You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/07/27 09:08:48 UTC

cxf-fediz git commit: [FEDIZ-172] Restoring Fediz-specific OAuthDataProviderImpl and supporting a case of the client_cred clients already being authenticated before the call reaches AccessTokenService

Repository: cxf-fediz
Updated Branches:
  refs/heads/master ab9483bf6 -> 167455bbe


[FEDIZ-172] Restoring Fediz-specific OAuthDataProviderImpl and supporting a case of the client_cred clients already being authenticated before the call reaches AccessTokenService


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/167455bb
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/167455bb
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/167455bb

Branch: refs/heads/master
Commit: 167455bbeaeca9d7f0f76b04bc70a072d8ac1b36
Parents: ab9483b
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Wed Jul 27 12:08:29 2016 +0300
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Wed Jul 27 12:08:29 2016 +0300

----------------------------------------------------------------------
 .../service/oidc/OAuthDataProviderImpl.java     | 68 ++++++++++++++++++++
 .../src/main/webapp/WEB-INF/data-manager.xml    |  2 +-
 2 files changed, 69 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/167455bb/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
new file mode 100644
index 0000000..7c37cc2
--- /dev/null
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.oidc;
+
+import java.security.Principal;
+
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
+    
+    private boolean checkOnlyRegisteredClients;
+    
+    @Override
+    public Client getClient(String clientId) {
+        Client client = super.getClient(clientId);
+        if (client != null || checkOnlyRegisteredClients) {
+            return client;
+        }
+        String grantType = (String)getMessageContext().get(OAuthConstants.GRANT_TYPE);
+        if (OAuthConstants.CLIENT_CREDENTIALS_GRANT.equals(grantType)) {
+            // Pre-registering the OAuth2 Client representations for 
+            // "client_credentials" can be difficult. 
+            
+            String clientSecret = (String)getMessageContext().get(OAuthConstants.CLIENT_SECRET);
+            if (clientSecret != null) {
+                // Direct authentication with the back-end storage
+                return authenticateClient(clientId, clientSecret);
+            } else {
+                Principal p = super.getMessageContext().getSecurityContext().getUserPrincipal();
+                if (clientId.equals(p.getName())) {
+                    // Client was already authenticated with Servlet Security 
+                    // or CXF (JAAS/etc) filters
+                    return new Client(clientId, null, true);
+                }
+            }
+        }
+        return null;
+    }
+
+    protected Client authenticateClient(String clientId, String clientSecret) {
+        // If the authentication is successful: 
+        // return new Client(clientId, clientSecret, true)
+        return null;
+    }
+
+    public void setCheckOnlyRegisteredClients(boolean checkOnlyRegisteredClients) {
+        this.checkOnlyRegisteredClients = checkOnlyRegisteredClients;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/167455bb/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
index 6422263..5640443 100644
--- a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
@@ -56,7 +56,7 @@
         AbstractCodeDataProvider extension or implement AuthorizationCodeDataProvider directly
     -->     
     <bean id="oauthProvider" 
-          class="org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider"
+          class="org.apache.cxf.fediz.service.oidc.OAuthDataProviderImpl"
           init-method="init" destroy-method="close">
         <!-- List of accepted scopes -->  
         <property name="supportedScopes" ref="supportedScopes"/>