You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/12/09 14:05:44 UTC
cxf git commit: Few more updates to the Hawk validators
Repository: cxf
Updated Branches:
refs/heads/master 982bff937 -> 3898cf18c
Few more updates to the Hawk validators
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3898cf18
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3898cf18
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3898cf18
Branch: refs/heads/master
Commit: 3898cf18c620e109fbc5cb65a08604ea2ed06d81
Parents: 982bff9
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Tue Dec 9 13:05:28 2014 +0000
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Tue Dec 9 13:05:28 2014 +0000
----------------------------------------------------------------------
.../hawk/AbstractHawkAccessTokenValidator.java | 30 +++++++++++++++++---
.../tokens/hawk/HawkAccessTokenValidator.java | 8 ++----
.../hawk/HawkAccessTokenValidatorClient.java | 20 +++++++++++++
3 files changed, 48 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/3898cf18/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
index 82f655e..9a2e25d 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java
@@ -18,6 +18,7 @@
*/
package org.apache.cxf.rs.security.oauth2.tokens.hawk;
+import java.net.URI;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
@@ -38,7 +39,10 @@ import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
public abstract class AbstractHawkAccessTokenValidator implements AccessTokenValidator {
+ protected static final String HTTP_VERB = "http.verb";
+ protected static final String HTTP_URI = "http.uri";
private NonceVerifier nonceVerifier;
+ private boolean remoteSignatureValidation;
public List<String> getSupportedAuthorizationSchemes() {
return Collections.singletonList(OAuthConstants.HAWK_AUTHORIZATION_SCHEME);
}
@@ -50,12 +54,22 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal
Map<String, String> schemeParams = getSchemeParameters(authSchemeData);
AccessTokenValidation atv =
getAccessTokenValidation(mc, authScheme, authSchemeData, extraProps, schemeParams);
+ if (isRemoteSignatureValidation()) {
+ return atv;
+ }
String macKey = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_KEY);
String macAlgo = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_ALGORITHM);
-
- HttpRequestProperties httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(),
- mc.getHttpServletRequest().getMethod());
+
+
+ HttpRequestProperties httpProps = null;
+ if (extraProps != null && extraProps.containsKey(HTTP_VERB) && extraProps.containsKey(HTTP_URI)) {
+ httpProps = new HttpRequestProperties(URI.create(extraProps.getFirst(HTTP_URI)),
+ extraProps.getFirst(HTTP_VERB));
+ } else {
+ httpProps = new HttpRequestProperties(mc.getUriInfo().getRequestUri(),
+ mc.getHttpServletRequest().getMethod());
+ }
HawkAuthorizationScheme macAuthInfo = new HawkAuthorizationScheme(httpProps, schemeParams);
String normalizedString = macAuthInfo.getNormalizedRequestString();
try {
@@ -82,7 +96,7 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal
MultivaluedMap<String, String> extraProps,
Map<String, String> schemeParams);
- private static Map<String, String> getSchemeParameters(String authData) {
+ protected static Map<String, String> getSchemeParameters(String authData) {
String[] attributePairs = authData.split(",");
Map<String, String> attributeMap = new HashMap<String, String>();
for (String pair : attributePairs) {
@@ -101,4 +115,12 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal
public void setNonceVerifier(NonceVerifier nonceVerifier) {
this.nonceVerifier = nonceVerifier;
}
+
+ public boolean isRemoteSignatureValidation() {
+ return remoteSignatureValidation;
+ }
+
+ public void setRemoteSignatureValidation(boolean remoteSignatureValidation) {
+ this.remoteSignatureValidation = remoteSignatureValidation;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3898cf18/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
index 977c531..b80deba 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java
@@ -31,7 +31,6 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
public class HawkAccessTokenValidator extends AbstractHawkAccessTokenValidator {
private OAuthDataProvider dataProvider;
- private boolean remoteSignatureValidation;
protected AccessTokenValidation getAccessTokenValidation(MessageContext mc,
String authScheme,
@@ -47,7 +46,7 @@ public class HawkAccessTokenValidator extends AbstractHawkAccessTokenValidator {
AccessTokenValidation atv = new AccessTokenValidation(macAccessToken);
// OAuth2 Pop token introspection will likely support returning a JWE-encrypted key
- if (!remoteSignatureValidation || mc.getSecurityContext().isSecure()) {
+ if (!isRemoteSignatureValidation() || mc.getSecurityContext().isSecure()) {
atv.getExtraProps().put(OAuthConstants.HAWK_TOKEN_KEY, macAccessToken.getMacKey());
atv.getExtraProps().put(OAuthConstants.HAWK_TOKEN_ALGORITHM, macAccessToken.getMacAlgorithm());
}
@@ -55,11 +54,8 @@ public class HawkAccessTokenValidator extends AbstractHawkAccessTokenValidator {
return atv;
}
-
public void setDataProvider(OAuthDataProvider dataProvider) {
this.dataProvider = dataProvider;
}
- public void setRemoteSignatureValidation(boolean remoteSignatureValidation) {
- this.remoteSignatureValidation = remoteSignatureValidation;
- }
+
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3898cf18/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
index 4ab3a0f..3f31bd8 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java
@@ -24,13 +24,33 @@ import java.util.Map;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
public class HawkAccessTokenValidatorClient extends AbstractHawkAccessTokenValidator {
private AccessTokenValidator validator;
+ public AccessTokenValidation validateAccessToken(MessageContext mc,
+ String authScheme,
+ String authSchemeData,
+ MultivaluedMap<String, String> extraProps)
+ throws OAuthServiceException {
+ if (isRemoteSignatureValidation()) {
+ MultivaluedMap<String, String> map = new MetadataMap<String, String>();
+ if (extraProps != null) {
+ map.putAll(extraProps);
+ }
+ map.putSingle(HTTP_VERB, mc.getRequest().getMethod());
+ map.putSingle(HTTP_URI, mc.getUriInfo().getRequestUri().toString());
+ return validator.validateAccessToken(mc, authScheme, authSchemeData, map);
+ } else {
+ return super.validateAccessToken(mc, authScheme, authSchemeData, extraProps);
+ }
+
+ }
protected AccessTokenValidation getAccessTokenValidation(MessageContext mc,
String authScheme,
String authSchemeData,