You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/03/24 13:43:04 UTC
[1/2] cxf git commit: [CXF-4780] Ensuring a CORS in filter does run
before a JAAS filter by default
Repository: cxf
Updated Branches:
refs/heads/master 494ff7640 -> fe94c7fa1
[CXF-4780] Ensuring a CORS in filter does run before a JAAS filter by default
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/29e1dd1c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/29e1dd1c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/29e1dd1c
Branch: refs/heads/master
Commit: 29e1dd1cf8d447a79b606f9301fb5b6c2b40f74f
Parents: 6400b3c
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Tue Mar 24 12:42:11 2015 +0000
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Tue Mar 24 12:42:11 2015 +0000
----------------------------------------------------------------------
.../cors/CrossOriginResourceSharingFilter.java | 13 ++++++++++++-
.../rs/security/oauth2/filters/OAuthRequestFilter.java | 4 ++++
2 files changed, 16 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/29e1dd1c/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java b/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
index 169e336..5c15836 100644
--- a/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
+++ b/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
@@ -30,7 +30,9 @@ import java.util.Set;
import java.util.TreeSet;
import java.util.regex.Pattern;
+import javax.annotation.Priority;
import javax.ws.rs.HttpMethod;
+import javax.ws.rs.Priorities;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseContext;
@@ -69,6 +71,7 @@ import org.apache.cxf.phase.Phase;
* or unless the <tt>defaultOptionsMethodsHandlePreflight</tt> property of this class is set to <tt>true</tt>.
*/
@PreMatching
+@Priority(Priorities.AUTHENTICATION - 1)
public class CrossOriginResourceSharingFilter implements ContainerRequestFilter,
ContainerResponseFilter {
private static final Pattern SPACE_PATTERN = Pattern.compile(" ");
@@ -97,6 +100,7 @@ public class CrossOriginResourceSharingFilter implements ContainerRequestFilter,
private Integer preflightFailStatus = 200;
private boolean defaultOptionsMethodsHandlePreflight;
private boolean findResourceMethod = true;
+ private boolean blockCorsIfUnauthorized;
private <T extends Annotation> T getAnnotation(Method m,
Class<T> annClass) {
@@ -342,11 +346,14 @@ public class CrossOriginResourceSharingFilter implements ContainerRequestFilter,
ContainerResponseContext responseContext) {
Message m = JAXRSUtils.getCurrentMessage();
-
String op = (String)m.getExchange().get(CrossOriginResourceSharingFilter.class.getName());
if (op == null || op == PREFLIGHT_FAILED) {
return;
}
+ if (responseContext.getStatus() == Response.Status.UNAUTHORIZED.getStatusCode()
+ && blockCorsIfUnauthorized) {
+ return;
+ }
/* Common to simple and preflight */
responseContext.getHeaders().putSingle(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN,
@@ -618,6 +625,10 @@ public class CrossOriginResourceSharingFilter implements ContainerRequestFilter,
this.findResourceMethod = findResourceMethod;
}
+ public void setBlockCorsIfUnauthorized(boolean blockCorsIfUnauthorized) {
+ this.blockCorsIfUnauthorized = blockCorsIfUnauthorized;
+ }
+
private class CorsInInterceptor extends AbstractPhaseInterceptor<Message> {
public CorsInInterceptor() {
http://git-wip-us.apache.org/repos/asf/cxf/blob/29e1dd1c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
index a94c2e4..fe638be 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
@@ -24,8 +24,10 @@ import java.util.Collections;
import java.util.List;
import java.util.logging.Logger;
+import javax.annotation.Priority;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.HttpMethod;
+import javax.ws.rs.Priorities;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
@@ -58,6 +60,8 @@ import org.apache.cxf.security.SecurityContext;
*/
@Provider
@PreMatching
+// Priorities.AUTHORIZATION also works
+@Priority(Priorities.AUTHENTICATION)
public class OAuthRequestFilter extends AbstractAccessTokenValidator
implements ContainerRequestFilter {
private static final Logger LOG = LogUtils.getL7dLogger(OAuthRequestFilter.class);
[2/2] cxf git commit: Merge branch 'master' of
https://git-wip-us.apache.org/repos/asf/cxf
Posted by se...@apache.org.
Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/cxf
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/fe94c7fa
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/fe94c7fa
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/fe94c7fa
Branch: refs/heads/master
Commit: fe94c7fa10b7e0321a88f3fcb278fea856e9edac
Parents: 29e1dd1 494ff76
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Tue Mar 24 12:42:42 2015 +0000
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Tue Mar 24 12:42:42 2015 +0000
----------------------------------------------------------------------
.../policy/interceptors/STSTokenHelper.java | 19 ++-
.../SecureConversationInInterceptor.java | 6 +-
.../ws/security/tokenstore/SecurityToken.java | 8 +-
.../org/apache/cxf/sts/SignatureProperties.java | 4 +-
.../org/apache/cxf/sts/StaticSTSProperties.java | 30 ++---
.../org/apache/cxf/sts/cache/CacheUtils.java | 12 +-
.../cxf/sts/cache/EHCacheIdentityCache.java | 2 +-
.../cxf/sts/cache/MemoryIdentityCache.java | 2 +-
.../ClaimsAttributeStatementProvider.java | 2 +-
.../apache/cxf/sts/claims/ClaimsManager.java | 2 +-
.../cxf/sts/claims/LdapClaimsHandler.java | 7 +-
.../cxf/sts/claims/LdapGroupClaimsHandler.java | 8 +-
.../org/apache/cxf/sts/claims/LdapUtils.java | 2 +-
.../cxf/sts/claims/StaticClaimsHandler.java | 2 +-
.../cxf/sts/claims/mapper/ClaimUtils.java | 12 +-
.../cxf/sts/claims/mapper/JexlClaimsMapper.java | 2 +-
.../apache/cxf/sts/event/map/EventMapper.java | 6 +-
.../cxf/sts/event/map/MapEventLogger.java | 2 +-
.../cxf/sts/operation/AbstractOperation.java | 27 ++---
.../cxf/sts/operation/TokenCancelOperation.java | 8 +-
.../cxf/sts/operation/TokenIssueOperation.java | 21 ++--
.../cxf/sts/operation/TokenRenewOperation.java | 14 +--
.../sts/operation/TokenValidateOperation.java | 8 +-
.../DefaultSecurityTokenServiceProvider.java | 6 +-
.../apache/cxf/sts/request/RequestParser.java | 33 +++---
.../cxf/sts/request/RequestRequirements.java | 44 +++++++
.../cxf/sts/service/EncryptionProperties.java | 4 +-
.../apache/cxf/sts/service/StaticService.java | 2 +-
.../token/delegation/SAMLDelegationHandler.java | 2 +-
.../provider/AbstractSAMLTokenProvider.java | 118 +++++++++++++++++++
.../DefaultAttributeStatementProvider.java | 20 ++--
.../provider/DefaultConditionsProvider.java | 2 +-
.../token/provider/DefaultSubjectProvider.java | 12 +-
.../sts/token/provider/SAMLTokenProvider.java | 111 ++++-------------
.../cxf/sts/token/provider/SCTProvider.java | 13 +-
.../sts/token/provider/SamlCallbackHandler.java | 32 ++---
.../sts/token/realm/CertConstraintsParser.java | 4 +-
.../sts/token/realm/RelationshipResolver.java | 2 +-
.../apache/cxf/sts/token/realm/SAMLRealm.java | 31 ++---
.../cxf/sts/token/renewer/SAMLTokenRenewer.java | 82 ++-----------
.../sts/token/validator/SAMLTokenValidator.java | 7 +-
.../cxf/sts/token/validator/SCTValidator.java | 7 +-
.../token/validator/UsernameTokenValidator.java | 8 +-
.../cxf/sts/request/RequestParserUnitTest.java | 12 +-
44 files changed, 376 insertions(+), 382 deletions(-)
----------------------------------------------------------------------