You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2022/09/30 07:33:06 UTC
[cxf] branch 3.5.x-fixes updated (1aa7f332cf -> 51a69df3c6)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 3.5.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
from 1aa7f332cf Recording .gitmergeinfo Changes
new 584df96a05 Make opaque access token generation extensible (#989)
new 8b9b36eb12 Fixing some PMD/checkstyle issues
new 51a69df3c6 Recording .gitmergeinfo Changes
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.gitmergeinfo | 2 +
.../oauth2/provider/AbstractOAuthDataProvider.java | 106 +++++++++++++--------
2 files changed, 66 insertions(+), 42 deletions(-)
[cxf] 01/03: Make opaque access token generation extensible (#989)
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.5.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 584df96a050d43bc777cb4613554e5804ed0ac94
Author: Arthur Chen <ar...@gmail.com>
AuthorDate: Thu Sep 29 22:59:38 2022 +0800
Make opaque access token generation extensible (#989)
* extract opaque token generation to a protected method, so
it can be reused/overwritten by child classes
* extract jwt token conversion to a protected method, so
it can be reused/overwritten by child classes
* Remove response type as old logic didn't have it
(cherry picked from commit dd206fdb527b672ca181f4f513eff06ac1bf4f6c)
(cherry picked from commit af64d00273b1dcebec08d56cba361388794a5e60)
---
.../oauth2/provider/AbstractOAuthDataProvider.java | 104 ++++++++++++---------
1 file changed, 62 insertions(+), 42 deletions(-)
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 815a52ce04..d136fc8bc3 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -76,19 +76,14 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
}
protected ServerAccessToken doCreateAccessToken(AccessTokenRegistration atReg) {
- ServerAccessToken at = createNewAccessToken(atReg.getClient(), atReg.getSubject());
- at.setAudiences(atReg.getAudiences());
- at.setGrantType(atReg.getGrantType());
- List<String> theScopes = atReg.getApprovedScope();
- List<OAuthPermission> thePermissions =
- convertScopeToPermissions(atReg.getClient(), theScopes);
- at.setScopes(thePermissions);
- at.setSubject(atReg.getSubject());
- at.setClientCodeVerifier(atReg.getClientCodeVerifier());
- at.setNonce(atReg.getNonce());
- at.setResponseType(atReg.getResponseType());
- at.setGrantCode(atReg.getGrantCode());
- at.getExtraProperties().putAll(atReg.getExtraProperties());
+ ServerAccessToken at = doCreateAccessToken(
+ atReg.getAudiences(), atReg.getClient(),
+ atReg.getClientCodeVerifier(), atReg.getExtraProperties(),
+ atReg.getGrantCode(), atReg.getGrantType(), atReg.getNonce(),
+ atReg.getResponseType(),
+ convertScopeToPermissions(
+ atReg.getClient(), atReg.getApprovedScope()),
+ atReg.getSubject());
if (messageContext != null) {
String certCnf = (String)messageContext.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256);
@@ -99,18 +94,38 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
}
if (isUseJwtFormatForAccessTokens()) {
- JwtClaims claims = createJwtAccessToken(at);
- String jose = processJwtAccessToken(claims);
- if (isPersistJwtEncoding()) {
- at.setTokenKey(jose);
- } else {
- at.setEncodedToken(jose);
- }
+ convertToJWTAccessToken(at);
}
return at;
}
+ protected ServerAccessToken doCreateAccessToken(List<String> audiences,
+ Client client,
+ String clientCodeVerifier,
+ Map<String, String> extraProperties,
+ String grantCode,
+ String grantType,
+ String nonce,
+ String responseType,
+ List<OAuthPermission> scopes,
+ UserSubject userSubject) {
+
+ ServerAccessToken at =
+ createNewAccessToken(client, userSubject);
+ at.setAudiences(audiences);
+ at.setGrantType(grantType);
+ at.setScopes(scopes);
+ at.setSubject(userSubject);
+ at.setClientCodeVerifier(clientCodeVerifier);
+ at.setNonce(nonce);
+ at.setResponseType(responseType);
+ at.setGrantCode(grantCode);
+ at.getExtraProperties().putAll(extraProperties);
+
+ return at;
+ }
+
protected JwtClaims createJwtAccessToken(ServerAccessToken at) {
JwtClaims claims = new JwtClaims();
claims.setTokenId(at.getTokenKey());
@@ -186,6 +201,16 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
return claims;
}
+ protected void convertToJWTAccessToken(ServerAccessToken at) {
+ JwtClaims claims = createJwtAccessToken(at);
+ String jose = processJwtAccessToken(claims);
+ if (isPersistJwtEncoding()) {
+ at.setTokenKey(jose);
+ } else {
+ at.setEncodedToken(jose);
+ }
+ }
+
protected ServerAccessToken createNewAccessToken(Client client, UserSubject userSub) {
BearerAccessToken token = new BearerAccessToken(client, accessTokenLifetime);
if (getIssuer() != null) {
@@ -395,35 +420,30 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
protected ServerAccessToken doRefreshAccessToken(Client client,
RefreshToken oldRefreshToken,
List<String> restrictedScopes) {
- ServerAccessToken at = createNewAccessToken(client, oldRefreshToken.getSubject());
- at.setAudiences(oldRefreshToken.getAudiences() != null
- ? new ArrayList<String>(oldRefreshToken.getAudiences()) : null);
- at.setGrantType(oldRefreshToken.getGrantType());
- at.setGrantCode(oldRefreshToken.getGrantCode());
- at.setSubject(oldRefreshToken.getSubject());
- at.setNonce(oldRefreshToken.getNonce());
- at.setClientCodeVerifier(oldRefreshToken.getClientCodeVerifier());
- at.getExtraProperties().putAll(oldRefreshToken.getExtraProperties());
+
+ List<OAuthPermission> theNewScopes = null;
+
if (restrictedScopes.isEmpty()) {
- at.setScopes(oldRefreshToken.getScopes() != null
- ? new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null);
+ theNewScopes = oldRefreshToken.getScopes() != null ?
+ new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null;
} else {
- List<OAuthPermission> theNewScopes = convertScopeToPermissions(client, restrictedScopes);
- if (oldRefreshToken.getScopes().containsAll(theNewScopes)) {
- at.setScopes(theNewScopes);
- } else {
+ theNewScopes = convertScopeToPermissions(client, restrictedScopes);
+ if (!oldRefreshToken.getScopes().containsAll(theNewScopes)) {
throw new OAuthServiceException("Invalid scopes");
}
}
+ ServerAccessToken at =
+ doCreateAccessToken(
+ oldRefreshToken.getAudiences() != null ?
+ new ArrayList<String>(oldRefreshToken.getAudiences()) : null,
+ client, oldRefreshToken.getClientCodeVerifier(),
+ oldRefreshToken.getExtraProperties(), oldRefreshToken.getGrantCode(),
+ oldRefreshToken.getGrantType(), oldRefreshToken.getNonce(),
+ null, theNewScopes, oldRefreshToken.getSubject());
+
if (isUseJwtFormatForAccessTokens()) {
- JwtClaims claims = createJwtAccessToken(at);
- String jose = processJwtAccessToken(claims);
- if (isPersistJwtEncoding()) {
- at.setTokenKey(jose);
- } else {
- at.setEncodedToken(jose);
- }
+ convertToJWTAccessToken(at);
}
return at;
[cxf] 02/03: Fixing some PMD/checkstyle issues
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.5.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 8b9b36eb126cb625bda820aafe82be75b7a7ffe9
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Sep 29 16:39:12 2022 +0100
Fixing some PMD/checkstyle issues
(cherry picked from commit 5dab76961afaebd2e71aeeee9356a6878ee2e4f1)
(cherry picked from commit ac508a47694779eb0fd6275afc03f88e384ab6d5)
---
.../security/oauth2/provider/AbstractOAuthDataProvider.java | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index d136fc8bc3..6844c97cab 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -100,7 +100,8 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
return at;
}
- protected ServerAccessToken doCreateAccessToken(List<String> audiences,
+ //CHECKSTYLE:OFF
+ protected ServerAccessToken doCreateAccessToken(List<String> audiences, //NOPMD
Client client,
String clientCodeVerifier,
Map<String, String> extraProperties,
@@ -110,6 +111,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
String responseType,
List<OAuthPermission> scopes,
UserSubject userSubject) {
+ //CHECKSTYLE:ON
ServerAccessToken at =
createNewAccessToken(client, userSubject);
@@ -424,8 +426,8 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
List<OAuthPermission> theNewScopes = null;
if (restrictedScopes.isEmpty()) {
- theNewScopes = oldRefreshToken.getScopes() != null ?
- new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null;
+ theNewScopes = oldRefreshToken.getScopes() != null
+ ? new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null;
} else {
theNewScopes = convertScopeToPermissions(client, restrictedScopes);
if (!oldRefreshToken.getScopes().containsAll(theNewScopes)) {
@@ -435,8 +437,8 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
ServerAccessToken at =
doCreateAccessToken(
- oldRefreshToken.getAudiences() != null ?
- new ArrayList<String>(oldRefreshToken.getAudiences()) : null,
+ oldRefreshToken.getAudiences() != null
+ ? new ArrayList<String>(oldRefreshToken.getAudiences()) : null,
client, oldRefreshToken.getClientCodeVerifier(),
oldRefreshToken.getExtraProperties(), oldRefreshToken.getGrantCode(),
oldRefreshToken.getGrantType(), oldRefreshToken.getNonce(),
[cxf] 03/03: Recording .gitmergeinfo Changes
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.5.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 51a69df3c63b394708571ae26ba2e6c6c49b869f
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Sep 29 16:41:34 2022 +0100
Recording .gitmergeinfo Changes
---
.gitmergeinfo | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 624977cb95..f7f3ab423b 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -8,6 +8,7 @@ B 21bf42d906765fffb015f86d49e7b535d927bc56
B 26aa8c8cfc103a5c51aed74a657880c6724c25a5
B 2c48413cfa4dbd746b49b4b08b0d15eb8077a7d6
B 3457c8555d1ecb49cf13e29a60f7ab01ec5f2ff4
+B 3795fbc8740c882d8f276b6e9cbaf0cab107edef
B 3e7d45d5ff4b026dcea4e6a8196f6534750c9acd
B 44919916b3747beb059cadd95a34e0bf15202a0d
B 4b63dbb428488f3a6d0b7114632404b31458a521
@@ -39,6 +40,7 @@ B b740e0a7f606d9e5acb8c27dfb3a671708bb19db
B ba839e6b1f3ee5c26fd600834ea10227dd4cc317
B c0d5bad32938019dea92f99be0773abd39ad7288
B c122fbdd9e1923cdb4daaef16f2e0fd65e2498b6
+B c734a65aa20fa6d56464758f019c4eb995234688
B c87e69e5d3f1f1cd24ed37d3ba2b2fef6b294f90
B cad4f0b76bb79f82a5ef4bc7e435e93996eb884b
B cfca13411eb72d2d07ca243e24ced6e9743e6124