You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by re...@apache.org on 2016/05/26 21:45:55 UTC
[27/50] [abbrv] cxf git commit: Throw an exception if the client
specifies another value with "none" for "prompt"
Throw an exception if the client specifies another value with "none" for "prompt"
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e2f9b7da
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e2f9b7da
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e2f9b7da
Branch: refs/heads/master-jaxrs-2.1
Commit: e2f9b7da6a5e3c9a678c0b45415ac87735bd0494
Parents: 5e11c6d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon May 23 15:03:46 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon May 23 15:04:19 2016 +0100
----------------------------------------------------------------------
.../oidc/idp/OidcAuthorizationCodeService.java | 29 ++++++++++++++++++++
.../security/oidc/idp/OidcImplicitService.java | 18 ++++++++++++
.../jaxrs/security/oidc/OIDCNegativeTest.java | 2 --
3 files changed, 47 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e2f9b7da/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
index 9b6f4f8..a4e9ed5 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcAuthorizationCodeService.java
@@ -19,19 +19,26 @@
package org.apache.cxf.rs.security.oidc.idp;
import java.util.List;
+import java.util.logging.Level;
import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.OAuthError;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
public class OidcAuthorizationCodeService extends AuthorizationCodeGrantService {
+ private static final String PROMPT_PARAMETER = "prompt";
+
private boolean skipAuthorizationWithOidcScope;
@Override
protected boolean canAuthorizationBeSkipped(Client client,
@@ -47,6 +54,28 @@ public class OidcAuthorizationCodeService extends AuthorizationCodeGrantService
public void setSkipAuthorizationWithOidcScope(boolean skipAuthorizationWithOidcScope) {
this.skipAuthorizationWithOidcScope = skipAuthorizationWithOidcScope;
}
+
+ @Override
+ protected Response startAuthorization(MultivaluedMap<String, String> params,
+ UserSubject userSubject,
+ Client client) {
+ // Validate the prompt - if it contains "none" then an error is returned with any other value
+ String prompt = params.getFirst(PROMPT_PARAMETER);
+ if (prompt != null) {
+ String[] promptValues = prompt.trim().split(" ");
+ if (promptValues.length > 1) {
+ for (String promptValue : promptValues) {
+ if ("none".equals(promptValue)) {
+ LOG.log(Level.FINE, "The prompt value {} is invalid", prompt);
+ throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
+ }
+ }
+ }
+ }
+
+ return super.startAuthorization(params, userSubject, client);
+ }
+
protected AuthorizationCodeRegistration createCodeRegistration(OAuthRedirectionState state,
Client client,
List<String> requestedScope,
http://git-wip-us.apache.org/repos/asf/cxf/blob/e2f9b7da/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
index 558dfd8..c35526c 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
@@ -23,6 +23,7 @@ import java.util.HashSet;
import java.util.List;
import java.util.Properties;
import java.util.Set;
+import java.util.logging.Level;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
@@ -48,6 +49,8 @@ import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
public class OidcImplicitService extends ImplicitGrantService {
+ private static final String PROMPT_PARAMETER = "prompt";
+
private boolean skipAuthorizationWithOidcScope;
private OAuthJoseJwtProducer idTokenHandler;
private IdTokenProvider idTokenProvider;
@@ -74,6 +77,21 @@ public class OidcImplicitService extends ImplicitGrantService {
LOG.fine("A nonce is required for the Implicit flow");
throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
}
+
+ // Validate the prompt - if it contains "none" then an error is returned with any other value
+ String prompt = params.getFirst(PROMPT_PARAMETER);
+ if (prompt != null) {
+ String[] promptValues = prompt.trim().split(" ");
+ if (promptValues.length > 1) {
+ for (String promptValue : promptValues) {
+ if ("none".equals(promptValue)) {
+ LOG.log(Level.FINE, "The prompt value {} is invalid", prompt);
+ throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
+ }
+ }
+ }
+ }
+
return super.startAuthorization(params, userSubject, client);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e2f9b7da/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
index 3f5d247..d24576b 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCNegativeTest.java
@@ -60,9 +60,7 @@ public class OIDCNegativeTest extends AbstractBusClientServerTestBase {
);
}
- // TODO
@org.junit.Test
- @org.junit.Ignore
public void testImplicitFlowPromptNone() throws Exception {
URL busFile = OIDCFlowTest.class.getResource("client.xml");