You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/01/19 14:24:26 UTC
cxf-fediz git commit: Further simplifying OAuthDataManager code
Repository: cxf-fediz
Updated Branches:
refs/heads/master c820b5a5e -> 941e81db3
Further simplifying OAuthDataManager code
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/941e81db
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/941e81db
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/941e81db
Branch: refs/heads/master
Commit: 941e81db3e6577d2096578eaa294b15f5ca59a69
Parents: c820b5a
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Jan 19 13:24:08 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Jan 19 13:24:08 2016 +0000
----------------------------------------------------------------------
.../fediz/service/oidc/OAuthDataManager.java | 36 ++------------------
.../main/webapp/WEB-INF/applicationContext.xml | 2 +-
.../src/main/webapp/WEB-INF/data-manager.xml | 13 +++++--
3 files changed, 15 insertions(+), 36 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/941e81db/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
index f8d7584..3f9b955 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
@@ -19,13 +19,10 @@
package org.apache.cxf.fediz.service.oidc;
import java.security.Principal;
-import java.util.List;
-import java.util.Map;
import org.apache.cxf.fediz.core.FedizPrincipal;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
@@ -35,7 +32,6 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.rs.security.oidc.idp.OidcUserSubject;
-import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
private SamlTokenConverter tokenConverter = new SamlTokenConverter();
@@ -65,14 +61,6 @@ public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
return token;
}
- @Override
- public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScopes) {
- if (!requestedScopes.contains(OidcUtils.OPENID_SCOPE)) {
- throw new OAuthServiceException("Required scope is missing");
- }
- return super.convertScopeToPermissions(client, requestedScopes);
- }
-
protected OidcUserSubject createOidcSubject(Client client, UserSubject subject) {
Principal principal = getMessageContext().getSecurityContext().getUserPrincipal();
@@ -85,33 +73,15 @@ public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
fedizPrincipal.getClaims(),
client.getClientId());
- //TODO: Consider populating UserInfo at this point too, with UserInfo having few more claims
- // from the claims collection, and setting it on OidcUserSubject
-
OidcUserSubject oidcSub = new OidcUserSubject(subject);
oidcSub.setIdToken(idToken);
+ // UserInfo can be populated and set on OidcUserSubject too.
+
+
return oidcSub;
}
public void setTokenConverter(SamlTokenConverter tokenConverter) {
this.tokenConverter = tokenConverter;
}
-
- @Override
- public void init() {
- super.init();
- Map<String, OAuthPermission> perms = super.getPermissionMap();
- if (!perms.containsKey(OidcUtils.OPENID_SCOPE)) {
- perms.put(OidcUtils.OPENID_SCOPE,
- new OAuthPermission(OidcUtils.OPENID_SCOPE, "Access the authentication claims"));
- }
- perms.get(OidcUtils.OPENID_SCOPE).setDefault(true);
-
- if (!perms.containsKey(OAuthConstants.REFRESH_TOKEN_SCOPE)) {
- perms.put(OAuthConstants.REFRESH_TOKEN_SCOPE,
- new OAuthPermission(OAuthConstants.REFRESH_TOKEN_SCOPE, "Refresh access tokens"));
- }
- perms.get(OAuthConstants.REFRESH_TOKEN_SCOPE).setInvisibleToClient(true);
-
- }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/941e81db/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
index baa2861..76a0730 100644
--- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
@@ -95,7 +95,7 @@
<bean id="clientRegService" init-method="init" class="org.apache.cxf.fediz.service.oidc.ClientRegistrationService">
<property name="dataProvider" ref="oauthProvider"/>
<!--
- <property name="clientScopes" ref="acceptedScopes"/>
+ <property name="clientScopes" ref="supportedScopes"/>
-->
<property name="homeRealms">
<map>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/941e81db/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
index 7804d38..0e4f16d 100644
--- a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
@@ -32,13 +32,22 @@
<bean id="samlTokenConverter" class="org.apache.cxf.fediz.service.oidc.SamlTokenConverter">
<property name="issuer" value="accounts.fediz.com"/>
</bean>
- <util:map id="acceptedScopes">
+ <util:map id="supportedScopes">
<entry key="openid" value="Access the authentication claims" />
<entry key="refreshToken" value="Refresh access tokens" />
</util:map>
+ <util:list id="coreScopes">
+ <value>openid</value>
+ </util:list>
+ <util:list id="invisibleToClientScopes">
+ <value>refreshToken</value>
+ </util:list>
<bean id="oauthProvider" class="org.apache.cxf.fediz.service.oidc.OAuthDataManager"
init-method="init" destroy-method="close">
- <property name="scopes" ref="acceptedScopes"/>
+ <property name="supportedScopes" ref="supportedScopes"/>
+ <property name="requiredScopes" ref="coreScopes"/>
+ <property name="defaultScopes" ref="coreScopes"/>
+ <property name="invisibleToClientScopes" ref="invisibleToClientScopes"/>
<!--
<property name="accessTokenLifetime" value="3600"/>
-->