You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2017/03/07 13:59:50 UTC

cxf git commit: [CXF-7268] Copying some of Fediz Client cred code to the abstract data provider

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 6e06a523a -> e5ba3fefb


[CXF-7268] Copying some of Fediz Client cred code to the abstract data provider


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e5ba3fef
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e5ba3fef
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e5ba3fef

Branch: refs/heads/3.1.x-fixes
Commit: e5ba3fefbcd65035e79cb25d9cc9025a5932a0ad
Parents: 6e06a52
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Mar 7 13:51:22 2017 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Mar 7 13:59:30 2017 +0000

----------------------------------------------------------------------
 .../provider/AbstractOAuthDataProvider.java     | 58 ++++++++++++++++----
 .../ProviderAuthenticationStrategy.java         | 23 ++++++++
 2 files changed, 71 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e5ba3fef/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index bcbb0ef..5eb48ec 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -55,7 +55,8 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
     private boolean useJwtFormatForAccessTokens;
     private OAuthJoseJwtProducer jwtAccessTokenProducer;
     private Map<String, String> jwtAccessTokenClaimMap;
-    
+    private ProviderAuthenticationStrategy authenticationStrategy;
+
     protected AbstractOAuthDataProvider() {
     }
     
@@ -308,16 +309,20 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
     }
 
     protected String getCurrentRequestedGrantType() {
-        return (String)messageContext.get(OAuthConstants.GRANT_TYPE);
+        return messageContext != null ? (String)messageContext.get(OAuthConstants.GRANT_TYPE) : null;
     }
     protected String getCurrentClientSecret() {
-        return (String)messageContext.get(OAuthConstants.CLIENT_SECRET);
-    }
-    protected MultivaluedMap<String, String> getCurrentRequestParams() {
-        @SuppressWarnings("unchecked")
-        MultivaluedMap<String, String> params = 
-            (MultivaluedMap<String, String>)messageContext.get(OAuthConstants.TOKEN_REQUEST_PARAMS);
-        return params;
+        return messageContext != null ? (String)messageContext.get(OAuthConstants.CLIENT_SECRET) : null;
+    }
+    protected MultivaluedMap<String, String> getCurrentTokenRequestParams() {
+        if (messageContext != null) {
+            @SuppressWarnings("unchecked")
+            MultivaluedMap<String, String> params = 
+                (MultivaluedMap<String, String>)messageContext.get(OAuthConstants.TOKEN_REQUEST_PARAMS);
+            return params;
+        } else {
+            return null;
+        }
     }
     protected RefreshToken updateRefreshToken(RefreshToken rt, ServerAccessToken at) {
         linkAccessTokenToRefreshToken(rt, at);
@@ -426,6 +431,9 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
 
     public void setMessageContext(MessageContext messageContext) {
         this.messageContext = messageContext;
+        if (authenticationStrategy != null) {
+            OAuthUtils.injectContextIntoOAuthProvider(messageContext, authenticationStrategy);
+        }
     }
     
     protected void removeClientTokens(Client c) {
@@ -453,9 +461,39 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
     
     @Override
     public Client getClient(String clientId) {
-        return doGetClient(clientId);
+        Client client = doGetClient(clientId);
+        if (client != null) {
+            return client;
+        }
+        
+        String grantType = getCurrentRequestedGrantType();
+        if (OAuthConstants.CLIENT_CREDENTIALS_GRANT.equals(grantType)) {
+            String clientSecret = getCurrentClientSecret();
+            if (clientSecret != null) {
+                return createClientCredentialsClient(clientId, clientSecret);
+            }
+        }
+        return null;
     }
 
+    public void setAuthenticationStrategy(ProviderAuthenticationStrategy authenticationStrategy) {
+        this.authenticationStrategy = authenticationStrategy;
+    }
+    
+    protected boolean authenticateUnregisteredClient(String clientId, String clientSecret) {
+        return authenticationStrategy != null
+            && authenticationStrategy.authenticate(clientId, clientSecret);
+    }
+    
+    protected Client createClientCredentialsClient(String clientId, String password) {
+        if (authenticateUnregisteredClient(clientId, password)) {
+            Client c = new Client(clientId, password, true);
+            c.setAllowedGrantTypes(Collections.singletonList(OAuthConstants.CLIENT_CREDENTIALS_GRANT));
+            return c;
+        }
+        return null;
+    }
+    
     protected ServerAccessToken revokeAccessToken(String accessTokenKey) {
         ServerAccessToken at = getAccessToken(accessTokenKey);
         if (at != null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/e5ba3fef/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ProviderAuthenticationStrategy.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ProviderAuthenticationStrategy.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ProviderAuthenticationStrategy.java
new file mode 100644
index 0000000..7ba4447
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ProviderAuthenticationStrategy.java
@@ -0,0 +1,23 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.provider;
+
+public interface ProviderAuthenticationStrategy {
+    boolean authenticate(String name, String password);
+}