Repository: cxf Updated Branches: refs/heads/3.1.x-fixes b4bfa886e -> f79eaf42d
[CXF-6736] Passing the code request state directly to some functions Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f79eaf42 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f79eaf42 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f79eaf42 Branch: refs/heads/3.1.x-fixes Commit: f79eaf42d4640f668077db35b1ced230034c44d9 Parents: b4bfa88 Author: Sergey Beryozkin <sberyoz...@gmail.com> Authored: Mon Jan 11 12:51:30 2016 +0000 Committer: Sergey Beryozkin <sberyoz...@gmail.com> Committed: Mon Jan 11 12:52:58 2016 +0000 ---------------------------------------------------------------------- .../oauth2/client/ClientCodeRequestFilter.java | 14 +++++--- .../oidc/rp/OidcClientCodeRequestFilter.java | 35 ++++++++------------ 2 files changed, 22 insertions(+), 27 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/f79eaf42/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java index 2845ba6..b47bce7 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java @@ -131,7 +131,8 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter { } private Response createCodeResponse(ContainerRequestContext rc, UriInfo ui) { - MultivaluedMap<String, String> redirectState = createRedirectState(rc, ui); + MultivaluedMap<String, String> codeRequestState = toCodeRequestState(rc, ui); + MultivaluedMap<String, String> redirectState = createRedirectState(rc, ui, codeRequestState); String theState = redirectState != null ? redirectState.getFirst(OAuthConstants.STATE) : null; String redirectScope = redirectState != null ? redirectState.getFirst(OAuthConstants.SCOPE) : null; String theScope = redirectScope != null ? redirectScope : scopes; @@ -142,7 +143,7 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter { theScope); setFormPostResponseMode(ub, redirectState); setCodeVerifier(ub, redirectState); - setAdditionalCodeRequestParams(ub, redirectState); + setAdditionalCodeRequestParams(ub, redirectState, codeRequestState); URI uri = ub.build(); return Response.seeOther(uri).build(); } @@ -165,7 +166,9 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter { } } - protected void setAdditionalCodeRequestParams(UriBuilder ub, MultivaluedMap<String, String> redirectState) { + protected void setAdditionalCodeRequestParams(UriBuilder ub, + MultivaluedMap<String, String> redirectState, + MultivaluedMap<String, String> codeRequestState) { } private URI getAbsoluteRedirectUri(UriInfo ui) { @@ -222,12 +225,13 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter { JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, request); } - protected MultivaluedMap<String, String> createRedirectState(ContainerRequestContext rc, UriInfo ui) { + protected MultivaluedMap<String, String> createRedirectState(ContainerRequestContext rc, + UriInfo ui, + MultivaluedMap<String, String> codeRequestState) { if (clientStateManager == null) { return null; } String codeVerifier = null; - MultivaluedMap<String, String> codeRequestState = toCodeRequestState(rc, ui); if (codeVerifierTransformer != null) { codeVerifier = Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(32)); codeRequestState.putSingle(OAuthConstants.AUTHORIZATION_CODE_VERIFIER, http://git-wip-us.apache.org/repos/asf/cxf/blob/f79eaf42/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java index 0191779..76035bc 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java @@ -81,17 +81,6 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter { } @Override - protected MultivaluedMap<String, String> createRedirectState(ContainerRequestContext rc, UriInfo ui) { - MultivaluedMap<String, String> redirectState = super.createRedirectState(rc, ui); - MultivaluedMap<String, String> codeRequestState = toRequestState(rc, ui); - String loginHint = codeRequestState.getFirst(LOGIN_HINT_PARAMETER); - if (loginHint != null) { - redirectState.putSingle(LOGIN_HINT_PARAMETER, loginHint); - } - return redirectState; - } - - @Override protected MultivaluedMap<String, String> toCodeRequestState(ContainerRequestContext rc, UriInfo ui) { MultivaluedMap<String, String> state = super.toCodeRequestState(rc, ui); if (maxAgeOffset != null) { @@ -139,13 +128,9 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter { } @Override - protected void setAdditionalCodeRequestParams(UriBuilder ub, MultivaluedMap<String, String> redirectState) { - if (claims != null) { - ub.queryParam("claims", claims); - } - if (claimsLocales != null) { - ub.queryParam("claims_locales", claimsLocales); - } + protected void setAdditionalCodeRequestParams(UriBuilder ub, + MultivaluedMap<String, String> redirectState, + MultivaluedMap<String, String> codeRequestState) { if (redirectState != null) { if (redirectState.getFirst(IdToken.NONCE_CLAIM) != null) { ub.queryParam(IdToken.NONCE_CLAIM, redirectState.getFirst(IdToken.NONCE_CLAIM)); @@ -154,16 +139,22 @@ public class OidcClientCodeRequestFilter extends ClientCodeRequestFilter { ub.queryParam(MAX_AGE_PARAMETER, redirectState.getFirst(MAX_AGE_PARAMETER)); } } + if (codeRequestState != null && codeRequestState.getFirst(LOGIN_HINT_PARAMETER) != null) { + ub.queryParam(LOGIN_HINT_PARAMETER, codeRequestState.getFirst(LOGIN_HINT_PARAMETER)); + } + if (claims != null) { + ub.queryParam("claims", claims); + } + if (claimsLocales != null) { + ub.queryParam("claims_locales", claimsLocales); + } if (authenticationContextRef != null) { ub.queryParam(ACR_PARAMETER, authenticationContextRef); } if (promptLogin != null) { ub.queryParam(PROMPT_PARAMETER, promptLogin); } - String loginHint = redirectState.getFirst(LOGIN_HINT_PARAMETER); - if (loginHint != null) { - ub.queryParam(LOGIN_HINT_PARAMETER, loginHint); - } + } public void setPromptLogin(String promptLogin) {