You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/11/30 13:15:03 UTC
cxf git commit: Propagating a nonce value from a code grant to an
access token reg
Repository: cxf
Updated Branches:
refs/heads/master dc9f8c238 -> c7e75e55f
Propagating a nonce value from a code grant to an access token reg
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c7e75e55
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c7e75e55
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c7e75e55
Branch: refs/heads/master
Commit: c7e75e55f01d81add3194b5a1676d12ef3669cb5
Parents: dc9f8c2
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Nov 30 12:14:39 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Nov 30 12:14:39 2015 +0000
----------------------------------------------------------------------
.../security/oauth2/grants/AbstractGrantHandler.java | 15 ++++++++-------
.../oauth2/grants/code/AbstractCodeDataProvider.java | 1 +
.../grants/code/AuthorizationCodeGrantHandler.java | 3 ++-
.../grants/code/ServerAuthorizationCodeGrant.java | 9 +++++++++
4 files changed, 20 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/c7e75e55/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
index b855af0..2300b11 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
@@ -108,8 +108,7 @@ public abstract class AbstractGrantHandler implements AccessTokenGrantHandler {
UserSubject subject,
List<String> requestedScope) {
- return doCreateAccessToken(client, subject, getSingleGrantType(), requestedScope,
- null, null, null);
+ return doCreateAccessToken(client, subject, getSingleGrantType(), requestedScope);
}
protected ServerAccessToken doCreateAccessToken(Client client,
@@ -119,23 +118,25 @@ public abstract class AbstractGrantHandler implements AccessTokenGrantHandler {
String audience) {
return doCreateAccessToken(client, subject, getSingleGrantType(), requestedScope,
- approvedScope, audience, null);
+ approvedScope, audience, null, null);
}
protected ServerAccessToken doCreateAccessToken(Client client,
UserSubject subject,
String requestedGrant,
List<String> requestedScope) {
- return doCreateAccessToken(client, subject, requestedGrant, requestedScope, null, null, null);
+ return doCreateAccessToken(client, subject, requestedGrant, requestedScope, null, null, null, null);
}
-
+ //CHECKSTYLE:OFF
protected ServerAccessToken doCreateAccessToken(Client client,
UserSubject subject,
String requestedGrant,
List<String> requestedScope,
List<String> approvedScope,
String audience,
- String codeVerifier) {
+ String codeVerifier,
+ String nonce) {
+ //CHECKSTYLE:ON
if (!OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(),
partialMatchScopeValidation)) {
throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_SCOPE));
@@ -163,7 +164,7 @@ public abstract class AbstractGrantHandler implements AccessTokenGrantHandler {
reg.setApprovedScope(approvedScope);
reg.setAudience(audience);
reg.setClientCodeVerifier(codeVerifier);
-
+ reg.setNonce(nonce);
return dataProvider.createAccessToken(reg);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/c7e75e55/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
index 6bed976..1b63bb3 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
@@ -55,6 +55,7 @@ public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider
grant.setApprovedScopes(reg.getApprovedScope());
grant.setAudience(reg.getAudience());
grant.setClientCodeChallenge(reg.getClientCodeChallenge());
+ grant.setNonce(reg.getNonce());
return grant;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/c7e75e55/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index 9a6888a..f2cf499 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -84,7 +84,8 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler {
grant.getRequestedScopes(),
grant.getApprovedScopes(),
grant.getAudience(),
- clientCodeVerifier);
+ clientCodeVerifier,
+ grant.getNonce());
}
private boolean compareCodeVerifierWithChallenge(Client c, String clientCodeVerifier,
http://git-wip-us.apache.org/repos/asf/cxf/blob/c7e75e55/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
index a1aba9f..f09327a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java
@@ -39,6 +39,7 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant {
private List<String> requestedScopes = Collections.emptyList();
private UserSubject subject;
private String audience;
+ private String nonce;
private String clientCodeChallenge;
public ServerAuthorizationCodeGrant() {
@@ -165,4 +166,12 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant {
public void setRequestedScopes(List<String> requestedScopes) {
this.requestedScopes = requestedScopes;
}
+
+ public String getNonce() {
+ return nonce;
+ }
+
+ public void setNonce(String nonce) {
+ this.nonce = nonce;
+ }
}