You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/12/19 23:32:51 UTC
cxf git commit: More OAuth2 SPOP related updates
Repository: cxf
Updated Branches:
refs/heads/master a3be410fe -> 8fc7bfa3d
More OAuth2 SPOP related updates
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8fc7bfa3
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8fc7bfa3
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8fc7bfa3
Branch: refs/heads/master
Commit: 8fc7bfa3d054e9aebcb43f51e083ff7cf3b47010
Parents: a3be410
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Fri Dec 19 22:32:31 2014 +0000
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Fri Dec 19 22:32:31 2014 +0000
----------------------------------------------------------------------
.../rs/security/oauth2/common/OAuthRedirectionState.java | 10 +++++-----
.../code/AbstractAuthorizationCodeDataProvider.java | 2 +-
.../oauth2/grants/code/AuthorizationCodeGrantHandler.java | 6 +++---
.../oauth2/grants/code/AuthorizationCodeRegistration.java | 10 +++++-----
.../grants/code/DefaultEHCacheCodeDataProvider.java | 2 +-
.../grants/code/DefaultEncryptingCodeDataProvider.java | 2 +-
.../oauth2/grants/code/ServerAuthorizationCodeGrant.java | 10 +++++-----
.../oauth2/provider/JoseSessionTokenProvider.java | 4 ++--
.../oauth2/services/AuthorizationCodeGrantService.java | 4 ++--
.../oauth2/utils/crypto/ModelEncryptionSupport.java | 4 ++--
10 files changed, 27 insertions(+), 27 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/8fc7bfa3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
index a386a80..0f05abd 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
@@ -28,7 +28,7 @@ public class OAuthRedirectionState implements Serializable {
private String state;
private String proposedScope;
private String audience;
- private String clientCodeVerifier;
+ private String clientCodeChallenge;
public OAuthRedirectionState() {
}
@@ -106,10 +106,10 @@ public class OAuthRedirectionState implements Serializable {
this.audience = audience;
}
- public String getClientCodeVerifier() {
- return clientCodeVerifier;
+ public String getClientCodeChallenge() {
+ return clientCodeChallenge;
}
- public void setClientCodeVerifier(String clientCodeVerifier) {
- this.clientCodeVerifier = clientCodeVerifier;
+ public void setClientCodeChallenge(String clientCodeChallenge) {
+ this.clientCodeChallenge = clientCodeChallenge;
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8fc7bfa3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractAuthorizationCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractAuthorizationCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractAuthorizationCodeDataProvider.java
index 71f1002..27a2b20 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractAuthorizationCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractAuthorizationCodeDataProvider.java
@@ -40,7 +40,7 @@ public abstract class AbstractAuthorizationCodeDataProvider
new ServerAuthorizationCodeGrant(reg.getClient(), getCode(reg), getGrantLifetime(), getIssuedAt());
grant.setApprovedScopes(getApprovedScopes(reg));
grant.setAudience(reg.getAudience());
- grant.setClientCodeVerifier(reg.getClientCodeVerifier());
+ grant.setClientCodeChallenge(reg.getClientCodeChallenge());
grant.setSubject(reg.getSubject());
grant.setRedirectUri(reg.getRedirectUri());
return grant;
http://git-wip-us.apache.org/repos/asf/cxf/blob/8fc7bfa3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index dc9cddd..7e6972f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -71,9 +71,9 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler {
throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
}
- String clientCodeVerifier = grant.getClientCodeVerifier();
- if (clientCodeVerifier != null) {
- String clientCodeChallenge = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER);
+ String clientCodeChallenge = grant.getClientCodeChallenge();
+ if (clientCodeChallenge != null) {
+ String clientCodeVerifier = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER);
if (!compareCodeVerifierWithChallenge(clientCodeVerifier, clientCodeChallenge)) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8fc7bfa3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
index 6b0475c..a7126b4 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
@@ -35,7 +35,7 @@ public class AuthorizationCodeRegistration {
private String redirectUri;
private UserSubject subject;
private String audience;
- private String clientCodeVerifier;
+ private String clientCodeChallenge;
/**
* Sets the {@link Client} reference
@@ -120,10 +120,10 @@ public class AuthorizationCodeRegistration {
public void setAudience(String audience) {
this.audience = audience;
}
- public String getClientCodeVerifier() {
- return clientCodeVerifier;
+ public String getClientCodeChallenge() {
+ return clientCodeChallenge;
}
- public void setClientCodeVerifier(String clientCodeVerifier) {
- this.clientCodeVerifier = clientCodeVerifier;
+ public void setClientCodeChallenge(String clientCodeChallenge) {
+ this.clientCodeChallenge = clientCodeChallenge;
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8fc7bfa3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
index c4e261f..d148423 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
@@ -78,7 +78,7 @@ public class DefaultEHCacheCodeDataProvider extends DefaultEHCacheOAuthDataProvi
new ServerAuthorizationCodeGrant(reg.getClient(), getCode(reg), getGrantLifetime(), getIssuedAt());
grant.setApprovedScopes(getApprovedScopes(reg));
grant.setAudience(reg.getAudience());
- grant.setClientCodeVerifier(reg.getClientCodeVerifier());
+ grant.setClientCodeChallenge(reg.getClientCodeChallenge());
grant.setSubject(reg.getSubject());
grant.setRedirectUri(reg.getRedirectUri());
return grant;
http://git-wip-us.apache.org/repos/asf/cxf/blob/8fc7bfa3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
index 6d50584..64e6276 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
@@ -64,7 +64,7 @@ public class DefaultEncryptingCodeDataProvider extends DefaultEncryptingOAuthDat
new ServerAuthorizationCodeGrant(reg.getClient(), getCode(reg), getGrantLifetime(), getIssuedAt());
grant.setApprovedScopes(getApprovedScopes(reg));
grant.setAudience(reg.getAudience());
- grant.setClientCodeVerifier(reg.getClientCodeVerifier());
+ grant.setClientCodeChallenge(reg.getClientCodeChallenge());
grant.setSubject(reg.getSubject());
grant.setRedirectUri(reg.getRedirectUri());
return grant;
http://git-wip-us.apache.org/repos/asf/cxf/blob/8fc7bfa3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
index a434214..b2b3835 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
@@ -38,7 +38,7 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant {
private List<String> approvedScopes = Collections.emptyList();
private UserSubject subject;
private String audience;
- private String clientCodeVerifier;
+ private String clientCodeChallenge;
public ServerAuthorizationCodeGrant() {
@@ -149,11 +149,11 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant {
this.audience = audience;
}
- public String getClientCodeVerifier() {
- return clientCodeVerifier;
+ public String getClientCodeChallenge() {
+ return clientCodeChallenge;
}
- public void setClientCodeVerifier(String clientCodeVerifier) {
- this.clientCodeVerifier = clientCodeVerifier;
+ public void setClientCodeChallenge(String clientCodeChallenge) {
+ this.clientCodeChallenge = clientCodeChallenge;
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8fc7bfa3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
index aad1dc4..91f9cf2 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
@@ -140,7 +140,7 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide
OAuthRedirectionState state = new OAuthRedirectionState();
state.setClientId(parts[0]);
state.setAudience(parts[1]);
- state.setClientCodeVerifier(parts[2]);
+ state.setClientCodeChallenge(parts[2]);
state.setState(parts[3]);
state.setProposedScope(parts[4]);
state.setRedirectUri(parts[5]);
@@ -155,7 +155,7 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide
state.append(ModelEncryptionSupport.tokenizeString(secData.getAudience()));
state.append(ModelEncryptionSupport.SEP);
// 2: client code verifier
- state.append(ModelEncryptionSupport.tokenizeString(secData.getClientCodeVerifier()));
+ state.append(ModelEncryptionSupport.tokenizeString(secData.getClientCodeChallenge()));
state.append(ModelEncryptionSupport.SEP);
// 3: state
state.append(ModelEncryptionSupport.tokenizeString(secData.getState()));
http://git-wip-us.apache.org/repos/asf/cxf/blob/8fc7bfa3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index 6a149e5..185cb0f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -78,7 +78,7 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
return state;
}
private static void setCodeQualifier(OAuthRedirectionState data, MultivaluedMap<String, String> params) {
- data.setClientCodeVerifier(params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER));
+ data.setClientCodeChallenge(params.getFirst(OAuthConstants.AUTHORIZATION_CODE_CHALLENGE));
}
protected Response startAuthorization(MultivaluedMap<String, String> params,
UserSubject userSubject,
@@ -104,7 +104,7 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
codeReg.setApprovedScope(approvedScope);
codeReg.setSubject(userSubject);
codeReg.setAudience(state.getAudience());
- codeReg.setClientCodeVerifier(state.getClientCodeVerifier());
+ codeReg.setClientCodeChallenge(state.getClientCodeChallenge());
ServerAuthorizationCodeGrant grant = null;
try {
http://git-wip-us.apache.org/repos/asf/cxf/blob/8fc7bfa3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
index 02afb04..8990255 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
@@ -394,7 +394,7 @@ public final class ModelEncryptionSupport {
Long.valueOf(parts[3]));
grant.setRedirectUri(getStringPart(parts[4]));
grant.setAudience(getStringPart(parts[5]));
- grant.setClientCodeVerifier(getStringPart(parts[6]));
+ grant.setClientCodeChallenge(getStringPart(parts[6]));
grant.setApprovedScopes(parseSimpleList(parts[7]));
grant.setSubject(recreateUserSubject(parts[8]));
return grant;
@@ -420,7 +420,7 @@ public final class ModelEncryptionSupport {
state.append(tokenizeString(grant.getAudience()));
state.append(SEP);
// 6: code verifier
- state.append(tokenizeString(grant.getClientCodeVerifier()));
+ state.append(tokenizeString(grant.getClientCodeChallenge()));
state.append(SEP);
// 7: approved scopes
state.append(grant.getApprovedScopes().toString());