You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by jb...@apache.org on 2016/01/06 15:22:03 UTC
cxf git commit: [CXF-6736] Support login_hint at
OidcClientCodeRequestFilter
Repository: cxf
Updated Branches:
refs/heads/master fa985a4e4 -> 8e131133c
[CXF-6736] Support login_hint at OidcClientCodeRequestFilter
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8e131133
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8e131133
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8e131133
Branch: refs/heads/master
Commit: 8e131133c8566a124605cb06e0b6db98fddb5972
Parents: fa985a4
Author: Jan Bernhardt <jb...@talend.com>
Authored: Wed Jan 6 15:05:41 2016 +0100
Committer: Jan Bernhardt <jb...@talend.com>
Committed: Wed Jan 6 15:20:08 2016 +0100
----------------------------------------------------------------------
.../oauth2/client/ClientCodeRequestFilter.java | 9 ++++++-
.../oidc/rp/OidcClientCodeRequestFilter.java | 26 +++++++++++++++++++-
2 files changed, 33 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/8e131133/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index 1af26c6..c02688c 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -111,6 +111,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
}
+
private void checkSecurityContextEnd(ContainerRequestContext rc,
MultivaluedMap<String, String> requestParams) {
String codeParam = requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
@@ -153,6 +154,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
ub.queryParam("response_mode", "form_post");
}
}
+
protected void setCodeVerifier(UriBuilder ub, MultivaluedMap<String, String> redirectState) {
if (codeVerifierTransformer != null) {
String codeVerifier = redirectState.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER);
@@ -162,10 +164,10 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
codeVerifierTransformer.getChallengeMethod());
}
}
+
protected void setAdditionalCodeRequestParams(UriBuilder ub, MultivaluedMap<String, String> redirectState) {
}
-
private URI getAbsoluteRedirectUri(UriInfo ui) {
if (redirectUri != null) {
return URI.create(redirectUri);
@@ -176,6 +178,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
return ui.getAbsolutePath();
}
}
+
protected void processCodeResponse(ContainerRequestContext rc,
UriInfo ui,
MultivaluedMap<String, String> requestParams) {
@@ -237,6 +240,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
}
return redirectState;
}
+
protected MultivaluedMap<String, String> toCodeRequestState(ContainerRequestContext rc, UriInfo ui) {
MultivaluedMap<String, String> state = toRequestState(rc, ui);
if (state == null) {
@@ -244,6 +248,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
}
return state;
}
+
protected MultivaluedMap<String, String> toRequestState(ContainerRequestContext rc, UriInfo ui) {
MultivaluedMap<String, String> requestState = new MetadataMap<String, String>();
requestState.putAll(ui.getQueryParameters(decodeRequestParameters));
@@ -265,6 +270,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
}
setScopes(sb.toString());
}
+
public void setScopes(String scopes) {
this.scopes = scopes.trim();
}
@@ -295,6 +301,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
public void setConsumer(Consumer consumer) {
this.consumer = consumer;
}
+
public Consumer getConsumer() {
return consumer;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8e131133/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
index 7d90457..0191779 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java
@@ -39,8 +39,9 @@ import org.apache.cxf.rs.security.oidc.common.IdToken;
public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter {
private static final String ACR_PARAMETER = "acr_values";
- private static final String PROMPT_PARAMETER = "prompt";
+ private static final String LOGIN_HINT_PARAMETER = "login_hint";
private static final String MAX_AGE_PARAMETER = "max_age";
+ private static final String PROMPT_PARAMETER = "prompt";
private static final List<String> PROMPTS = Arrays.asList("none", "consent", "login", "select_account");
private IdTokenReader idTokenReader;
private UserInfoClient userInfoClient;
@@ -53,6 +54,7 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter {
public void setAuthenticationContextRef(String acr) {
this.authenticationContextRef = Arrays.asList(StringUtils.split(acr, " "));
}
+
@Override
protected ClientTokenContext createTokenContext(ContainerRequestContext rc,
ClientAccessToken at,
@@ -77,6 +79,18 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter {
return ctx;
}
+
+ @Override
+ protected MultivaluedMap<String, String> createRedirectState(ContainerRequestContext rc, UriInfo ui) {
+ MultivaluedMap<String, String> redirectState = super.createRedirectState(rc, ui);
+ MultivaluedMap<String, String> codeRequestState = toRequestState(rc, ui);
+ String loginHint = codeRequestState.getFirst(LOGIN_HINT_PARAMETER);
+ if (loginHint != null) {
+ redirectState.putSingle(LOGIN_HINT_PARAMETER, loginHint);
+ }
+ return redirectState;
+ }
+
@Override
protected MultivaluedMap<String, String> toCodeRequestState(ContainerRequestContext rc, UriInfo ui) {
MultivaluedMap<String, String> state = super.toCodeRequestState(rc, ui);
@@ -85,6 +99,7 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter {
}
return state;
}
+
private void validateIdToken(IdToken idToken, MultivaluedMap<String, String> state) {
String nonce = state.getFirst(IdToken.NONCE_CLAIM);
@@ -110,6 +125,7 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter {
public void setIdTokenReader(IdTokenReader idTokenReader) {
this.idTokenReader = idTokenReader;
}
+
public void setUserInfoClient(UserInfoClient userInfoClient) {
this.userInfoClient = userInfoClient;
}
@@ -121,6 +137,7 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter {
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
}
+
@Override
protected void setAdditionalCodeRequestParams(UriBuilder ub, MultivaluedMap<String, String> redirectState) {
if (claims != null) {
@@ -143,6 +160,10 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter {
if (promptLogin != null) {
ub.queryParam(PROMPT_PARAMETER, promptLogin);
}
+ String loginHint = redirectState.getFirst(LOGIN_HINT_PARAMETER);
+ if (loginHint != null) {
+ ub.queryParam(LOGIN_HINT_PARAMETER, loginHint);
+ }
}
public void setPromptLogin(String promptLogin) {
@@ -152,12 +173,15 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter {
throw new IllegalArgumentException("Illegal prompt value");
}
}
+
public void setMaxAgeOffset(Long maxAgeOffset) {
this.maxAgeOffset = maxAgeOffset;
}
+
public void setClaims(String claims) {
this.claims = claims;
}
+
public void setClaimsLocales(String claimsLocales) {
this.claimsLocales = claimsLocales;
}