You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/12/24 14:46:52 UTC
cxf git commit: Refactoring the OAuth2 client code filter code,
adapting it to OIDC
Repository: cxf
Updated Branches:
refs/heads/master b4bdea3b2 -> 27c1bb5a1
Refactoring the OAuth2 client code filter code, adapting it to OIDC
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/27c1bb5a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/27c1bb5a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/27c1bb5a
Branch: refs/heads/master
Commit: 27c1bb5a19ea70ef1befccff22d72f1656247b0d
Parents: b4bdea3
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Wed Dec 24 13:46:32 2014 +0000
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Wed Dec 24 13:46:32 2014 +0000
----------------------------------------------------------------------
.../oauth2/client/ClientCodeRequest.java | 56 --------
.../ClientCodeRequestContextProvider.java | 31 -----
.../oauth2/client/ClientCodeRequestFilter.java | 59 +++++----
.../client/ClientCodeRequestProvider.java | 28 ----
.../oauth2/client/ClientCodeStateManager.java | 30 +++++
.../oauth2/client/ClientCodeStateProvider.java | 32 -----
.../oauth2/client/ClientTokenContext.java | 48 +++++++
.../client/ClientTokenContextManager.java | 27 ++++
.../client/ClientTokenContextProvider.java | 31 +++++
.../client/JoseClientCodeStateManager.java | 126 ++++++++++++++++++
.../client/JoseClientCodeStateProvider.java | 129 -------------------
.../client/MemoryClientCodeRequestProvider.java | 50 -------
.../client/MemoryClientCodeStateManager.java | 45 +++++++
.../client/MemoryClientCodeStateProvider.java | 47 -------
.../client/MemoryClientTokenContextManager.java | 49 +++++++
.../oauth2/client/OAuthClientUtils.java | 20 +++
.../cxf/rs/security/oidc/rp/UserInfoClient.java | 71 ++++++++++
.../rs/security/oidc/rp/UserInfoValidator.java | 65 ----------
18 files changed, 482 insertions(+), 462 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequest.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequest.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequest.java
deleted file mode 100644
index 0a5dd0b..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequest.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.client;
-
-import java.io.Serializable;
-
-import javax.ws.rs.core.MultivaluedMap;
-
-import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
-
-public class ClientCodeRequest implements Serializable {
- private static final long serialVersionUID = -3501237730333195311L;
- private ClientAccessToken token;
- private MultivaluedMap<String, String> state;
- private String userName;
-
- public ClientAccessToken getToken() {
- return token;
- }
-
- public void setToken(ClientAccessToken token) {
- this.token = token;
- }
-
- public MultivaluedMap<String, String> getState() {
- return state;
- }
-
- public void setState(MultivaluedMap<String, String> state) {
- this.state = state;
- }
-
- public String getUserName() {
- return userName;
- }
-
- public void setUserName(String userName) {
- this.userName = userName;
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestContextProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestContextProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestContextProvider.java
deleted file mode 100644
index ee18e2c..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestContextProvider.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.client;
-
-import org.apache.cxf.jaxrs.ext.ContextProvider;
-import org.apache.cxf.message.Message;
-
-public class ClientCodeRequestContextProvider implements ContextProvider<ClientCodeRequest> {
-
- @Override
- public ClientCodeRequest createContext(Message m) {
- return m.getContent(ClientCodeRequest.class);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index 663d37d..05ee8cd 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -27,6 +27,7 @@ import javax.ws.rs.Priorities;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
+import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
@@ -34,6 +35,7 @@ import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.jaxrs.utils.FormUtils;
@@ -46,14 +48,16 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
@PreMatching
@Priority(Priorities.AUTHENTICATION + 1)
public class ClientCodeRequestFilter implements ContainerRequestFilter {
-
+ @Context
+ private MessageContext mc;
+
private String scopes;
private String relRedirectUri;
private String startUri;
private String authorizationServiceUri;
private Consumer consumer;
- private ClientCodeStateProvider clientStateProvider;
- private ClientCodeRequestProvider clientRequestProvider;
+ private ClientCodeStateManager clientStateManager;
+ private ClientTokenContextManager clientTokenContextManager;
private WebClient accessTokenService;
@Override
@@ -64,8 +68,8 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
}
UriInfo ui = rc.getUriInfo();
if (ui.getPath().endsWith(startUri)) {
- if (clientRequestProvider != null) {
- ClientCodeRequest request = clientRequestProvider.getCodeRequest(sc, ui);
+ if (clientTokenContextManager != null) {
+ ClientTokenContext request = clientTokenContextManager.getClientTokenContext(mc);
if (request != null) {
setClientCodeRequest(request);
rc.setRequestUri(URI.create(relRedirectUri));
@@ -91,7 +95,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
private URI getAbsoluteRedirectUri(UriInfo ui) {
return ui.getBaseUriBuilder().path(relRedirectUri).build();
}
- private void processCodeResponse(ContainerRequestContext rc, SecurityContext sc, UriInfo ui) {
+ protected void processCodeResponse(ContainerRequestContext rc, SecurityContext sc, UriInfo ui) {
MultivaluedMap<String, String> params = ui.getQueryParameters();
String codeParam = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
AccessTokenGrant grant = new AuthorizationCodeGrant(codeParam, getAbsoluteRedirectUri(ui));
@@ -100,25 +104,28 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
grant);
MultivaluedMap<String, String> state = null;
String stateParam = params.getFirst(OAuthConstants.STATE);
- if (clientStateProvider != null) {
- state = clientStateProvider.toState(sc, ui, stateParam);
+ if (clientStateManager != null) {
+ state = clientStateManager.toState(mc, stateParam);
}
- ClientCodeRequest request = new ClientCodeRequest();
+ ClientTokenContext request = createTokenContext(at);
request.setToken(at);
request.setState(state);
- request.setUserName(sc.getUserPrincipal().getName());
- if (clientStateProvider != null) {
- clientRequestProvider.setCodeRequest(sc, ui, request);
+ if (clientTokenContextManager != null) {
+ clientTokenContextManager.setClientTokenContext(mc, request);
}
setClientCodeRequest(request);
}
- private void setClientCodeRequest(ClientCodeRequest request) {
- JAXRSUtils.getCurrentMessage().setContent(ClientCodeRequest.class, request);
+ protected ClientTokenContext createTokenContext(ClientAccessToken at) {
+ return new ClientTokenContext();
+ }
+
+ private void setClientCodeRequest(ClientTokenContext request) {
+ JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, request);
}
private String createRequestState(ContainerRequestContext rc, SecurityContext sc, UriInfo ui) {
- if (clientStateProvider == null) {
+ if (clientStateManager == null) {
return null;
}
MultivaluedMap<String, String> state = new MetadataMap<String, String>();
@@ -127,7 +134,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
String body = FormUtils.readBody(rc.getEntityStream(), "UTF-8");
FormUtils.populateMapFromString(state, JAXRSUtils.getCurrentMessage(), body, "UTF-8", false);
}
- return clientStateProvider.toString(sc, ui, state);
+ return clientStateManager.toString(mc, state);
}
public void setScopeList(List<String> list) {
@@ -152,10 +159,6 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
this.authorizationServiceUri = authorizationServiceUri;
}
- public void setConsumer(Consumer consumer) {
- this.consumer = consumer;
- }
-
public void setRelativeRedirectUri(String redirectUri) {
this.relRedirectUri = redirectUri;
}
@@ -164,11 +167,19 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
this.accessTokenService = accessTokenService;
}
- public void setClientStateProvider(ClientCodeStateProvider clientStateProvider) {
- this.clientStateProvider = clientStateProvider;
+ public void setClientStateManager(ClientCodeStateManager clientStateManager) {
+ this.clientStateManager = clientStateManager;
+ }
+ public void setClientTokenContextManager(ClientTokenContextManager clientTokenContextManager) {
+ this.clientTokenContextManager = clientTokenContextManager;
+ }
+
+ public Consumer getConsumer() {
+ return consumer;
}
- public void setClientRequestProvider(ClientCodeRequestProvider clientRequestProvider) {
- this.clientRequestProvider = clientRequestProvider;
+
+ public void setConsumer(Consumer consumer) {
+ this.consumer = consumer;
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestProvider.java
deleted file mode 100644
index ec92d25..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestProvider.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.client;
-
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.core.UriInfo;
-
-public interface ClientCodeRequestProvider {
- void setCodeRequest(SecurityContext sc, UriInfo ui, ClientCodeRequest request);
- ClientCodeRequest getCodeRequest(SecurityContext sc, UriInfo ui);
- void removeCodeRequest(ClientCodeRequest request);
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateManager.java
new file mode 100644
index 0000000..54c4479
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateManager.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+
+public interface ClientCodeStateManager {
+ String toString(MessageContext mc,
+ MultivaluedMap<String, String> state);
+ MultivaluedMap<String, String> toState(MessageContext mc,
+ String stateParam);
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateProvider.java
deleted file mode 100644
index d51e7b3..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeStateProvider.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.client;
-
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.core.UriInfo;
-
-public interface ClientCodeStateProvider {
- String toString(SecurityContext sc,
- UriInfo ui,
- MultivaluedMap<String, String> state);
- MultivaluedMap<String, String> toState(SecurityContext sc,
- UriInfo ui,
- String stateParam);
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContext.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContext.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContext.java
new file mode 100644
index 0000000..db42f8e
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContext.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import java.io.Serializable;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+
+public class ClientTokenContext implements Serializable {
+ private static final long serialVersionUID = -3501237730333195311L;
+ private ClientAccessToken token;
+ private MultivaluedMap<String, String> state;
+
+ public ClientAccessToken getToken() {
+ return token;
+ }
+
+ public void setToken(ClientAccessToken token) {
+ this.token = token;
+ }
+
+ public MultivaluedMap<String, String> getState() {
+ return state;
+ }
+
+ public void setState(MultivaluedMap<String, String> state) {
+ this.state = state;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextManager.java
new file mode 100644
index 0000000..1034a9a
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextManager.java
@@ -0,0 +1,27 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+
+public interface ClientTokenContextManager {
+ void setClientTokenContext(MessageContext mc, ClientTokenContext ctx);
+ ClientTokenContext getClientTokenContext(MessageContext mc);
+ void removeClientTokenContext(MessageContext mc, ClientTokenContext ctx);
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextProvider.java
new file mode 100644
index 0000000..0231508
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientTokenContextProvider.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import org.apache.cxf.jaxrs.ext.ContextProvider;
+import org.apache.cxf.message.Message;
+
+public class ClientTokenContextProvider implements ContextProvider<ClientTokenContext> {
+
+ @Override
+ public ClientTokenContext createContext(Message m) {
+ return m.getContent(ClientTokenContext.class);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java
new file mode 100644
index 0000000..e3ed11c
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java
@@ -0,0 +1,126 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider;
+
+public class JoseClientCodeStateManager implements ClientCodeStateManager {
+
+ private JwsSignatureProvider sigProvider;
+ private JweEncryptionProvider encryptionProvider;
+ private JweDecryptionProvider decryptionProvider;
+ private JwsSignatureVerifier signatureVerifier;
+ private JsonMapObjectReaderWriter jsonp = new JsonMapObjectReaderWriter();
+ @Override
+ public String toString(MessageContext mc, MultivaluedMap<String, String> state) {
+
+ Map<String, Object> stateMap = CastUtils.cast((Map<?, ?>)state);
+ String json = jsonp.toJson(stateMap);
+
+ JwsCompactProducer producer = new JwsCompactProducer(json);
+ JwsSignatureProvider theSigProvider = getInitializedSigProvider();
+ String stateParam = producer.signWith(theSigProvider);
+
+ JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
+ if (theEncryptionProvider != null) {
+ stateParam = theEncryptionProvider.encrypt(StringUtils.toBytesUTF8(stateParam), null);
+ }
+ return stateParam;
+ }
+
+ @Override
+ public MultivaluedMap<String, String> toState(MessageContext mc, String stateParam) {
+
+ JweDecryptionProvider jwe = getInitializedDecryptionProvider();
+ if (jwe != null) {
+ stateParam = jwe.decrypt(stateParam).getContentText();
+ }
+ JwsCompactConsumer jws = new JwsCompactConsumer(stateParam);
+ JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
+ if (!jws.verifySignatureWith(theSigVerifier)) {
+ throw new SecurityException();
+ }
+ String json = jws.getUnsignedEncodedSequence();
+ Map<String, List<String>> map = CastUtils.cast((Map<?, ?>)jsonp.fromJson(json));
+ //CHECKSTYLE:OFF
+ return (MultivaluedMap<String, String>)map;
+ //CHECKSTYLE:ON
+ }
+
+ public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
+ this.sigProvider = signatureProvider;
+ }
+
+ protected JwsSignatureProvider getInitializedSigProvider() {
+ if (sigProvider != null) {
+ return sigProvider;
+ }
+ JwsSignatureProvider theSigProvider = JwsUtils.loadSignatureProvider(false);
+ if (theSigProvider == null) {
+ theSigProvider = new NoneJwsSignatureProvider();
+ }
+ return theSigProvider;
+ }
+ public void setDecryptionProvider(JweDecryptionProvider decProvider) {
+ this.decryptionProvider = decProvider;
+ }
+ protected JweDecryptionProvider getInitializedDecryptionProvider() {
+ if (decryptionProvider != null) {
+ return decryptionProvider;
+ }
+ return JweUtils.loadDecryptionProvider(false);
+ }
+ public void setSignatureVerifier(JwsSignatureVerifier signatureVerifier) {
+ this.signatureVerifier = signatureVerifier;
+ }
+
+ protected JwsSignatureVerifier getInitializedSigVerifier() {
+ if (signatureVerifier != null) {
+ return signatureVerifier;
+ }
+ return JwsUtils.loadSignatureVerifier(false);
+ }
+ public void setEncryptionProvider(JweEncryptionProvider encProvider) {
+ this.encryptionProvider = encProvider;
+ }
+ protected JweEncryptionProvider getInitializedEncryptionProvider() {
+ if (encryptionProvider != null) {
+ return encryptionProvider;
+ }
+ return JweUtils.loadEncryptionProvider(false);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateProvider.java
deleted file mode 100644
index 290d76e..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateProvider.java
+++ /dev/null
@@ -1,129 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.client;
-
-import java.util.List;
-import java.util.Map;
-
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.core.UriInfo;
-
-import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.helpers.CastUtils;
-import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
-import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
-import org.apache.cxf.rs.security.jose.jws.JwsCompactProducer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
-import org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider;
-
-public class JoseClientCodeStateProvider implements ClientCodeStateProvider {
-
- private JwsSignatureProvider sigProvider;
- private JweEncryptionProvider encryptionProvider;
- private JweDecryptionProvider decryptionProvider;
- private JwsSignatureVerifier signatureVerifier;
- private JsonMapObjectReaderWriter jsonp = new JsonMapObjectReaderWriter();
- @Override
- public String toString(SecurityContext sc, UriInfo ui,
- MultivaluedMap<String, String> state) {
-
- Map<String, Object> stateMap = CastUtils.cast((Map<?, ?>)state);
- String json = jsonp.toJson(stateMap);
-
- JwsCompactProducer producer = new JwsCompactProducer(json);
- JwsSignatureProvider theSigProvider = getInitializedSigProvider();
- String stateParam = producer.signWith(theSigProvider);
-
- JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
- if (theEncryptionProvider != null) {
- stateParam = theEncryptionProvider.encrypt(StringUtils.toBytesUTF8(stateParam), null);
- }
- return stateParam;
- }
-
- @Override
- public MultivaluedMap<String, String> toState(SecurityContext sc,
- UriInfo ui, String stateParam) {
-
- JweDecryptionProvider jwe = getInitializedDecryptionProvider();
- if (jwe != null) {
- stateParam = jwe.decrypt(stateParam).getContentText();
- }
- JwsCompactConsumer jws = new JwsCompactConsumer(stateParam);
- JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier();
- if (!jws.verifySignatureWith(theSigVerifier)) {
- throw new SecurityException();
- }
- String json = jws.getUnsignedEncodedSequence();
- Map<String, List<String>> map = CastUtils.cast((Map<?, ?>)jsonp.fromJson(json));
- //CHECKSTYLE:OFF
- return (MultivaluedMap<String, String>)map;
- //CHECKSTYLE:ON
- }
-
- public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
- this.sigProvider = signatureProvider;
- }
-
- protected JwsSignatureProvider getInitializedSigProvider() {
- if (sigProvider != null) {
- return sigProvider;
- }
- JwsSignatureProvider theSigProvider = JwsUtils.loadSignatureProvider(false);
- if (theSigProvider == null) {
- theSigProvider = new NoneJwsSignatureProvider();
- }
- return theSigProvider;
- }
- public void setDecryptionProvider(JweDecryptionProvider decProvider) {
- this.decryptionProvider = decProvider;
- }
- protected JweDecryptionProvider getInitializedDecryptionProvider() {
- if (decryptionProvider != null) {
- return decryptionProvider;
- }
- return JweUtils.loadDecryptionProvider(false);
- }
- public void setSignatureVerifier(JwsSignatureVerifier signatureVerifier) {
- this.signatureVerifier = signatureVerifier;
- }
-
- protected JwsSignatureVerifier getInitializedSigVerifier() {
- if (signatureVerifier != null) {
- return signatureVerifier;
- }
- return JwsUtils.loadSignatureVerifier(false);
- }
- public void setEncryptionProvider(JweEncryptionProvider encProvider) {
- this.encryptionProvider = encProvider;
- }
- protected JweEncryptionProvider getInitializedEncryptionProvider() {
- if (encryptionProvider != null) {
- return encryptionProvider;
- }
- return JweUtils.loadEncryptionProvider(false);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeRequestProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeRequestProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeRequestProvider.java
deleted file mode 100644
index 09412b0..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeRequestProvider.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.client;
-
-import java.util.concurrent.ConcurrentHashMap;
-
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.core.UriInfo;
-
-public class MemoryClientCodeRequestProvider implements ClientCodeRequestProvider {
- private ConcurrentHashMap<String, ClientCodeRequest> map =
- new ConcurrentHashMap<String, ClientCodeRequest>();
-
- @Override
- public void setCodeRequest(SecurityContext sc, UriInfo ui, ClientCodeRequest request) {
- map.put(getKey(sc), request);
-
- }
-
- private String getKey(SecurityContext sc) {
- return sc.getUserPrincipal().getName();
- }
-
- @Override
- public ClientCodeRequest getCodeRequest(SecurityContext sc, UriInfo ui) {
- // TODO: support an automatic removal based on the token expires property
- return map.remove(getKey(sc));
- }
-
- @Override
- public void removeCodeRequest(ClientCodeRequest request) {
- map.remove(request.getUserName());
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
new file mode 100644
index 0000000..f6a23b2
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+
+public class MemoryClientCodeStateManager implements ClientCodeStateManager {
+ private ConcurrentHashMap<String, MultivaluedMap<String, String>> map =
+ new ConcurrentHashMap<String, MultivaluedMap<String, String>>();
+
+ @Override
+ public String toString(MessageContext mc, MultivaluedMap<String, String> state) {
+ String name = mc.getSecurityContext().getUserPrincipal().getName();
+ String hashCode = Integer.toString(name.hashCode());
+ map.put(hashCode, state);
+ return hashCode;
+ }
+
+ @Override
+ public MultivaluedMap<String, String> toState(MessageContext mc, String stateParam) {
+ String name = mc.getSecurityContext().getUserPrincipal().getName();
+ String hashCode = Integer.toString(name.hashCode());
+ return map.remove(hashCode);
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateProvider.java
deleted file mode 100644
index ecc147b..0000000
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateProvider.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oauth2.client;
-
-import java.util.concurrent.ConcurrentHashMap;
-
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.core.UriInfo;
-
-public class MemoryClientCodeStateProvider implements ClientCodeStateProvider {
- private ConcurrentHashMap<String, MultivaluedMap<String, String>> map =
- new ConcurrentHashMap<String, MultivaluedMap<String, String>>();
-
- @Override
- public String toString(SecurityContext sc, UriInfo ui,
- MultivaluedMap<String, String> state) {
- String name = sc.getUserPrincipal().getName();
- String hashCode = Integer.toString(name.hashCode());
- map.put(hashCode, state);
- return hashCode;
- }
-
- @Override
- public MultivaluedMap<String, String> toState(SecurityContext sc,
- UriInfo ui, String stateParam) {
- String name = sc.getUserPrincipal().getName();
- String hashCode = Integer.toString(name.hashCode());
- return map.remove(hashCode);
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
new file mode 100644
index 0000000..a10191e
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+
+public class MemoryClientTokenContextManager implements ClientTokenContextManager {
+ private ConcurrentHashMap<String, ClientTokenContext> map =
+ new ConcurrentHashMap<String, ClientTokenContext>();
+
+ @Override
+ public void setClientTokenContext(MessageContext mc, ClientTokenContext request) {
+ map.put(getKey(mc), request);
+
+ }
+
+ private String getKey(MessageContext mc) {
+ return mc.getSecurityContext().getUserPrincipal().getName();
+ }
+
+ @Override
+ public ClientTokenContext getClientTokenContext(MessageContext mc) {
+ // TODO: support an automatic removal based on the token expires property
+ return map.remove(getKey(mc));
+ }
+
+ @Override
+ public void removeClientTokenContext(MessageContext mc, ClientTokenContext request) {
+ map.remove(getKey(mc));
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
index 88cf93b..cfccf87 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
@@ -36,6 +36,7 @@ import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
+import org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrant;
import org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.tokens.hawk.HawkAuthorizationScheme;
@@ -210,6 +211,25 @@ public final class OAuthClientUtils {
return getAccessToken(accessTokenService, consumer, grant, extraParams,
null, setAuthorizationHeader);
}
+ public static ClientAccessToken refreshAccessToken(WebClient accessTokenService,
+ ClientAccessToken at) {
+ return refreshAccessToken(accessTokenService, null, at, null, true);
+ }
+ public static ClientAccessToken refreshAccessToken(WebClient accessTokenService,
+ Consumer consumer,
+ ClientAccessToken at) {
+ return refreshAccessToken(accessTokenService, consumer, at, null, true);
+ }
+ public static ClientAccessToken refreshAccessToken(WebClient accessTokenService,
+ Consumer consumer,
+ ClientAccessToken at,
+ String scope,
+ boolean setAuthorizationHeader)
+ throws OAuthServiceException {
+ RefreshTokenGrant grant = new RefreshTokenGrant(at.getRefreshToken(), scope);
+ return getAccessToken(accessTokenService, consumer, grant, null,
+ at.getTokenType(), setAuthorizationHeader);
+ }
/**
* Obtains the access token from OAuth AccessToken Service
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
new file mode 100644
index 0000000..bbd98d5
--- /dev/null
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.rp;
+
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oidc.common.IdToken;
+import org.apache.cxf.rs.security.oidc.common.UserInfo;
+
+public class UserInfoClient extends IdTokenValidator {
+ private boolean encryptedOnly;
+ private WebClient profileClient;
+ public UserInfo getUserInfo(ClientAccessToken at, IdToken idToken) {
+ return getProfile(at, idToken, false);
+ }
+ public UserInfo getProfile(ClientAccessToken at, IdToken idToken, boolean asJwt) {
+ OAuthClientUtils.setAuthorizationHeader(profileClient, at);
+ if (asJwt) {
+ String jwt = profileClient.get(String.class);
+ return getUserInfoFromJwt(jwt, idToken);
+ } else {
+ UserInfo profile = profileClient.get(UserInfo.class);
+ validateUserInfo(profile, idToken);
+ return profile;
+ }
+ }
+ public UserInfo getUserInfoFromJwt(String profileJwtToken, IdToken idToken) {
+ JwtToken jwt = getUserInfoJwt(profileJwtToken, idToken);
+ return getUserInfoFromJwt(jwt, idToken);
+ }
+ public UserInfo getUserInfoFromJwt(JwtToken jwt, IdToken idToken) {
+ UserInfo profile = new UserInfo(jwt.getClaims().asMap());
+ validateUserInfo(profile, idToken);
+ return profile;
+ }
+ public JwtToken getUserInfoJwt(String profileJwtToken, IdToken idToken) {
+ return getJwtToken(profileJwtToken, idToken.getAudience(), (String)idToken.getProperty("kid"), encryptedOnly);
+ }
+ public void validateUserInfo(UserInfo profile, IdToken idToken) {
+ validateJwtClaims(profile, idToken.getAudience(), false);
+ // validate subject
+ if (!idToken.getSubject().equals(profile.getSubject())) {
+ throw new SecurityException("Invalid subject");
+ }
+ }
+ public void setEncryptedOnly(boolean encryptedOnly) {
+ this.encryptedOnly = encryptedOnly;
+ }
+ public void setProfileClient(WebClient profileClient) {
+ this.profileClient = profileClient;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/27c1bb5a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java
deleted file mode 100644
index 5908a6f..0000000
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoValidator.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.rs.security.oidc.rp;
-
-import org.apache.cxf.jaxrs.client.WebClient;
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
-import org.apache.cxf.rs.security.oidc.common.IdToken;
-import org.apache.cxf.rs.security.oidc.common.UserInfo;
-
-public class UserInfoValidator extends AbstractTokenValidator {
- private boolean encryptedOnly;
-
- public UserInfo getUserInfo(WebClient profileClient, IdToken idToken) {
- return getProfile(profileClient, idToken, false);
- }
- public UserInfo getProfile(WebClient profileClient, IdToken idToken, boolean asJwt) {
- if (asJwt) {
- String jwt = profileClient.get(String.class);
- return getUserInfoFromJwt(jwt, idToken);
- } else {
- UserInfo profile = profileClient.get(UserInfo.class);
- validateUserInfo(profile, idToken);
- return profile;
- }
- }
- public UserInfo getUserInfoFromJwt(String profileJwtToken, IdToken idToken) {
- JwtToken jwt = getUserInfoJwt(profileJwtToken, idToken);
- return getUserInfoFromJwt(jwt, idToken);
- }
- public UserInfo getUserInfoFromJwt(JwtToken jwt, IdToken idToken) {
- UserInfo profile = new UserInfo(jwt.getClaims().asMap());
- validateUserInfo(profile, idToken);
- return profile;
- }
- public JwtToken getUserInfoJwt(String profileJwtToken, IdToken idToken) {
- return getJwtToken(profileJwtToken, idToken.getAudience(), (String)idToken.getProperty("kid"), encryptedOnly);
- }
- public void validateUserInfo(UserInfo profile, IdToken idToken) {
- validateJwtClaims(profile, idToken.getAudience(), false);
- // validate subject
- if (!idToken.getSubject().equals(profile.getSubject())) {
- throw new SecurityException("Invalid subject");
- }
- }
- public void setEncryptedOnly(boolean encryptedOnly) {
- this.encryptedOnly = encryptedOnly;
- }
-
-}