cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Making it easier to customize the AT creation in the defaukt providers
Date Wed, 25 Jan 2017 13:02:32 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 7ddbd926b -> 7be9bae49


Making it easier to customize the AT creation in the defaukt providers


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7be9bae4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7be9bae4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7be9bae4

Branch: refs/heads/3.1.x-fixes
Commit: 7be9bae496416baf3dea6b35d4fe8aef7767c7a6
Parents: 7ddbd92
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Jan 25 12:57:17 2017 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Jan 25 12:58:33 2017 +0000

----------------------------------------------------------------------
 .../oauth2/filters/JwtAccessTokenValidator.java    |  5 +++++
 .../oauth2/provider/AbstractOAuthDataProvider.java | 17 +++++++++++------
 .../oauth2/provider/OAuthJSONProvider.java         |  6 ++++++
 .../oauth2/services/TokenIntrospectionService.java | 10 ++++++++++
 .../rs/security/oauth2/utils/JwtTokenUtils.java    |  5 ++++-
 5 files changed, 36 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/7be9bae4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java
index 78c8821..7581cf7 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java
@@ -110,6 +110,11 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements
AccessTo
         } else if (claims.getSubject() != null) {
             atv.setTokenSubject(new UserSubject(claims.getSubject()));
         }
+        Map<String, String> extraProperties = CastUtils.cast((Map<?, ?>)claims.getClaim("extra_propertirs"));
+        if (extraProperties != null) {
+            atv.getExtraProps().putAll(extraProperties);
+        }
+        
         return atv;
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/7be9bae4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index f2c066c..e39c9be 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -69,7 +69,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
     }
     
     protected ServerAccessToken doCreateAccessToken(AccessTokenRegistration atReg) {
-        ServerAccessToken at = createNewAccessToken(atReg.getClient());
+        ServerAccessToken at = createNewAccessToken(atReg.getClient(), atReg.getSubject());
         at.setAudiences(atReg.getAudiences());
         at.setGrantType(atReg.getGrantType());
         List<String> theScopes = atReg.getApprovedScope();
@@ -151,13 +151,13 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
         if (at.getClientCodeVerifier() != null) {
             claims.setClaim(OAuthConstants.AUTHORIZATION_CODE_VERIFIER, at.getClientCodeVerifier());
         }
-        // ServerAccessToken 'nonce' property, if available, can be ignored for the purpose
for persisting it
-        // further as a JWT claim - as it is only used once by (OIDC) IdTokenResponseFilter
-        // to set IdToken nonce property with the filter having an access to the current
ServerAccessToken instance
+        if (at.getNonce() != null) {
+            claims.setClaim(OAuthConstants.NONCE, at.getNonce());
+        }
         return claims;
     }
     
-    protected ServerAccessToken createNewAccessToken(Client client) {
+    protected ServerAccessToken createNewAccessToken(Client client, UserSubject userSub)
{
         return new BearerAccessToken(client, accessTokenLifetime);
     }
     
@@ -334,6 +334,8 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
             scopes.addAll(at.getScopes());
             rt.setScopes(scopes);
         }
+        rt.setGrantCode(at.getGrantCode());
+        rt.setNonce(at.getNonce());
         rt.setSubject(at.getSubject());
         rt.setClientCodeVerifier(at.getClientCodeVerifier());
         return rt;
@@ -349,10 +351,13 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
     protected ServerAccessToken doRefreshAccessToken(Client client, 
                                                      RefreshToken oldRefreshToken, 
                                                      List<String> restrictedScopes)
{
-        ServerAccessToken at = createNewAccessToken(client);
+        ServerAccessToken at = createNewAccessToken(client, oldRefreshToken.getSubject());
         at.setAudiences(oldRefreshToken.getAudiences());
         at.setGrantType(oldRefreshToken.getGrantType());
+        at.setGrantCode(oldRefreshToken.getGrantCode());
         at.setSubject(oldRefreshToken.getSubject());
+        at.setNonce(oldRefreshToken.getNonce());
+        at.setClientCodeVerifier(oldRefreshToken.getClientCodeVerifier());
         if (restrictedScopes.isEmpty()) {
             at.setScopes(oldRefreshToken.getScopes());
         } else {

http://git-wip-us.apache.org/repos/asf/cxf/blob/7be9bae4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
index 4656349..3d42b48 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
@@ -123,6 +123,12 @@ public class OAuthJSONProvider implements MessageBodyWriter<Object>,
                 sb.append(",");
                 appendJsonPair(sb, "exp", obj.getExp(), false);
             }
+            if (!obj.getExtensions().isEmpty()) {
+                for (Map.Entry<String, String> entry : obj.getExtensions().entrySet())
{
+                    sb.append(",");
+                    appendJsonPair(sb, entry.getKey(), entry.getValue());
+                }
+            }
         }
         sb.append("}");
         String result = sb.toString();

http://git-wip-us.apache.org/repos/asf/cxf/blob/7be9bae4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/TokenIntrospectionService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/TokenIntrospectionService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/TokenIntrospectionService.java
index 65c1af6..c21d43e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/TokenIntrospectionService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/TokenIntrospectionService.java
@@ -46,6 +46,7 @@ public class TokenIntrospectionService {
     private static final Logger LOG = LogUtils.getL7dLogger(TokenIntrospectionService.class);
     private boolean blockUnsecureRequests;
     private boolean blockUnauthorizedRequests = true;
+    private boolean reportExtraTokenProperties = true;
     private MessageContext mc;
     private OAuthDataProvider dataProvider;
     @POST
@@ -83,6 +84,11 @@ public class TokenIntrospectionService {
         }
         
         response.setTokenType(at.getTokenType());
+        
+        if (reportExtraTokenProperties) {
+            response.getExtensions().putAll(at.getExtraProperties());
+        }
+        
         return response;
     }
 
@@ -115,4 +121,8 @@ public class TokenIntrospectionService {
     public void setMessageContext(MessageContext context) {
         this.mc = context;
     }
+
+    public void setReportExtraTokenProperties(boolean reportExtraTokenProperties) {
+        this.reportExtraTokenProperties = reportExtraTokenProperties;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7be9bae4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java
index fb5888e..90de970 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java
@@ -112,7 +112,10 @@ public final class JwtTokenUtils {
         if (codeVerifier != null) {
             at.setClientCodeVerifier(codeVerifier);
         }
-        
+        String nonce = claims.getStringProperty(OAuthConstants.NONCE);
+        if (nonce != null) {
+            at.setNonce(nonce);
+        }
         Map<String, String> extraProperties = CastUtils.cast((Map<?, ?>)claims.getClaim("extra_propertirs"));
         if (extraProperties != null) {
             at.getExtraProperties().putAll(extraProperties);


Mime
View raw message