You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2020/11/17 11:30:48 UTC

[cxf] branch master updated: CXF-8370 - Make the principal optional for the start of the authorization flow

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new 821471d  CXF-8370 - Make the principal optional for the start of the authorization flow
821471d is described below

commit 821471d951ad1cd16546658b086eb3f607287f99
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Nov 17 11:30:09 2020 +0000

    CXF-8370 - Make the principal optional for the start of the authorization flow
---
 .../oauth2/services/RedirectionBasedGrantService.java      | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 372d2f2..dafdc82 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -137,11 +137,15 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
      * Starts the authorization process
      */
     protected Response startAuthorization(MultivaluedMap<String, String> params) {
-        // Make sure the end user has authenticated, check if HTTPS is used
-        SecurityContext sc = getAndValidateSecurityContext(params);
+        UserSubject userSubject = null;
+        SecurityContext securityContext =
+                (SecurityContext)getMessageContext().get(SecurityContext.class.getName());
+        if (securityContext != null && securityContext.getUserPrincipal() != null) {
+            // Create a UserSubject representing the end user, if we have already authenticated
+            userSubject = createUserSubject(securityContext, params);
+        }
+        checkTransportSecurity();
         Client client = getClient(params.getFirst(OAuthConstants.CLIENT_ID), params);
-        // Create a UserSubject representing the end user
-        UserSubject userSubject = createUserSubject(sc, params);
 
         if (authorizationFilter != null) {
             params = authorizationFilter.process(params, userSubject, client);
@@ -340,7 +344,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         return state;
     }
     protected void personalizeData(OAuthAuthorizationData data, UserSubject userSubject) {
-        if (resourceOwnerNameProvider != null) {
+        if (resourceOwnerNameProvider != null && userSubject != null) {
             data.setEndUserName(resourceOwnerNameProvider.getName(userSubject));
         }
     }