You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/12/14 11:58:05 UTC
cxf-fediz git commit: Removing the nonce related code now that the id
token filter sets it
Repository: cxf-fediz
Updated Branches:
refs/heads/master f1a7b9684 -> 7c6707f8a
Removing the nonce related code now that the id token filter sets it
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/7c6707f8
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/7c6707f8
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/7c6707f8
Branch: refs/heads/master
Commit: 7c6707f8a5c2b346fa77df9a41f9fb4c1fecc8a7
Parents: f1a7b96
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Dec 14 10:57:50 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Dec 14 10:57:50 2015 +0000
----------------------------------------------------------------------
.../apache/cxf/fediz/service/oidc/OAuthDataManager.java | 11 ++++-------
.../cxf/fediz/service/oidc/SamlTokenConverter.java | 8 +++-----
2 files changed, 7 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7c6707f8/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
index 51c5296..f8d7584 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
@@ -48,8 +48,7 @@ public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
throws OAuthServiceException {
ServerAuthorizationCodeGrant grant = super.doCreateCodeGrant(reg);
OidcUserSubject oidcSub = createOidcSubject(grant.getClient(),
- grant.getSubject(),
- reg.getNonce());
+ grant.getSubject());
grant.setSubject(oidcSub);
return grant;
}
@@ -60,8 +59,7 @@ public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
ServerAccessToken token = super.doCreateAccessToken(reg);
if (OAuthConstants.IMPLICIT_GRANT.equals(reg.getGrantType())) {
OidcUserSubject oidcSub = createOidcSubject(token.getClient(),
- token.getSubject(),
- reg.getNonce());
+ token.getSubject());
token.setSubject(oidcSub);
}
return token;
@@ -75,7 +73,7 @@ public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
return super.convertScopeToPermissions(client, requestedScopes);
}
- protected OidcUserSubject createOidcSubject(Client client, UserSubject subject, String nonce) {
+ protected OidcUserSubject createOidcSubject(Client client, UserSubject subject) {
Principal principal = getMessageContext().getSecurityContext().getUserPrincipal();
if (!(principal instanceof FedizPrincipal)) {
@@ -85,8 +83,7 @@ public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
IdToken idToken = tokenConverter.convertToIdToken(fedizPrincipal.getLoginToken(),
fedizPrincipal.getName(),
fedizPrincipal.getClaims(),
- client.getClientId(),
- nonce);
+ client.getClientId());
//TODO: Consider populating UserInfo at this point too, with UserInfo having few more claims
// from the claims collection, and setting it on OidcUserSubject
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7c6707f8/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
index 5e4a363..4178017 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
@@ -19,6 +19,7 @@
package org.apache.cxf.fediz.service.oidc;
import org.w3c.dom.Element;
+
import org.apache.cxf.fediz.core.Claim;
import org.apache.cxf.fediz.core.ClaimCollection;
import org.apache.cxf.fediz.core.ClaimTypes;
@@ -29,6 +30,7 @@ import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Issuer;
+
public class SamlTokenConverter {
private String issuer;
@@ -36,8 +38,7 @@ public class SamlTokenConverter {
public IdToken convertToIdToken(Element samlToken,
String subjectName,
ClaimCollection claims,
- String clientId,
- String nonce) {
+ String clientId) {
IdToken idToken = new IdToken();
idToken.setSubject(subjectName);
idToken.setAudience(clientId);
@@ -92,9 +93,6 @@ public class SamlTokenConverter {
}
}
- if (nonce != null) {
- idToken.setNonce(nonce);
- }
if (issuer != null) {
idToken.setIssuer(issuer);
} else if (saml2Assertion != null) {