You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/01/27 17:55:15 UTC
cxf git commit: Passing the nonce via a TL storage too
Repository: cxf
Updated Branches:
refs/heads/master 45f3d5944 -> ee76fe358
Passing the nonce via a TL storage too
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ee76fe35
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ee76fe35
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ee76fe35
Branch: refs/heads/master
Commit: ee76fe358aeb36d95204ec10f8cec674163b8fcf
Parents: 45f3d59
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Wed Jan 27 16:55:00 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Wed Jan 27 16:55:00 2016 +0000
----------------------------------------------------------------------
.../oauth2/grants/code/AuthorizationCodeGrantHandler.java | 4 ++++
.../oauth2/services/AbstractImplicitGrantService.java | 4 ++++
.../cxf/rs/security/oidc/idp/IdTokenResponseFilter.java | 8 +++++++-
3 files changed, 15 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/ee76fe35/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index c8e6655..9844a30 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -24,6 +24,7 @@ import java.util.List;
import javax.ws.rs.core.MultivaluedMap;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
@@ -111,6 +112,9 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler {
grant.getRequestedScopes(),
getAudiences(client, grant.getAudience()));
if (token != null) {
+ if (grant.getNonce() != null) {
+ JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, grant.getNonce());
+ }
return token;
} else {
// the grant was issued based on the authorization time check confirming the
http://git-wip-us.apache.org/repos/asf/cxf/blob/ee76fe35/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index 6f8a01f..5133374 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -30,6 +30,7 @@ import javax.ws.rs.core.Response;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.jaxrs.utils.HttpUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
@@ -84,6 +85,9 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
}
} else {
token = preAuthorizedToken;
+ if (state.getNonce() != null) {
+ JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, state.getNonce());
+ }
}
ClientAccessToken clientToken = null;
http://git-wip-us.apache.org/repos/asf/cxf/blob/ee76fe35/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index 509648a..6edcc7a 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -20,6 +20,8 @@ package org.apache.cxf.rs.security.oidc.idp;
import java.util.Properties;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
@@ -27,6 +29,7 @@ import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthServerJoseJwtProducer;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenResponseFilter;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
@@ -76,7 +79,10 @@ public class IdTokenResponseFilter extends AbstractOAuthServerJoseJwtProducer im
idToken.setAccessTokenHash(atHash);
}
}
- if (idToken.getNonce() == null && st.getNonce() != null) {
+ Message m = JAXRSUtils.getCurrentMessage();
+ if (m != null && m.getExchange().containsKey(OAuthConstants.NONCE)) {
+ idToken.setNonce((String)m.getExchange().get(OAuthConstants.NONCE));
+ } else if (st.getNonce() != null) {
idToken.setNonce(st.getNonce());
}