You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/02/17 17:31:46 UTC
[1/2] cxf git commit: Make sure that the JwtRequestCodeFilter checks
that the response_type/client_id in the request (if present) match the OAuth
parameters. Also fixed a bug in checking the response type.
Repository: cxf
Updated Branches:
refs/heads/master 2726b68fa -> 52bdff074
Make sure that the JwtRequestCodeFilter checks that the response_type/client_id in the request (if present) match the OAuth parameters. Also fixed a bug in checking the response type.
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e265a32d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e265a32d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e265a32d
Branch: refs/heads/master
Commit: e265a32de75478ae4f39b9031baa7e878f31a72c
Parents: 2726b68
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Feb 17 16:17:27 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Feb 17 16:17:27 2016 +0000
----------------------------------------------------------------------
.../grants/code/JwtRequestCodeFilter.java | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e265a32d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
index 0017850..e05404d 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
@@ -63,12 +63,26 @@ public class JwtRequestCodeFilter extends OAuthJoseJwtConsumer implements Author
JwsSignatureVerifier theSigVerifier = getInitializedSigVerifier(client);
JwtToken jwt = getJwtToken(requestToken, theDecryptor, theSigVerifier);
JwtClaims claims = jwt.getClaims();
+
+ // Check issuer
String iss = issuer != null ? issuer : client.getClientId();
- if (!iss.equals(claims.getIssuer())
- || claims.getClaim(OAuthConstants.CLIENT_ID) != null
- && claims.getStringProperty(OAuthConstants.CLIENT_ID).equals(client.getClientId())) {
+ if (!iss.equals(claims.getIssuer())) {
throw new SecurityException();
}
+
+ // Check client_id - if present it must match the client_id specified in the request
+ if (claims.getClaim(OAuthConstants.CLIENT_ID) != null
+ && !claims.getStringProperty(OAuthConstants.CLIENT_ID).equals(client.getClientId())) {
+ throw new SecurityException();
+ }
+
+ // Check response_type - if present it must match the response_type specified in the request
+ String tokenResponseType = (String)claims.getClaim(OAuthConstants.RESPONSE_TYPE);
+ if (tokenResponseType != null
+ && !tokenResponseType.equals(params.getFirst(OAuthConstants.RESPONSE_TYPE))) {
+ throw new SecurityException();
+ }
+
MultivaluedMap<String, String> newParams = new MetadataMap<String, String>();
Map<String, Object> claimsMap = claims.asMap();
for (Map.Entry<String, Object> entry : claimsMap.entrySet()) {
[2/2] cxf git commit: Store previous params in the new map,
allow them to be overwritten by request params
Posted by co...@apache.org.
Store previous params in the new map, allow them to be overwritten by request params
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/52bdff07
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/52bdff07
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/52bdff07
Branch: refs/heads/master
Commit: 52bdff0740194460c8fe31955710f6826d76d0f6
Parents: e265a32
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Feb 17 16:19:23 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Feb 17 16:19:23 2016 +0000
----------------------------------------------------------------------
.../cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/52bdff07/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
index e05404d..1a82470 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
@@ -83,7 +83,7 @@ public class JwtRequestCodeFilter extends OAuthJoseJwtConsumer implements Author
throw new SecurityException();
}
- MultivaluedMap<String, String> newParams = new MetadataMap<String, String>();
+ MultivaluedMap<String, String> newParams = new MetadataMap<String, String>(params);
Map<String, Object> claimsMap = claims.asMap();
for (Map.Entry<String, Object> entry : claimsMap.entrySet()) {
String key = entry.getKey();