You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2022/09/29 15:41:05 UTC
[cxf] branch 3.6.x-fixes updated (9031457c53 -> ac508a4769)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 3.6.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
from 9031457c53 Update Swagget to 1.6.7
new af64d00273 Make opaque access token generation extensible (#989)
new c734a65aa2 Recording .gitmergeinfo Changes
new ac508a4769 Fixing some PMD/checkstyle issues
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.gitmergeinfo | 3 +
.../oauth2/provider/AbstractOAuthDataProvider.java | 106 +++++++++++++--------
2 files changed, 67 insertions(+), 42 deletions(-)
[cxf] 02/03: Recording .gitmergeinfo Changes
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.6.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit c734a65aa20fa6d56464758f019c4eb995234688
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Sep 29 16:18:04 2022 +0100
Recording .gitmergeinfo Changes
---
.gitmergeinfo | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 775f8a7dc7..59f029e057 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -3,14 +3,17 @@ origin/main
B 00bbab65e59b8f27366335aec19e50129b7759f0
B 24984eacaf4568b893ab71ebbded1100bdc060c8
B 3457c8555d1ecb49cf13e29a60f7ab01ec5f2ff4
+B 3a9583d5edf20a16dd2fa739a9fb8fbce8168a23
B 4b63dbb428488f3a6d0b7114632404b31458a521
B 79ee9824ee30b1b710d7385efc3cec736b4a5c54
B 7f4c668a04211e044c69fe51c0053567e39a13d6
B 7f683ba748e2133af0f93f1d77df5921b4e86011
B 853facf1466661d74ccce985926063ed12d3a9d5
+B 8e53636903d430a72e4fb98aa07a6359eb509901
B 8f7c9dae610cd708b5e17828b58b642a5485b9cc
B 9723e32190d3a820e0eecf19177561155399c867
B a6501f782cd2b392f09edb4ccb99a83acd2e75a2
+B a7bdc11a62b1810b436ce70e60fcc252ab41337d
B b067ecf705094a7b66a98639465c38f2a55f7d15
B b176e8e4a5a6bb6097c4e399ee0fa843f81e4b32
B b740e0a7f606d9e5acb8c27dfb3a671708bb19db
[cxf] 03/03: Fixing some PMD/checkstyle issues
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.6.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit ac508a47694779eb0fd6275afc03f88e384ab6d5
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Sep 29 16:39:12 2022 +0100
Fixing some PMD/checkstyle issues
(cherry picked from commit 5dab76961afaebd2e71aeeee9356a6878ee2e4f1)
---
.../security/oauth2/provider/AbstractOAuthDataProvider.java | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index d136fc8bc3..6844c97cab 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -100,7 +100,8 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
return at;
}
- protected ServerAccessToken doCreateAccessToken(List<String> audiences,
+ //CHECKSTYLE:OFF
+ protected ServerAccessToken doCreateAccessToken(List<String> audiences, //NOPMD
Client client,
String clientCodeVerifier,
Map<String, String> extraProperties,
@@ -110,6 +111,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
String responseType,
List<OAuthPermission> scopes,
UserSubject userSubject) {
+ //CHECKSTYLE:ON
ServerAccessToken at =
createNewAccessToken(client, userSubject);
@@ -424,8 +426,8 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
List<OAuthPermission> theNewScopes = null;
if (restrictedScopes.isEmpty()) {
- theNewScopes = oldRefreshToken.getScopes() != null ?
- new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null;
+ theNewScopes = oldRefreshToken.getScopes() != null
+ ? new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null;
} else {
theNewScopes = convertScopeToPermissions(client, restrictedScopes);
if (!oldRefreshToken.getScopes().containsAll(theNewScopes)) {
@@ -435,8 +437,8 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
ServerAccessToken at =
doCreateAccessToken(
- oldRefreshToken.getAudiences() != null ?
- new ArrayList<String>(oldRefreshToken.getAudiences()) : null,
+ oldRefreshToken.getAudiences() != null
+ ? new ArrayList<String>(oldRefreshToken.getAudiences()) : null,
client, oldRefreshToken.getClientCodeVerifier(),
oldRefreshToken.getExtraProperties(), oldRefreshToken.getGrantCode(),
oldRefreshToken.getGrantType(), oldRefreshToken.getNonce(),
[cxf] 01/03: Make opaque access token generation extensible (#989)
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.6.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit af64d00273b1dcebec08d56cba361388794a5e60
Author: Arthur Chen <ar...@gmail.com>
AuthorDate: Thu Sep 29 22:59:38 2022 +0800
Make opaque access token generation extensible (#989)
* extract opaque token generation to a protected method, so
it can be reused/overwritten by child classes
* extract jwt token conversion to a protected method, so
it can be reused/overwritten by child classes
* Remove response type as old logic didn't have it
(cherry picked from commit dd206fdb527b672ca181f4f513eff06ac1bf4f6c)
---
.../oauth2/provider/AbstractOAuthDataProvider.java | 104 ++++++++++++---------
1 file changed, 62 insertions(+), 42 deletions(-)
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 815a52ce04..d136fc8bc3 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -76,19 +76,14 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
}
protected ServerAccessToken doCreateAccessToken(AccessTokenRegistration atReg) {
- ServerAccessToken at = createNewAccessToken(atReg.getClient(), atReg.getSubject());
- at.setAudiences(atReg.getAudiences());
- at.setGrantType(atReg.getGrantType());
- List<String> theScopes = atReg.getApprovedScope();
- List<OAuthPermission> thePermissions =
- convertScopeToPermissions(atReg.getClient(), theScopes);
- at.setScopes(thePermissions);
- at.setSubject(atReg.getSubject());
- at.setClientCodeVerifier(atReg.getClientCodeVerifier());
- at.setNonce(atReg.getNonce());
- at.setResponseType(atReg.getResponseType());
- at.setGrantCode(atReg.getGrantCode());
- at.getExtraProperties().putAll(atReg.getExtraProperties());
+ ServerAccessToken at = doCreateAccessToken(
+ atReg.getAudiences(), atReg.getClient(),
+ atReg.getClientCodeVerifier(), atReg.getExtraProperties(),
+ atReg.getGrantCode(), atReg.getGrantType(), atReg.getNonce(),
+ atReg.getResponseType(),
+ convertScopeToPermissions(
+ atReg.getClient(), atReg.getApprovedScope()),
+ atReg.getSubject());
if (messageContext != null) {
String certCnf = (String)messageContext.get(JoseConstants.HEADER_X509_THUMBPRINT_SHA256);
@@ -99,18 +94,38 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
}
if (isUseJwtFormatForAccessTokens()) {
- JwtClaims claims = createJwtAccessToken(at);
- String jose = processJwtAccessToken(claims);
- if (isPersistJwtEncoding()) {
- at.setTokenKey(jose);
- } else {
- at.setEncodedToken(jose);
- }
+ convertToJWTAccessToken(at);
}
return at;
}
+ protected ServerAccessToken doCreateAccessToken(List<String> audiences,
+ Client client,
+ String clientCodeVerifier,
+ Map<String, String> extraProperties,
+ String grantCode,
+ String grantType,
+ String nonce,
+ String responseType,
+ List<OAuthPermission> scopes,
+ UserSubject userSubject) {
+
+ ServerAccessToken at =
+ createNewAccessToken(client, userSubject);
+ at.setAudiences(audiences);
+ at.setGrantType(grantType);
+ at.setScopes(scopes);
+ at.setSubject(userSubject);
+ at.setClientCodeVerifier(clientCodeVerifier);
+ at.setNonce(nonce);
+ at.setResponseType(responseType);
+ at.setGrantCode(grantCode);
+ at.getExtraProperties().putAll(extraProperties);
+
+ return at;
+ }
+
protected JwtClaims createJwtAccessToken(ServerAccessToken at) {
JwtClaims claims = new JwtClaims();
claims.setTokenId(at.getTokenKey());
@@ -186,6 +201,16 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
return claims;
}
+ protected void convertToJWTAccessToken(ServerAccessToken at) {
+ JwtClaims claims = createJwtAccessToken(at);
+ String jose = processJwtAccessToken(claims);
+ if (isPersistJwtEncoding()) {
+ at.setTokenKey(jose);
+ } else {
+ at.setEncodedToken(jose);
+ }
+ }
+
protected ServerAccessToken createNewAccessToken(Client client, UserSubject userSub) {
BearerAccessToken token = new BearerAccessToken(client, accessTokenLifetime);
if (getIssuer() != null) {
@@ -395,35 +420,30 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
protected ServerAccessToken doRefreshAccessToken(Client client,
RefreshToken oldRefreshToken,
List<String> restrictedScopes) {
- ServerAccessToken at = createNewAccessToken(client, oldRefreshToken.getSubject());
- at.setAudiences(oldRefreshToken.getAudiences() != null
- ? new ArrayList<String>(oldRefreshToken.getAudiences()) : null);
- at.setGrantType(oldRefreshToken.getGrantType());
- at.setGrantCode(oldRefreshToken.getGrantCode());
- at.setSubject(oldRefreshToken.getSubject());
- at.setNonce(oldRefreshToken.getNonce());
- at.setClientCodeVerifier(oldRefreshToken.getClientCodeVerifier());
- at.getExtraProperties().putAll(oldRefreshToken.getExtraProperties());
+
+ List<OAuthPermission> theNewScopes = null;
+
if (restrictedScopes.isEmpty()) {
- at.setScopes(oldRefreshToken.getScopes() != null
- ? new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null);
+ theNewScopes = oldRefreshToken.getScopes() != null ?
+ new ArrayList<OAuthPermission>(oldRefreshToken.getScopes()) : null;
} else {
- List<OAuthPermission> theNewScopes = convertScopeToPermissions(client, restrictedScopes);
- if (oldRefreshToken.getScopes().containsAll(theNewScopes)) {
- at.setScopes(theNewScopes);
- } else {
+ theNewScopes = convertScopeToPermissions(client, restrictedScopes);
+ if (!oldRefreshToken.getScopes().containsAll(theNewScopes)) {
throw new OAuthServiceException("Invalid scopes");
}
}
+ ServerAccessToken at =
+ doCreateAccessToken(
+ oldRefreshToken.getAudiences() != null ?
+ new ArrayList<String>(oldRefreshToken.getAudiences()) : null,
+ client, oldRefreshToken.getClientCodeVerifier(),
+ oldRefreshToken.getExtraProperties(), oldRefreshToken.getGrantCode(),
+ oldRefreshToken.getGrantType(), oldRefreshToken.getNonce(),
+ null, theNewScopes, oldRefreshToken.getSubject());
+
if (isUseJwtFormatForAccessTokens()) {
- JwtClaims claims = createJwtAccessToken(at);
- String jose = processJwtAccessToken(claims);
- if (isPersistJwtEncoding()) {
- at.setTokenKey(jose);
- } else {
- at.setEncodedToken(jose);
- }
+ convertToJWTAccessToken(at);
}
return at;