccessToken preAuthorizedToken) {
-        StringBuilder sb =
-            prepareGrant(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
-        return Response.seeOther(URI.create(sb.toString())).build();
-        
-    }
-    protected StringBuilder prepareGrant(OAuthRedirectionState state,
                                    Client client,
                                    List<String> requestedScope,
                                    List<String> approvedScope,
                                    UserSubject userSubject,
                                    ServerAccessToken preAuthorizedToken) {
-        
-        ServerAccessToken token = null;
-        if (preAuthorizedToken == null) {
-            AccessTokenRegistration reg = createTokenRegistration(state,
-                                                                  client,
-                                                                  requestedScope,
-                                                                  approvedScope,
-                                                                  userSubject);
-            token = getDataProvider().createAccessToken(reg);
+        if (isFormResponse(state)) {
+            return createHtmlResponse(prepareFormResponse(state, client, requestedScope,

+                                            approvedScope, userSubject, preAuthorizedToken));
         } else {
-            token = preAuthorizedToken;
-            if (state.getNonce() != null) {
-                JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, state.getNonce());
-            }
+            StringBuilder sb = 
+                prepareRedirectResponse(state, client, requestedScope, approvedScope, userSubject,
preAuthorizedToken);
+            return Response.seeOther(URI.create(sb.toString())).build();
         }
+    }
+    
+    protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state,
+                                          Client client,
+                                          List<String> requestedScope,
+                                          List<String> approvedScope,
+                                          UserSubject userSubject,
+                                          ServerAccessToken preAuthorizedToken) {
         
-        ClientAccessToken clientToken = OAuthUtils.toClientAccessToken(token, isWriteOptionalParameters());
-        processClientAccessToken(clientToken, token);
-        
+        ClientAccessToken clientToken = 
+            getClientAccessToken(state, client, requestedScope, approvedScope, userSubject,
preAuthorizedToken);
         // return the token by appending it as a fragment parameter to the redirect URI
         
         StringBuilder sb = getUriWithFragment(state.getRedirectUri());
@@ -111,14 +102,61 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
                 sb.append("&").append(entry.getKey()).append("=").append(HttpUtils.queryEncode(entry.getValue()));
             }
         }
-        if (token.getRefreshToken() != null) {
-            processRefreshToken(sb, token.getRefreshToken());
+        if (clientToken.getRefreshToken() != null) {
+            processRefreshToken(sb, clientToken.getRefreshToken());
         }
-        
+            
         finalizeResponse(sb, state);
         return sb;
     }
     
+    protected AbstractFormImplicitResponse prepareFormResponse(OAuthRedirectionState state,
+                                           Client client,
+                                           List<String> requestedScope,
+                                           List<String> approvedScope,
+                                           UserSubject userSubject,
+                                           ServerAccessToken preAuthorizedToken) {
+       
+        ClientAccessToken clientToken = 
+            getClientAccessToken(state, client, requestedScope, approvedScope, userSubject,
preAuthorizedToken);
+        
+        FormTokenResponse bean = new FormTokenResponse();
+        bean.setResponseType(OAuthConstants.TOKEN_RESPONSE_TYPE);
+        bean.setRedirectUri(state.getRedirectUri());
+        bean.setState(state.getState());
+        bean.setAccessToken(clientToken.getTokenKey());
+        bean.setAccessTokenType(clientToken.getTokenType());
+        bean.setAccessTokenExpiresIn(clientToken.getExpiresIn());
+        return bean;
+    }
+    
+    protected ClientAccessToken getClientAccessToken(OAuthRedirectionState state,
+                                                     Client client,
+                                                     List<String> requestedScope,
+                                                     List<String> approvedScope,
+                                                     UserSubject userSubject,
+                                                     ServerAccessToken preAuthorizedToken)
{
+       
+        ServerAccessToken token = null;
+        if (preAuthorizedToken == null) {
+            AccessTokenRegistration reg = createTokenRegistration(state,
+                                                                  client,
+                                                                  requestedScope,
+                                                                  approvedScope,
+                                                                  userSubject);
+            token = getDataProvider().createAccessToken(reg);
+        } else {
+            token = preAuthorizedToken;
+            if (state.getNonce() != null) {
+                JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, state.getNonce());
+            }
+        }
+       
+        ClientAccessToken clientToken = OAuthUtils.toClientAccessToken(token, isWriteOptionalParameters());
+        processClientAccessToken(clientToken, token);
+        return clientToken;
+    }
+    
     protected AccessTokenRegistration createTokenRegistration(OAuthRedirectionState state,

                                                               Client client, 
                                                               List<String> requestedScope,


http://git-wip-us.apache.org/repos/asf/cxf/blob/5b6b0947/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index 3b14da1..27c744b 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -22,12 +22,12 @@ package org.apache.cxf.rs.security.oauth2.services;
 import java.util.List;
 
 import javax.ws.rs.Path;
-import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 
 import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.FormAuthorizationResponse;
 import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
 import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
@@ -104,17 +104,21 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
             return createErrorResponse(state.getState(), state.getRedirectUri(), OAuthConstants.ACCESS_DENIED);
         }
         String grantCode = processCodeGrant(client, grant.getCode(), grant.getSubject());
-        if (state.getRedirectUri() == null
-            || OAuthConstants.FORM_RESPONSE_MODE.equals(
-                   state.getExtraProperties().get(OAuthConstants.RESPONSE_MODE))) {
-            OOBAuthorizationResponse oobResponse = new OOBAuthorizationResponse();
-            oobResponse.setClientId(client.getClientId());
-            oobResponse.setClientDescription(client.getApplicationDescription());
-            oobResponse.setAuthorizationCode(grantCode);
-            oobResponse.setUserId(userSubject.getLogin());
-            oobResponse.setExpiresIn(grant.getExpiresIn());
-            oobResponse.setRedirectUri(state.getRedirectUri());
-            return deliverOOBResponse(oobResponse);
+        if (state.getRedirectUri() == null) {
+            OOBAuthorizationResponse bean = new OOBAuthorizationResponse();
+            bean.setClientId(client.getClientId());
+            bean.setClientDescription(client.getApplicationDescription());
+            bean.setAuthorizationCode(grantCode);
+            bean.setUserId(userSubject.getLogin());
+            bean.setExpiresIn(grant.getExpiresIn());
+            return deliverOOBResponse((OOBAuthorizationResponse)bean);    
+        } else if (isFormResponse(state)) {
+            FormAuthorizationResponse bean = new FormAuthorizationResponse();
+            bean.setAuthorizationCode(grantCode);
+            bean.setExpiresIn(grant.getExpiresIn());
+            bean.setState(state.getState());
+            bean.setRedirectUri(state.getRedirectUri());
+            return createHtmlResponse(bean);
         } else {
             // return the code by appending it as a query parameter to the redirect URI
             UriBuilder ub = getRedirectUriBuilder(state.getState(), state.getRedirectUri());
@@ -174,7 +178,7 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
         if (oobDeliverer != null) {    
             return oobDeliverer.deliver(response);
         } else {
-            return Response.ok(response).type(MediaType.TEXT_HTML).build();
+            return createHtmlResponse(response);
         }
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/5b6b0947/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index d336a09..1ab30b8 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -31,6 +31,7 @@ import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 
@@ -528,6 +529,13 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         return client;
         
     }
+    protected Response createHtmlResponse(Object response) {
+        return Response.ok(response).type(MediaType.TEXT_HTML).build();
+    }
+    protected boolean isFormResponse(OAuthRedirectionState state) {
+        return OAuthConstants.FORM_RESPONSE_MODE.equals(
+                    state.getExtraProperties().get(OAuthConstants.RESPONSE_MODE));
+    }
     protected String getSupportedGrantType() {
         return this.supportedGrantType;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5b6b0947/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/FormHybridResponse.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/FormHybridResponse.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/FormHybridResponse.java
new file mode 100644
index 0000000..5ca8223
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/FormHybridResponse.java
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.idp;
+
+import org.apache.cxf.rs.security.oauth2.common.AbstractFormImplicitResponse;
+
+public class FormHybridResponse extends AbstractFormImplicitResponse {
+    private AbstractFormImplicitResponse implicitResponse;
+    private String code;
+
+    public String getCode() {
+        return code;
+    }
+
+    public void setCode(String code) {
+        this.code = code;
+    }
+
+    public AbstractFormImplicitResponse getImplicitResponse() {
+        return implicitResponse;
+    }
+
+    public void setImplicitResponse(AbstractFormImplicitResponse implicitResponse) {
+        this.implicitResponse = implicitResponse;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/5b6b0947/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/FormIdTokenResponse.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/FormIdTokenResponse.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/FormIdTokenResponse.java
new file mode 100644
index 0000000..8b53a1b
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/FormIdTokenResponse.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.idp;
+
+import org.apache.cxf.rs.security.oauth2.common.AbstractFormImplicitResponse;
+
+public class FormIdTokenResponse extends AbstractFormImplicitResponse {
+    private String idToken;
+
+    public String getIdToken() {
+        return idToken;
+    }
+
+    public void setIdToken(String idToken) {
+        this.idToken = idToken;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/5b6b0947/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
index c7dca0f..708ad0a 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java
@@ -27,6 +27,7 @@ import java.util.Set;
 import javax.ws.rs.Path;
 
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.rs.security.oauth2.common.AbstractFormImplicitResponse;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
@@ -67,21 +68,16 @@ public class OidcHybridService extends OidcImplicitService {
     }
     
     @Override
-    protected StringBuilder prepareGrant(OAuthRedirectionState state,
+    protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state,
                                    Client client,
                                    List<String> requestedScope,
                                    List<String> approvedScope,
                                    UserSubject userSubject,
                                    ServerAccessToken preAuthorizedToken) {
-        ServerAuthorizationCodeGrant codeGrant = null;
-        if (state.getResponseType() != null && state.getResponseType().startsWith(OAuthConstants.CODE_RESPONSE_TYPE))
{
-            codeGrant = codeService.getGrantRepresentation(
-                state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
-            JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.AUTHORIZATION_CODE_VALUE,

-                                                             codeGrant.getCode());
-        }
+        ServerAuthorizationCodeGrant codeGrant = prepareHybrideCode(
+            state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
         
-        StringBuilder sb = super.prepareGrant(state, client, requestedScope, 
+        StringBuilder sb = super.prepareRedirectResponse(state, client, requestedScope, 
                                                           approvedScope, userSubject, preAuthorizedToken);
    
         if (codeGrant != null) {
@@ -91,7 +87,47 @@ public class OidcHybridService extends OidcImplicitService {
         return sb;
     }
 
-
+    @Override
+    protected AbstractFormImplicitResponse prepareFormResponse(OAuthRedirectionState state,
+                                                Client client,
+                                                List<String> requestedScope,
+                                                List<String> approvedScope,
+                                                UserSubject userSubject,
+                                                ServerAccessToken preAuthorizedToken) {
+        ServerAuthorizationCodeGrant codeGrant = prepareHybrideCode(
+            state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
+        
+        AbstractFormImplicitResponse implResp = super.prepareFormResponse(state, client,
requestedScope, 
+                                                          approvedScope, userSubject, preAuthorizedToken);
+   
+        FormHybridResponse response = new FormHybridResponse();
+        response.setResponseType(state.getResponseType());
+        response.setRedirectUri(state.getRedirectUri());
+        response.setState(state.getState());
+        response.setImplicitResponse(implResp);
+        if (codeGrant != null) {
+            response.setCode(codeGrant.getCode());
+        }
+        return response;
+    }
+    
+    
+    protected ServerAuthorizationCodeGrant prepareHybrideCode(OAuthRedirectionState state,
+                                                Client client,
+                                                List<String> requestedScope,
+                                                List<String> approvedScope,
+                                                UserSubject userSubject,
+                                                ServerAccessToken preAuthorizedToken) {
+        ServerAuthorizationCodeGrant codeGrant = null;
+        if (state.getResponseType() != null && state.getResponseType().startsWith(OAuthConstants.CODE_RESPONSE_TYPE))
{
+            codeGrant = codeService.getGrantRepresentation(
+                state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken);
+            JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.AUTHORIZATION_CODE_VALUE,

+                                                             codeGrant.getCode());
+        }
+        return codeGrant;
+    }
+    
     public void setCodeService(OidcAuthorizationCodeService codeService) {
         this.codeService = codeService;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5b6b0947/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
index b5b2a6c..936f787 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
@@ -33,6 +33,7 @@ import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.common.AbstractFormImplicitResponse;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthError;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
@@ -114,7 +115,7 @@ public class OidcImplicitService extends ImplicitGrantService {
     }
     
     @Override
-    protected StringBuilder prepareGrant(OAuthRedirectionState state,
+    protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state,
                                    Client client,
                                    List<String> requestedScope,
                                    List<String> approvedScope,
@@ -122,7 +123,8 @@ public class OidcImplicitService extends ImplicitGrantService {
                                    ServerAccessToken preAuthorizedToken) {
         
         if (canAccessTokenBeReturned(state.getResponseType())) {
-            return super.prepareGrant(state, client, requestedScope, approvedScope, userSubject,
preAuthorizedToken);
+            return super.prepareRedirectResponse(state, client, requestedScope, approvedScope,

+                                                 userSubject, preAuthorizedToken);
         }
         // id_token response type processing
         
@@ -137,6 +139,28 @@ public class OidcImplicitService extends ImplicitGrantService {
         return sb;
     }
     
+    @Override
+    protected AbstractFormImplicitResponse prepareFormResponse(OAuthRedirectionState state,
+                                                Client client,
+                                                List<String> requestedScope,
+                                                List<String> approvedScope,
+                                                UserSubject userSubject,
+                                                ServerAccessToken preAuthorizedToken) {
+        if (canAccessTokenBeReturned(state.getResponseType())) {
+            return super.prepareFormResponse(state, client, requestedScope, approvedScope,

+                                                  userSubject, preAuthorizedToken);
+        }
+        // id_token response type processing
+        String idToken = getProcessedIdToken(state, userSubject, 
+                                             getApprovedScope(requestedScope, approvedScope));
+        FormIdTokenResponse response = new FormIdTokenResponse();
+        response.setIdToken(idToken);
+        response.setResponseType(state.getResponseType());
+        response.setRedirectUri(state.getRedirectUri());
+        response.setState(state.getState());
+        return response;
+    }
+    
     private String getProcessedIdToken(OAuthRedirectionState state, 
                                        UserSubject subject,
                                        List<String> scopes) {


Mime
View raw message