Making it possible to configure how some of AT properties are mapped to JWT claims
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/67989f85 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/67989f85 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/67989f85 Branch: refs/heads/master-jaxrs-2.1 Commit: 67989f85a80fe2096ee59cd781edab0ff2012e13 Parents: 557f3b9 Author: Sergey Beryozkin <[email protected]> Authored: Tue Aug 16 13:03:18 2016 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Aug 16 13:03:18 2016 +0100 ---------------------------------------------------------------------- .../oauth2/filters/JwtAccessTokenValidator.java | 14 ++- .../provider/AbstractOAuthDataProvider.java | 40 ++++-- .../DefaultEHCacheOAuthDataProvider.java | 5 +- .../provider/JCacheOAuthDataProvider.java | 8 +- .../oauth2/utils/JwtAccessTokenUtils.java | 106 ---------------- .../rs/security/oauth2/utils/JwtTokenUtils.java | 124 +++++++++++++++++++ .../oauth2/filters/OAuth2JwtFiltersTest.java | 2 +- 7 files changed, 172 insertions(+), 127 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/67989f85/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java index 769f7bb..78c8821 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java @@ -22,6 +22,7 @@ import java.util.Collections; import java.util.Date; import java.util.LinkedList; import java.util.List; +import java.util.Map; import javax.ws.rs.core.MultivaluedMap; @@ -36,13 +37,14 @@ import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; +import org.apache.cxf.rs.security.oauth2.utils.JwtTokenUtils; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTokenValidator { - private static final String USERNAME_CLAIM = "username"; + private static final String USERNAME_PROP = "username"; - private String usernameClaim = USERNAME_CLAIM; + private Map<String, String> jwtAccessTokenClaimMap; public List<String> getSupportedAuthorizationSchemes() { return Collections.singletonList(OAuthConstants.BEARER_AUTHORIZATION_SCHEME); @@ -96,7 +98,9 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTo } atv.setTokenScopes(perms); } - String username = (String)claims.getClaim(usernameClaim); + String usernameClaimName = + JwtTokenUtils.getClaimName(USERNAME_PROP, USERNAME_PROP, jwtAccessTokenClaimMap); + String username = claims.getStringProperty(usernameClaimName); if (username != null) { UserSubject userSubject = new UserSubject(username); if (claims.getSubject() != null) { @@ -109,8 +113,8 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTo return atv; } - public void setUsernameClaim(String usernameClaim) { - this.usernameClaim = usernameClaim; + public void setJwtAccessTokenClaimMap(Map<String, String> jwtAccessTokenClaimMap) { + this.jwtAccessTokenClaimMap = jwtAccessTokenClaimMap; } } http://git-wip-us.apache.org/repos/asf/cxf/blob/67989f85/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java index 736a9bb..0ce7fd9 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java @@ -35,6 +35,7 @@ import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken; import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken; +import org.apache.cxf.rs.security.oauth2.utils.JwtTokenUtils; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; @@ -48,8 +49,10 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl private List<String> requiredScopes; private List<String> invisibleToClientScopes; private boolean supportPreauthorizedTokens; + private boolean useJwtFormatForAccessTokens; - private OAuthJoseJwtProducer jwtAccessTokenHandler; + private OAuthJoseJwtProducer jwtAccessTokenProducer; + private Map<String, String> jwtAccessTokenClaimMap; protected AbstractOAuthDataProvider() { } @@ -92,7 +95,12 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl protected JwtClaims createJwtAccessToken(ServerAccessToken at) { JwtClaims claims = new JwtClaims(); claims.setTokenId(at.getTokenKey()); - claims.setClaim(OAuthConstants.CLIENT_ID, at.getClient().getClientId()); + + // 'client_id' or 'cid', default client_id + String clientIdClaimName = + JwtTokenUtils.getClaimName(OAuthConstants.CLIENT_ID, OAuthConstants.CLIENT_ID, + getJwtAccessTokenClaimMap()); + claims.setClaim(clientIdClaimName, at.getClient().getClientId()); claims.setIssuedAt(at.getIssuedAt()); if (at.getExpiresIn() > 0) { claims.setExpiryTime(at.getIssuedAt() + at.getExpiresIn()); @@ -102,8 +110,12 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl if (userSubject.getId() != null) { claims.setSubject(userSubject.getId()); } - // to be consistent with the token introspection response - claims.setClaim("username", userSubject.getLogin()); + + // 'username' by default to be consistent with the token introspection response + final String usernameProp = "username"; + String usernameClaimName = + JwtTokenUtils.getClaimName(usernameProp, usernameProp, getJwtAccessTokenClaimMap()); + claims.setClaim(usernameClaimName, userSubject.getLogin()); } if (at.getIssuer() != null) { claims.setIssuer(at.getIssuer()); @@ -144,7 +156,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl // to set IdToken nonce property with the filter having an access to the current ServerAccessToken instance return claims; } - + protected ServerAccessToken createNewAccessToken(Client client) { return new BearerAccessToken(client, accessTokenLifetime); } @@ -489,18 +501,26 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl this.useJwtFormatForAccessTokens = useJwtFormatForAccessTokens; } - public OAuthJoseJwtProducer getJwtAccessTokenHandler() { - return jwtAccessTokenHandler; + public OAuthJoseJwtProducer getJwtAccessTokenProducer() { + return jwtAccessTokenProducer; } - public void setJwtAccessTokenHandler(OAuthJoseJwtProducer jwtAccessTokenHandler) { - this.jwtAccessTokenHandler = jwtAccessTokenHandler; + public void setJwtAccessTokenProducer(OAuthJoseJwtProducer jwtAccessTokenProducer) { + this.jwtAccessTokenProducer = jwtAccessTokenProducer; } protected String processJwtAccessToken(JwtClaims jwtCliams) { // It will JWS-sign (default) and/or JWE-encrypt OAuthJoseJwtProducer processor = - getJwtAccessTokenHandler() == null ? new OAuthJoseJwtProducer() : getJwtAccessTokenHandler(); + getJwtAccessTokenProducer() == null ? new OAuthJoseJwtProducer() : getJwtAccessTokenProducer(); return processor.processJwt(new JwtToken(jwtCliams)); } + + public Map<String, String> getJwtAccessTokenClaimMap() { + return jwtAccessTokenClaimMap; + } + + public void setJwtAccessTokenClaimMap(Map<String, String> jwtAccessTokenClaimMap) { + this.jwtAccessTokenClaimMap = jwtAccessTokenClaimMap; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/67989f85/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java index bb055a1..0db66e9 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java @@ -42,7 +42,7 @@ import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken; import org.apache.cxf.rs.security.oauth2.utils.EHCacheUtil; -import org.apache.cxf.rs.security.oauth2.utils.JwtAccessTokenUtils; +import org.apache.cxf.rs.security.oauth2.utils.JwtTokenUtils; public class DefaultEHCacheOAuthDataProvider extends AbstractOAuthDataProvider { public static final String CLIENT_CACHE_KEY = "cxf.oauth2.client.cache"; @@ -133,7 +133,8 @@ public class DefaultEHCacheOAuthDataProvider extends AbstractOAuthDataProvider { String jose = getCacheValue(accessTokenCache, accessToken, String.class); if (jose != null) { JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer; - at = JwtAccessTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this); + at = JwtTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this, + super.getJwtAccessTokenClaimMap()); } } else { at = getCacheValue(accessTokenCache, accessToken, ServerAccessToken.class); http://git-wip-us.apache.org/repos/asf/cxf/blob/67989f85/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java index fa16612..9c73e26 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JCacheOAuthDataProvider.java @@ -38,7 +38,7 @@ import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken; -import org.apache.cxf.rs.security.oauth2.utils.JwtAccessTokenUtils; +import org.apache.cxf.rs.security.oauth2.utils.JwtTokenUtils; import static org.apache.cxf.jaxrs.utils.ResourceUtils.getClasspathResourceURL; @@ -199,7 +199,8 @@ public class JCacheOAuthDataProvider extends AbstractOAuthDataProvider { ServerAccessToken token = null; if (jose != null) { JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer; - token = JwtAccessTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this); + token = JwtTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this, + super.getJwtAccessTokenClaimMap()); if (isExpired(token)) { jwtAccessTokenCache.remove(key); token = null; @@ -239,7 +240,8 @@ public class JCacheOAuthDataProvider extends AbstractOAuthDataProvider { String jose = entry.getValue(); JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer; - ServerAccessToken token = JwtAccessTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this); + ServerAccessToken token = JwtTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this, + super.getJwtAccessTokenClaimMap()); if (!isExpired(token)) { toRemove.add(entry.getKey()); http://git-wip-us.apache.org/repos/asf/cxf/blob/67989f85/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtAccessTokenUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtAccessTokenUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtAccessTokenUtils.java deleted file mode 100644 index 92fdf6e..0000000 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtAccessTokenUtils.java +++ /dev/null @@ -1,106 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.rs.security.oauth2.utils; - -import java.util.LinkedList; -import java.util.List; -import java.util.Map; - -import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.helpers.CastUtils; -import org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer; -import org.apache.cxf.rs.security.jose.jwt.JwtClaims; -import org.apache.cxf.rs.security.jose.jwt.JwtConstants; -import org.apache.cxf.rs.security.oauth2.common.Client; -import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; -import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; -import org.apache.cxf.rs.security.oauth2.common.UserSubject; -import org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider; -import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken; - -public final class JwtAccessTokenUtils { - private JwtAccessTokenUtils() { - - } - - public static ServerAccessToken createAccessTokenFromJwt(JoseJwtConsumer consumer, - String jose, - ClientRegistrationProvider clientProvider) { - JwtClaims claims = consumer.getJwtToken(jose).getClaims(); - - Client c = clientProvider.getClient(claims.getStringProperty(OAuthConstants.CLIENT_ID)); - long issuedAt = claims.getLongProperty(JwtConstants.CLAIM_ISSUED_AT); - long lifetime = claims.getLongProperty(JwtConstants.CLAIM_EXPIRY) - issuedAt; - BearerAccessToken at = new BearerAccessToken(c, jose, lifetime, issuedAt); - - List<String> audiences = claims.getAudiences(); - if (audiences != null && !audiences.isEmpty()) { - at.setAudiences(claims.getAudiences()); - } - - String issuer = claims.getStringProperty(JwtConstants.CLAIM_ISSUER); - if (issuer != null) { - at.setIssuer(issuer); - } - Object scope = claims.getClaim(OAuthConstants.SCOPE); - if (scope != null) { - String[] scopes = scope instanceof String - ? scope.toString().split(" ") : CastUtils.cast((List<?>)scope).toArray(new String[]{}); - List<OAuthPermission> perms = new LinkedList<OAuthPermission>(); - for (String s : scopes) { - if (!StringUtils.isEmpty(s)) { - perms.add(new OAuthPermission(s.trim())); - } - } - at.setScopes(perms); - } - String username = claims.getStringProperty("username"); - String subject = claims.getSubject(); - if (username != null) { - UserSubject userSubject = new UserSubject(username); - if (subject != null) { - userSubject.setId(subject); - } - at.setSubject(userSubject); - } else if (subject != null) { - at.setSubject(new UserSubject(subject)); - } - - String grantType = claims.getStringProperty(OAuthConstants.GRANT_TYPE); - if (grantType != null) { - at.setGrantType(grantType); - } - String grantCode = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_GRANT); - if (grantCode != null) { - at.setGrantCode(grantCode); - } - String codeVerifier = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_VERIFIER); - if (codeVerifier != null) { - at.setClientCodeVerifier(codeVerifier); - } - - Map<String, String> extraProperties = CastUtils.cast((Map<?, ?>)claims.getClaim("extra_propertirs")); - if (extraProperties != null) { - at.getExtraProperties().putAll(extraProperties); - } - - - return at; - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/67989f85/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java new file mode 100644 index 0000000..fb5888e --- /dev/null +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/JwtTokenUtils.java @@ -0,0 +1,124 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.oauth2.utils; + +import java.util.LinkedList; +import java.util.List; +import java.util.Map; + +import org.apache.cxf.common.util.StringUtils; +import org.apache.cxf.helpers.CastUtils; +import org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer; +import org.apache.cxf.rs.security.jose.jwt.JwtClaims; +import org.apache.cxf.rs.security.oauth2.common.Client; +import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; +import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; +import org.apache.cxf.rs.security.oauth2.common.UserSubject; +import org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider; +import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken; + +public final class JwtTokenUtils { + private JwtTokenUtils() { + + } + + public static String getClaimName(String tokenProperty, + String defaultName, + Map<String, String> claimsMap) { + String claimName = null; + if (claimsMap != null) { + claimName = claimsMap.get(tokenProperty); + } + return claimName == null ? defaultName : claimName; + } + + public static ServerAccessToken createAccessTokenFromJwt(JoseJwtConsumer consumer, + String jose, + ClientRegistrationProvider clientProvider, + Map<String, String> claimsMap) { + JwtClaims claims = consumer.getJwtToken(jose).getClaims(); + + // 'client_id' or 'cid', default client_id + String clientIdClaimName = + JwtTokenUtils.getClaimName(OAuthConstants.CLIENT_ID, OAuthConstants.CLIENT_ID, claimsMap); + String clientId = claims.getStringProperty(clientIdClaimName); + Client c = clientProvider.getClient(clientId); + + long issuedAt = claims.getIssuedAt(); + long lifetime = claims.getExpiryTime() - issuedAt; + BearerAccessToken at = new BearerAccessToken(c, jose, lifetime, issuedAt); + + List<String> audiences = claims.getAudiences(); + if (audiences != null && !audiences.isEmpty()) { + at.setAudiences(claims.getAudiences()); + } + + String issuer = claims.getIssuer(); + if (issuer != null) { + at.setIssuer(issuer); + } + Object scope = claims.getClaim(OAuthConstants.SCOPE); + if (scope != null) { + String[] scopes = scope instanceof String + ? scope.toString().split(" ") : CastUtils.cast((List<?>)scope).toArray(new String[]{}); + List<OAuthPermission> perms = new LinkedList<OAuthPermission>(); + for (String s : scopes) { + if (!StringUtils.isEmpty(s)) { + perms.add(new OAuthPermission(s.trim())); + } + } + at.setScopes(perms); + } + final String usernameProp = "username"; + String usernameClaimName = + JwtTokenUtils.getClaimName(usernameProp, usernameProp, claimsMap); + String username = claims.getStringProperty(usernameClaimName); + String subject = claims.getSubject(); + if (username != null) { + UserSubject userSubject = new UserSubject(username); + if (subject != null) { + userSubject.setId(subject); + } + at.setSubject(userSubject); + } else if (subject != null) { + at.setSubject(new UserSubject(subject)); + } + + String grantType = claims.getStringProperty(OAuthConstants.GRANT_TYPE); + if (grantType != null) { + at.setGrantType(grantType); + } + String grantCode = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_GRANT); + if (grantCode != null) { + at.setGrantCode(grantCode); + } + String codeVerifier = claims.getStringProperty(OAuthConstants.AUTHORIZATION_CODE_VERIFIER); + if (codeVerifier != null) { + at.setClientCodeVerifier(codeVerifier); + } + + Map<String, String> extraProperties = CastUtils.cast((Map<?, ?>)claims.getClaim("extra_propertirs")); + if (extraProperties != null) { + at.getExtraProperties().putAll(extraProperties); + } + + + return at; + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/67989f85/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java index 0b5e53e..2f7f9ee 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java @@ -107,7 +107,7 @@ public class OAuth2JwtFiltersTest extends AbstractBusClientServerTestBase { client.header("Authorization", "Bearer " + accessToken.getTokenKey()); Response response = client.post(new Book("book", 123L)); - assertEquals(response.getStatus(), 200); + assertEquals(200, response.getStatus()); Book returnedBook = response.readEntity(Book.class); assertEquals(returnedBook.getName(), "book");
