You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/11/17 14:05:32 UTC
cxf git commit: More code verifier work
Repository: cxf
Updated Branches:
refs/heads/master aea79e65a -> 7f4b3b163
More code verifier work
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7f4b3b16
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7f4b3b16
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7f4b3b16
Branch: refs/heads/master
Commit: 7f4b3b16302c59d58b81d3cfd057db41b82658b3
Parents: aea79e6
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Nov 17 13:05:03 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Nov 17 13:05:03 2015 +0000
----------------------------------------------------------------------
.../oauth2/client/ClientCodeRequestFilter.java | 28 ++++++++++++--------
.../grants/code/AuthorizationCodeGrant.java | 12 +++++++++
2 files changed, 29 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/7f4b3b16/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index 98ca208..ac09dfc 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -43,7 +43,6 @@ import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.jaxrs.utils.FormUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeGrant;
import org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer;
@@ -156,9 +155,8 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
}
protected void setCodeVerifier(UriBuilder ub, MultivaluedMap<String, String> redirectState) {
if (codeVerifierTransformer != null) {
- String codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
ub.queryParam(OAuthConstants.AUTHORIZATION_CODE_CHALLENGE,
- codeVerifierTransformer.transformCodeVerifier(codeVerifier));
+ redirectState.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER));
ub.queryParam(OAuthConstants.AUTHORIZATION_CODE_CHALLENGE_METHOD,
codeVerifierTransformer.getChallengeMethod());
}
@@ -181,13 +179,19 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
UriInfo ui,
MultivaluedMap<String, String> requestParams) {
+ MultivaluedMap<String, String> state = null;
+ if (clientStateManager != null) {
+ state = clientStateManager.fromRedirectState(mc, requestParams);
+ }
+
String codeParam = requestParams.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
ClientAccessToken at = null;
if (codeParam != null) {
- AccessTokenGrant grant = new AuthorizationCodeGrant(codeParam, getAbsoluteRedirectUri(ui));
+ AuthorizationCodeGrant grant = new AuthorizationCodeGrant(codeParam, getAbsoluteRedirectUri(ui));
+ grant.setCodeVerifier(state.getFirst(OAuthConstants.AUTHORIZATION_CODE_VERIFIER));
at = OAuthClientUtils.getAccessToken(accessTokenServiceClient, consumer, grant);
}
- ClientTokenContext tokenContext = initializeClientTokenContext(rc, at, requestParams);
+ ClientTokenContext tokenContext = initializeClientTokenContext(rc, at, state);
if (at != null && clientTokenContextManager != null) {
clientTokenContextManager.setClientTokenContext(mc, tokenContext);
}
@@ -196,11 +200,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
protected ClientTokenContext initializeClientTokenContext(ContainerRequestContext rc,
ClientAccessToken at,
- MultivaluedMap<String, String> params) {
- MultivaluedMap<String, String> state = null;
- if (clientStateManager != null) {
- state = clientStateManager.fromRedirectState(mc, params);
- }
+ MultivaluedMap<String, String> state) {
ClientTokenContext tokenContext = createTokenContext(rc, at, state);
((ClientTokenContextImpl)tokenContext).setToken(at);
((ClientTokenContextImpl)tokenContext).setState(state);
@@ -226,7 +226,13 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
toCodeRequestState(rc, ui));
}
protected MultivaluedMap<String, String> toCodeRequestState(ContainerRequestContext rc, UriInfo ui) {
- return toRequestState(rc, ui);
+ MultivaluedMap<String, String> state = toRequestState(rc, ui);
+ if (codeVerifierTransformer != null) {
+ String codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32));
+ state.putSingle(OAuthConstants.AUTHORIZATION_CODE_VERIFIER,
+ codeVerifierTransformer.transformCodeVerifier(codeVerifier));
+ }
+ return state;
}
protected MultivaluedMap<String, String> toRequestState(ContainerRequestContext rc, UriInfo ui) {
MultivaluedMap<String, String> requestState = new MetadataMap<String, String>();
http://git-wip-us.apache.org/repos/asf/cxf/blob/7f4b3b16/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java
index d599ba2..80119f1 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java
@@ -36,6 +36,7 @@ public class AuthorizationCodeGrant implements AccessTokenGrant {
private static final long serialVersionUID = -3738825769770411453L;
private String code;
private String redirectUri;
+ private String codeVerifier;
public AuthorizationCodeGrant() {
@@ -96,7 +97,18 @@ public class AuthorizationCodeGrant implements AccessTokenGrant {
if (redirectUri != null) {
map.putSingle(OAuthConstants.REDIRECT_URI, redirectUri);
}
+ if (codeVerifier != null) {
+ map.putSingle(OAuthConstants.AUTHORIZATION_CODE_VERIFIER, codeVerifier);
+ }
return map;
}
+ public String getCodeVerifier() {
+ return codeVerifier;
+ }
+
+ public void setCodeVerifier(String codeVerifier) {
+ this.codeVerifier = codeVerifier;
+ }
+
}