You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/01/15 17:55:45 UTC
cxf-fediz git commit: Starting to use the introspecttion protocol
Repository: cxf-fediz
Updated Branches:
refs/heads/master 89ac63f2b -> a7aa8170a
Starting to use the introspecttion protocol
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a7aa8170
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a7aa8170
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a7aa8170
Branch: refs/heads/master
Commit: a7aa8170ac85130f69c18de06e28c615a4439eaa
Parents: 89ac63f
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Fri Jan 15 16:55:29 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Fri Jan 15 16:55:29 2016 +0000
----------------------------------------------------------------------
.../service/oidc/FedizAccessTokenValidator.java | 63 --------------------
.../main/webapp/WEB-INF/applicationContext.xml | 10 +---
2 files changed, 2 insertions(+), 71 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a7aa8170/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizAccessTokenValidator.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizAccessTokenValidator.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizAccessTokenValidator.java
deleted file mode 100644
index 76f0cfa..0000000
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizAccessTokenValidator.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.oidc;
-
-import java.util.Collections;
-import java.util.List;
-
-import javax.ws.rs.core.MultivaluedMap;
-
-import org.apache.cxf.jaxrs.ext.MessageContext;
-import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-
-public class FedizAccessTokenValidator implements AccessTokenValidator {
-
- private OAuthDataManager dataProvider;
-
- @Override
- public List<String> getSupportedAuthorizationSchemes() {
- return Collections.singletonList(OAuthConstants.BEARER_AUTHORIZATION_SCHEME);
- }
-
- @Override
- public AccessTokenValidation validateAccessToken(MessageContext mc, String authScheme, String authSchemeData,
- MultivaluedMap<String, String> extraProps) throws OAuthServiceException {
-
- // This is the access token used by a 3rd party client when accessing a REST service
- ServerAccessToken token = dataProvider.getAccessToken(authSchemeData);
-
- String idToken = token.getSubject().getProperties().get("id_token");
- if (idToken != null) {
- //TODO: validate the user behind this id_token is still a valid user ?
- }
- // Do some Fediz specific token validation ?
- // and
- // Let CXF do the core validation (is access token still valid, etc)
- return new AccessTokenValidation(token);
- }
-
- public void setDataProvider(OAuthDataManager dataProvider) {
- this.dataProvider = dataProvider;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a7aa8170/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
index 4e3b004..9bdf677 100644
--- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
@@ -135,21 +135,15 @@
<property name="grantHandler" ref="refreshTokenHandler"/>
<property name="canSupportPublicClients" value="true"/>
</bean>
- <bean id="fedizTokenValidator" class="org.apache.cxf.fediz.service.oidc.FedizAccessTokenValidator">
+ <bean id="accessTokenIntrospectionService" class="org.apache.cxf.rs.security.oauth2.services.TokenIntrospectionService">
<property name="dataProvider" ref="oauthProvider"/>
- </bean>
- <bean id="accessTokenValidatorService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenValidatorService">
- <property name="tokenValidator" ref="fedizTokenValidator"/>
- <!-- Setting this property allows RS to avoid authenticating with AS when RS
- requests a token validation, should be avoided in the production
- -->
<property name="blockUnauthorizedRequests" value="false"/>
</bean>
<bean id="oauthJsonProvider" class="org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider"/>
<jaxrs:server address="/oauth2">
<jaxrs:serviceBeans>
<ref bean="accessTokenService"/>
- <ref bean="accessTokenValidatorService"/>
+ <ref bean="accessTokenIntrospectionService"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="oauthJsonProvider"/>