You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by co...@apache.org on 2018/04/04 09:10:20 UTC

[cxf] branch 3.1.x-fixes updated (8365549 -> 2cb2093)

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a change to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git.


    from 8365549  CXF-7691 - Improving error message for multiple WSS4JStaxOutInterceptor instances
     new 29f50f9  CXF-7693 - Allow JWT aud claim to be empty
     new 2cb2093  Recording .gitmergeinfo Changes

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .gitmergeinfo                                            |  2 ++
 .../org/apache/cxf/rs/security/jose/jwt/JwtClaims.java   |  3 +--
 .../org/apache/cxf/rs/security/jose/jwt/JwtUtils.java    | 16 ++++++++--------
 .../jaxrs/security/jose/jwt/JWTPropertiesTest.java       |  2 +-
 4 files changed, 12 insertions(+), 11 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
coheigea@apache.org.

[cxf] 02/02: Recording .gitmergeinfo Changes

Posted by co...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 2cb2093932d1c5cf3a8cd29574bcd52a5930ccec
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Apr 3 17:22:26 2018 +0100

    Recording .gitmergeinfo Changes
---
 .gitmergeinfo | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitmergeinfo b/.gitmergeinfo
index a2dd2b9..4adc99d 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -520,6 +520,7 @@ B aad3a62bf74f3378c4309a611d8b9e498bce14b3
 B ab05d4ee361670d3c251712f5819a0f0b7e114d6
 B abaaa756eb2f979792dfb966238eacf58e4144a9
 B abfd5936fee6562b1b5c49d7522f0975390bcfed
+B ad579cdefe5ec49066ebc9d41db6c7b79eceb2c4
 B adc783c79ca4417599458598442a26f34656d1dc
 B adcfa17d94da4b27deb8ba952d0bd4dcfcf6972b
 B ae83629e6291538e72d300fb35d7f6df7cf064a1
@@ -1068,6 +1069,7 @@ M 982556218c86ad834a6bf76e62e0a77d055e291d
 M 998ce1e5df26773dc96d130b9b55c7d6eec746e7
 M 99f6eb63fa7da2a29ea9d28f1c55c5cb90a09222
 M 9a8215ce62a8f821f1899792de132d434da09ac8
+M 9a90413fff82236806ae42c045ac7f3256f8f224
 M 9a9e0a8a37608195c4ef6fbf386728d13d025d2d
 M 9b2bda583c09861c693122ab631c4bffa2187ddd
 M 9b6666816a21d8b85cc051be59a8ab6e968c5d0d

-- 
To stop receiving notification emails like this one, please contact
coheigea@apache.org.

[cxf] 01/02: CXF-7693 - Allow JWT aud claim to be empty

Posted by co...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 29f50f9b1bf4ce6198ce72cbdc7eec989bba2284
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Apr 3 17:20:38 2018 +0100

    CXF-7693 - Allow JWT aud claim to be empty
    
    (cherry picked from commit 9a90413fff82236806ae42c045ac7f3256f8f224)
    
    # Conflicts:
    #	rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
    #	rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
---
 .../org/apache/cxf/rs/security/jose/jwt/JwtClaims.java   |  3 +--
 .../org/apache/cxf/rs/security/jose/jwt/JwtUtils.java    | 16 ++++++++--------
 .../jaxrs/security/jose/jwt/JWTPropertiesTest.java       |  2 +-
 3 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
index d6a940d..b698a8a 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
@@ -98,8 +98,7 @@ public class JwtClaims extends JsonMapObject {
         } else if (audiences instanceof String) {
             return Collections.singletonList((String)audiences);
         }
-        
-        return null;
+        return Collections.emptyList();
     }
     
     public void setExpiryTime(Long expiresIn) {
diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
index 14604c9..0910913 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
@@ -96,7 +96,7 @@ public final class JwtUtils {
         if (clockOffset > 0) {
             validCreation.setTime(currentTime + (long)clockOffset * 1000L);
         }
-        
+
         // Check to see if the IssuedAt time is in the future
         if (createdDate.after(validCreation)) {
             throw new JwtException("Invalid issuedAt");
@@ -115,17 +115,17 @@ public final class JwtUtils {
     }
     
     public static void validateJwtAudienceRestriction(JwtClaims claims, Message message) {
+        if (claims.getAudiences().isEmpty()) {
+            return;
+        }
+
         String expectedAudience = (String)message.getContextualProperty(JwtConstants.EXPECTED_CLAIM_AUDIENCE);
         if (expectedAudience == null) {
             expectedAudience = (String)message.getContextualProperty(Message.REQUEST_URL);
         }
-        
-        if (expectedAudience != null) {
-            for (String audience : claims.getAudiences()) {
-                if (expectedAudience.equals(audience)) {
-                    return;
-                }
-            }
+
+        if (expectedAudience != null && claims.getAudiences().contains(expectedAudience)) {
+            return;
         }
         throw new JwtException("Invalid audience restriction");
     }
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTPropertiesTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTPropertiesTest.java
index 16b890d..48ac7e9 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTPropertiesTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTPropertiesTest.java
@@ -374,7 +374,7 @@ public class JWTPropertiesTest extends AbstractBusClientServerTestBase {
         WebClient.getConfig(client).getRequestContext().putAll(properties);
 
         Response response = client.post(new Book("book", 123L));
-        assertNotEquals(response.getStatus(), 200);
+        assertEquals(response.getStatus(), 200);
     }
     
     @org.junit.Test

-- 
To stop receiving notification emails like this one, please contact
coheigea@apache.org.