Repository: cxf Updated Branches: refs/heads/master 45f3d5944 -> ee76fe358
Passing the nonce via a TL storage too Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ee76fe35 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ee76fe35 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ee76fe35 Branch: refs/heads/master Commit: ee76fe358aeb36d95204ec10f8cec674163b8fcf Parents: 45f3d59 Author: Sergey Beryozkin <sberyoz...@gmail.com> Authored: Wed Jan 27 16:55:00 2016 +0000 Committer: Sergey Beryozkin <sberyoz...@gmail.com> Committed: Wed Jan 27 16:55:00 2016 +0000 ---------------------------------------------------------------------- .../oauth2/grants/code/AuthorizationCodeGrantHandler.java | 4 ++++ .../oauth2/services/AbstractImplicitGrantService.java | 4 ++++ .../cxf/rs/security/oidc/idp/IdTokenResponseFilter.java | 8 +++++++- 3 files changed, 15 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/ee76fe35/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java index c8e6655..9844a30 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java @@ -24,6 +24,7 @@ import java.util.List; import javax.ws.rs.core.MultivaluedMap; +import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; @@ -111,6 +112,9 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler { grant.getRequestedScopes(), getAudiences(client, grant.getAudience())); if (token != null) { + if (grant.getNonce() != null) { + JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, grant.getNonce()); + } return token; } else { // the grant was issued based on the authorization time check confirming the http://git-wip-us.apache.org/repos/asf/cxf/blob/ee76fe35/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java index 6f8a01f..5133374 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java @@ -30,6 +30,7 @@ import javax.ws.rs.core.Response; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.jaxrs.utils.HttpUtils; +import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; @@ -84,6 +85,9 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant } } else { token = preAuthorizedToken; + if (state.getNonce() != null) { + JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, state.getNonce()); + } } ClientAccessToken clientToken = null; http://git-wip-us.apache.org/repos/asf/cxf/blob/ee76fe35/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java index 509648a..6edcc7a 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java @@ -20,6 +20,8 @@ package org.apache.cxf.rs.security.oidc.idp; import java.util.Properties; +import org.apache.cxf.jaxrs.utils.JAXRSUtils; +import org.apache.cxf.message.Message; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jws.JwsUtils; import org.apache.cxf.rs.security.jose.jwt.JwtToken; @@ -27,6 +29,7 @@ import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthServerJoseJwtProducer; import org.apache.cxf.rs.security.oauth2.provider.AccessTokenResponseFilter; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; import org.apache.cxf.rs.security.oidc.common.IdToken; import org.apache.cxf.rs.security.oidc.utils.OidcUtils; @@ -76,7 +79,10 @@ public class IdTokenResponseFilter extends AbstractOAuthServerJoseJwtProducer im idToken.setAccessTokenHash(atHash); } } - if (idToken.getNonce() == null && st.getNonce() != null) { + Message m = JAXRSUtils.getCurrentMessage(); + if (m != null && m.getExchange().containsKey(OAuthConstants.NONCE)) { + idToken.setNonce((String)m.getExchange().get(OAuthConstants.NONCE)); + } else if (st.getNonce() != null) { idToken.setNonce(st.getNonce()); }