You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/07/27 09:08:48 UTC
cxf-fediz git commit: [FEDIZ-172] Restoring Fediz-specific
OAuthDataProviderImpl and supporting a case of the client_cred clients
already being authenticated before the call reaches AccessTokenService
Repository: cxf-fediz
Updated Branches:
refs/heads/master ab9483bf6 -> 167455bbe
[FEDIZ-172] Restoring Fediz-specific OAuthDataProviderImpl and supporting a case of the client_cred clients already being authenticated before the call reaches AccessTokenService
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/167455bb
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/167455bb
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/167455bb
Branch: refs/heads/master
Commit: 167455bbeaeca9d7f0f76b04bc70a072d8ac1b36
Parents: ab9483b
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Wed Jul 27 12:08:29 2016 +0300
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Wed Jul 27 12:08:29 2016 +0300
----------------------------------------------------------------------
.../service/oidc/OAuthDataProviderImpl.java | 68 ++++++++++++++++++++
.../src/main/webapp/WEB-INF/data-manager.xml | 2 +-
2 files changed, 69 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/167455bb/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
new file mode 100644
index 0000000..7c37cc2
--- /dev/null
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.oidc;
+
+import java.security.Principal;
+
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
+
+ private boolean checkOnlyRegisteredClients;
+
+ @Override
+ public Client getClient(String clientId) {
+ Client client = super.getClient(clientId);
+ if (client != null || checkOnlyRegisteredClients) {
+ return client;
+ }
+ String grantType = (String)getMessageContext().get(OAuthConstants.GRANT_TYPE);
+ if (OAuthConstants.CLIENT_CREDENTIALS_GRANT.equals(grantType)) {
+ // Pre-registering the OAuth2 Client representations for
+ // "client_credentials" can be difficult.
+
+ String clientSecret = (String)getMessageContext().get(OAuthConstants.CLIENT_SECRET);
+ if (clientSecret != null) {
+ // Direct authentication with the back-end storage
+ return authenticateClient(clientId, clientSecret);
+ } else {
+ Principal p = super.getMessageContext().getSecurityContext().getUserPrincipal();
+ if (clientId.equals(p.getName())) {
+ // Client was already authenticated with Servlet Security
+ // or CXF (JAAS/etc) filters
+ return new Client(clientId, null, true);
+ }
+ }
+ }
+ return null;
+ }
+
+ protected Client authenticateClient(String clientId, String clientSecret) {
+ // If the authentication is successful:
+ // return new Client(clientId, clientSecret, true)
+ return null;
+ }
+
+ public void setCheckOnlyRegisteredClients(boolean checkOnlyRegisteredClients) {
+ this.checkOnlyRegisteredClients = checkOnlyRegisteredClients;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/167455bb/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
index 6422263..5640443 100644
--- a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
@@ -56,7 +56,7 @@
AbstractCodeDataProvider extension or implement AuthorizationCodeDataProvider directly
-->
<bean id="oauthProvider"
- class="org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider"
+ class="org.apache.cxf.fediz.service.oidc.OAuthDataProviderImpl"
init-method="init" destroy-method="close">
<!-- List of accepted scopes -->
<property name="supportedScopes" ref="supportedScopes"/>