You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/07/08 17:33:43 UTC

cxf git commit: Minor update to OAuth2 JwsReq filter

Repository: cxf
Updated Branches:
  refs/heads/master 0e93e9030 -> b71933f09


Minor update to OAuth2 JwsReq filter


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b71933f0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b71933f0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b71933f0

Branch: refs/heads/master
Commit: b71933f0963c9a4410531849ac6ef5bca937f7e1
Parents: 0e93e90
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Wed Jul 8 16:33:28 2015 +0100
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Wed Jul 8 16:33:28 2015 +0100

----------------------------------------------------------------------
 .../oauth2/grants/code/JwtRequestCodeFilter.java        | 12 ++++++++++++
 1 file changed, 12 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/b71933f0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
index 4920af0..d80c8bd 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
@@ -26,6 +26,7 @@ import javax.crypto.SecretKey;
 import javax.ws.rs.core.MultivaluedMap;
 
 import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
@@ -44,6 +45,7 @@ import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter {
     private static final String REQUEST_PARAM = "request";
+    private static final String REQUEST_URI_PARAM = "request_uri";
     private JweDecryptionProvider jweDecryptor;
     private JwsSignatureVerifier jwsVerifier;
     private boolean verifyWithClientCertificates;
@@ -56,6 +58,12 @@ public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter {
                                                   UserSubject endUser,
                                                   Client client) {
         String requestToken = params.getFirst(REQUEST_PARAM);
+        if (requestToken == null) {
+            String requestUri = params.getFirst(REQUEST_URI_PARAM);
+            if (requestUri != null && requestUri.startsWith(getPrefix(client))) {
+                requestToken = WebClient.create(requestUri).get(String.class);
+            }
+        }
         if (requestToken != null) {
             JweDecryptionProvider theJweDecryptor = getInitializedDecryptionProvider(client);
             if (theJweDecryptor != null) {
@@ -92,6 +100,10 @@ public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter {
             return params;
         }
     }
+    private String getPrefix(Client client) {
+        //TODO: consider restricting to specific hosts
+        return "https://";
+    }
     public void setJweDecryptor(JweDecryptionProvider jweDecryptor) {
         this.jweDecryptor = jweDecryptor;
     }