You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2020/11/17 11:30:48 UTC
[cxf] branch master updated: CXF-8370 - Make the principal optional
for the start of the authorization flow
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 821471d CXF-8370 - Make the principal optional for the start of the authorization flow
821471d is described below
commit 821471d951ad1cd16546658b086eb3f607287f99
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Nov 17 11:30:09 2020 +0000
CXF-8370 - Make the principal optional for the start of the authorization flow
---
.../oauth2/services/RedirectionBasedGrantService.java | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 372d2f2..dafdc82 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -137,11 +137,15 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
* Starts the authorization process
*/
protected Response startAuthorization(MultivaluedMap<String, String> params) {
- // Make sure the end user has authenticated, check if HTTPS is used
- SecurityContext sc = getAndValidateSecurityContext(params);
+ UserSubject userSubject = null;
+ SecurityContext securityContext =
+ (SecurityContext)getMessageContext().get(SecurityContext.class.getName());
+ if (securityContext != null && securityContext.getUserPrincipal() != null) {
+ // Create a UserSubject representing the end user, if we have already authenticated
+ userSubject = createUserSubject(securityContext, params);
+ }
+ checkTransportSecurity();
Client client = getClient(params.getFirst(OAuthConstants.CLIENT_ID), params);
- // Create a UserSubject representing the end user
- UserSubject userSubject = createUserSubject(sc, params);
if (authorizationFilter != null) {
params = authorizationFilter.process(params, userSubject, client);
@@ -340,7 +344,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
return state;
}
protected void personalizeData(OAuthAuthorizationData data, UserSubject userSubject) {
- if (resourceOwnerNameProvider != null) {
+ if (resourceOwnerNameProvider != null && userSubject != null) {
data.setEndUserName(resourceOwnerNameProvider.getName(userSubject));
}
}