Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 8306873ae -> b7923a8eb
Workaround to avoid losing complex signed OAuth2 code extensions Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b7923a8e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b7923a8e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b7923a8e Branch: refs/heads/3.0.x-fixes Commit: b7923a8ebfa62c5017c07ab2cbe77ce36f7c0a8b Parents: 8306873 Author: Sergey Beryozkin <sberyoz...@talend.com> Authored: Fri Dec 5 16:28:27 2014 +0000 Committer: Sergey Beryozkin <sberyoz...@talend.com> Committed: Fri Dec 5 16:29:21 2014 +0000 ---------------------------------------------------------------------- .../json/JsonMapObjectReaderWriter.java | 21 ++++++++++++++------ .../grants/code/JwtRequestCodeFilter.java | 15 +++++++++++++- 2 files changed, 29 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/b7923a8e/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObjectReaderWriter.java ---------------------------------------------------------------------- diff --git a/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObjectReaderWriter.java b/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObjectReaderWriter.java index 604abfe..f395e6e 100644 --- a/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObjectReaderWriter.java +++ b/rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JsonMapObjectReaderWriter.java @@ -45,6 +45,12 @@ public class JsonMapObjectReaderWriter { return sb.toString(); } + public String toJson(List<Object> list) { + StringBuilder sb = new StringBuilder(); + toJsonInternal(new StringBuilderOutput(sb), list); + return sb.toString(); + } + public void toJson(JsonMapObject obj, OutputStream os) { toJson(obj.asMap(), os); } @@ -122,7 +128,10 @@ public class JsonMapObjectReaderWriter { readJsonObjectAsSettable(nextMap, theJson.substring(1, theJson.length() - 1)); return nextMap.map; } - + public List<Object> fromJsonAsList(String json) { + String theJson = json.trim(); + return internalFromJsonAsList(theJson.substring(1, theJson.length() - 1)); + } protected void readJsonObjectAsSettable(Settable values, String json) { for (int i = 0; i < json.length(); i++) { if (isWhiteSpace(json.charAt(i))) { @@ -148,18 +157,18 @@ public class JsonMapObjectReaderWriter { } else if (json.charAt(sepIndex + j) == '[') { int closingIndex = getClosingIndex(json, '[', ']', sepIndex + j); String newJson = json.substring(sepIndex + j + 1, closingIndex); - values.put(name, readJwtObjectAsList(name, newJson)); + values.put(name, internalFromJsonAsList(newJson)); i = closingIndex + 1; } else { int commaIndex = getCommaIndex(json, sepIndex + j); - Object value = readPrimitiveValue(name, json, sepIndex + j, commaIndex); + Object value = readPrimitiveValue(json, sepIndex + j, commaIndex); values.put(name, value); i = commaIndex + 1; } } } - protected List<Object> readJwtObjectAsList(String name, String json) { + protected List<Object> internalFromJsonAsList(String json) { List<Object> values = new LinkedList<Object>(); for (int i = 0; i < json.length(); i++) { if (isWhiteSpace(json.charAt(i))) { @@ -173,7 +182,7 @@ public class JsonMapObjectReaderWriter { i = closingIndex + 1; } else { int commaIndex = getCommaIndex(json, i); - Object value = readPrimitiveValue(name, json, i, commaIndex); + Object value = readPrimitiveValue(json, i, commaIndex); values.add(value); i = commaIndex; } @@ -181,7 +190,7 @@ public class JsonMapObjectReaderWriter { return values; } - protected Object readPrimitiveValue(String name, String json, int from, int to) { + protected Object readPrimitiveValue(String json, int from, int to) { Object value = json.substring(from, to); String valueStr = value.toString().trim(); if (valueStr.startsWith("\"")) { http://git-wip-us.apache.org/repos/asf/cxf/blob/b7923a8e/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java index 73f0022..a318c2c 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java @@ -20,13 +20,16 @@ package org.apache.cxf.rs.security.oauth2.grants.code; import java.security.cert.X509Certificate; import java.security.interfaces.RSAPublicKey; +import java.util.List; import java.util.Map; import javax.crypto.SecretKey; import javax.ws.rs.core.MultivaluedMap; import org.apache.cxf.common.util.crypto.CryptoUtils; +import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.jaxrs.impl.MetadataMap; +import org.apache.cxf.jaxrs.provider.json.JsonMapObjectReaderWriter; import org.apache.cxf.rs.security.jose.JoseConstants; import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider; import org.apache.cxf.rs.security.jose.jwe.JweUtils; @@ -47,6 +50,7 @@ public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter { private boolean verifyWithClientSecret; private boolean decryptWithClientSecret; private String issuer; + private JsonMapObjectReaderWriter jsonHandler = new JsonMapObjectReaderWriter(); @Override public MultivaluedMap<String, String> process(MultivaluedMap<String, String> params, UserSubject endUser, @@ -72,7 +76,16 @@ public class JwtRequestCodeFilter implements AuthorizationCodeRequestFilter { MultivaluedMap<String, String> newParams = new MetadataMap<String, String>(); Map<String, Object> claimsMap = claims.asMap(); for (Map.Entry<String, Object> entry : claimsMap.entrySet()) { - newParams.putSingle(entry.getKey(), entry.getValue().toString()); + String key = entry.getKey(); + Object value = entry.getValue(); + if (value instanceof Map) { + Map<String, Object> map = CastUtils.cast((Map<?, ?>)value); + value = jsonHandler.toJson(map); + } else if (value instanceof List) { + List<Object> list = CastUtils.cast((List<?>)value); + value = jsonHandler.toJson(list); + } + newParams.putSingle(key, value.toString()); } return newParams; } else {