You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/12/14 12:07:40 UTC
cxf git commit: Setting the nonce if IdToken is already available on
the subject, minor tweak to the scope conversions to avoid the extra space
Repository: cxf
Updated Branches:
refs/heads/master 85c397f85 -> 8b805fa99
Setting the nonce if IdToken is already available on the subject, minor tweak to the scope conversions to avoid the extra space
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8b805fa9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8b805fa9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8b805fa9
Branch: refs/heads/master
Commit: 8b805fa9917a20e514b43a5fa3223452fb7be10e
Parents: 85c397f
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Dec 14 11:07:26 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Dec 14 11:07:26 2015 +0000
----------------------------------------------------------------------
.../cxf/rs/security/oauth2/utils/OAuthUtils.java | 6 ++----
.../rs/security/oidc/idp/IdTokenResponseFilter.java | 13 +++++++------
2 files changed, 9 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/8b805fa9/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index 4974760..d2ae2fa 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -130,15 +130,13 @@ public final class OAuthUtils {
public static String convertPermissionsToScope(List<OAuthPermission> perms) {
StringBuilder sb = new StringBuilder();
for (OAuthPermission perm : perms) {
- if (perm.isInvisibleToClient()) {
+ if (perm.isInvisibleToClient() || perm.getPermission() == null) {
continue;
}
if (sb.length() > 0) {
sb.append(" ");
}
- if (perm.getPermission() != null) {
- sb.append(perm.getPermission());
- }
+ sb.append(perm.getPermission());
}
return sb.toString();
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8b805fa9/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index f7d6b9a..31b2666 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -49,23 +49,20 @@ public class IdTokenResponseFilter extends AbstractOAuthServerJoseJwtProducer im
if (userInfoProvider != null) {
IdToken idToken =
userInfoProvider.getIdToken(st.getClient().getClientId(), st.getSubject(), st.getScopes());
- if (st.getNonce() != null) {
- idToken.setNonce(st.getNonce());
- }
- setAtHash(idToken, st);
+ setAtHashAndNonce(idToken, st);
return super.processJwt(new JwtToken(idToken), st.getClient());
} else if (st.getSubject().getProperties().containsKey(OidcUtils.ID_TOKEN)) {
return st.getSubject().getProperties().get(OidcUtils.ID_TOKEN);
} else if (st.getSubject() instanceof OidcUserSubject) {
OidcUserSubject sub = (OidcUserSubject)st.getSubject();
IdToken idToken = new IdToken(sub.getIdToken());
- setAtHash(idToken, st);
+ setAtHashAndNonce(idToken, st);
return super.processJwt(new JwtToken(idToken), st.getClient());
} else {
return null;
}
}
- private void setAtHash(IdToken idToken, ServerAccessToken st) {
+ private void setAtHashAndNonce(IdToken idToken, ServerAccessToken st) {
Properties props = JwsUtils.loadSignatureOutProperties(false);
SignatureAlgorithm sigAlgo = null;
if (super.isSignWithClientSecret()) {
@@ -78,6 +75,10 @@ public class IdTokenResponseFilter extends AbstractOAuthServerJoseJwtProducer im
idToken.setAccessTokenHash(atHash);
}
+ if (st.getNonce() != null) {
+ idToken.setNonce(st.getNonce());
+ }
+
}
public void setUserInfoProvider(UserInfoProvider userInfoProvider) {
this.userInfoProvider = userInfoProvider;