You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2017/03/07 14:13:18 UTC
cxf-fediz git commit: Simplifying the fediz oidc provider client cred
code as it is done at the abstract level now
Repository: cxf-fediz
Updated Branches:
refs/heads/master 3f0c6be07 -> 294522cbc
Simplifying the fediz oidc provider client cred code as it is done at the abstract level now
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/294522cb
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/294522cb
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/294522cb
Branch: refs/heads/master
Commit: 294522cbcef36c51f4d0e7bf992207aa891886e0
Parents: 3f0c6be
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Mar 7 14:13:02 2017 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Mar 7 14:13:02 2017 +0000
----------------------------------------------------------------------
.../oidc/JAASAuthenticationStrategy.java | 1 +
.../service/oidc/OAuthDataProviderImpl.java | 74 --------------------
.../oidc/ProviderAuthenticationStrategy.java | 23 ------
3 files changed, 1 insertion(+), 97 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/294522cb/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/JAASAuthenticationStrategy.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/JAASAuthenticationStrategy.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/JAASAuthenticationStrategy.java
index 10e4255..7fc9a88 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/JAASAuthenticationStrategy.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/JAASAuthenticationStrategy.java
@@ -28,6 +28,7 @@ import javax.security.auth.login.LoginException;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
+import org.apache.cxf.rs.security.oauth2.provider.ProviderAuthenticationStrategy;
public class JAASAuthenticationStrategy implements ProviderAuthenticationStrategy {
private static final Logger LOG = LogUtils.getL7dLogger(JAASAuthenticationStrategy.class);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/294522cb/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
index 888d70a..e672b3e 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
@@ -18,50 +18,17 @@
*/
package org.apache.cxf.fediz.service.oidc;
-import java.security.Principal;
-import java.util.Collections;
import java.util.List;
-import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
- private boolean checkOnlyRegisteredClients;
- private boolean persistUnregisteredClients = true;
- private ProviderAuthenticationStrategy authenticationStrategy;
-
- @Override
- public Client getClient(String clientId) {
- Client client = super.getClient(clientId);
- if (client != null || checkOnlyRegisteredClients) {
- return client;
- }
-
- String grantType = getCurrentRequestedGrantType();
- if (OAuthConstants.CLIENT_CREDENTIALS_GRANT.equals(grantType)) {
- // Pre-registering the OAuth2 Client representations for
- // "client_credentials" can be difficult.
- String clientSecret = (String)getMessageContext().get(OAuthConstants.CLIENT_SECRET);
- if (clientSecret != null) {
- // Direct authentication with the back-end storage
- return authenticateClient(clientId, clientSecret);
- } else {
- Principal p = super.getMessageContext().getSecurityContext().getUserPrincipal();
- if (clientId.equals(p.getName())) {
- return createClientCredClient(clientId, null);
- }
- }
- }
- return null;
- }
-
@Override
public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScopes) {
//TODO: push this code into the abstract class
@@ -75,45 +42,4 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
}
return super.convertScopeToPermissions(client, requestedScopes);
}
-
- public void setCheckOnlyRegisteredClients(boolean checkOnlyRegisteredClients) {
- this.checkOnlyRegisteredClients = checkOnlyRegisteredClients;
- }
-
- public void setPersistUnregisteredClients(boolean persistUnregisteredClients) {
- this.persistUnregisteredClients = persistUnregisteredClients;
- }
-
- public void setAuthenticationStrategy(ProviderAuthenticationStrategy authenticationStrategy) {
- this.authenticationStrategy = authenticationStrategy;
- }
-
- protected Client authenticateClient(String clientId, String clientSecret) {
- if (doAuthenticate(clientId, clientSecret)) {
- return createClientCredClient(clientId, clientSecret);
- }
- return null;
- }
-
- protected Client createClientCredClient(String clientId, String password) {
- Client c = new Client(clientId, password, true);
- c.setAllowedGrantTypes(Collections.singletonList(OAuthConstants.CLIENT_CREDENTIALS_GRANT));
- if (persistUnregisteredClients) {
- // It will enable seeing these clients and their tokens in the OIDC management console
- super.setClient(c);
- }
- return c;
- }
-
- protected boolean doAuthenticate(String id, String password) {
- return authenticationStrategy != null
- && authenticationStrategy.authenticate(id, password);
- }
- @Override
- public void setMessageContext(MessageContext mc) {
- super.setMessageContext(mc);
- if (authenticationStrategy != null) {
- OAuthUtils.injectContextIntoOAuthProvider(mc, authenticationStrategy);
- }
- }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/294522cb/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ProviderAuthenticationStrategy.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ProviderAuthenticationStrategy.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ProviderAuthenticationStrategy.java
deleted file mode 100644
index 71dd1b7..0000000
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ProviderAuthenticationStrategy.java
+++ /dev/null
@@ -1,23 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.oidc;
-
-public interface ProviderAuthenticationStrategy {
- boolean authenticate(String name, String password);
-}