Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 7557d5fcf -> 2c4907143
Few more OIDC RP changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2c490714 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2c490714 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2c490714 Branch: refs/heads/3.0.x-fixes Commit: 2c4907143d59297a3f94fdd8cf096863535bc9c6 Parents: 7557d5f Author: Sergey Beryozkin <sberyoz...@gmail.com> Authored: Fri Oct 30 14:37:19 2015 +0000 Committer: Sergey Beryozkin <sberyoz...@gmail.com> Committed: Fri Oct 30 14:38:07 2015 +0000 ---------------------------------------------------------------------- .../security/oidc/rp/OidcSecurityContext.java | 11 ++++++++--- .../cxf/rs/security/oidc/utils/OidcUtils.java | 20 +++++++++++--------- 2 files changed, 19 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/2c490714/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java index df0242f..d31c189 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java @@ -31,17 +31,22 @@ public class OidcSecurityContext extends SimpleSecurityContext implements Securi this(new OidcClientTokenContextImpl(token)); } public OidcSecurityContext(OidcClientTokenContext oidcContext) { - super(getUserName(oidcContext)); + super(getPrincipalName(oidcContext)); this.oidcContext = oidcContext; } public OidcClientTokenContext getOidcContext() { return oidcContext; } - private static String getUserName(OidcClientTokenContext oidcContext) { + private static String getPrincipalName(OidcClientTokenContext oidcContext) { if (oidcContext.getUserInfo() != null) { return oidcContext.getUserInfo().getEmail(); } else { - return oidcContext.getIdToken().getEmail(); + IdToken token = oidcContext.getIdToken(); + String name = token.getEmail(); + if (name == null) { + name = token.getSubject(); + } + return name; } } @Override http://git-wip-us.apache.org/repos/asf/cxf/blob/2c490714/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java index 1a0c3de..ccad6d7 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/utils/OidcUtils.java @@ -92,21 +92,23 @@ public final class OidcUtils { validateAccessTokenHash(at, jwt, true); } public static void validateAccessTokenHash(ClientAccessToken at, JwtToken jwt, boolean required) { - validateHash(at.getTokenKey(), - (String)jwt.getClaims().getClaim("at_hash"), - jwt.getHeaders().getAlgorithm(), - required); + if (required) { + validateHash(at.getTokenKey(), + (String)jwt.getClaims().getClaim("at_hash"), + jwt.getHeaders().getAlgorithm()); + } } public static void validateCodeHash(String code, JwtToken jwt) { validateCodeHash(code, jwt, true); } public static void validateCodeHash(String code, JwtToken jwt, boolean required) { - validateHash(code, - (String)jwt.getClaims().getClaim("c_hash"), - jwt.getHeaders().getAlgorithm(), - required); + if (required) { + validateHash(code, + (String)jwt.getClaims().getClaim("c_hash"), + jwt.getHeaders().getAlgorithm()); + } } - private static void validateHash(String value, String theHash, String joseAlgo, boolean required) { + private static void validateHash(String value, String theHash, String joseAlgo) { String hash = calculateHash(value, joseAlgo); if (!hash.equals(theHash)) { throw new SecurityException("Invalid hash");
