This is an automated email from the ASF dual-hosted git repository.
rmannibucau pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openwebbeans-meecrowave.git
The following commit(s) were added to refs/heads/master by this push:
new 6eb8ed5 another cxf workard for authorization_code flow
(oauth2-require-user-to-start-authorization_code-flow)
6eb8ed5 is described below
commit 6eb8ed5b2e8abda3417408ed94a7ea3ceb6607d8
Author: Romain Manni-Bucau <rmannibu...@gmail.com>
AuthorDate: Tue Nov 10 20:42:30 2020 +0100
another cxf workard for authorization_code flow
(oauth2-require-user-to-start-authorization_code-flow)
---
.../oauth2/configuration/OAuth2Options.java | 11 ++++++++
.../OAuth2AuthorizationCodeGrantService.java | 31 ++++++++++++++++++++++
2 files changed, 42 insertions(+)
diff --git
a/meecrowave-oauth2-minimal/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Options.java
b/meecrowave-oauth2-minimal/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Options.java
index 15bdd57..97844a0 100644
---
a/meecrowave-oauth2-minimal/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Options.java
+++
b/meecrowave-oauth2-minimal/src/main/java/org/apache/meecrowave/oauth2/configuration/OAuth2Options.java
@@ -34,6 +34,9 @@ public class OAuth2Options implements Cli.Options {
@CliOption(name = "oauth2-use-all-client-scopes", description = "Are all
client scopes used for refresh tokens")
private boolean useAllClientScopes;
+ @CliOption(name = "oauth2-require-user-to-start-authorization_code-flow",
description = "Should the authorization_code flow require an authenicated
user.")
+ private boolean requireUserToStartAuthorizationCodeFlow;
+
@CliOption(name = "oauth2-use-s256-code-challenge", description = "Are the
code_challenge used by PKCE flow digested or not.")
private boolean useS256CodeChallenge = true;
@@ -178,6 +181,14 @@ public class OAuth2Options implements Cli.Options {
@CliOption(name = "oauth2-redirection-scopes-requiring-no-consent",
description = "For authorization code flow, the scopes using no consent")
private String scopesRequiringNoConsent;
+ public boolean isRequireUserToStartAuthorizationCodeFlow() {
+ return requireUserToStartAuthorizationCodeFlow;
+ }
+
+ public void setRequireUserToStartAuthorizationCodeFlow(final boolean
requireUserToStartAuthorizationCodeFlow) {
+ this.requireUserToStartAuthorizationCodeFlow =
requireUserToStartAuthorizationCodeFlow;
+ }
+
public boolean isUseS256CodeChallenge() {
return useS256CodeChallenge;
}
diff --git
a/meecrowave-oauth2-minimal/src/main/java/org/apache/meecrowave/oauth2/resource/OAuth2AuthorizationCodeGrantService.java
b/meecrowave-oauth2-minimal/src/main/java/org/apache/meecrowave/oauth2/resource/OAuth2AuthorizationCodeGrantService.java
index f8a2e76..7cd2582 100644
---
a/meecrowave-oauth2-minimal/src/main/java/org/apache/meecrowave/oauth2/resource/OAuth2AuthorizationCodeGrantService.java
+++
b/meecrowave-oauth2-minimal/src/main/java/org/apache/meecrowave/oauth2/resource/OAuth2AuthorizationCodeGrantService.java
@@ -19,9 +19,13 @@
package org.apache.meecrowave.oauth2.resource;
import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import
org.apache.cxf.rs.security.oauth2.provider.AuthorizationCodeResponseFilter;
+import org.apache.cxf.rs.security.oauth2.provider.AuthorizationRequestFilter;
import
org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService;
import org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.security.SecurityContext;
import org.apache.meecrowave.oauth2.configuration.OAuth2Configurer;
@@ -88,11 +92,35 @@ public class OAuth2AuthorizationCodeGrantService {
@Vetoed
public static class LazyImpl extends AuthorizationCodeGrantService {
private OAuth2Configurer configurer;
+ private AuthorizationRequestFilter filter;
public void setConfigurer(final OAuth2Configurer configurer) {
this.configurer = configurer;
}
+ public void setAuthorizationFilter(final AuthorizationRequestFilter
authorizationFilter) {
+ this.filter = authorizationFilter;
+ super.setAuthorizationFilter(authorizationFilter);
+ }
+
+
+ @Override // https://issues.apache.org/jira/browse/CXF-8370
+ protected Response startAuthorization(MultivaluedMap<String, String>
params) {
+ final SecurityContext sc;
+ if
(configurer.getConfiguration().isRequireUserToStartAuthorizationCodeFlow()) {
+ sc = getAndValidateSecurityContext(params);
+ } else {
+ sc = null;
+ }
+ final Client client =
getClient(params.getFirst(OAuthConstants.CLIENT_ID), params);
+ final UserSubject userSubject = createUserSubject(sc, params);
+ if (filter != null) {
+ params = filter.process(params, userSubject, client);
+ }
+ final String redirectUri = validateRedirectUri(client,
params.getFirst(OAuthConstants.REDIRECT_URI));
+ return startAuthorization(params, userSubject, client,
redirectUri);
+ }
+
@Override
protected UserSubject createUserSubject(final SecurityContext
securityContext,
final MultivaluedMap<String,
String> params) {
@@ -101,6 +129,9 @@ public class OAuth2AuthorizationCodeGrantService {
if (subject != null) {
return subject;
}
+ if (securityContext == null) {
+ return null;
+ }
final Principal principal = securityContext.getUserPrincipal();
return configurer.doCreateUserSubject(principal);
}
