You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/02/15 18:55:01 UTC
[1/3] cxf git commit: Making sure an open ended set of extra request
properties can be passed through the whole OAuth2 chain,
starting with supporting an OIDC claims request prop
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes d1bb6c14c -> e32ce07bc
Making sure an open ended set of extra request properties can be passed through the whole OAuth2 chain, starting with supporting an OIDC claims request prop
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e32ce07b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e32ce07b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e32ce07b
Branch: refs/heads/3.1.x-fixes
Commit: e32ce07bc632380664d70d5b4c44afafbc2bed33
Parents: 4463a7b
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Feb 15 17:50:51 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Feb 15 17:54:38 2016 +0000
----------------------------------------------------------------------
.../oauth2/common/AccessTokenRegistration.java | 11 +++++
.../oauth2/common/AccessTokenValidation.java | 1 +
.../oauth2/common/OAuthAuthorizationData.java | 11 -----
.../rs/security/oauth2/common/OAuthContext.java | 11 +++++
.../oauth2/common/OAuthRedirectionState.java | 11 +++++
.../oauth2/common/ServerAccessToken.java | 11 +++++
.../oauth2/filters/OAuthRequestFilter.java | 1 +
.../grants/code/AbstractCodeDataProvider.java | 1 +
.../code/AuthorizationCodeRegistration.java | 9 ++++
.../code/DefaultEncryptingCodeDataProvider.java | 9 +---
.../code/ServerAuthorizationCodeGrant.java | 11 +++++
.../provider/AbstractOAuthDataProvider.java | 1 +
.../provider/JoseSessionTokenProvider.java | 6 +++
.../services/AbstractImplicitGrantService.java | 31 +++++++++----
.../services/AuthorizationCodeGrantService.java | 47 +++++++++++++-------
.../services/RedirectionBasedGrantService.java | 37 ++++++++-------
.../utils/crypto/ModelEncryptionSupport.java | 17 +++++--
.../oidc/idp/OidcAuthorizationCodeService.java | 30 ++++++++++++-
.../security/oidc/idp/OidcImplicitService.java | 21 +++++++++
.../cxf/rs/security/oidc/utils/OidcUtils.java | 13 +++++-
20 files changed, 223 insertions(+), 67 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
index a4a4a2c..0a00ec4 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
@@ -18,8 +18,10 @@
*/
package org.apache.cxf.rs.security.oauth2.common;
+import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
+import java.util.Map;
/**
* Captures the information associated with the access token request.
@@ -33,6 +35,7 @@ public class AccessTokenRegistration {
private List<String> audiences = new LinkedList<String>();
private String nonce;
private String clientCodeVerifier;
+ private Map<String, String> extraProperties = new LinkedHashMap<String, String>();
/**
* Sets the {@link Client} instance
@@ -138,4 +141,12 @@ public class AccessTokenRegistration {
public void setNonce(String nonce) {
this.nonce = nonce;
}
+
+ public Map<String, String> getExtraProperties() {
+ return extraProperties;
+ }
+
+ public void setExtraProperties(Map<String, String> extraProperties) {
+ this.extraProperties = extraProperties;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
index f7b945d..f48d51c 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
@@ -79,6 +79,7 @@ public class AccessTokenValidation {
this.tokenScopes = token.getScopes();
this.setAudiences(token.getAudiences());
this.clientCodeVerifier = token.getClientCodeVerifier();
+ this.extraProps.putAll(token.getExtraProperties());
}
public String getClientId() {
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
index 37b38f4..246f49a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
@@ -25,9 +25,7 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Map;
-import javax.ws.rs.core.MultivaluedMap;
import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlTransient;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
@@ -51,7 +49,6 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
private String applicationLogoUri;
private List<String> applicationCertificates = new LinkedList<String>();
private Map<String, String> extraApplicationProperties = new HashMap<String, String>();
- private MultivaluedMap<String, String> requestParameters;
private boolean implicitFlow;
private List<OAuthPermission> permissions;
@@ -260,12 +257,4 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
return allPerms;
}
- @XmlTransient
- public MultivaluedMap<String, String> getRequestParameters() {
- return requestParameters;
- }
-
- public void setRequestParameters(MultivaluedMap<String, String> requestParameters) {
- this.requestParameters = requestParameters;
- }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
index 74d7fc2..047208a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
@@ -19,7 +19,9 @@
package org.apache.cxf.rs.security.oauth2.common;
import java.util.Collections;
+import java.util.LinkedHashMap;
import java.util.List;
+import java.util.Map;
/**
@@ -38,6 +40,7 @@ public class OAuthContext {
private String tokenAudience;
private String tokenIssuer;
private String[] tokenRequestParts;
+ private Map<String, String> tokenExtraProperties = new LinkedHashMap<String, String>();
public OAuthContext(UserSubject resourceOwnerSubject,
UserSubject clientSubject,
@@ -143,4 +146,12 @@ public class OAuthContext {
public void setTokenIssuer(String tokenIssuer) {
this.tokenIssuer = tokenIssuer;
}
+
+ public Map<String, String> getTokenExtraProperties() {
+ return tokenExtraProperties;
+ }
+
+ public void setTokenExtraProperties(Map<String, String> tokenExtraProperties) {
+ this.tokenExtraProperties = tokenExtraProperties;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
index 4a413a0..3ea84e8 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java
@@ -19,6 +19,8 @@
package org.apache.cxf.rs.security.oauth2.common;
import java.io.Serializable;
+import java.util.LinkedHashMap;
+import java.util.Map;
public class OAuthRedirectionState implements Serializable {
@@ -32,6 +34,7 @@ public class OAuthRedirectionState implements Serializable {
private String nonce;
private String clientCodeChallenge;
private String responseType;
+ private Map<String, String> extraProperties = new LinkedHashMap<String, String>();
public OAuthRedirectionState() {
}
@@ -134,6 +137,14 @@ public class OAuthRedirectionState implements Serializable {
public void setResponseType(String responseType) {
this.responseType = responseType;
}
+
+ public Map<String, String> getExtraProperties() {
+ return extraProperties;
+ }
+
+ public void setExtraProperties(Map<String, String> extraProperties) {
+ this.extraProperties = extraProperties;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
index 89220f3..515568c 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
@@ -18,8 +18,10 @@
*/
package org.apache.cxf.rs.security.oauth2.common;
+import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
+import java.util.Map;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
@@ -38,6 +40,7 @@ public abstract class ServerAccessToken extends AccessToken {
private List<String> audiences = new LinkedList<String>();
private String clientCodeVerifier;
private String nonce;
+ private Map<String, String> extraProperties = new LinkedHashMap<String, String>();
protected ServerAccessToken() {
@@ -167,4 +170,12 @@ public abstract class ServerAccessToken extends AccessToken {
public void setNonce(String nonce) {
this.nonce = nonce;
}
+
+ public Map<String, String> getExtraProperties() {
+ return extraProperties;
+ }
+
+ public void setExtraProperties(Map<String, String> extraProperties) {
+ this.extraProperties = extraProperties;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
index e8478ad..457beae 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
@@ -169,6 +169,7 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
oauthContext.setTokenAudience(validAudience);
oauthContext.setTokenIssuer(accessTokenV.getTokenIssuer());
oauthContext.setTokenRequestParts(authParts);
+ oauthContext.setTokenExtraProperties(accessTokenV.getExtraProps());
m.setContent(OAuthContext.class, oauthContext);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
index c03ccf3..f41e172 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
@@ -61,6 +61,7 @@ public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider
grant.setAudience(reg.getAudience());
grant.setClientCodeChallenge(reg.getClientCodeChallenge());
grant.setNonce(reg.getNonce());
+ grant.getExtraProperties().putAll(reg.getExtraProperties());
return grant;
}
protected abstract void saveCodeGrant(ServerAuthorizationCodeGrant grant);
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
index a3185b7..269e24e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java
@@ -19,7 +19,9 @@
package org.apache.cxf.rs.security.oauth2.grants.code;
import java.util.Collections;
+import java.util.LinkedHashMap;
import java.util.List;
+import java.util.Map;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
@@ -38,6 +40,7 @@ public class AuthorizationCodeRegistration {
private String nonce;
private String clientCodeChallenge;
private boolean preauthorizedTokenAvailable;
+ private Map<String, String> extraProperties = new LinkedHashMap<String, String>();
/**
* Sets the {@link Client} reference
* @param client the client
@@ -139,4 +142,10 @@ public class AuthorizationCodeRegistration {
public void setPreauthorizedTokenAvailable(boolean preauthorizedTokenAvailable) {
this.preauthorizedTokenAvailable = preauthorizedTokenAvailable;
}
+ public Map<String, String> getExtraProperties() {
+ return extraProperties;
+ }
+ public void setExtraProperties(Map<String, String> extraProperties) {
+ this.extraProperties = extraProperties;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
index a3ff5b3..aa943dc 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
@@ -98,14 +98,7 @@ public class DefaultEncryptingCodeDataProvider extends DefaultEncryptingOAuthDat
protected ServerAuthorizationCodeGrant doCreateCodeGrant(AuthorizationCodeRegistration reg)
throws OAuthServiceException {
- ServerAuthorizationCodeGrant grant =
- new ServerAuthorizationCodeGrant(reg.getClient(), getCode(reg), getGrantLifetime(), getIssuedAt());
- grant.setApprovedScopes(getApprovedScopes(reg));
- grant.setAudience(reg.getAudience());
- grant.setClientCodeChallenge(reg.getClientCodeChallenge());
- grant.setSubject(reg.getSubject());
- grant.setRedirectUri(reg.getRedirectUri());
- return grant;
+ return AbstractCodeDataProvider.initCodeGrant(reg, grantLifetime);
}
protected List<String> getApprovedScopes(AuthorizationCodeRegistration reg) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
index 119cc59..d345fb2 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
@@ -19,7 +19,9 @@
package org.apache.cxf.rs.security.oauth2.grants.code;
import java.util.Collections;
+import java.util.LinkedHashMap;
import java.util.List;
+import java.util.Map;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
@@ -42,6 +44,7 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant {
private String clientCodeChallenge;
private String nonce;
private boolean preauthorizedTokenAvailable;
+ private Map<String, String> extraProperties = new LinkedHashMap<String, String>();
public ServerAuthorizationCodeGrant() {
@@ -174,4 +177,12 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant {
public void setPreauthorizedTokenAvailable(boolean preauthorizedTokenAvailable) {
this.preauthorizedTokenAvailable = preauthorizedTokenAvailable;
}
+
+ public Map<String, String> getExtraProperties() {
+ return extraProperties;
+ }
+
+ public void setExtraProperties(Map<String, String> extraProperties) {
+ this.extraProperties = extraProperties;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 813efda..f5a8457 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -72,6 +72,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
at.setSubject(atReg.getSubject());
at.setClientCodeVerifier(atReg.getClientCodeVerifier());
at.setNonce(atReg.getNonce());
+ at.getExtraProperties().putAll(atReg.getExtraProperties());
return at;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
index 0c23db1..edd14a6 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java
@@ -171,6 +171,9 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide
if (!StringUtils.isEmpty(parts[7])) {
state.setResponseType(parts[7]);
}
+ if (!StringUtils.isEmpty(parts[8])) {
+ state.setExtraProperties(ModelEncryptionSupport.parseSimpleMap(parts[8]));
+ }
return state;
}
protected String convertStateToString(OAuthRedirectionState secData) {
@@ -199,6 +202,9 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide
state.append(ModelEncryptionSupport.SEP);
// 7: response_type
state.append(ModelEncryptionSupport.tokenizeString(secData.getResponseType()));
+ state.append(ModelEncryptionSupport.SEP);
+ // 8: extra props
+ state.append(secData.getExtraProperties().toString());
return state.toString();
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index f3c466b..962ba4a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -56,6 +56,7 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
super(supportedResponseTypes, supportedGrantType);
}
+
protected Response createGrant(OAuthRedirectionState state,
Client client,
List<String> requestedScope,
@@ -65,15 +66,11 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
ServerAccessToken token = null;
if (preAuthorizedToken == null) {
- AccessTokenRegistration reg = new AccessTokenRegistration();
- reg.setClient(client);
- reg.setGrantType(super.getSupportedGrantType());
- reg.setSubject(userSubject);
- reg.setRequestedScope(requestedScope);
- reg.setApprovedScope(getApprovedScope(requestedScope, approvedScope));
-
- reg.setAudiences(Collections.singletonList(state.getAudience()));
- reg.setNonce(state.getNonce());
+ AccessTokenRegistration reg = createTokenRegistration(state,
+ client,
+ requestedScope,
+ approvedScope,
+ userSubject);
token = getDataProvider().createAccessToken(reg);
} else {
token = preAuthorizedToken;
@@ -111,6 +108,22 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant
return finalizeResponse(sb, state);
}
+ protected AccessTokenRegistration createTokenRegistration(OAuthRedirectionState state,
+ Client client,
+ List<String> requestedScope,
+ List<String> approvedScope,
+ UserSubject userSubject) {
+ AccessTokenRegistration reg = new AccessTokenRegistration();
+ reg.setClient(client);
+ reg.setGrantType(super.getSupportedGrantType());
+ reg.setSubject(userSubject);
+ reg.setRequestedScope(requestedScope);
+ reg.setApprovedScope(getApprovedScope(requestedScope, approvedScope));
+
+ reg.setAudiences(Collections.singletonList(state.getAudience()));
+ reg.setNonce(state.getNonce());
+ return reg;
+ }
protected Response finalizeResponse(StringBuilder sb, OAuthRedirectionState state) {
if (state.getState() != null) {
sb.append("&");
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index 86d229f..b826108 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -74,16 +74,16 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
OAuthAuthorizationData data =
super.createAuthorizationData(client, params, redirectUri, subject,
requestedPerms, alreadyAuthorizedPerms, authorizationCanBeSkipped);
- setCodeQualifier(data, params);
+ setCodeChallenge(data, params);
return data;
}
- protected OAuthRedirectionState recreateRedirectionStateFromSession(
- UserSubject subject, MultivaluedMap<String, String> params, String sessionToken) {
- OAuthRedirectionState state = super.recreateRedirectionStateFromSession(subject, params, sessionToken);
- setCodeQualifier(state, params);
+ protected OAuthRedirectionState recreateRedirectionStateFromParams(
+ MultivaluedMap<String, String> params) {
+ OAuthRedirectionState state = super.recreateRedirectionStateFromParams(params);
+ setCodeChallenge(state, params);
return state;
}
- private static void setCodeQualifier(OAuthRedirectionState data, MultivaluedMap<String, String> params) {
+ private static void setCodeChallenge(OAuthRedirectionState data, MultivaluedMap<String, String> params) {
data.setClientCodeChallenge(params.getFirst(OAuthConstants.AUTHORIZATION_CODE_CHALLENGE));
}
protected Response createGrant(OAuthRedirectionState state,
@@ -94,16 +94,12 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
ServerAccessToken preauthorizedToken) {
// in this flow the code is still created, the preauthorized token
// will be retrieved by the authorization code grant handler
- AuthorizationCodeRegistration codeReg = new AuthorizationCodeRegistration();
- codeReg.setPreauthorizedTokenAvailable(preauthorizedToken != null);
- codeReg.setClient(client);
- codeReg.setRedirectUri(state.getRedirectUri());
- codeReg.setRequestedScope(requestedScope);
- codeReg.setApprovedScope(getApprovedScope(requestedScope, approvedScope));
- codeReg.setSubject(userSubject);
- codeReg.setAudience(state.getAudience());
- codeReg.setNonce(state.getNonce());
- codeReg.setClientCodeChallenge(state.getClientCodeChallenge());
+ AuthorizationCodeRegistration codeReg = createCodeRegistration(state,
+ client,
+ requestedScope,
+ approvedScope,
+ userSubject,
+ preauthorizedToken);
ServerAuthorizationCodeGrant grant = null;
try {
@@ -130,6 +126,25 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
return Response.seeOther(ub.build()).build();
}
}
+
+ protected AuthorizationCodeRegistration createCodeRegistration(OAuthRedirectionState state,
+ Client client,
+ List<String> requestedScope,
+ List<String> approvedScope,
+ UserSubject userSubject,
+ ServerAccessToken preauthorizedToken) {
+ AuthorizationCodeRegistration codeReg = new AuthorizationCodeRegistration();
+ codeReg.setPreauthorizedTokenAvailable(preauthorizedToken != null);
+ codeReg.setClient(client);
+ codeReg.setRedirectUri(state.getRedirectUri());
+ codeReg.setRequestedScope(requestedScope);
+ codeReg.setApprovedScope(getApprovedScope(requestedScope, approvedScope));
+ codeReg.setSubject(userSubject);
+ codeReg.setAudience(state.getAudience());
+ codeReg.setNonce(state.getNonce());
+ codeReg.setClientCodeChallenge(state.getClientCodeChallenge());
+ return codeReg;
+ }
protected String processCodeGrant(Client client, String code, UserSubject endUser) {
if (codeResponseFilter != null) {
return codeResponseFilter.process(client, code, endUser);
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 22f248f..f7c3218 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -240,7 +240,6 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
boolean authorizationCanBeSkipped) {
OAuthAuthorizationData secData = new OAuthAuthorizationData();
- secData.setRequestParameters(params);
secData.setState(params.getFirst(OAuthConstants.STATE));
secData.setRedirectUri(redirectUri);
@@ -277,26 +276,28 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
return secData;
}
protected OAuthRedirectionState recreateRedirectionStateFromSession(
- UserSubject subject, MultivaluedMap<String, String> params, String sessionToken) {
- OAuthRedirectionState state = null;
+ UserSubject subject, String sessionToken) {
if (sessionAuthenticityTokenProvider != null) {
- state = sessionAuthenticityTokenProvider.getSessionState(super.getMessageContext(),
+ return sessionAuthenticityTokenProvider.getSessionState(super.getMessageContext(),
sessionToken,
subject);
+ } else {
+ return null;
}
- if (state == null) {
- state = new OAuthRedirectionState();
- state.setClientId(params.getFirst(OAuthConstants.CLIENT_ID));
- state.setRedirectUri(params.getFirst(OAuthConstants.REDIRECT_URI));
- state.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
- state.setProposedScope(params.getFirst(OAuthConstants.SCOPE));
- state.setState(params.getFirst(OAuthConstants.STATE));
- state.setNonce(params.getFirst(OAuthConstants.NONCE));
- state.setResponseType(params.getFirst(OAuthConstants.RESPONSE_TYPE));
- }
- return state;
}
+
+ protected OAuthRedirectionState recreateRedirectionStateFromParams(MultivaluedMap<String, String> params) {
+ OAuthRedirectionState state = new OAuthRedirectionState();
+ state.setClientId(params.getFirst(OAuthConstants.CLIENT_ID));
+ state.setRedirectUri(params.getFirst(OAuthConstants.REDIRECT_URI));
+ state.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
+ state.setProposedScope(params.getFirst(OAuthConstants.SCOPE));
+ state.setState(params.getFirst(OAuthConstants.STATE));
+ state.setNonce(params.getFirst(OAuthConstants.NONCE));
+ state.setResponseType(params.getFirst(OAuthConstants.RESPONSE_TYPE));
+ return state;
+ }
protected void personalizeData(OAuthAuthorizationData data, UserSubject userSubject) {
if (resourceOwnerNameProvider != null) {
data.setEndUserName(resourceOwnerNameProvider.getName(userSubject));
@@ -331,8 +332,10 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
throw ExceptionUtils.toBadRequestException(null, null);
}
- OAuthRedirectionState state =
- recreateRedirectionStateFromSession(userSubject, params, sessionToken);
+ OAuthRedirectionState state = recreateRedirectionStateFromSession(userSubject, sessionToken);
+ if (state == null) {
+ state = recreateRedirectionStateFromParams(params);
+ }
Client client = getClient(state.getClientId());
String redirectUri = validateRedirectUri(client, state.getRedirectUri());
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
index c23f421..9f5a929 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
@@ -256,7 +256,9 @@ public final class ModelEncryptionSupport {
newToken.setClientCodeVerifier(parts[10]);
//UserSubject:
newToken.setSubject(recreateUserSubject(parts[11]));
-
+
+ newToken.setExtraProperties(parseSimpleMap(parts[12]));
+
return newToken;
}
@@ -322,7 +324,10 @@ public final class ModelEncryptionSupport {
state.append(SEP);
// 11: user subject
tokenizeUserSubject(state, token.getSubject());
-
+ // 13: extra properties
+ state.append(SEP);
+ // {key=value, key=value}
+ state.append(token.getExtraProperties().toString());
return state.toString();
}
@@ -402,6 +407,7 @@ public final class ModelEncryptionSupport {
grant.setClientCodeChallenge(getStringPart(parts[6]));
grant.setApprovedScopes(parseSimpleList(parts[7]));
grant.setSubject(recreateUserSubject(parts[8]));
+ grant.setExtraProperties(parseSimpleMap(parts[9]));
return grant;
}
private static String tokenizeCodeGrant(ServerAuthorizationCodeGrant grant) {
@@ -432,7 +438,10 @@ public final class ModelEncryptionSupport {
state.append(SEP);
// 8: subject
tokenizeUserSubject(state, grant.getSubject());
-
+ // 9: extra properties
+ state.append(SEP);
+ // {key=value, key=value}
+ state.append(grant.getExtraProperties().toString());
return state.toString();
}
@@ -453,7 +462,7 @@ public final class ModelEncryptionSupport {
}
}
- private static Map<String, String> parseSimpleMap(String mapStr) {
+ public static Map<String, String> parseSimpleMap(String mapStr) {
Map<String, String> props = new HashMap<String, String>();
List<String> entries = parseSimpleList(mapStr);
for (String entry : entries) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
index 67a7118..59ef008 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
@@ -20,10 +20,16 @@ package org.apache.cxf.rs.security.oidc.idp;
import java.util.List;
+import javax.ws.rs.core.MultivaluedMap;
+
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
+import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
import org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService;
+import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
public class OidcAuthorizationCodeService extends AuthorizationCodeGrantService {
private static final String OPEN_ID_CONNECT_SCOPE = "openid";
@@ -42,5 +48,27 @@ public class OidcAuthorizationCodeService extends AuthorizationCodeGrantService
public void setSkipAuthorizationWithOidcScope(boolean skipAuthorizationWithOidcScope) {
this.skipAuthorizationWithOidcScope = skipAuthorizationWithOidcScope;
}
-
+ protected AuthorizationCodeRegistration createCodeRegistration(OAuthRedirectionState state,
+ Client client,
+ List<String> requestedScope,
+ List<String> approvedScope,
+ UserSubject userSubject,
+ ServerAccessToken preauthorizedToken) {
+ AuthorizationCodeRegistration codeReg = super.createCodeRegistration(state,
+ client,
+ requestedScope,
+ approvedScope,
+ userSubject,
+ preauthorizedToken);
+
+ codeReg.getExtraProperties().putAll(state.getExtraProperties());
+ return codeReg;
+ }
+ @Override
+ protected OAuthRedirectionState recreateRedirectionStateFromParams(
+ MultivaluedMap<String, String> params) {
+ OAuthRedirectionState state = super.recreateRedirectionStateFromParams(params);
+ OidcUtils.setStateClaimsProperty(state, params);
+ return state;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
index 359d172..94dd845 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
@@ -27,6 +27,7 @@ import javax.ws.rs.core.Response;
import org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
@@ -127,6 +128,26 @@ public class OidcImplicitService extends ImplicitGrantService {
}
}
+ @Override
+ protected OAuthRedirectionState recreateRedirectionStateFromParams(
+ MultivaluedMap<String, String> params) {
+ OAuthRedirectionState state = super.recreateRedirectionStateFromParams(params);
+ OidcUtils.setStateClaimsProperty(state, params);
+ return state;
+ }
+
+ @Override
+ protected AccessTokenRegistration createTokenRegistration(OAuthRedirectionState state,
+ Client client,
+ List<String> requestedScope,
+ List<String> approvedScope,
+ UserSubject userSubject) {
+ AccessTokenRegistration reg =
+ super.createTokenRegistration(state, client, requestedScope, approvedScope, userSubject);
+ reg.getExtraProperties().putAll(state.getExtraProperties());
+ return reg;
+ }
+
protected String processIdToken(IdToken idToken) {
JoseJwtProducer processor = idTokenHandler == null ? new JoseJwtProducer() : idTokenHandler;
return processor.processJwt(new JwtToken(idToken));
http://git-wip-us.apache.org/repos/asf/cxf/blob/e32ce07b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
index d6363e7..823e757 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java
@@ -24,12 +24,15 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import javax.ws.rs.core.MultivaluedMap;
+
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jws.JwsException;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.rs.security.oidc.common.UserInfo;
@@ -48,6 +51,8 @@ public final class OidcUtils {
UserInfo.EMAIL_VERIFIED_CLAIM);
public static final List<String> ADDRESS_CLAIMS = Arrays.asList(UserInfo.ADDRESS_CLAIM);
public static final List<String> PHONE_CLAIMS = Arrays.asList(UserInfo.PHONE_CLAIM);
+ public static final String CLAIMS_PARAM = "claims";
+
private static final Map<String, List<String>> SCOPES_MAP;
static {
SCOPES_MAP = new HashMap<String, List<String>>();
@@ -140,5 +145,11 @@ public final class OidcUtils {
throw new OAuthServiceException(ex);
}
}
-
+ public static void setStateClaimsProperty(OAuthRedirectionState state,
+ MultivaluedMap<String, String> params) {
+ String claims = params.getFirst(OidcUtils.CLAIMS_PARAM);
+ if (claims != null) {
+ state.getExtraProperties().put(OidcUtils.CLAIMS_PARAM, claims);
+ }
+ }
}
[2/3] cxf git commit: Marking OAuthAuthorizationData request params
as transient
Posted by se...@apache.org.
Marking OAuthAuthorizationData request params as transient
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4463a7be
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4463a7be
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4463a7be
Branch: refs/heads/3.1.x-fixes
Commit: 4463a7be5363bc38d9088c154d7a80a399acf4fa
Parents: b0cfaad
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Feb 15 14:31:58 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Feb 15 17:54:38 2016 +0000
----------------------------------------------------------------------
.../cxf/rs/security/oauth2/common/OAuthAuthorizationData.java | 2 ++
1 file changed, 2 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/4463a7be/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
index 08e5a5a..37b38f4 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
@@ -27,6 +27,7 @@ import java.util.Map;
import javax.ws.rs.core.MultivaluedMap;
import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlTransient;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
@@ -259,6 +260,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
return allPerms;
}
+ @XmlTransient
public MultivaluedMap<String, String> getRequestParameters() {
return requestParameters;
}
[3/3] cxf git commit: Making all the requested params available to
consent screen and various complete authorization handlers
Posted by se...@apache.org.
Making all the requested params available to consent screen and various complete authorization handlers
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b0cfaad3
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b0cfaad3
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b0cfaad3
Branch: refs/heads/3.1.x-fixes
Commit: b0cfaad377fef998773f590afea500a68ddc0ff0
Parents: d1bb6c1
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Feb 15 14:23:16 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Feb 15 17:54:38 2016 +0000
----------------------------------------------------------------------
.../rs/security/oauth2/common/OAuthAuthorizationData.java | 10 ++++++++++
.../oauth2/services/RedirectionBasedGrantService.java | 5 ++++-
2 files changed, 14 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/b0cfaad3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
index 27cb511..08e5a5a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
@@ -25,6 +25,7 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Map;
+import javax.ws.rs.core.MultivaluedMap;
import javax.xml.bind.annotation.XmlRootElement;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
@@ -49,6 +50,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
private String applicationLogoUri;
private List<String> applicationCertificates = new LinkedList<String>();
private Map<String, String> extraApplicationProperties = new HashMap<String, String>();
+ private MultivaluedMap<String, String> requestParameters;
private boolean implicitFlow;
private List<OAuthPermission> permissions;
@@ -256,4 +258,12 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
}
return allPerms;
}
+
+ public MultivaluedMap<String, String> getRequestParameters() {
+ return requestParameters;
+ }
+
+ public void setRequestParameters(MultivaluedMap<String, String> requestParameters) {
+ this.requestParameters = requestParameters;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/b0cfaad3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 40a6771..22f248f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -56,6 +56,7 @@ import org.apache.cxf.security.SecurityContext;
* The Base Redirection-Based Grant Service
*/
public abstract class RedirectionBasedGrantService extends AbstractOAuthService {
+ private static final String AUTHORIZATION_REQUEST_PARAMETERS = "authorization.request.parameters";
private Set<String> supportedResponseTypes;
private String supportedGrantType;
private boolean useAllClientScopes;
@@ -202,6 +203,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
authorizationCanBeSkipped);
if (authorizationCanBeSkipped) {
+ getMessageContext().put(AUTHORIZATION_REQUEST_PARAMETERS, params);
List<OAuthPermission> approvedScopes =
preAuthorizationComplete ? preAuthorizedToken.getScopes() : requestedPermissions;
return createGrant(data,
@@ -238,6 +240,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
boolean authorizationCanBeSkipped) {
OAuthAuthorizationData secData = new OAuthAuthorizationData();
+ secData.setRequestParameters(params);
secData.setState(params.getFirst(OAuthConstants.STATE));
secData.setRedirectUri(redirectUri);
@@ -357,7 +360,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
partialMatchScopeValidation)) {
return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
}
-
+ getMessageContext().put(AUTHORIZATION_REQUEST_PARAMETERS, params);
// Request a new grant
return createGrant(state,
client,