Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 577eb154c -> 29dbad4a9
Making sure an implicit or code nonce is available to OAuthDataProviders Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/29dbad4a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/29dbad4a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/29dbad4a Branch: refs/heads/3.1.x-fixes Commit: 29dbad4a995ba09d97b131807585b46cb02c43af Parents: 577eb15 Author: Sergey Beryozkin <sberyoz...@gmail.com> Authored: Thu Nov 19 13:16:06 2015 +0000 Committer: Sergey Beryozkin <sberyoz...@gmail.com> Committed: Thu Nov 19 13:20:11 2015 +0000 ---------------------------------------------------------------------- .../security/oauth2/common/AccessTokenRegistration.java | 9 +++++++++ .../rs/security/oauth2/common/OAuthRedirectionState.java | 11 +++++++++++ .../grants/code/AuthorizationCodeRegistration.java | 7 +++++++ .../oauth2/provider/JoseSessionTokenProvider.java | 7 +++++++ .../oauth2/services/AbstractImplicitGrantService.java | 1 + .../oauth2/services/AuthorizationCodeGrantService.java | 1 + .../oauth2/services/RedirectionBasedGrantService.java | 1 + .../cxf/rs/security/oauth2/utils/OAuthConstants.java | 1 + 8 files changed, 38 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/29dbad4a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java index b2641fc..db443da 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java @@ -31,6 +31,7 @@ public class AccessTokenRegistration { private String grantType; private UserSubject subject; private String audience; + private String nonce; private String clientCodeVerifier; /** @@ -129,5 +130,13 @@ public class AccessTokenRegistration { public void setClientCodeVerifier(String clientCodeVerifier) { this.clientCodeVerifier = clientCodeVerifier; } + + public String getNonce() { + return nonce; + } + + public void setNonce(String nonce) { + this.nonce = nonce; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/29dbad4a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java index 0f05abd..4acc109 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java @@ -28,6 +28,7 @@ public class OAuthRedirectionState implements Serializable { private String state; private String proposedScope; private String audience; + private String nonce; private String clientCodeChallenge; public OAuthRedirectionState() { @@ -112,4 +113,14 @@ public class OAuthRedirectionState implements Serializable { public void setClientCodeChallenge(String clientCodeChallenge) { this.clientCodeChallenge = clientCodeChallenge; } + + + public String getNonce() { + return nonce; + } + + + public void setNonce(String nonce) { + this.nonce = nonce; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/29dbad4a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java index a7126b4..1319cad 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java @@ -35,6 +35,7 @@ public class AuthorizationCodeRegistration { private String redirectUri; private UserSubject subject; private String audience; + private String nonce; private String clientCodeChallenge; /** @@ -126,4 +127,10 @@ public class AuthorizationCodeRegistration { public void setClientCodeChallenge(String clientCodeChallenge) { this.clientCodeChallenge = clientCodeChallenge; } + public String getNonce() { + return nonce; + } + public void setNonce(String nonce) { + this.nonce = nonce; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/29dbad4a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java index 0575f06..a6a1c4c 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java @@ -163,6 +163,9 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide if (!StringUtils.isEmpty(parts[5])) { state.setRedirectUri(parts[5]); } + if (!StringUtils.isEmpty(parts[6])) { + state.setRedirectUri(parts[6]); + } return state; } protected String convertStateToString(OAuthRedirectionState secData) { @@ -184,6 +187,10 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide state.append(ModelEncryptionSupport.SEP); // 5: redirect uri state.append(ModelEncryptionSupport.tokenizeString(secData.getRedirectUri())); + state.append(ModelEncryptionSupport.SEP); + // 6: nonce + state.append(ModelEncryptionSupport.tokenizeString(secData.getNonce())); + return state.toString(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/29dbad4a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java index d78feaf..139c05b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java @@ -78,6 +78,7 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant reg.setApprovedScope(approvedScope); } reg.setAudience(state.getAudience()); + reg.setNonce(state.getNonce()); token = getDataProvider().createAccessToken(reg); } } else { http://git-wip-us.apache.org/repos/asf/cxf/blob/29dbad4a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java index b782880..79559c7 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java @@ -113,6 +113,7 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService } codeReg.setSubject(userSubject); codeReg.setAudience(state.getAudience()); + codeReg.setNonce(state.getNonce()); codeReg.setClientCodeChallenge(state.getClientCodeChallenge()); ServerAuthorizationCodeGrant grant = null; http://git-wip-us.apache.org/repos/asf/cxf/blob/29dbad4a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java index 887facb..4d96f9a 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java @@ -211,6 +211,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService secData.setState(params.getFirst(OAuthConstants.STATE)); secData.setRedirectUri(redirectUri); secData.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE)); + secData.setNonce(params.getFirst(OAuthConstants.NONCE)); secData.setClientId(client.getClientId()); secData.setProposedScope(params.getFirst(OAuthConstants.SCOPE)); if (!authorizationCanBeSkipped) { http://git-wip-us.apache.org/repos/asf/cxf/blob/29dbad4a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java index b835e02..8a5d457 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java @@ -27,6 +27,7 @@ public final class OAuthConstants { public static final String CLIENT_ID = "client_id"; public static final String CLIENT_SECRET = "client_secret"; public static final String CLIENT_AUDIENCE = "audience"; + public static final String NONCE = "nonce"; public static final String REDIRECT_URI = "redirect_uri"; public static final String SCOPE = "scope";