openwebbeans-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rmannibu...@apache.org
Subject svn commit: r1808413 - in /openwebbeans/meecrowave/trunk: ./ meecrowave-core/ meecrowave-core/src/main/java/org/apache/meecrowave/cxf/ meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/ meecrowave-oauth2/src/main/java/org/apache/meecrowa...
Date Fri, 15 Sep 2017 06:55:43 GMT
Author: rmannibucau
Date: Fri Sep 15 06:55:42 2017
New Revision: 1808413

URL: http://svn.apache.org/viewvc?rev=1808413&view=rev
Log:
MEECROWAVE-66 CXF 3.2.0 upgrade - note we can need G jaxrs 2.1 api

Modified:
    openwebbeans/meecrowave/trunk/meecrowave-core/pom.xml
    openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/CxfCdiAutoSetup.java
    openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/JAXRSFieldInjectionInterceptor.java
    openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/KnownJarsFilter.java
    openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java
    openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/data/RefreshTokenEnabledProvider.java
    openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/test/java/org/apache/meecrowave/oauth2/OAuth2Test.java
    openwebbeans/meecrowave/trunk/pom.xml

Modified: openwebbeans/meecrowave/trunk/meecrowave-core/pom.xml
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-core/pom.xml?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-core/pom.xml (original)
+++ openwebbeans/meecrowave/trunk/meecrowave-core/pom.xml Fri Sep 15 06:55:42 2017
@@ -59,11 +59,18 @@
       <artifactId>geronimo-jsonb_1.0_spec</artifactId>
       <version>1.0</version>
     </dependency>
+    <!-- todo: when G has the API just upgrade and get rid of javax one
     <dependency>
       <groupId>org.apache.geronimo.specs</groupId>
       <artifactId>geronimo-jaxrs_2.0_spec</artifactId>
       <version>1.0-alpha-1</version>
     </dependency>
+    -->
+    <dependency>
+      <groupId>javax.ws.rs</groupId>
+      <artifactId>javax.ws.rs-api</artifactId>
+      <version>2.1</version>
+    </dependency>
     <dependency>
       <groupId>org.apache.tomcat</groupId>
       <artifactId>tomcat-jaspic-api</artifactId>
@@ -128,8 +135,8 @@
           <artifactId>javax.annotation-api</artifactId>
         </exclusion>
         <exclusion>
-          <groupId>org.codehaus.woodstox</groupId>
-          <artifactId>woodstox-core-asl</artifactId>
+          <groupId>com.fasterxml.woodstox</groupId>
+          <artifactId>woodstox-core</artifactId>
         </exclusion>
         <exclusion>
           <groupId>org.apache.ws.xmlschema</groupId>

Modified: openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/CxfCdiAutoSetup.java
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/CxfCdiAutoSetup.java?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/CxfCdiAutoSetup.java
(original)
+++ openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/CxfCdiAutoSetup.java
Fri Sep 15 06:55:42 2017
@@ -318,7 +318,7 @@ public class CxfCdiAutoSetup implements
 
             // just logging the endpoints
             final LogFacade log = new LogFacade(CxfCdiAutoSetup.class.getName());
-            final DestinationRegistry registry = getDestinationRegistryFromBus();
+            final DestinationRegistry registry = getDestinationRegistryFromBusOrDefault(null);
             prefixes = registry.getDestinations().stream()
                     .filter(ServletDestination.class::isInstance)
                     .map(ServletDestination.class::cast)

Modified: openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/JAXRSFieldInjectionInterceptor.java
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/JAXRSFieldInjectionInterceptor.java?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/JAXRSFieldInjectionInterceptor.java
(original)
+++ openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/JAXRSFieldInjectionInterceptor.java
Fri Sep 15 06:55:42 2017
@@ -18,13 +18,14 @@
  */
 package org.apache.meecrowave.cxf;
 
-import org.apache.cxf.jaxrs.model.ApplicationInfo;
-import org.apache.cxf.jaxrs.model.OperationResourceInfoStack;
-import org.apache.cxf.jaxrs.utils.InjectionUtils;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.message.Message;
-import org.apache.webbeans.annotation.EmptyAnnotationLiteral;
-import org.apache.webbeans.intercept.ConstructorInterceptorInvocationContext;
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.io.Serializable;
+import java.lang.annotation.Annotation;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+import java.util.concurrent.atomic.AtomicBoolean;
 
 import javax.annotation.Priority;
 import javax.interceptor.AroundConstruct;
@@ -33,14 +34,15 @@ import javax.interceptor.Interceptor;
 import javax.interceptor.InterceptorBinding;
 import javax.interceptor.InvocationContext;
 import javax.ws.rs.core.Application;
-import java.io.Serializable;
-import java.lang.annotation.Annotation;
-import java.lang.annotation.Retention;
-import java.lang.annotation.Target;
-import java.util.concurrent.atomic.AtomicBoolean;
 
-import static java.lang.annotation.ElementType.TYPE;
-import static java.lang.annotation.RetentionPolicy.RUNTIME;
+import org.apache.cxf.jaxrs.model.ApplicationInfo;
+import org.apache.cxf.jaxrs.model.OperationResourceInfoStack;
+import org.apache.cxf.jaxrs.provider.ProviderFactory;
+import org.apache.cxf.jaxrs.utils.InjectionUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
+import org.apache.webbeans.annotation.EmptyAnnotationLiteral;
+import org.apache.webbeans.intercept.ConstructorInterceptorInvocationContext;
 
 @Interceptor
 @Priority(Interceptor.Priority.PLATFORM_BEFORE)
@@ -87,7 +89,8 @@ public class JAXRSFieldInjectionIntercep
                     InjectionUtils.injectContextProxiesAndApplication(
                             stack.lastElement().getMethodInfo().getClassResourceInfo(),
                             instance,
-                            application);
+                            application,
+                            ProviderFactory.getInstance(current));
                     injected.compareAndSet(false, true);
                 }
             }

Modified: openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/KnownJarsFilter.java
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/KnownJarsFilter.java?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/KnownJarsFilter.java
(original)
+++ openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/KnownJarsFilter.java
Fri Sep 15 06:55:42 2017
@@ -300,7 +300,7 @@ public class KnownJarsFilter implements
         add("webbeans-impl");
         add("webbeans-spi");
         add("websocket-api");
-        add("woodstox-core-asl-");
+        add("woodstox-core-");
         add("ws-commons-util-");
         add("wsdl4j-");
         add("wss4j-");

Modified: openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java
(original)
+++ openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java
Fri Sep 15 06:55:42 2017
@@ -20,12 +20,15 @@ package org.apache.meecrowave.oauth2.con
 
 import org.apache.catalina.realm.GenericPrincipal;
 import org.apache.cxf.Bus;
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.interceptor.security.AuthenticationException;
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.PhaseInterceptorChain;
-import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
+import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
@@ -47,9 +50,11 @@ import org.apache.cxf.rs.security.oauth2
 import org.apache.cxf.rs.security.oauth2.provider.JPAOAuthDataProvider;
 import org.apache.cxf.rs.security.oauth2.provider.JoseSessionTokenProvider;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.services.AbstractTokenService;
 import org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 import org.apache.meecrowave.Meecrowave;
 import org.apache.meecrowave.oauth2.data.RefreshTokenEnabledProvider;
 import org.apache.meecrowave.oauth2.provider.JCacheCodeDataProvider;
@@ -61,10 +66,9 @@ import javax.enterprise.context.Applicat
 import javax.inject.Inject;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.core.MultivaluedMap;
 import java.io.IOException;
 import java.io.StringReader;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
 import java.nio.charset.StandardCharsets;
 import java.security.Principal;
 import java.util.ArrayList;
@@ -167,7 +171,7 @@ public class OAuth2Configurer {
                 try {
                     final Principal pcp = request.getUserPrincipal();
                     final List<String> roles = GenericPrincipal.class.isInstance(pcp)
?
-                            new ArrayList<String>(asList(GenericPrincipal.class.cast(pcp).getRoles()))
: Collections.<String>emptyList();
+                            new ArrayList<>(asList(GenericPrincipal.class.cast(pcp).getRoles()))
: Collections.<String>emptyList();
                     final UserSubject userSubject = new UserSubject(name, roles);
                     userSubject.setAuthenticationMethod(PASSWORD);
                     return userSubject;
@@ -246,41 +250,44 @@ public class OAuth2Configurer {
                 .collect(toMap(s -> s.substring("oauth2.cxf.".length()), s -> builder.getProperties().getProperty(s)));
 
         final JoseSessionTokenProvider sessionAuthenticityTokenProvider = new JoseSessionTokenProvider()
{
-            // getSessionState() is buggy in cxf 3.1.9 so we fix it there
-            private final Method convertStateStringToState;
-
-            {
-                try {
-                    convertStateStringToState = JoseSessionTokenProvider.class.getDeclaredMethod("convertStateStringToState",
String.class);
-                    if (!convertStateStringToState.isAccessible()) {
-                        convertStateStringToState.setAccessible(true);
-                    }
-                } catch (final NoSuchMethodException e) {
-                    throw new IllegalStateException(e);
+            private int maxDefaultSessionInterval;
+            private boolean jweRequired;
+            private JweEncryptionProvider jweEncryptor;
+
+            @Override // workaround a NPE of 3.2.0 - https://issues.apache.org/jira/browse/CXF-7504
+            public String createSessionToken(final MessageContext mc, final MultivaluedMap<String,
String> params,
+                                             final UserSubject subject, final OAuthRedirectionState
secData) {
+                String stateString = convertStateToString(secData);
+                final JwsSignatureProvider jws = getInitializedSigProvider();
+                final JweEncryptionProvider jwe = jweEncryptor == null ?
+                        JweUtils.loadEncryptionProvider(new JweHeaders(), jweRequired) :
jweEncryptor;
+                if (jws == null && jwe == null) {
+                    throw new OAuthServiceException("Session token can not be created");
                 }
-            }
-
-            @Override
-            public OAuthRedirectionState getSessionState(final MessageContext messageContext,
final String sessionToken,
-                                                         final UserSubject subject) {
-                final JweDecryptionProvider jwe = getInitializedDecryptionProvider();
-                final JwsSignatureVerifier jws = getInitializedSigVerifier();
-                String stateString = jwe.decrypt(sessionToken).getContentText();
                 if (jws != null) {
-                    stateString = JwsUtils.verify(jws, stateString).getDecodedJwsPayload();
+                    stateString = JwsUtils.sign(jws, stateString, null);
                 }
-                try {
-                    return OAuthRedirectionState.class.cast(convertStateStringToState.invoke(this,
stateString));
-                } catch (IllegalAccessException e) {
-                    throw new IllegalStateException(e);
-                } catch (InvocationTargetException e) {
-                    final Throwable cause = e.getCause();
-                    if (RuntimeException.class.isInstance(cause)) {
-                        throw RuntimeException.class.cast(cause);
-                    }
-                    throw new IllegalStateException(cause);
+                if (jwe != null) {
+                    stateString = jwe.encrypt(StringUtils.toBytesUTF8(stateString), null);
                 }
+                return OAuthUtils.setSessionToken(mc, stateString, maxDefaultSessionInterval);
+            }
+
+            public void setJweEncryptor(final JweEncryptionProvider jweEncryptor) {
+                super.setJweEncryptor(jweEncryptor);
+                this.jweEncryptor = jweEncryptor;
+            }
 
+            @Override
+            public void setJweRequired(final boolean jweRequired) {
+                super.setJweRequired(jweRequired);
+                this.jweRequired = jweRequired;
+            }
+
+            @Override
+            public void setMaxDefaultSessionInterval(final int maxDefaultSessionInterval)
{
+                super.setMaxDefaultSessionInterval(maxDefaultSessionInterval);
+                this.maxDefaultSessionInterval = maxDefaultSessionInterval;
             }
         };
         sessionAuthenticityTokenProvider.setMaxDefaultSessionInterval(configuration.getMaxDefaultSessionInterval());

Modified: openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/data/RefreshTokenEnabledProvider.java
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/data/RefreshTokenEnabledProvider.java?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/data/RefreshTokenEnabledProvider.java
(original)
+++ openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/data/RefreshTokenEnabledProvider.java
Fri Sep 15 06:55:42 2017
@@ -85,12 +85,6 @@ public class RefreshTokenEnabledProvider
     }
 
     @Override
-    @Deprecated
-    public void removeAccessToken(final ServerAccessToken accessToken) throws OAuthServiceException
{
-        delegate.removeAccessToken(accessToken);
-    }
-
-    @Override
     public List<ServerAccessToken> getAccessTokens(final Client client, final UserSubject
subject) throws OAuthServiceException {
         return delegate.getAccessTokens(client, subject);
     }

Modified: openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/test/java/org/apache/meecrowave/oauth2/OAuth2Test.java
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/test/java/org/apache/meecrowave/oauth2/OAuth2Test.java?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/test/java/org/apache/meecrowave/oauth2/OAuth2Test.java
(original)
+++ openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/test/java/org/apache/meecrowave/oauth2/OAuth2Test.java
Fri Sep 15 06:55:42 2017
@@ -20,6 +20,8 @@ package org.apache.meecrowave.oauth2;
 
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider;

Modified: openwebbeans/meecrowave/trunk/pom.xml
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/pom.xml?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/pom.xml (original)
+++ openwebbeans/meecrowave/trunk/pom.xml Fri Sep 15 06:55:42 2017
@@ -51,7 +51,7 @@
     <junit.version>4.12</junit.version>
     <tomcat.version>9.0.0.M26</tomcat.version>
     <openwebbeans.version>2.0.1</openwebbeans.version>
-    <cxf.version>3.1.12</cxf.version>
+    <cxf.version>3.2.0</cxf.version>
     <johnzon.version>1.1.3</johnzon.version>
     <log4j2.version>2.9.0</log4j2.version>
     <deltaspike.version>1.8.0</deltaspike.version>



Mime
View raw message