You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/01/25 15:16:18 UTC
cxf git commit: [CXF-6722] Passing an optional user subject ref too
to allow for more optimal queries in some cases
Repository: cxf
Updated Branches:
refs/heads/master 17d4cedc2 -> c545843c6
[CXF-6722] Passing an optional user subject ref too to allow for more optimal queries in some cases
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c545843c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c545843c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c545843c
Branch: refs/heads/master
Commit: c545843c6f084a00d55821b1a5156da447b5490a
Parents: 17d4ced
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Jan 25 14:16:02 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Jan 25 14:16:02 2016 +0000
----------------------------------------------------------------------
.../grants/code/AbstractCodeDataProvider.java | 2 +-
.../code/AuthorizationCodeDataProvider.java | 4 +++-
.../code/DefaultEHCacheCodeDataProvider.java | 10 +++++++---
.../code/DefaultEncryptingCodeDataProvider.java | 12 ++++++++----
.../provider/AbstractOAuthDataProvider.java | 4 ++--
.../provider/DefaultEHCacheOAuthDataProvider.java | 18 ++++++++++++++----
.../DefaultEncryptingOAuthDataProvider.java | 18 ++++++++++++++----
.../oauth2/provider/OAuthDataProvider.java | 6 ++++--
.../services/RedirectionBasedGrantService.java | 3 ++-
.../oauth2/grants/OAuthDataProviderImpl.java | 4 ++--
.../crypto/CodeGrantEncryptingDataProvider.java | 3 ++-
.../utils/crypto/EncryptingDataProvider.java | 4 ++--
.../oidc/idp/OidcAuthorizationCodeService.java | 2 ++
.../rs/security/oidc/idp/OidcImplicitService.java | 1 +
14 files changed, 64 insertions(+), 27 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/c545843c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
index f6d0cf9..de61bb8 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
@@ -46,7 +46,7 @@ public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider
this.codeLifetime = codeLifetime;
}
protected void removeClientCodeGrants(Client c) {
- for (ServerAuthorizationCodeGrant grant : getCodeGrants(c)) {
+ for (ServerAuthorizationCodeGrant grant : getCodeGrants(c, null)) {
removeCodeGrant(grant.getCode());
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/c545843c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeDataProvider.java
index de63a39..ff3f8c5 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeDataProvider.java
@@ -22,6 +22,7 @@ package org.apache.cxf.rs.security.oauth2.grants.code;
import java.util.List;
import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
@@ -56,9 +57,10 @@ public interface AuthorizationCodeDataProvider extends OAuthDataProvider {
/**
* Return the list of code grants associated with a given client
* @param client the client
+ * @param subject the user subject, can be null
* @return the list of grants
* @throws OAuthServiceException
* @see ServerAuthorizationCodeGrant
*/
- List<ServerAuthorizationCodeGrant> getCodeGrants(Client c) throws OAuthServiceException;
+ List<ServerAuthorizationCodeGrant> getCodeGrants(Client c, UserSubject subject) throws OAuthServiceException;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/c545843c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
index 9c0216c..12edf9b 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
@@ -27,6 +27,7 @@ import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.provider.DefaultEHCacheOAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
@@ -63,7 +64,7 @@ public class DefaultEHCacheCodeDataProvider extends DefaultEHCacheOAuthDataProvi
}
protected void removeClientCodeGrants(Client c) {
- for (ServerAuthorizationCodeGrant grant : getCodeGrants(c)) {
+ for (ServerAuthorizationCodeGrant grant : getCodeGrants(c, null)) {
removeCodeGrant(grant.getCode());
}
}
@@ -81,14 +82,17 @@ public class DefaultEHCacheCodeDataProvider extends DefaultEHCacheOAuthDataProvi
return AbstractCodeDataProvider.initCodeGrant(reg, codeLifetime);
}
- public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c) {
+ public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c, UserSubject sub) {
List<String> keys = CastUtils.cast(codeGrantCache.getKeys());
List<ServerAuthorizationCodeGrant> grants =
new ArrayList<ServerAuthorizationCodeGrant>(keys.size());
for (String key : keys) {
ServerAuthorizationCodeGrant grant = getCodeGrant(key);
if (c == null || grant.getClient().getClientId().equals(c.getClientId())) {
- grants.add(grant);
+ UserSubject grantSub = grant.getSubject();
+ if (sub == null || grantSub != null && grantSub.getLogin().equals(sub.getLogin())) {
+ grants.add(grant);
+ }
}
}
return grants;
http://git-wip-us.apache.org/repos/asf/cxf/blob/c545843c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
index 63c1e26..a3ff5b3 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
@@ -27,6 +27,7 @@ import java.util.Set;
import javax.crypto.SecretKey;
import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.provider.DefaultEncryptingOAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
@@ -54,7 +55,7 @@ public class DefaultEncryptingCodeDataProvider extends DefaultEncryptingOAuthDat
}
protected void removeClientCodeGrants(Client c) {
- for (ServerAuthorizationCodeGrant grant : getCodeGrants(c)) {
+ for (ServerAuthorizationCodeGrant grant : getCodeGrants(c, null)) {
removeCodeGrant(grant.getCode());
}
}
@@ -66,13 +67,16 @@ public class DefaultEncryptingCodeDataProvider extends DefaultEncryptingOAuthDat
return grant;
}
- public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c) {
+ public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c, UserSubject sub) {
List<ServerAuthorizationCodeGrant> list =
new ArrayList<ServerAuthorizationCodeGrant>(grants.size());
for (String key : grants) {
ServerAuthorizationCodeGrant grant = getCodeGrant(key);
- if (grant.getClient().getClientId().equals(c.getClientId())) {
- list.add(grant);
+ if (c == null || grant.getClient().getClientId().equals(c.getClientId())) {
+ UserSubject grantSub = grant.getSubject();
+ if (sub == null || grantSub != null && grantSub.getLogin().equals(sub.getLogin())) {
+ list.add(grant);
+ }
}
}
return list;
http://git-wip-us.apache.org/repos/asf/cxf/blob/c545843c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 01525b8..5183385 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -285,10 +285,10 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
}
protected void removeClientTokens(Client c) {
- for (RefreshToken rt : getRefreshTokens(c)) {
+ for (RefreshToken rt : getRefreshTokens(c, null)) {
revokeRefreshToken(rt.getTokenKey());
}
- for (ServerAccessToken at : getAccessTokens(c)) {
+ for (ServerAccessToken at : getAccessTokens(c, null)) {
revokeAccessToken(at.getTokenKey());
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/c545843c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
index 1f6ac00..3bf487e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
@@ -108,12 +108,12 @@ public class DefaultEHCacheOAuthDataProvider extends AbstractOAuthDataProvider {
}
@Override
- public List<ServerAccessToken> getAccessTokens(Client c) {
+ public List<ServerAccessToken> getAccessTokens(Client c, UserSubject sub) {
List<String> keys = CastUtils.cast(accessTokenCache.getKeys());
List<ServerAccessToken> tokens = new ArrayList<ServerAccessToken>(keys.size());
for (String key : keys) {
ServerAccessToken token = getAccessToken(key);
- if (c == null || token.getClient().getClientId().equals(c.getClientId())) {
+ if (isTokenMatched(token, c, sub)) {
tokens.add(token);
}
}
@@ -121,18 +121,28 @@ public class DefaultEHCacheOAuthDataProvider extends AbstractOAuthDataProvider {
}
@Override
- public List<RefreshToken> getRefreshTokens(Client c) {
+ public List<RefreshToken> getRefreshTokens(Client c, UserSubject sub) {
List<String> keys = CastUtils.cast(refreshTokenCache.getKeys());
List<RefreshToken> tokens = new ArrayList<RefreshToken>(keys.size());
for (String key : keys) {
RefreshToken token = getRefreshToken(key);
- if (c == null || token.getClient().getClientId().equals(c.getClientId())) {
+ if (isTokenMatched(token, c, sub)) {
tokens.add(token);
}
}
return tokens;
}
+ protected static boolean isTokenMatched(ServerAccessToken token, Client c, UserSubject sub) {
+ if (c == null || token.getClient().getClientId().equals(c.getClientId())) {
+ UserSubject tokenSub = token.getSubject();
+ if (sub == null || tokenSub != null && tokenSub.getLogin().equals(sub.getLogin())) {
+ return true;
+ }
+ }
+ return false;
+ }
+
@Override
public ServerAccessToken getAccessToken(String accessToken) throws OAuthServiceException {
return getCacheValue(accessTokenCache, accessToken, ServerAccessToken.class);
http://git-wip-us.apache.org/repos/asf/cxf/blob/c545843c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
index 7b4f88f..fa675f6 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
@@ -82,27 +82,37 @@ public class DefaultEncryptingOAuthDataProvider extends AbstractOAuthDataProvide
return clients;
}
@Override
- public List<ServerAccessToken> getAccessTokens(Client c) {
+ public List<ServerAccessToken> getAccessTokens(Client c, UserSubject sub) {
List<ServerAccessToken> list = new ArrayList<ServerAccessToken>(tokens.size());
for (String tokenKey : tokens) {
ServerAccessToken token = getAccessToken(tokenKey);
- if (token.getClient().getClientId().equals(c.getClientId())) {
+ if (isTokenMatched(token, c, sub)) {
list.add(token);
}
}
return list;
}
@Override
- public List<RefreshToken> getRefreshTokens(Client c) {
+ public List<RefreshToken> getRefreshTokens(Client c, UserSubject sub) {
List<RefreshToken> list = new ArrayList<RefreshToken>(refreshTokens.size());
for (String tokenKey : tokens) {
RefreshToken token = getRefreshToken(tokenKey);
- if (token.getClient().getClientId().equals(c.getClientId())) {
+ if (isTokenMatched(token, c, sub)) {
list.add(token);
}
}
return list;
}
+
+ protected static boolean isTokenMatched(ServerAccessToken token, Client c, UserSubject sub) {
+ if (c == null || token.getClient().getClientId().equals(c.getClientId())) {
+ UserSubject tokenSub = token.getSubject();
+ if (sub == null || tokenSub != null && tokenSub.getLogin().equals(sub.getLogin())) {
+ return true;
+ }
+ }
+ return false;
+ }
@Override
public ServerAccessToken getAccessToken(String accessToken) throws OAuthServiceException {
try {
http://git-wip-us.apache.org/repos/asf/cxf/blob/c545843c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
index b7ae576..2587634 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
@@ -89,18 +89,20 @@ public interface OAuthDataProvider {
/**
* Return all access tokens associated with a given client
* @param client the client
+ * @param subject the user subject, can be null
* @return list of access tokens
* @throws OAuthServiceException
*/
- List<ServerAccessToken> getAccessTokens(Client client) throws OAuthServiceException;
+ List<ServerAccessToken> getAccessTokens(Client client, UserSubject subject) throws OAuthServiceException;
/**
* Return all refresh tokens associated with a given client
* @param client the client
+ * @param subject the user subject, can be null
* @return list of refresh tokens
* @throws OAuthServiceException
*/
- List<RefreshToken> getRefreshTokens(Client client) throws OAuthServiceException;
+ List<RefreshToken> getRefreshTokens(Client client, UserSubject subject) throws OAuthServiceException;
/**
* Revokes a refresh or access token
http://git-wip-us.apache.org/repos/asf/cxf/blob/c545843c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 5b050df..be1bcc1 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -172,7 +172,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
client, requestedScope, userSubject, supportedGrantType);
final boolean authorizationCanBeSkipped =
preAuthorizedToken != null
- || canAuthorizationBeSkipped(client, requestedScope, requestedPermissions);
+ || canAuthorizationBeSkipped(client, userSubject, requestedScope, requestedPermissions);
// Populate the authorization challenge data
OAuthAuthorizationData data =
@@ -195,6 +195,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
}
protected boolean canAuthorizationBeSkipped(Client client,
+ UserSubject userSubject,
List<String> requestedScope,
List<OAuthPermission> permissions) {
return false;
http://git-wip-us.apache.org/repos/asf/cxf/blob/c545843c/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/OAuthDataProviderImpl.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/OAuthDataProviderImpl.java
index 3be5549..18bef04 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/OAuthDataProviderImpl.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/OAuthDataProviderImpl.java
@@ -78,13 +78,13 @@ public class OAuthDataProviderImpl implements OAuthDataProvider {
}
@Override
- public List<ServerAccessToken> getAccessTokens(Client client) throws OAuthServiceException {
+ public List<ServerAccessToken> getAccessTokens(Client client, UserSubject sub) throws OAuthServiceException {
// TODO Auto-generated method stub
return null;
}
@Override
- public List<RefreshToken> getRefreshTokens(Client client) throws OAuthServiceException {
+ public List<RefreshToken> getRefreshTokens(Client client, UserSubject sub) throws OAuthServiceException {
// TODO Auto-generated method stub
return null;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/c545843c/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CodeGrantEncryptingDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CodeGrantEncryptingDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CodeGrantEncryptingDataProvider.java
index 3f4d7da..80b09ec 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CodeGrantEncryptingDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/CodeGrantEncryptingDataProvider.java
@@ -23,6 +23,7 @@ import java.util.List;
import java.util.Set;
import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider;
import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
@@ -56,7 +57,7 @@ public class CodeGrantEncryptingDataProvider extends EncryptingDataProvider
}
@Override
- public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c) throws OAuthServiceException {
+ public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c, UserSubject sub) throws OAuthServiceException {
// TODO Auto-generated method stub
return null;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/c545843c/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
index 5d2f40d..36c353d 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/utils/crypto/EncryptingDataProvider.java
@@ -144,13 +144,13 @@ public class EncryptingDataProvider implements OAuthDataProvider {
}
@Override
- public List<ServerAccessToken> getAccessTokens(Client client) throws OAuthServiceException {
+ public List<ServerAccessToken> getAccessTokens(Client client, UserSubject sub) throws OAuthServiceException {
// TODO Auto-generated method stub
return null;
}
@Override
- public List<RefreshToken> getRefreshTokens(Client client) throws OAuthServiceException {
+ public List<RefreshToken> getRefreshTokens(Client client, UserSubject sub) throws OAuthServiceException {
// TODO Auto-generated method stub
return null;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/c545843c/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
index 99fda9f..67a7118 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
@@ -22,6 +22,7 @@ import java.util.List;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService;
public class OidcAuthorizationCodeService extends AuthorizationCodeGrantService {
@@ -29,6 +30,7 @@ public class OidcAuthorizationCodeService extends AuthorizationCodeGrantService
private boolean skipAuthorizationWithOidcScope;
@Override
protected boolean canAuthorizationBeSkipped(Client client,
+ UserSubject userSubject,
List<String> requestedScope,
List<OAuthPermission> permissions) {
// No need to challenge the authenticated user with the authorization form
http://git-wip-us.apache.org/repos/asf/cxf/blob/c545843c/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
index edf8e98..b53c352 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
@@ -67,6 +67,7 @@ public class OidcImplicitService extends ImplicitGrantService {
@Override
protected boolean canAuthorizationBeSkipped(Client client,
+ UserSubject userSubject,
List<String> requestedScope,
List<OAuthPermission> permissions) {
// No need to challenge the authenticated user with the authorization form