You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/12/14 14:57:14 UTC
cxf git commit: Fix the implicit flow for OIDC when returning both a
access token + id token
Repository: cxf
Updated Branches:
refs/heads/master 2f61e43a1 -> ad149504c
Fix the implicit flow for OIDC when returning both a access token + id token
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ad149504
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ad149504
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ad149504
Branch: refs/heads/master
Commit: ad149504c75ba6bd7dce69861fbc223205569b11
Parents: 2f61e43
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Dec 14 13:56:07 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Dec 14 13:56:28 2015 +0000
----------------------------------------------------------------------
.../security/oauth2/common/OAuthAuthorizationData.java | 9 +++++++++
.../rs/security/oauth2/common/OAuthRedirectionState.java | 11 +++++++++++
.../oauth2/services/AbstractImplicitGrantService.java | 6 ++++--
.../oauth2/services/RedirectionBasedGrantService.java | 2 ++
.../cxf/rs/security/oidc/idp/OidcImplicitService.java | 8 ++++++--
5 files changed, 32 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/ad149504/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
index d71b228..d5fe5bc 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
@@ -39,6 +39,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
private String endUserName;
private String authenticityToken;
private String replyTo;
+ private String responseType;
private String applicationName;
private String applicationWebUri;
@@ -201,4 +202,12 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
public void setImplicitFlow(boolean implicitFlow) {
this.implicitFlow = implicitFlow;
}
+
+ public String getResponseType() {
+ return responseType;
+ }
+
+ public void setResponseType(String responseType) {
+ this.responseType = responseType;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/ad149504/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
index 4acc109..0ff4d47 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
@@ -30,6 +30,7 @@ public class OAuthRedirectionState implements Serializable {
private String audience;
private String nonce;
private String clientCodeChallenge;
+ private String responseType;
public OAuthRedirectionState() {
}
@@ -123,4 +124,14 @@ public class OAuthRedirectionState implements Serializable {
public void setNonce(String nonce) {
this.nonce = nonce;
}
+
+
+ public String getResponseType() {
+ return responseType;
+ }
+
+
+ public void setResponseType(String responseType) {
+ this.responseType = responseType;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/ad149504/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index cee77da..5ee52cc 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -64,7 +64,7 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
boolean tokenCanBeReturned = preAuthorizedToken != null;
ServerAccessToken token = null;
if (preAuthorizedToken == null) {
- tokenCanBeReturned = canAccessTokenBeReturned(requestedScope, approvedScope);
+ tokenCanBeReturned = canAccessTokenBeReturned(state, requestedScope, approvedScope);
if (tokenCanBeReturned) {
AccessTokenRegistration reg = new AccessTokenRegistration();
reg.setClient(client);
@@ -135,7 +135,9 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
return Response.seeOther(URI.create(sb.toString())).build();
}
- protected boolean canAccessTokenBeReturned(List<String> requestedScope, List<String> approvedScope) {
+ protected boolean canAccessTokenBeReturned(OAuthRedirectionState state,
+ List<String> requestedScope,
+ List<String> approvedScope) {
return true;
}
protected void processRefreshToken(StringBuilder sb, String refreshToken) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/ad149504/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 53cedaf..85b4b44 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -214,6 +214,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
secData.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
secData.setNonce(params.getFirst(OAuthConstants.NONCE));
secData.setClientId(client.getClientId());
+ secData.setResponseType(params.getFirst(OAuthConstants.RESPONSE_TYPE));
if (requestedScope != null && !requestedScope.isEmpty()) {
StringBuilder builder = new StringBuilder();
for (String scope : requestedScope) {
@@ -256,6 +257,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
state.setProposedScope(params.getFirst(OAuthConstants.SCOPE));
state.setState(params.getFirst(OAuthConstants.STATE));
state.setNonce(params.getFirst(OAuthConstants.NONCE));
+ state.setResponseType(params.getFirst(OAuthConstants.RESPONSE_TYPE));
}
return state;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/ad149504/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
index 66e5e8b..908d141 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
@@ -24,6 +24,7 @@ import java.util.List;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
+import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
import org.apache.cxf.rs.security.oauth2.services.ImplicitGrantService;
@@ -39,8 +40,11 @@ public class OidcImplicitService extends ImplicitGrantService {
}
@Override
- protected boolean canAccessTokenBeReturned(List<String> requestedScope, List<String> approvedScope) {
- return requestedScope.contains(ID_TOKEN_AND_AT_RESPONSE_TYPE);
+ protected boolean canAccessTokenBeReturned(OAuthRedirectionState state,
+ List<String> requestedScope,
+ List<String> approvedScope) {
+ return state.getResponseType() != null
+ && state.getResponseType().contains(ID_TOKEN_AND_AT_RESPONSE_TYPE);
}
@Override