You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwebbeans.apache.org by rm...@apache.org on 2017/09/15 06:55:43 UTC
svn commit: r1808413 - in /openwebbeans/meecrowave/trunk: ./
meecrowave-core/ meecrowave-core/src/main/java/org/apache/meecrowave/cxf/
meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/
meecrowave-oauth2/src/main/java/org/apache/meecrowa...
Author: rmannibucau
Date: Fri Sep 15 06:55:42 2017
New Revision: 1808413
URL: http://svn.apache.org/viewvc?rev=1808413&view=rev
Log:
MEECROWAVE-66 CXF 3.2.0 upgrade - note we can need G jaxrs 2.1 api
Modified:
openwebbeans/meecrowave/trunk/meecrowave-core/pom.xml
openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/CxfCdiAutoSetup.java
openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/JAXRSFieldInjectionInterceptor.java
openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/KnownJarsFilter.java
openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java
openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/data/RefreshTokenEnabledProvider.java
openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/test/java/org/apache/meecrowave/oauth2/OAuth2Test.java
openwebbeans/meecrowave/trunk/pom.xml
Modified: openwebbeans/meecrowave/trunk/meecrowave-core/pom.xml
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-core/pom.xml?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-core/pom.xml (original)
+++ openwebbeans/meecrowave/trunk/meecrowave-core/pom.xml Fri Sep 15 06:55:42 2017
@@ -59,11 +59,18 @@
<artifactId>geronimo-jsonb_1.0_spec</artifactId>
<version>1.0</version>
</dependency>
+ <!-- todo: when G has the API just upgrade and get rid of javax one
<dependency>
<groupId>org.apache.geronimo.specs</groupId>
<artifactId>geronimo-jaxrs_2.0_spec</artifactId>
<version>1.0-alpha-1</version>
</dependency>
+ -->
+ <dependency>
+ <groupId>javax.ws.rs</groupId>
+ <artifactId>javax.ws.rs-api</artifactId>
+ <version>2.1</version>
+ </dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-jaspic-api</artifactId>
@@ -128,8 +135,8 @@
<artifactId>javax.annotation-api</artifactId>
</exclusion>
<exclusion>
- <groupId>org.codehaus.woodstox</groupId>
- <artifactId>woodstox-core-asl</artifactId>
+ <groupId>com.fasterxml.woodstox</groupId>
+ <artifactId>woodstox-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.ws.xmlschema</groupId>
Modified: openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/CxfCdiAutoSetup.java
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/CxfCdiAutoSetup.java?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/CxfCdiAutoSetup.java (original)
+++ openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/CxfCdiAutoSetup.java Fri Sep 15 06:55:42 2017
@@ -318,7 +318,7 @@ public class CxfCdiAutoSetup implements
// just logging the endpoints
final LogFacade log = new LogFacade(CxfCdiAutoSetup.class.getName());
- final DestinationRegistry registry = getDestinationRegistryFromBus();
+ final DestinationRegistry registry = getDestinationRegistryFromBusOrDefault(null);
prefixes = registry.getDestinations().stream()
.filter(ServletDestination.class::isInstance)
.map(ServletDestination.class::cast)
Modified: openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/JAXRSFieldInjectionInterceptor.java
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/JAXRSFieldInjectionInterceptor.java?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/JAXRSFieldInjectionInterceptor.java (original)
+++ openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/cxf/JAXRSFieldInjectionInterceptor.java Fri Sep 15 06:55:42 2017
@@ -18,13 +18,14 @@
*/
package org.apache.meecrowave.cxf;
-import org.apache.cxf.jaxrs.model.ApplicationInfo;
-import org.apache.cxf.jaxrs.model.OperationResourceInfoStack;
-import org.apache.cxf.jaxrs.utils.InjectionUtils;
-import org.apache.cxf.jaxrs.utils.JAXRSUtils;
-import org.apache.cxf.message.Message;
-import org.apache.webbeans.annotation.EmptyAnnotationLiteral;
-import org.apache.webbeans.intercept.ConstructorInterceptorInvocationContext;
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.io.Serializable;
+import java.lang.annotation.Annotation;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+import java.util.concurrent.atomic.AtomicBoolean;
import javax.annotation.Priority;
import javax.interceptor.AroundConstruct;
@@ -33,14 +34,15 @@ import javax.interceptor.Interceptor;
import javax.interceptor.InterceptorBinding;
import javax.interceptor.InvocationContext;
import javax.ws.rs.core.Application;
-import java.io.Serializable;
-import java.lang.annotation.Annotation;
-import java.lang.annotation.Retention;
-import java.lang.annotation.Target;
-import java.util.concurrent.atomic.AtomicBoolean;
-import static java.lang.annotation.ElementType.TYPE;
-import static java.lang.annotation.RetentionPolicy.RUNTIME;
+import org.apache.cxf.jaxrs.model.ApplicationInfo;
+import org.apache.cxf.jaxrs.model.OperationResourceInfoStack;
+import org.apache.cxf.jaxrs.provider.ProviderFactory;
+import org.apache.cxf.jaxrs.utils.InjectionUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
+import org.apache.webbeans.annotation.EmptyAnnotationLiteral;
+import org.apache.webbeans.intercept.ConstructorInterceptorInvocationContext;
@Interceptor
@Priority(Interceptor.Priority.PLATFORM_BEFORE)
@@ -87,7 +89,8 @@ public class JAXRSFieldInjectionIntercep
InjectionUtils.injectContextProxiesAndApplication(
stack.lastElement().getMethodInfo().getClassResourceInfo(),
instance,
- application);
+ application,
+ ProviderFactory.getInstance(current));
injected.compareAndSet(false, true);
}
}
Modified: openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/KnownJarsFilter.java
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/KnownJarsFilter.java?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/KnownJarsFilter.java (original)
+++ openwebbeans/meecrowave/trunk/meecrowave-core/src/main/java/org/apache/meecrowave/openwebbeans/KnownJarsFilter.java Fri Sep 15 06:55:42 2017
@@ -300,7 +300,7 @@ public class KnownJarsFilter implements
add("webbeans-impl");
add("webbeans-spi");
add("websocket-api");
- add("woodstox-core-asl-");
+ add("woodstox-core-");
add("ws-commons-util-");
add("wsdl4j-");
add("wss4j-");
Modified: openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java (original)
+++ openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Configurer.java Fri Sep 15 06:55:42 2017
@@ -20,12 +20,15 @@ package org.apache.meecrowave.oauth2.con
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.cxf.Bus;
+import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.interceptor.security.AuthenticationException;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
-import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
-import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
+import org.apache.cxf.rs.security.jose.jwe.JweUtils;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
@@ -47,9 +50,11 @@ import org.apache.cxf.rs.security.oauth2
import org.apache.cxf.rs.security.oauth2.provider.JPAOAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.JoseSessionTokenProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.services.AbstractTokenService;
import org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.apache.meecrowave.Meecrowave;
import org.apache.meecrowave.oauth2.data.RefreshTokenEnabledProvider;
import org.apache.meecrowave.oauth2.provider.JCacheCodeDataProvider;
@@ -61,10 +66,9 @@ import javax.enterprise.context.Applicat
import javax.inject.Inject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.core.MultivaluedMap;
import java.io.IOException;
import java.io.StringReader;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.ArrayList;
@@ -167,7 +171,7 @@ public class OAuth2Configurer {
try {
final Principal pcp = request.getUserPrincipal();
final List<String> roles = GenericPrincipal.class.isInstance(pcp) ?
- new ArrayList<String>(asList(GenericPrincipal.class.cast(pcp).getRoles())) : Collections.<String>emptyList();
+ new ArrayList<>(asList(GenericPrincipal.class.cast(pcp).getRoles())) : Collections.<String>emptyList();
final UserSubject userSubject = new UserSubject(name, roles);
userSubject.setAuthenticationMethod(PASSWORD);
return userSubject;
@@ -246,41 +250,44 @@ public class OAuth2Configurer {
.collect(toMap(s -> s.substring("oauth2.cxf.".length()), s -> builder.getProperties().getProperty(s)));
final JoseSessionTokenProvider sessionAuthenticityTokenProvider = new JoseSessionTokenProvider() {
- // getSessionState() is buggy in cxf 3.1.9 so we fix it there
- private final Method convertStateStringToState;
-
- {
- try {
- convertStateStringToState = JoseSessionTokenProvider.class.getDeclaredMethod("convertStateStringToState", String.class);
- if (!convertStateStringToState.isAccessible()) {
- convertStateStringToState.setAccessible(true);
- }
- } catch (final NoSuchMethodException e) {
- throw new IllegalStateException(e);
+ private int maxDefaultSessionInterval;
+ private boolean jweRequired;
+ private JweEncryptionProvider jweEncryptor;
+
+ @Override // workaround a NPE of 3.2.0 - https://issues.apache.org/jira/browse/CXF-7504
+ public String createSessionToken(final MessageContext mc, final MultivaluedMap<String, String> params,
+ final UserSubject subject, final OAuthRedirectionState secData) {
+ String stateString = convertStateToString(secData);
+ final JwsSignatureProvider jws = getInitializedSigProvider();
+ final JweEncryptionProvider jwe = jweEncryptor == null ?
+ JweUtils.loadEncryptionProvider(new JweHeaders(), jweRequired) : jweEncryptor;
+ if (jws == null && jwe == null) {
+ throw new OAuthServiceException("Session token can not be created");
}
- }
-
- @Override
- public OAuthRedirectionState getSessionState(final MessageContext messageContext, final String sessionToken,
- final UserSubject subject) {
- final JweDecryptionProvider jwe = getInitializedDecryptionProvider();
- final JwsSignatureVerifier jws = getInitializedSigVerifier();
- String stateString = jwe.decrypt(sessionToken).getContentText();
if (jws != null) {
- stateString = JwsUtils.verify(jws, stateString).getDecodedJwsPayload();
+ stateString = JwsUtils.sign(jws, stateString, null);
}
- try {
- return OAuthRedirectionState.class.cast(convertStateStringToState.invoke(this, stateString));
- } catch (IllegalAccessException e) {
- throw new IllegalStateException(e);
- } catch (InvocationTargetException e) {
- final Throwable cause = e.getCause();
- if (RuntimeException.class.isInstance(cause)) {
- throw RuntimeException.class.cast(cause);
- }
- throw new IllegalStateException(cause);
+ if (jwe != null) {
+ stateString = jwe.encrypt(StringUtils.toBytesUTF8(stateString), null);
}
+ return OAuthUtils.setSessionToken(mc, stateString, maxDefaultSessionInterval);
+ }
+
+ public void setJweEncryptor(final JweEncryptionProvider jweEncryptor) {
+ super.setJweEncryptor(jweEncryptor);
+ this.jweEncryptor = jweEncryptor;
+ }
+ @Override
+ public void setJweRequired(final boolean jweRequired) {
+ super.setJweRequired(jweRequired);
+ this.jweRequired = jweRequired;
+ }
+
+ @Override
+ public void setMaxDefaultSessionInterval(final int maxDefaultSessionInterval) {
+ super.setMaxDefaultSessionInterval(maxDefaultSessionInterval);
+ this.maxDefaultSessionInterval = maxDefaultSessionInterval;
}
};
sessionAuthenticityTokenProvider.setMaxDefaultSessionInterval(configuration.getMaxDefaultSessionInterval());
Modified: openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/data/RefreshTokenEnabledProvider.java
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/data/RefreshTokenEnabledProvider.java?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/data/RefreshTokenEnabledProvider.java (original)
+++ openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/main/java/org/apache/meecrowave/oauth2/data/RefreshTokenEnabledProvider.java Fri Sep 15 06:55:42 2017
@@ -85,12 +85,6 @@ public class RefreshTokenEnabledProvider
}
@Override
- @Deprecated
- public void removeAccessToken(final ServerAccessToken accessToken) throws OAuthServiceException {
- delegate.removeAccessToken(accessToken);
- }
-
- @Override
public List<ServerAccessToken> getAccessTokens(final Client client, final UserSubject subject) throws OAuthServiceException {
return delegate.getAccessTokens(client, subject);
}
Modified: openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/test/java/org/apache/meecrowave/oauth2/OAuth2Test.java
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/test/java/org/apache/meecrowave/oauth2/OAuth2Test.java?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/test/java/org/apache/meecrowave/oauth2/OAuth2Test.java (original)
+++ openwebbeans/meecrowave/trunk/meecrowave-oauth2/src/test/java/org/apache/meecrowave/oauth2/OAuth2Test.java Fri Sep 15 06:55:42 2017
@@ -20,6 +20,8 @@ package org.apache.meecrowave.oauth2;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
import org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider;
Modified: openwebbeans/meecrowave/trunk/pom.xml
URL: http://svn.apache.org/viewvc/openwebbeans/meecrowave/trunk/pom.xml?rev=1808413&r1=1808412&r2=1808413&view=diff
==============================================================================
--- openwebbeans/meecrowave/trunk/pom.xml (original)
+++ openwebbeans/meecrowave/trunk/pom.xml Fri Sep 15 06:55:42 2017
@@ -51,7 +51,7 @@
<junit.version>4.12</junit.version>
<tomcat.version>9.0.0.M26</tomcat.version>
<openwebbeans.version>2.0.1</openwebbeans.version>
- <cxf.version>3.1.12</cxf.version>
+ <cxf.version>3.2.0</cxf.version>
<johnzon.version>1.1.3</johnzon.version>
<log4j2.version>2.9.0</log4j2.version>
<deltaspike.version>1.8.0</deltaspike.version>