You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/02/22 18:32:34 UTC
cxf git commit: Updating a client side JwtRequest code grant handler
Repository: cxf
Updated Branches:
refs/heads/master b74ab38aa -> 487ef19c3
Updating a client side JwtRequest code grant handler
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/487ef19c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/487ef19c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/487ef19c
Branch: refs/heads/master
Commit: 487ef19c310848d61e69e21f9890012885efae6a
Parents: b74ab38
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Feb 22 17:32:19 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Feb 22 17:32:19 2016 +0000
----------------------------------------------------------------------
.../oauth2/client/ClientCodeRequestFilter.java | 21 ++++-
.../oauth2/grants/code/JwtRequestCodeGrant.java | 82 ++++----------------
2 files changed, 37 insertions(+), 66 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/487ef19c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index 0b950c7..be79d64 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -46,6 +46,8 @@ import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant;
import org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer;
+import org.apache.cxf.rs.security.oauth2.grants.code.JwtRequestCodeGrant;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthJoseJwtProducer;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.apache.cxf.rt.security.crypto.CryptoUtils;
@@ -71,6 +73,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
private boolean faultAccessDeniedResponses;
private boolean applicationCanHandleAccessDenied;
private CodeVerifierTransformer codeVerifierTransformer;
+ private OAuthJoseJwtProducer codeRequestJoseProducer;
@Override
public void filter(ContainerRequestContext rc) throws IOException {
@@ -194,7 +197,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
String codeParam = requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
ClientAccessToken at = null;
if (codeParam != null) {
- AuthorizationCodeGrant grant = new AuthorizationCodeGrant(codeParam, getAbsoluteRedirectUri(ui));
+ AuthorizationCodeGrant grant = prepareCodeGrant(codeParam, getAbsoluteRedirectUri(ui));
grant.setCodeVerifier(state.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER));
at = OAuthClientUtils.getAccessToken(accessTokenServiceClient, consumer, grant);
}
@@ -205,6 +208,18 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
setClientCodeRequest(tokenContext);
}
+ private AuthorizationCodeGrant prepareCodeGrant(String codeParam, URI absoluteRedirectUri) {
+ if (codeRequestJoseProducer == null) {
+ return new AuthorizationCodeGrant(codeParam, absoluteRedirectUri);
+ } else {
+ JwtRequestCodeGrant grant =
+ new JwtRequestCodeGrant(codeParam, absoluteRedirectUri, consumer.getClientId());
+ grant.setClientSecret(consumer.getClientSecret());
+ grant.setJoseProducer(codeRequestJoseProducer);
+ return grant;
+ }
+ }
+
protected ClientTokenContext initializeClientTokenContext(ContainerRequestContext rc,
ClientAccessToken at,
MultivaluedMap<String, String> state) {
@@ -362,4 +377,8 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
public void setCodeVerifierTransformer(CodeVerifierTransformer codeVerifierTransformer) {
this.codeVerifierTransformer = codeVerifierTransformer;
}
+
+ public void setCodeRequestJoseProducer(OAuthJoseJwtProducer codeRequestJoseProducer) {
+ this.codeRequestJoseProducer = codeRequestJoseProducer;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/487ef19c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
index 8f95506..f2cc865 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeGrant.java
@@ -20,20 +20,12 @@ package org.apache.cxf.rs.security.oauth2.grants.code;
import java.net.URI;
-import javax.crypto.SecretKey;
import javax.ws.rs.core.MultivaluedMap;
-import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.jaxrs.impl.MetadataMap;
-import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
-import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
-import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
-import org.apache.cxf.rs.security.jose.jwe.JweUtils;
-import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
-import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthJoseJwtProducer;
@@ -43,12 +35,8 @@ import org.apache.cxf.rt.security.crypto.CryptoUtils;
*/
public class JwtRequestCodeGrant extends AuthorizationCodeGrant {
private static final long serialVersionUID = -3738825769770411453L;
- private JwsSignatureProvider sigProvider;
- private JweEncryptionProvider encryptionProvider;
+ private OAuthJoseJwtProducer joseProducer = new OAuthJoseJwtProducer();
private String clientSecret;
- private boolean encryptWithClientSecret;
- private boolean signWithClientSecret;
- // can be a client id
private String issuer;
public JwtRequestCodeGrant() {
}
@@ -66,24 +54,6 @@ public class JwtRequestCodeGrant extends AuthorizationCodeGrant {
super(code, uri);
this.issuer = issuer;
}
- public void setSignatureProvider(JwsSignatureProvider signatureProvider) {
- this.sigProvider = signatureProvider;
- }
- public void setEncryptionProvider(JweEncryptionProvider encProvider) {
- this.encryptionProvider = encProvider;
- }
-
- protected JwsSignatureProvider getInitializedSigProvider() {
- if (sigProvider != null) {
- return sigProvider;
- }
- if (signWithClientSecret) {
- byte[] hmac = CryptoUtils.decodeSequence(clientSecret);
- return JwsUtils.getHmacSignatureProvider(hmac, SignatureAlgorithm.HS256);
- } else {
- return JwsUtils.loadSignatureProvider(true);
- }
- }
public MultivaluedMap<String, String> toMap() {
String request = getRequest();
MultivaluedMap<String, String> newMap = new MetadataMap<String, String>();
@@ -94,49 +64,31 @@ public class JwtRequestCodeGrant extends AuthorizationCodeGrant {
public String getRequest() {
MultivaluedMap<String, String> map = super.toMap();
JwtClaims claims = new JwtClaims();
- claims.setIssuer(issuer);
+ if (issuer != null) {
+ claims.setIssuer(issuer);
+ }
for (String key : map.keySet()) {
claims.setClaim(key, map.getFirst(key));
}
- JwsJwtCompactProducer producer = new JwsJwtCompactProducer(claims);
- JwsSignatureProvider theSigProvider = getInitializedSigProvider();
- String request = producer.signWith(theSigProvider);
-
- JweEncryptionProvider theEncryptionProvider = getInitializedEncryptionProvider();
- if (theEncryptionProvider != null) {
- request = theEncryptionProvider.encrypt(StringUtils.toBytesUTF8(request), null);
- }
- return request;
- }
- protected JweEncryptionProvider getInitializedEncryptionProvider() {
- if (encryptionProvider != null) {
- return encryptionProvider;
- }
- if (encryptWithClientSecret) {
- SecretKey key = CryptoUtils.decodeSecretKey(clientSecret);
- return JweUtils.getDirectKeyJweEncryption(key, ContentAlgorithm.A128GCM);
- } else {
- return JweUtils.loadEncryptionProvider(false);
- }
+ return joseProducer.processJwt(new JwtToken(claims), clientSecret);
}
-
+
public void setIssuer(String issuer) {
+ // Can it be a client id ?
+
this.issuer = issuer;
}
public void setClientSecret(String clientSecret) {
this.clientSecret = clientSecret;
}
- public void setEncryptWithClientSecret(boolean encryptWithClientSecret) {
- if (signWithClientSecret) {
- throw new SecurityException();
- }
- this.encryptWithClientSecret = encryptWithClientSecret;
+
+ public OAuthJoseJwtProducer getJoseProducer() {
+ return joseProducer;
}
- public void setSignWithClientSecret(boolean signWithClientSecret) {
- if (encryptWithClientSecret) {
- throw new SecurityException();
- }
- this.signWithClientSecret = signWithClientSecret;
+
+ public void setJoseProducer(OAuthJoseJwtProducer joseProducer) {
+ this.joseProducer = joseProducer;
}
+
}