You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2017/03/07 13:59:50 UTC
cxf git commit: [CXF-7268] Copying some of Fediz Client cred code to
the abstract data provider
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes 6e06a523a -> e5ba3fefb
[CXF-7268] Copying some of Fediz Client cred code to the abstract data provider
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e5ba3fef
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e5ba3fef
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e5ba3fef
Branch: refs/heads/3.1.x-fixes
Commit: e5ba3fefbcd65035e79cb25d9cc9025a5932a0ad
Parents: 6e06a52
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Mar 7 13:51:22 2017 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Mar 7 13:59:30 2017 +0000
----------------------------------------------------------------------
.../provider/AbstractOAuthDataProvider.java | 58 ++++++++++++++++----
.../ProviderAuthenticationStrategy.java | 23 ++++++++
2 files changed, 71 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5ba3fef/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index bcbb0ef..5eb48ec 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -55,7 +55,8 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
private boolean useJwtFormatForAccessTokens;
private OAuthJoseJwtProducer jwtAccessTokenProducer;
private Map<String, String> jwtAccessTokenClaimMap;
-
+ private ProviderAuthenticationStrategy authenticationStrategy;
+
protected AbstractOAuthDataProvider() {
}
@@ -308,16 +309,20 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
}
protected String getCurrentRequestedGrantType() {
- return (String)messageContext.get(OAuthConstants.GRANT_TYPE);
+ return messageContext != null ? (String)messageContext.get(OAuthConstants.GRANT_TYPE) : null;
}
protected String getCurrentClientSecret() {
- return (String)messageContext.get(OAuthConstants.CLIENT_SECRET);
- }
- protected MultivaluedMap<String, String> getCurrentRequestParams() {
- @SuppressWarnings("unchecked")
- MultivaluedMap<String, String> params =
- (MultivaluedMap<String, String>)messageContext.get(OAuthConstants.TOKEN_REQUEST_PARAMS);
- return params;
+ return messageContext != null ? (String)messageContext.get(OAuthConstants.CLIENT_SECRET) : null;
+ }
+ protected MultivaluedMap<String, String> getCurrentTokenRequestParams() {
+ if (messageContext != null) {
+ @SuppressWarnings("unchecked")
+ MultivaluedMap<String, String> params =
+ (MultivaluedMap<String, String>)messageContext.get(OAuthConstants.TOKEN_REQUEST_PARAMS);
+ return params;
+ } else {
+ return null;
+ }
}
protected RefreshToken updateRefreshToken(RefreshToken rt, ServerAccessToken at) {
linkAccessTokenToRefreshToken(rt, at);
@@ -426,6 +431,9 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
public void setMessageContext(MessageContext messageContext) {
this.messageContext = messageContext;
+ if (authenticationStrategy != null) {
+ OAuthUtils.injectContextIntoOAuthProvider(messageContext, authenticationStrategy);
+ }
}
protected void removeClientTokens(Client c) {
@@ -453,9 +461,39 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
@Override
public Client getClient(String clientId) {
- return doGetClient(clientId);
+ Client client = doGetClient(clientId);
+ if (client != null) {
+ return client;
+ }
+
+ String grantType = getCurrentRequestedGrantType();
+ if (OAuthConstants.CLIENT_CREDENTIALS_GRANT.equals(grantType)) {
+ String clientSecret = getCurrentClientSecret();
+ if (clientSecret != null) {
+ return createClientCredentialsClient(clientId, clientSecret);
+ }
+ }
+ return null;
}
+ public void setAuthenticationStrategy(ProviderAuthenticationStrategy authenticationStrategy) {
+ this.authenticationStrategy = authenticationStrategy;
+ }
+
+ protected boolean authenticateUnregisteredClient(String clientId, String clientSecret) {
+ return authenticationStrategy != null
+ && authenticationStrategy.authenticate(clientId, clientSecret);
+ }
+
+ protected Client createClientCredentialsClient(String clientId, String password) {
+ if (authenticateUnregisteredClient(clientId, password)) {
+ Client c = new Client(clientId, password, true);
+ c.setAllowedGrantTypes(Collections.singletonList(OAuthConstants.CLIENT_CREDENTIALS_GRANT));
+ return c;
+ }
+ return null;
+ }
+
protected ServerAccessToken revokeAccessToken(String accessTokenKey) {
ServerAccessToken at = getAccessToken(accessTokenKey);
if (at != null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/e5ba3fef/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ProviderAuthenticationStrategy.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ProviderAuthenticationStrategy.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ProviderAuthenticationStrategy.java
new file mode 100644
index 0000000..7ba4447
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/ProviderAuthenticationStrategy.java
@@ -0,0 +1,23 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.provider;
+
+public interface ProviderAuthenticationStrategy {
+ boolean authenticate(String name, String password);
+}