Repository: cxf Updated Branches: refs/heads/master b24261500 -> adcd2c612
Having OIDC config service extending OAuth2 one to keep it in sync with the related spec efforts Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/adcd2c61 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/adcd2c61 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/adcd2c61 Branch: refs/heads/master Commit: adcd2c6122faa90049668e458dc6ff612c979eeb Parents: b242615 Author: Sergey Beryozkin <[email protected]> Authored: Tue Aug 23 18:11:34 2016 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Aug 23 18:11:34 2016 +0100 ---------------------------------------------------------------------- .../services/AuthorizationMetadataService.java | 111 +++++++++++++++++++ .../oidc/idp/OidcConfigurationService.java | 86 +------------- 2 files changed, 116 insertions(+), 81 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/adcd2c61/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java new file mode 100644 index 0000000..cfd566b --- /dev/null +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java @@ -0,0 +1,111 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.oauth2.services; + +import java.util.LinkedHashMap; +import java.util.Map; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.UriInfo; + +import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter; + +@Path("oauth-authorization-server") +public class AuthorizationMetadataService { + + private String issuer; + private String authorizationEndpointAddress; + private String tokenEndpointAddress; + private String tokenRevocationEndpointAddress; + private String jwkEndpointAddress; + + @GET + @Produces("application/json") + public String getConfiguration(@Context UriInfo ui) { + Map<String, Object> cfg = new LinkedHashMap<String, Object>(); + String baseUri = getBaseUri(ui); + prepareConfigurationData(cfg, baseUri); + + JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); + return writer.toJson(cfg); + } + + protected void prepareConfigurationData(Map<String, Object> cfg, String baseUri) { + // Issuer + cfg.put("issuer", issuer == null ? baseUri : issuer); + // Authorization Endpoint + String theAuthorizationEndpointAddress = + calculateEndpointAddress(authorizationEndpointAddress, baseUri, "/idp/authorize"); + cfg.put("authorization_endpoint", theAuthorizationEndpointAddress); + // Token Endpoint + String theTokenEndpointAddress = + calculateEndpointAddress(tokenEndpointAddress, baseUri, "/oauth2/token"); + cfg.put("token_endpoint", theTokenEndpointAddress); + // Token Revocation Endpoint + String theTokenRevocationEndpointAddress = + calculateEndpointAddress(tokenRevocationEndpointAddress, baseUri, "/oauth2/revoke"); + cfg.put("revocation_endpoint", theTokenRevocationEndpointAddress); + // Jwks Uri Endpoint + String theJwkEndpointAddress = + calculateEndpointAddress(jwkEndpointAddress, baseUri, "/jwk/keys"); + cfg.put("jwks_uri", theJwkEndpointAddress); + } + + protected static String calculateEndpointAddress(String endpointAddress, String baseUri, String defRelAddress) { + endpointAddress = endpointAddress == null ? endpointAddress : defRelAddress; + if (endpointAddress.startsWith("https")) { + return endpointAddress; + } else { + return baseUri + endpointAddress; + } + } + + private String getBaseUri(UriInfo ui) { + String requestUri = ui.getRequestUri().toString(); + int ind = requestUri.lastIndexOf(".well-known"); + if (ind != -1) { + requestUri = requestUri.substring(0, ind); + } + return requestUri; + } + + public void setIssuer(String issuer) { + this.issuer = issuer; + } + + public void setAuthorizationEndpointAddress(String authorizationEndpointAddress) { + this.authorizationEndpointAddress = authorizationEndpointAddress; + } + + public void setTokenEndpointAddress(String tokenEndpointAddress) { + this.tokenEndpointAddress = tokenEndpointAddress; + } + + public void setJwkEndpointAddress(String jwkEndpointAddress) { + this.jwkEndpointAddress = jwkEndpointAddress; + } + + public void setTokenRevocationEndpointAddress(String tokenRevocationEndpointAddress) { + this.tokenRevocationEndpointAddress = tokenRevocationEndpointAddress; + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/adcd2c61/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java index ba941d8..fab8037 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java @@ -19,108 +19,32 @@ package org.apache.cxf.rs.security.oidc.idp; import java.util.Collections; -import java.util.LinkedHashMap; import java.util.Map; import java.util.Properties; -import javax.ws.rs.GET; import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.UriInfo; -import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter; import org.apache.cxf.rs.security.jose.common.JoseConstants; import org.apache.cxf.rs.security.jose.jws.JwsUtils; +import org.apache.cxf.rs.security.oauth2.services.AuthorizationMetadataService; @Path("openid-configuration") -public class OidcConfigurationService { - - private String issuer; - private String authorizationEndpointAddress; - private String tokenEndpointAddress; - private String tokenRevocationEndpointAddress; +public class OidcConfigurationService extends AuthorizationMetadataService { private String userInfoEndpointAddress; - private String jwkEndpointAddress; - @GET - @Produces("application/json") - public String getConfiguration(@Context UriInfo ui) { - Map<String, Object> cfg = new LinkedHashMap<String, Object>(); - // Issuer - String baseUri = getBaseUri(ui); - cfg.put("issuer", issuer == null ? baseUri : issuer); - // Authorization Endpoint - String theAuthorizationEndpointAddress = - calculateEndpointAddress(authorizationEndpointAddress, baseUri, "/idp/authorize"); - cfg.put("authorization_endpoint", theAuthorizationEndpointAddress); - // Token Endpoint - String theTokenEndpointAddress = - calculateEndpointAddress(tokenEndpointAddress, baseUri, "/oauth2/token"); - cfg.put("token_endpoint", theTokenEndpointAddress); - // Token Revocation Endpoint - String theTokenRevocationEndpointAddress = - calculateEndpointAddress(tokenRevocationEndpointAddress, baseUri, "/oauth2/revoke"); - cfg.put("revocation_endpoint", theTokenRevocationEndpointAddress); + @Override + protected void prepareConfigurationData(Map<String, Object> cfg, String baseUri) { + super.prepareConfigurationData(cfg, baseUri); // UriInfo Endpoint String theUserInfoEndpointAddress = calculateEndpointAddress(userInfoEndpointAddress, baseUri, "/users/userinfo"); cfg.put("userinfo_endpoint", theUserInfoEndpointAddress); - // Jwks Uri Endpoint - String theJwkEndpointAddress = - calculateEndpointAddress(jwkEndpointAddress, baseUri, "/jwk/keys"); - cfg.put("jwks_uri", theJwkEndpointAddress); Properties sigProps = JwsUtils.loadSignatureOutProperties(false); if (sigProps != null && sigProps.containsKey(JoseConstants.RSSEC_SIGNATURE_ALGORITHM)) { cfg.put("id_token_signing_alg_values_supported", Collections.singletonList(sigProps.get(JoseConstants.RSSEC_SIGNATURE_ALGORITHM))); } - - JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter(); - return writer.toJson(cfg); - } - - private static String calculateEndpointAddress(String endpointAddress, String baseUri, String defRelAddress) { - endpointAddress = endpointAddress == null ? endpointAddress : defRelAddress; - if (endpointAddress.startsWith("https")) { - return endpointAddress; - } else { - return baseUri + endpointAddress; - } - } - - private String getBaseUri(UriInfo ui) { - String requestUri = ui.getRequestUri().toString(); - int ind = requestUri.lastIndexOf(".well-known"); - if (ind != -1) { - requestUri = requestUri.substring(0, ind); - } - return requestUri; - } - - public void setIssuer(String issuer) { - this.issuer = issuer; - } - - public void setAuthorizationEndpointAddress(String authorizationEndpointAddress) { - this.authorizationEndpointAddress = authorizationEndpointAddress; - } - - public void setTokenEndpointAddress(String tokenEndpointAddress) { - this.tokenEndpointAddress = tokenEndpointAddress; - } - - public void setJwkEndpointAddress(String jwkEndpointAddress) { - this.jwkEndpointAddress = jwkEndpointAddress; - } - - public void setUserInfoEndpointAddress(String userInfoEndpointAddress) { - this.userInfoEndpointAddress = userInfoEndpointAddress; - } - - public void setTokenRevocationEndpointAddress(String tokenRevocationEndpointAddress) { - this.tokenRevocationEndpointAddress = tokenRevocationEndpointAddress; } }
