You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/04/04 09:10:20 UTC
[cxf] branch 3.1.x-fixes updated (8365549 -> 2cb2093)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git.
from 8365549 CXF-7691 - Improving error message for multiple WSS4JStaxOutInterceptor instances
new 29f50f9 CXF-7693 - Allow JWT aud claim to be empty
new 2cb2093 Recording .gitmergeinfo Changes
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.gitmergeinfo | 2 ++
.../org/apache/cxf/rs/security/jose/jwt/JwtClaims.java | 3 +--
.../org/apache/cxf/rs/security/jose/jwt/JwtUtils.java | 16 ++++++++--------
.../jaxrs/security/jose/jwt/JWTPropertiesTest.java | 2 +-
4 files changed, 12 insertions(+), 11 deletions(-)
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.
[cxf] 02/02: Recording .gitmergeinfo Changes
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 2cb2093932d1c5cf3a8cd29574bcd52a5930ccec
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Apr 3 17:22:26 2018 +0100
Recording .gitmergeinfo Changes
---
.gitmergeinfo | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.gitmergeinfo b/.gitmergeinfo
index a2dd2b9..4adc99d 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -520,6 +520,7 @@ B aad3a62bf74f3378c4309a611d8b9e498bce14b3
B ab05d4ee361670d3c251712f5819a0f0b7e114d6
B abaaa756eb2f979792dfb966238eacf58e4144a9
B abfd5936fee6562b1b5c49d7522f0975390bcfed
+B ad579cdefe5ec49066ebc9d41db6c7b79eceb2c4
B adc783c79ca4417599458598442a26f34656d1dc
B adcfa17d94da4b27deb8ba952d0bd4dcfcf6972b
B ae83629e6291538e72d300fb35d7f6df7cf064a1
@@ -1068,6 +1069,7 @@ M 982556218c86ad834a6bf76e62e0a77d055e291d
M 998ce1e5df26773dc96d130b9b55c7d6eec746e7
M 99f6eb63fa7da2a29ea9d28f1c55c5cb90a09222
M 9a8215ce62a8f821f1899792de132d434da09ac8
+M 9a90413fff82236806ae42c045ac7f3256f8f224
M 9a9e0a8a37608195c4ef6fbf386728d13d025d2d
M 9b2bda583c09861c693122ab631c4bffa2187ddd
M 9b6666816a21d8b85cc051be59a8ab6e968c5d0d
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.
[cxf] 01/02: CXF-7693 - Allow JWT aud claim to be empty
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 29f50f9b1bf4ce6198ce72cbdc7eec989bba2284
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Apr 3 17:20:38 2018 +0100
CXF-7693 - Allow JWT aud claim to be empty
(cherry picked from commit 9a90413fff82236806ae42c045ac7f3256f8f224)
# Conflicts:
# rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
# rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
---
.../org/apache/cxf/rs/security/jose/jwt/JwtClaims.java | 3 +--
.../org/apache/cxf/rs/security/jose/jwt/JwtUtils.java | 16 ++++++++--------
.../jaxrs/security/jose/jwt/JWTPropertiesTest.java | 2 +-
3 files changed, 10 insertions(+), 11 deletions(-)
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
index d6a940d..b698a8a 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
@@ -98,8 +98,7 @@ public class JwtClaims extends JsonMapObject {
} else if (audiences instanceof String) {
return Collections.singletonList((String)audiences);
}
-
- return null;
+ return Collections.emptyList();
}
public void setExpiryTime(Long expiresIn) {
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
index 14604c9..0910913 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
@@ -96,7 +96,7 @@ public final class JwtUtils {
if (clockOffset > 0) {
validCreation.setTime(currentTime + (long)clockOffset * 1000L);
}
-
+
// Check to see if the IssuedAt time is in the future
if (createdDate.after(validCreation)) {
throw new JwtException("Invalid issuedAt");
@@ -115,17 +115,17 @@ public final class JwtUtils {
}
public static void validateJwtAudienceRestriction(JwtClaims claims, Message message) {
+ if (claims.getAudiences().isEmpty()) {
+ return;
+ }
+
String expectedAudience = (String)message.getContextualProperty(JwtConstants.EXPECTED_CLAIM_AUDIENCE);
if (expectedAudience == null) {
expectedAudience = (String)message.getContextualProperty(Message.REQUEST_URL);
}
-
- if (expectedAudience != null) {
- for (String audience : claims.getAudiences()) {
- if (expectedAudience.equals(audience)) {
- return;
- }
- }
+
+ if (expectedAudience != null && claims.getAudiences().contains(expectedAudience)) {
+ return;
}
throw new JwtException("Invalid audience restriction");
}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTPropertiesTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTPropertiesTest.java
index 16b890d..48ac7e9 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTPropertiesTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTPropertiesTest.java
@@ -374,7 +374,7 @@ public class JWTPropertiesTest extends AbstractBusClientServerTestBase {
WebClient.getConfig(client).getRequestContext().putAll(properties);
Response response = client.post(new Book("book", 123L));
- assertNotEquals(response.getStatus(), 200);
+ assertEquals(response.getStatus(), 200);
}
@org.junit.Test
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.