You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/12/18 13:16:47 UTC
cxf git commit: [CXF-5607] Remaning UserIdToken to IdToken to match
the OIDC terms closer
Repository: cxf
Updated Branches:
refs/heads/master b3d603d4e -> 9148f0447
[CXF-5607] Remaning UserIdToken to IdToken to match the OIDC terms closer
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9148f044
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9148f044
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9148f044
Branch: refs/heads/master
Commit: 9148f044720c45fc64964841bb55b76f3fa74002
Parents: b3d603d
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Thu Dec 18 12:16:30 2014 +0000
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Thu Dec 18 12:16:30 2014 +0000
----------------------------------------------------------------------
.../cxf/rs/security/oidc/common/IdToken.java | 61 ++++++++++++++++++++
.../cxf/rs/security/oidc/common/UserToken.java | 61 --------------------
.../oidc/idp/UserInfoCodeResponseFilter.java | 6 +-
.../rs/security/oidc/idp/UserInfoProvider.java | 4 +-
.../rs/security/oidc/rp/IdTokenValidator.java | 48 +++++++++++++++
.../rs/security/oidc/rp/UserInfoValidator.java | 14 ++---
.../rs/security/oidc/rp/UserTokenValidator.java | 48 ---------------
7 files changed, 121 insertions(+), 121 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/9148f044/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/IdToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/IdToken.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/IdToken.java
new file mode 100644
index 0000000..f805128
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/IdToken.java
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.common;
+
+import java.util.Map;
+
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+
+public class IdToken extends JwtClaims {
+ public static final String AUTH_TIME_CLAIM = "auth_time";
+ public static final String NONCE_CLAIM = "nonce";
+ public static final String ACR_CLAIM = "acr";
+ public static final String AZP_CLAIM = "azp";
+
+ public IdToken() {
+ }
+
+ public IdToken(Map<String, Object> claims) {
+ super(claims);
+ }
+ public void setAuthenticationTime(Long time) {
+ setProperty(AUTH_TIME_CLAIM, time);
+ }
+ public Long getAuthenticationTime() {
+ return getLongProperty(AUTH_TIME_CLAIM);
+ }
+ public void setNonce(String nonce) {
+ setProperty(NONCE_CLAIM, nonce);
+ }
+ public String getNonce() {
+ return (String)getProperty(NONCE_CLAIM);
+ }
+ public void setAuthenticationContextRef(String ref) {
+ setProperty(ACR_CLAIM, ref);
+ }
+ public String getAuthenticationContextRef() {
+ return (String)getProperty(ACR_CLAIM);
+ }
+ public void setAuthorizedParty(String azp) {
+ setProperty(AZP_CLAIM, azp);
+ }
+ public String getAuthorizedParty() {
+ return (String)getProperty(AZP_CLAIM);
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9148f044/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/UserToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/UserToken.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/UserToken.java
deleted file mode 100644
index 7654b23..0000000
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/UserToken.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oidc.common;
-
-import java.util.Map;
-
-import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
-
-public class UserToken extends JwtClaims {
- public static final String AUTH_TIME_CLAIM = "auth_time";
- public static final String NONCE_CLAIM = "nonce";
- public static final String ACR_CLAIM = "acr";
- public static final String AZP_CLAIM = "azp";
-
- public UserToken() {
- }
-
- public UserToken(Map<String, Object> claims) {
- super(claims);
- }
- public void setAuthenticationTime(Long time) {
- setProperty(AUTH_TIME_CLAIM, time);
- }
- public Long getAuthenticationTime() {
- return getLongProperty(AUTH_TIME_CLAIM);
- }
- public void setNonce(String nonce) {
- setProperty(NONCE_CLAIM, nonce);
- }
- public String getNonce() {
- return (String)getProperty(NONCE_CLAIM);
- }
- public void setAuthenticationContextRef(String ref) {
- setProperty(ACR_CLAIM, ref);
- }
- public String getAuthenticationContextRef() {
- return (String)getProperty(ACR_CLAIM);
- }
- public void setAuthorizedParty(String azp) {
- setProperty(AZP_CLAIM, azp);
- }
- public String getAuthorizedParty() {
- return (String)getProperty(AZP_CLAIM);
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9148f044/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoCodeResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoCodeResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoCodeResponseFilter.java
index e0b5a3e..42bf9ff 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoCodeResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoCodeResponseFilter.java
@@ -25,7 +25,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenResponseFilter;
-import org.apache.cxf.rs.security.oidc.common.UserToken;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
public class UserInfoCodeResponseFilter extends AbstractJwsJweProducer implements AccessTokenResponseFilter {
@@ -33,8 +33,8 @@ public class UserInfoCodeResponseFilter extends AbstractJwsJweProducer implement
private String issuer;
@Override
public void process(ClientAccessToken ct, ServerAccessToken st) {
- UserToken token =
- userInfoProvider.getUserToken(st.getClient().getClientId(), st.getSubject(), st.getScopes());
+ IdToken token =
+ userInfoProvider.getIdToken(st.getClient().getClientId(), st.getSubject(), st.getScopes());
token.setIssuer(issuer);
token.setAudience(st.getClient().getClientId());
http://git-wip-us.apache.org/repos/asf/cxf/blob/9148f044/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoProvider.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoProvider.java
index 0fa9c22..0a3320a 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoProvider.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoProvider.java
@@ -22,10 +22,10 @@ import java.util.List;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.rs.security.oidc.common.UserInfo;
-import org.apache.cxf.rs.security.oidc.common.UserToken;
public interface UserInfoProvider {
- UserToken getUserToken(String clientId, UserSubject authenticatedUser, List<OAuthPermission> scopes);
+ IdToken getIdToken(String clientId, UserSubject authenticatedUser, List<OAuthPermission> scopes);
UserInfo getUserInfo(String clientId, UserSubject authenticatedUser, List<OAuthPermission> scopes);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9148f044/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
new file mode 100644
index 0000000..3d5a1f3
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenValidator.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.rp;
+
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
+import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
+
+public class IdTokenValidator extends AbstractTokenValidator {
+ private boolean requireAtHash = true;
+
+ public IdToken getIdTokenFromJwt(ClientAccessToken at, String clientId) {
+ JwtToken jwt = getIdJwtToken(at, clientId);
+ return getIdTokenFromJwt(jwt, clientId);
+ }
+ public IdToken getIdTokenFromJwt(JwtToken jwt, String clientId) {
+ //TODO: do the extra validation if needed
+ return new IdToken(jwt.getClaims().asMap());
+ }
+ public JwtToken getIdJwtToken(ClientAccessToken at, String clientId) {
+ String idJwtToken = at.getParameters().get(OidcUtils.ID_TOKEN);
+ JwtToken jwt = getJwtToken(idJwtToken, clientId, null, false);
+ validateJwtClaims(jwt.getClaims(), clientId, true);
+ OidcUtils.validateAccessTokenHash(at, jwt, requireAtHash);
+ return jwt;
+ }
+
+ public void setRequireAtHash(boolean requireAtHash) {
+ this.requireAtHash = requireAtHash;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/9148f044/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java
index e3dec47..5908a6f 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java
@@ -20,16 +20,16 @@ package org.apache.cxf.rs.security.oidc.rp;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.rs.security.oidc.common.UserInfo;
-import org.apache.cxf.rs.security.oidc.common.UserToken;
public class UserInfoValidator extends AbstractTokenValidator {
private boolean encryptedOnly;
- public UserInfo getUserInfo(WebClient profileClient, UserToken idToken) {
+ public UserInfo getUserInfo(WebClient profileClient, IdToken idToken) {
return getProfile(profileClient, idToken, false);
}
- public UserInfo getProfile(WebClient profileClient, UserToken idToken, boolean asJwt) {
+ public UserInfo getProfile(WebClient profileClient, IdToken idToken, boolean asJwt) {
if (asJwt) {
String jwt = profileClient.get(String.class);
return getUserInfoFromJwt(jwt, idToken);
@@ -39,19 +39,19 @@ public class UserInfoValidator extends AbstractTokenValidator {
return profile;
}
}
- public UserInfo getUserInfoFromJwt(String profileJwtToken, UserToken idToken) {
+ public UserInfo getUserInfoFromJwt(String profileJwtToken, IdToken idToken) {
JwtToken jwt = getUserInfoJwt(profileJwtToken, idToken);
return getUserInfoFromJwt(jwt, idToken);
}
- public UserInfo getUserInfoFromJwt(JwtToken jwt, UserToken idToken) {
+ public UserInfo getUserInfoFromJwt(JwtToken jwt, IdToken idToken) {
UserInfo profile = new UserInfo(jwt.getClaims().asMap());
validateUserInfo(profile, idToken);
return profile;
}
- public JwtToken getUserInfoJwt(String profileJwtToken, UserToken idToken) {
+ public JwtToken getUserInfoJwt(String profileJwtToken, IdToken idToken) {
return getJwtToken(profileJwtToken, idToken.getAudience(), (String)idToken.getProperty("kid"), encryptedOnly);
}
- public void validateUserInfo(UserInfo profile, UserToken idToken) {
+ public void validateUserInfo(UserInfo profile, IdToken idToken) {
validateJwtClaims(profile, idToken.getAudience(), false);
// validate subject
if (!idToken.getSubject().equals(profile.getSubject())) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/9148f044/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserTokenValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserTokenValidator.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserTokenValidator.java
deleted file mode 100644
index 74d6b23..0000000
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserTokenValidator.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oidc.rp;
-
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
-import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
-import org.apache.cxf.rs.security.oidc.common.UserToken;
-import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
-
-public class UserTokenValidator extends AbstractTokenValidator {
- private boolean requireAtHash = true;
-
- public UserToken getIdTokenFromJwt(ClientAccessToken at, String clientId) {
- JwtToken jwt = getIdJwtToken(at, clientId);
- return getIdTokenFromJwt(jwt, clientId);
- }
- public UserToken getIdTokenFromJwt(JwtToken jwt, String clientId) {
- //TODO: do the extra validation if needed
- return new UserToken(jwt.getClaims().asMap());
- }
- public JwtToken getIdJwtToken(ClientAccessToken at, String clientId) {
- String idJwtToken = at.getParameters().get(OidcUtils.ID_TOKEN);
- JwtToken jwt = getJwtToken(idJwtToken, clientId, null, false);
- validateJwtClaims(jwt.getClaims(), clientId, true);
- OidcUtils.validateAccessTokenHash(at, jwt, requireAtHash);
- return jwt;
- }
-
- public void setRequireAtHash(boolean requireAtHash) {
- this.requireAtHash = requireAtHash;
- }
-}