You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/12/07 12:05:29 UTC
cxf git commit: Trying to make it simpler to start jose-processing
IdTokens only at the AT response time
Repository: cxf
Updated Branches:
refs/heads/master cdd1a9c9b -> 7d02ad7fc
Trying to make it simpler to start jose-processing IdTokens only at the AT response time
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7d02ad7f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7d02ad7f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7d02ad7f
Branch: refs/heads/master
Commit: 7d02ad7fc862eb1413ae34d10d8cd2d4f20e35f3
Parents: cdd1a9c
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Dec 7 11:05:08 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Dec 7 11:05:08 2015 +0000
----------------------------------------------------------------------
.../oidc/idp/IdTokenResponseFilter.java | 33 +++++++++---------
.../rs/security/oidc/idp/OidcUserSubject.java | 35 ++++++++++++++++++++
.../rs/security/oidc/idp/UserInfoService.java | 10 ------
3 files changed, 50 insertions(+), 28 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/7d02ad7f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index da93213..0d10d4e 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -18,8 +18,6 @@
*/
package org.apache.cxf.rs.security.oidc.idp;
-import java.util.Collections;
-
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
@@ -30,29 +28,28 @@ import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
public class IdTokenResponseFilter extends AbstractOAuthServerJoseJwtProducer implements AccessTokenResponseFilter {
private UserInfoProvider userInfoProvider;
- private String issuer;
@Override
public void process(ClientAccessToken ct, ServerAccessToken st) {
- // This may also be done directly inside a data provider code creating the server token
+ String idToken = getProcessedIdToken(st);
+ if (idToken != null) {
+ ct.getParameters().put(OidcUtils.ID_TOKEN, idToken);
+ }
+
+ }
+ private String getProcessedIdToken(ServerAccessToken st) {
if (userInfoProvider != null) {
IdToken token =
userInfoProvider.getIdToken(st.getClient().getClientId(), st.getSubject(), st.getScopes());
- token.setIssuer(issuer);
- token.setAudiences(Collections.singletonList(st.getClient().getClientId()));
-
- String responseEntity = super.processJwt(new JwtToken(token),
- st.getClient());
- ct.getParameters().put(OidcUtils.ID_TOKEN, responseEntity);
- } else if (st.getSubject().getProperties().containsKey("id_token")) {
- ct.getParameters().put(OidcUtils.ID_TOKEN,
- st.getSubject().getProperties().get("id_token"));
+ return super.processJwt(new JwtToken(token), st.getClient());
+ } else if (st.getSubject().getProperties().containsKey(OidcUtils.ID_TOKEN)) {
+ return st.getSubject().getProperties().get(OidcUtils.ID_TOKEN);
+ } else if (st.getSubject() instanceof OidcUserSubject) {
+ OidcUserSubject sub = (OidcUserSubject)st.getSubject();
+ return super.processJwt(new JwtToken(sub.getIdToken()), st.getClient());
+ } else {
+ return null;
}
-
- }
-
- public void setIssuer(String issuer) {
- this.issuer = issuer;
}
public void setUserInfoProvider(UserInfoProvider userInfoProvider) {
this.userInfoProvider = userInfoProvider;
http://git-wip-us.apache.org/repos/asf/cxf/blob/7d02ad7f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcUserSubject.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcUserSubject.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcUserSubject.java
new file mode 100644
index 0000000..6c9690b
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcUserSubject.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.idp;
+
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
+
+public class OidcUserSubject extends UserSubject {
+
+ private static final long serialVersionUID = 8806727177012442229L;
+ private IdToken idToken;
+ public IdToken getIdToken() {
+ return idToken;
+ }
+ public void setIdToken(IdToken idToken) {
+ this.idToken = idToken;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/7d02ad7f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
index 1f5d99d..ae22b22 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/UserInfoService.java
@@ -18,8 +18,6 @@
*/
package org.apache.cxf.rs.security.oidc.idp;
-import java.util.Collections;
-
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
@@ -38,7 +36,6 @@ import org.apache.cxf.rs.security.oidc.common.UserInfo;
public class UserInfoService extends AbstractOAuthServerJoseJwtProducer {
private UserInfoProvider userInfoProvider;
private OAuthDataProvider oauthDataProvider;
- private String issuer;
@Context
private MessageContext mc;
@@ -48,10 +45,6 @@ public class UserInfoService extends AbstractOAuthServerJoseJwtProducer {
OAuthContext oauth = OAuthContextUtils.getContext(mc);
UserInfo userInfo =
userInfoProvider.getUserInfo(oauth.getClientId(), oauth.getSubject(), oauth.getPermissions());
- if (userInfo != null) {
- userInfo.setIssuer(issuer);
- }
- userInfo.setAudiences(Collections.singletonList(oauth.getClientId()));
Object responseEntity = userInfo;
if (super.isJwsRequired() || super.isJweRequired()) {
responseEntity = super.processJwt(new JwtToken(userInfo),
@@ -61,9 +54,6 @@ public class UserInfoService extends AbstractOAuthServerJoseJwtProducer {
}
- public void setIssuer(String issuer) {
- this.issuer = issuer;
- }
public void setUserInfoProvider(UserInfoProvider userInfoProvider) {
this.userInfoProvider = userInfoProvider;
}