Repository: cxf Updated Branches: refs/heads/3.0.x-fixes b39688086 -> de570e564
[CXF-5607] Simplifying the oidc filter code for now Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/de570e56 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/de570e56 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/de570e56 Branch: refs/heads/3.0.x-fixes Commit: de570e56463af9afd09db8d9b5dc1ede143c4628 Parents: b396880 Author: Sergey Beryozkin <sberyoz...@talend.com> Authored: Wed Jun 24 16:19:34 2015 +0100 Committer: Sergey Beryozkin <sberyoz...@talend.com> Committed: Wed Jun 24 16:21:33 2015 +0100 ---------------------------------------------------------------------- .../security/oidc/rp/MemoryOidcRpStateManager.java | 14 -------------- .../oidc/rp/OidcRpAuthenticationFilter.java | 16 ++++++++-------- .../oidc/rp/OidcRpAuthenticationService.java | 5 ++--- .../cxf/rs/security/oidc/rp/OidcRpStateManager.java | 5 ----- 4 files changed, 10 insertions(+), 30 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/de570e56/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java index baa7e80..3b60bc4 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/MemoryOidcRpStateManager.java @@ -21,12 +21,8 @@ package org.apache.cxf.rs.security.oidc.rp; import java.io.IOException; import java.util.concurrent.ConcurrentHashMap; -import javax.ws.rs.core.MultivaluedMap; - public class MemoryOidcRpStateManager implements OidcRpStateManager { - private ConcurrentHashMap<String, MultivaluedMap<String, String>> map = - new ConcurrentHashMap<String, MultivaluedMap<String, String>>(); private ConcurrentHashMap<String, OidcClientTokenContext> map2 = new ConcurrentHashMap<String, OidcClientTokenContext>(); @Override @@ -36,16 +32,6 @@ public class MemoryOidcRpStateManager implements OidcRpStateManager { } @Override - public void setRequestState(String token, MultivaluedMap<String, String> state) { - map.put(token, state); - } - - @Override - public MultivaluedMap<String, String> removeRequestState(String token) { - return map.remove(token); - } - - @Override public void setTokenContext(String contextKey, OidcClientTokenContext state) { map2.put(contextKey, state); http://git-wip-us.apache.org/repos/asf/cxf/blob/de570e56/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java index 01b95a3..87ccb07 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java @@ -35,7 +35,7 @@ import javax.ws.rs.core.UriBuilder; import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.jaxrs.utils.FormUtils; import org.apache.cxf.jaxrs.utils.JAXRSUtils; -import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; +import org.apache.cxf.rs.security.oauth2.client.ClientTokenContext; @PreMatching @Priority(Priorities.AUTHENTICATION) @@ -48,11 +48,7 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter { if (checkSecurityContext(rc)) { return; } else { - String token = OAuthUtils.generateRandomTokenKey(); - MultivaluedMap<String, String> state = toRequestState(rc); - stateManager.setRequestState(token, state); UriBuilder ub = rc.getUriInfo().getBaseUriBuilder().path(rpServiceAddress); - ub.queryParam("state", token); rc.abortWith(Response.seeOther(ub.build()) .header(HttpHeaders.CACHE_CONTROL, "no-cache, no-store") .header("Pragma", "no-cache") @@ -69,11 +65,16 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter { String contextKey = securityContextCookie.getValue(); OidcClientTokenContext tokenContext = stateManager.getTokenContext(contextKey); - if (tokenContext == null) { return false; } - rc.setSecurityContext(new OidcSecurityContext(tokenContext)); + OidcClientTokenContextImpl newTokenContext = new OidcClientTokenContextImpl(); + newTokenContext.setToken(tokenContext.getToken()); + newTokenContext.setIdToken(tokenContext.getIdToken()); + newTokenContext.setUserInfo(tokenContext.getUserInfo()); + newTokenContext.setState(toRequestState(rc)); + JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, newTokenContext); + rc.setSecurityContext(new OidcSecurityContext(newTokenContext)); return true; } private MultivaluedMap<String, String> toRequestState(ContainerRequestContext rc) { @@ -84,7 +85,6 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter { FormUtils.populateMapFromString(requestState, JAXRSUtils.getCurrentMessage(), body, "UTF-8", true); } - requestState.putSingle("location", rc.getUriInfo().getRequestUri().toString()); return requestState; } public void setRpServiceAddress(String rpServiceAddress) { http://git-wip-us.apache.org/repos/asf/cxf/blob/de570e56/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java index 1d939fa..49388e0 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java @@ -33,8 +33,7 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; public class OidcRpAuthenticationService { private OidcRpStateManager stateManager; private String defaultLocation; - - + @GET @Path("complete") public Response completeAuthentication(@Context OidcClientTokenContext context, @@ -42,7 +41,7 @@ public class OidcRpAuthenticationService { String key = OAuthUtils.generateRandomTokenKey(); stateManager.setTokenContext(key, context); URI redirectUri = null; - String location = context.getState().getFirst("location"); + String location = context.getState().getFirst("state"); if (location == null) { String basePath = (String)mc.get("http.base.path"); redirectUri = UriBuilder.fromUri(basePath).path(defaultLocation).build(); http://git-wip-us.apache.org/repos/asf/cxf/blob/de570e56/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java index 564e53e..645d424 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpStateManager.java @@ -20,12 +20,7 @@ package org.apache.cxf.rs.security.oidc.rp; import java.io.Closeable; -import javax.ws.rs.core.MultivaluedMap; - public interface OidcRpStateManager extends Closeable { - void setRequestState(String token, MultivaluedMap<String, String> state); - MultivaluedMap<String, String> removeRequestState(String token); - void setTokenContext(String contextKey, OidcClientTokenContext state); OidcClientTokenContext getTokenContext(String contextKey); OidcClientTokenContext removeTokenContext(String contextKey);