You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/11/19 17:46:51 UTC
cxf-fediz git commit: [FEDIZ-134] Making the nonce available to the
data provider
Repository: cxf-fediz
Updated Branches:
refs/heads/master 355dceb1d -> 1f7749cec
[FEDIZ-134] Making the nonce available to the data provider
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/1f7749ce
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/1f7749ce
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/1f7749ce
Branch: refs/heads/master
Commit: 1f7749cec7eccb0c0bc33da783e233742102cb48
Parents: 355dceb
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Thu Nov 19 16:46:36 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Thu Nov 19 16:46:36 2015 +0000
----------------------------------------------------------------------
.../service/oidc/LocalSamlTokenConverter.java | 7 +++-
.../fediz/service/oidc/OAuthDataManager.java | 39 ++++++++++++--------
.../fediz/service/oidc/SamlTokenConverter.java | 3 +-
.../WEB-INF/views/oAuthAuthorizationData.jsp | 8 ++++
4 files changed, 40 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1f7749ce/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
index 0c1bb1d..001c537 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java
@@ -35,7 +35,8 @@ public class LocalSamlTokenConverter implements SamlTokenConverter {
public IdToken convertToIdToken(Element samlToken,
String subjectName,
ClaimCollection claims,
- String clientId) {
+ String clientId,
+ String nonce) {
IdToken idToken = new IdToken();
idToken.setSubject(subjectName);
idToken.setAudience(clientId);
@@ -90,6 +91,10 @@ public class LocalSamlTokenConverter implements SamlTokenConverter {
}
}
+ if (nonce != null) {
+ idToken.setNonce(nonce);
+ }
+
return idToken;
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1f7749ce/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
index a207b17..d9d90fb 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
@@ -30,11 +30,13 @@ import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.grants.code.AbstractCodeDataProvider;
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
@@ -81,17 +83,19 @@ public class OAuthDataManager extends AbstractCodeDataProvider {
// Grants
@Override
- protected void saveCodeGrant(ServerAuthorizationCodeGrant grant) {
- createIdToken(grant.getClient(), grant.getSubject());
- doSaveCodeGrant(grant);
+ public ServerAuthorizationCodeGrant createCodeGrant(AuthorizationCodeRegistration reg)
+ throws OAuthServiceException {
+ ServerAuthorizationCodeGrant grant = super.createCodeGrant(reg);
+ createIdToken(grant.getClient(), grant.getSubject(), reg.getNonce());
+ return grant;
}
-
- protected void doSaveCodeGrant(ServerAuthorizationCodeGrant grant) {
+
+ @Override
+ protected void saveCodeGrant(ServerAuthorizationCodeGrant grant) {
codeGrants.put(grant.getCode(), grant);
-
}
-
+
@Override
public ServerAuthorizationCodeGrant removeCodeGrant(String code) throws OAuthServiceException {
return codeGrants.remove(code);
@@ -99,15 +103,19 @@ public class OAuthDataManager extends AbstractCodeDataProvider {
// Access Tokens
@Override
- protected void saveAccessToken(ServerAccessToken token) {
- createIdToken(token.getClient(), token.getSubject());
- doSaveAccessToken(token);
+ public ServerAccessToken createAccessToken(AccessTokenRegistration reg)
+ throws OAuthServiceException {
+ ServerAccessToken token = super.createAccessToken(reg);
+ createIdToken(token.getClient(), token.getSubject(), reg.getNonce());
+ return token;
}
- protected void doSaveAccessToken(ServerAccessToken token) {
+ @Override
+ protected void saveAccessToken(ServerAccessToken token) {
accessTokens.put(token.getTokenKey(), token);
}
+
@Override
protected boolean revokeAccessToken(String tokenKey) {
return accessTokens.remove(tokenKey) != null;
@@ -166,23 +174,24 @@ public class OAuthDataManager extends AbstractCodeDataProvider {
}
}
- protected void createIdToken(Client client, UserSubject subject) {
+ protected void createIdToken(Client client, UserSubject subject, String nonce) {
if (subject != null && !subject.getProperties().containsKey(OidcUtils.ID_TOKEN)) {
Principal principal = messageContext.getSecurityContext().getUserPrincipal();
if (principal instanceof FedizPrincipal) {
- String joseIdToken = getJoseIdToken((FedizPrincipal)principal, client);
+ String joseIdToken = getJoseIdToken((FedizPrincipal)principal, client, nonce);
subject.getProperties().put(OidcUtils.ID_TOKEN, joseIdToken);
}
}
}
- protected String getJoseIdToken(FedizPrincipal principal, Client client) {
+ protected String getJoseIdToken(FedizPrincipal principal, Client client, String nonce) {
IdToken idToken = tokenConverter.convertToIdToken(principal.getLoginToken(),
principal.getName(),
principal.getClaims(),
- client.getClientId());
+ client.getClientId(),
+ nonce);
JwsJwtCompactProducer p = new JwsJwtCompactProducer(idToken);
return p.signWith(getJwsSignatureProvider(client));
// the JWS compact output may also need to be encrypted
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1f7749ce/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
index 1fbb087..2ef225b 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/SamlTokenConverter.java
@@ -27,5 +27,6 @@ public interface SamlTokenConverter {
IdToken convertToIdToken(Element samlToken,
String subjectName,
ClaimCollection claims,
- String audience);
+ String audience,
+ String nonce);
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1f7749ce/services/oidc/src/main/webapp/WEB-INF/views/oAuthAuthorizationData.jsp
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/views/oAuthAuthorizationData.jsp b/services/oidc/src/main/webapp/WEB-INF/views/oAuthAuthorizationData.jsp
index e601099..6468eed 100644
--- a/services/oidc/src/main/webapp/WEB-INF/views/oAuthAuthorizationData.jsp
+++ b/services/oidc/src/main/webapp/WEB-INF/views/oAuthAuthorizationData.jsp
@@ -37,6 +37,14 @@
value="<%= data.getClientCodeChallenge() %>"/>
<%
}
+ %>
+ <%
+ if (data.getNonce() != null) {
+ %>
+ <input type="hidden" name="nonce"
+ value="<%= data.getNonce() %>"/>
+ <%
+ }
%>
<input type="hidden" name="scope"
value="<%= data.getProposedScope() %>"/>