You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/01/27 16:48:27 UTC
cxf git commit: Reverting some nonce related changes for now
Repository: cxf
Updated Branches:
refs/heads/master 72653fd11 -> 45f3d5944
Reverting some nonce related changes for now
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/45f3d594
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/45f3d594
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/45f3d594
Branch: refs/heads/master
Commit: 45f3d59446327197a4fce267c51bdc7d8fafa03f
Parents: 72653fd
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Wed Jan 27 15:48:13 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Wed Jan 27 15:48:13 2016 +0000
----------------------------------------------------------------------
.../oauth2/grants/code/AbstractCodeDataProvider.java | 9 +++------
.../oauth2/grants/code/DefaultEHCacheCodeDataProvider.java | 2 +-
.../security/oauth2/provider/AbstractOAuthDataProvider.java | 7 +------
.../cxf/rs/security/oidc/idp/IdTokenResponseFilter.java | 2 +-
4 files changed, 6 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/45f3d594/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
index b89c247..c03ccf3 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
@@ -39,7 +39,7 @@ public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider
protected ServerAuthorizationCodeGrant doCreateCodeGrant(AuthorizationCodeRegistration reg)
throws OAuthServiceException {
- return AbstractCodeDataProvider.initCodeGrant(reg, codeLifetime, !isSupportPreauthorizedTokens());
+ return AbstractCodeDataProvider.initCodeGrant(reg, codeLifetime);
}
public void setCodeLifetime(long codeLifetime) {
@@ -51,8 +51,7 @@ public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider
}
}
public static ServerAuthorizationCodeGrant initCodeGrant(AuthorizationCodeRegistration reg,
- long lifetime,
- boolean useNonce) {
+ long lifetime) {
ServerAuthorizationCodeGrant grant = new ServerAuthorizationCodeGrant(reg.getClient(), lifetime);
grant.setRedirectUri(reg.getRedirectUri());
grant.setSubject(reg.getSubject());
@@ -61,9 +60,7 @@ public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider
grant.setApprovedScopes(reg.getApprovedScope());
grant.setAudience(reg.getAudience());
grant.setClientCodeChallenge(reg.getClientCodeChallenge());
- if (useNonce) {
- grant.setNonce(reg.getNonce());
- }
+ grant.setNonce(reg.getNonce());
return grant;
}
protected abstract void saveCodeGrant(ServerAuthorizationCodeGrant grant);
http://git-wip-us.apache.org/repos/asf/cxf/blob/45f3d594/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
index f43d69e..12edf9b 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
@@ -79,7 +79,7 @@ public class DefaultEHCacheCodeDataProvider extends DefaultEHCacheOAuthDataProvi
protected ServerAuthorizationCodeGrant doCreateCodeGrant(AuthorizationCodeRegistration reg)
throws OAuthServiceException {
- return AbstractCodeDataProvider.initCodeGrant(reg, codeLifetime, !isSupportPreauthorizedTokens());
+ return AbstractCodeDataProvider.initCodeGrant(reg, codeLifetime);
}
public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c, UserSubject sub) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/45f3d594/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index e508c7c..1673659 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -71,12 +71,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
at.setScopes(thePermissions);
at.setSubject(atReg.getSubject());
at.setClientCodeVerifier(atReg.getClientCodeVerifier());
- if (!isSupportPreauthorizedTokens()) {
- // if the nonce is persisted and the same token is reused then in some cases
- // (when ID token is returned) the old nonce will be copied to ID token which
- // may cause the validation failure at the cliend side
- at.setNonce(atReg.getNonce());
- }
+ at.setNonce(atReg.getNonce());
return at;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/45f3d594/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index ec3f364..509648a 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -63,7 +63,7 @@ public class IdTokenResponseFilter extends AbstractOAuthServerJoseJwtProducer im
}
}
private void setAtHashAndNonce(IdToken idToken, ServerAccessToken st) {
- if (idToken.getAccessTokenHash() != null) {
+ if (idToken.getAccessTokenHash() == null) {
Properties props = JwsUtils.loadSignatureOutProperties(false);
SignatureAlgorithm sigAlgo = null;
if (super.isSignWithClientSecret()) {