cxf git commit: Makaing sure the code filter can catch all code response errors

2015-11-13 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 0f4c8989c -> 4ff4cf5f2


Makaing sure the code filter can catch all code response errors


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4ff4cf5f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4ff4cf5f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4ff4cf5f

Branch: refs/heads/3.1.x-fixes
Commit: 4ff4cf5f28b22bc85cc107a9d31545c53c04845a
Parents: 0f4c898
Author: Sergey Beryozkin 
Authored: Fri Nov 13 10:56:58 2015 +
Committer: Sergey Beryozkin 
Committed: Fri Nov 13 10:58:34 2015 +

--
 .../cxf/rs/security/oauth2/client/AccessDeniedResponse.java  | 8 +++-
 .../rs/security/oauth2/client/ClientCodeRequestFilter.java   | 4 ++--
 .../oauth2/provider/AbstractOAuthJoseJwtProducer.java| 5 +++--
 3 files changed, 12 insertions(+), 5 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/4ff4cf5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java
index 9ec28ab..16a87bf 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java
@@ -19,5 +19,11 @@
 package org.apache.cxf.rs.security.oauth2.client;
 
 public class AccessDeniedResponse {
-
+private String error;
+public AccessDeniedResponse(String error) {
+this.error = error;
+}
+public String getError() {
+return error;
+}
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/4ff4cf5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index 3e312a3..18285a6 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -115,10 +115,10 @@ public class ClientCodeRequestFilter implements 
ContainerRequestFilter {
 if (sc == null || sc.getUserPrincipal() == null) {
 if (codeParam == null 
 && requestParams.containsKey(OAuthConstants.ERROR_KEY)
-&& 
OAuthConstants.ACCESS_DENIED.equals(requestParams.getFirst(OAuthConstants.ERROR_KEY))
 && !faultAccessDeniedResponses) {
 if (!applicationCanHandleAccessDenied) {
-rc.abortWith(Response.ok(new 
AccessDeniedResponse()).build());
+String error = 
requestParams.getFirst(OAuthConstants.ERROR_KEY);
+rc.abortWith(Response.ok(new 
AccessDeniedResponse(error)).build());
 }
 } else {
 throw ExceptionUtils.toNotAuthorizedException(null, null);

http://git-wip-us.apache.org/repos/asf/cxf/blob/4ff4cf5f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
index b0a7414..fec38bc 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
@@ -22,6 +22,7 @@ import java.util.Properties;
 
 import javax.crypto.SecretKey;
 
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
@@ -44,7 +45,7 @@ public abstract class

cxf git commit: Making sure an empty/null secret is not used for getting tokens for public clients

2015-11-13 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 4ff4cf5f2 -> e80086821


Making sure an empty/null secret is not used for getting tokens for public 
clients


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e8008682
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e8008682
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e8008682

Branch: refs/heads/3.1.x-fixes
Commit: e80086821a1f4020247d97bbd62dd8cad81d4ae1
Parents: 4ff4cf5
Author: Sergey Beryozkin 
Authored: Fri Nov 13 11:35:16 2015 +
Committer: Sergey Beryozkin 
Committed: Fri Nov 13 11:36:03 2015 +

--
 .../cxf/rs/security/oauth2/client/OAuthClientUtils.java  | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/e8008682/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
index 971b481..17471f8 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
@@ -33,6 +33,7 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 
 import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
@@ -281,7 +282,8 @@ public final class OAuthClientUtils {
 }
 }
 if (consumer != null) {
-if (setAuthorizationHeader) {
+boolean secretAvailable = 
!StringUtils.isEmpty(consumer.getSecret());
+if (setAuthorizationHeader && secretAvailable) {
 StringBuilder sb = new StringBuilder();
 sb.append("Basic ");
 try {
@@ -293,7 +295,7 @@ public final class OAuthClientUtils {
 accessTokenService.replaceHeader("Authorization", 
sb.toString());
 } else {
 form.param(OAuthConstants.CLIENT_ID, consumer.getKey());
-if (consumer.getSecret() != null) {
+if (secretAvailable) {
 form.param(OAuthConstants.CLIENT_SECRET, 
consumer.getSecret());
 }
 }
@@ -315,7 +317,7 @@ public final class OAuthClientUtils {
 } else {
 return token;
 }
-} else if (400 == response.getStatus() && 
map.containsKey(OAuthConstants.ERROR_KEY)) {
+} else if (response.getStatus() >= 400 && 
map.containsKey(OAuthConstants.ERROR_KEY)) {
 OAuthError error = new 
OAuthError(map.get(OAuthConstants.ERROR_KEY),
   
map.get(OAuthConstants.ERROR_DESCRIPTION_KEY));
 error.setErrorUri(map.get(OAuthConstants.ERROR_URI_KEY));

cxf git commit: Making sure an empty/null secret is not used for getting tokens for public clients

2015-11-13 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/master 144ee70dc -> 0b8ac3e0e


Making sure an empty/null secret is not used for getting tokens for public 
clients


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0b8ac3e0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0b8ac3e0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0b8ac3e0

Branch: refs/heads/master
Commit: 0b8ac3e0e2488b015f52d178a33da943ce81ce0e
Parents: 144ee70
Author: Sergey Beryozkin 
Authored: Fri Nov 13 11:35:16 2015 +
Committer: Sergey Beryozkin 
Committed: Fri Nov 13 11:35:16 2015 +

--
 .../cxf/rs/security/oauth2/client/OAuthClientUtils.java  | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/0b8ac3e0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
index 971b481..17471f8 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
@@ -33,6 +33,7 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 
 import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
@@ -281,7 +282,8 @@ public final class OAuthClientUtils {
 }
 }
 if (consumer != null) {
-if (setAuthorizationHeader) {
+boolean secretAvailable = 
!StringUtils.isEmpty(consumer.getSecret());
+if (setAuthorizationHeader && secretAvailable) {
 StringBuilder sb = new StringBuilder();
 sb.append("Basic ");
 try {
@@ -293,7 +295,7 @@ public final class OAuthClientUtils {
 accessTokenService.replaceHeader("Authorization", 
sb.toString());
 } else {
 form.param(OAuthConstants.CLIENT_ID, consumer.getKey());
-if (consumer.getSecret() != null) {
+if (secretAvailable) {
 form.param(OAuthConstants.CLIENT_SECRET, 
consumer.getSecret());
 }
 }
@@ -315,7 +317,7 @@ public final class OAuthClientUtils {
 } else {
 return token;
 }
-} else if (400 == response.getStatus() && 
map.containsKey(OAuthConstants.ERROR_KEY)) {
+} else if (response.getStatus() >= 400 && 
map.containsKey(OAuthConstants.ERROR_KEY)) {
 OAuthError error = new 
OAuthError(map.get(OAuthConstants.ERROR_KEY),
   
map.get(OAuthConstants.ERROR_DESCRIPTION_KEY));
 error.setErrorUri(map.get(OAuthConstants.ERROR_URI_KEY));

cxf-fediz git commit: [FEDIZ-131] Completing the cxf plugin demo

2015-11-13 Thread sergeyb 
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 9f05f8969 -> a9ac5873d


[FEDIZ-131] Completing the cxf plugin demo


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a9ac5873
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a9ac5873
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a9ac5873

Branch: refs/heads/master
Commit: a9ac5873d4fb1c11d623b219c20555adb37f4c7d
Parents: 9f05f89
Author: Sergey Beryozkin 
Authored: Fri Nov 13 15:16:29 2015 +
Committer: Sergey Beryozkin 
Committed: Fri Nov 13 15:16:29 2015 +

--
 .../apache/cxf/fediz/example/FederationService.java| 13 ++---
 examples/pom.xml   |  1 +
 2 files changed, 11 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a9ac5873/examples/jaxrsCxfPluginWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
--
diff --git 
a/examples/jaxrsCxfPluginWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
 
b/examples/jaxrsCxfPluginWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
index fa31a87..471b8bf 100644
--- 
a/examples/jaxrsCxfPluginWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
+++ 
b/examples/jaxrsCxfPluginWebapp/src/main/java/org/apache/cxf/fediz/example/FederationService.java
@@ -25,6 +25,7 @@ import java.util.Arrays;
 import java.util.List;
 
 import javax.ws.rs.GET;
+import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
@@ -49,10 +50,16 @@ import org.apache.cxf.fediz.core.SecurityTokenThreadLocal;
 
 @Path("/")
 public class FederationService {
-
+@Context 
+private UriInfo uriInfo;
+@Context 
+private SecurityContext securityContext;
+@POST
+public Response getTokenInfoFromPost() {
+return getTokenInfo();
+}
 @GET
-public Response get(@Context UriInfo uriInfo,
-@Context SecurityContext securityContext) {
+public Response getTokenInfo() {
 
 ResponseBuilder rb = Response.ok().type("text/html");
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a9ac5873/examples/pom.xml
--
diff --git a/examples/pom.xml b/examples/pom.xml
index e6c6490..d77b8d6 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -39,6 +39,7 @@
 springPreauthWebapp
 jaxrsSimpleWebapp
 jaxrsSpringSecurityWebapp
+jaxrsCxfPluginWebapp

cxf git commit: Adding JWTValidator

2015-11-13 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/master 67ac0ab27 -> c8905fd54


Adding JWTValidator


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c8905fd5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c8905fd5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c8905fd5

Branch: refs/heads/master
Commit: c8905fd544457546be73f8887e154bb72dee7c7e
Parents: 67ac0ab
Author: Colm O hEigeartaigh 
Authored: Fri Nov 13 16:28:07 2015 +
Committer: Colm O hEigeartaigh 
Committed: Fri Nov 13 16:28:07 2015 +

--
 .../apache/cxf/sts/request/ReceivedToken.java   |   7 +-
 .../token/validator/jwt/JWTTokenValidator.java  | 207 
 .../token/validator/JWTTokenValidatorTest.java  | 246 +++
 3 files changed, 459 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/c8905fd5/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/ReceivedToken.java
--
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/ReceivedToken.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/ReceivedToken.java
index c2e1aee..252ec60 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/ReceivedToken.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/ReceivedToken.java
@@ -33,7 +33,7 @@ import org.apache.cxf.ws.security.sts.provider.STSException;
 
 /**
  * This class contains values that have been extracted from a received Token. 
The Token can be a
- * JAXB UsernameTokenType/BinarySecurityTokenType or a DOM Element.
+ * JAXB UsernameTokenType/BinarySecurityTokenType, a DOM Element or a String.
  */
 public class ReceivedToken {
 
@@ -74,6 +74,11 @@ public class ReceivedToken {
 }
 this.token = receivedToken;
 isDOMElement = true;
+} else if (receivedToken instanceof String) {
+if (LOG.isLoggable(Level.FINE)) {
+LOG.fine("Found ValidateTarget String");
+}
+this.token = receivedToken;
 } else {
 LOG.fine("Found ValidateTarget object of unknown type");
 throw new STSException(

http://git-wip-us.apache.org/repos/asf/cxf/blob/c8905fd5/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
--
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
new file mode 100644
index 000..837c3c1
--- /dev/null
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
@@ -0,0 +1,207 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.validator.jwt;
+
+import java.security.KeyStore;
+import java.security.Principal;
+import java.util.Properties;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.rs.security.jose.common.JoseConstants;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.jose.jwt.JwtUtils;
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.ReceivedToken.STATE;
+import org.apache.cxf.sts.token.validator.TokenValidator;
+import org.apache.cxf.sts.token.validator.TokenValidatorParameters;
+import

cxf git commit: Introducing a dedicated property for checking client secret algorithms

2015-11-13 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/master c8905fd54 -> 92b8fbba1


Introducing a dedicated property for checking client secret algorithms


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/92b8fbba
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/92b8fbba
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/92b8fbba

Branch: refs/heads/master
Commit: 92b8fbba1f1c192a26aa77e6c0bb42e7ae1d63c1
Parents: c8905fd
Author: Sergey Beryozkin 
Authored: Fri Nov 13 16:46:39 2015 +
Committer: Sergey Beryozkin 
Committed: Fri Nov 13 16:46:39 2015 +

--
 .../oauth2/provider/AbstractOAuthJoseJwtConsumer.java   | 9 +++--
 .../oauth2/provider/AbstractOAuthJoseJwtProducer.java   | 9 +++--
 .../apache/cxf/rs/security/oauth2/utils/OAuthConstants.java | 5 +
 3 files changed, 19 insertions(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/92b8fbba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
index 5d2fa3b..175346e 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
@@ -31,6 +31,7 @@ import 
org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public abstract class AbstractOAuthJoseJwtConsumer extends 
AbstractJoseJwtConsumer {
@@ -47,7 +48,9 @@ public abstract class AbstractOAuthJoseJwtConsumer extends 
AbstractJoseJwtConsum
 protected JwsSignatureVerifier getInitializedSignatureVerifier(String 
clientSecret) {
 if (verifyWithClientSecret) {
 Properties props = JwsUtils.loadSignatureInProperties(false);
-SignatureAlgorithm sigAlgo = JwsUtils.getSignatureAlgorithm(props, 
SignatureAlgorithm.HS256);
+SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm(
+
props.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM));
+sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256;
 if (AlgorithmUtils.isHmacSign(sigAlgo)) {
 return JwsUtils.getHmacSignatureVerifier(clientSecret, 
sigAlgo);
 }
@@ -59,7 +62,9 @@ public abstract class AbstractOAuthJoseJwtConsumer extends 
AbstractJoseJwtConsum
 if (decryptWithClientSecret) {
 SecretKey key = CryptoUtils.decodeSecretKey(clientSecret);
 Properties props = JweUtils.loadEncryptionInProperties(false);
-ContentAlgorithm ctAlgo = 
JweUtils.getContentEncryptionAlgorithm(props, ContentAlgorithm.A128GCM);
+ContentAlgorithm ctAlgo = ContentAlgorithm.getAlgorithm(
+
props.getProperty(OAuthConstants.CLIENT_SECRET_ENCRYPTION_ALGORITHM));
+ctAlgo = ctAlgo != null ? ctAlgo : ContentAlgorithm.A128GCM;
 theDecryptionProvider = JweUtils.getDirectKeyJweDecryption(key, 
ctAlgo);
 }
 return theDecryptionProvider;

http://git-wip-us.apache.org/repos/asf/cxf/blob/92b8fbba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
index fec38bc..5e1c870 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
@@ -32,6 +32,7 @@ import 
org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;
 import

cxf-fediz git commit: [FEDIZ-135] Letting the sign in request to proceed

2015-11-13 Thread sergeyb 
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 890e2277b -> 9f05f8969


[FEDIZ-135] Letting the sign in request to proceed


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/9f05f896
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/9f05f896
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/9f05f896

Branch: refs/heads/master
Commit: 9f05f8969e9afc62d46d7be0480854a771290124
Parents: 890e227
Author: Sergey Beryozkin 
Authored: Fri Nov 13 15:13:42 2015 +
Committer: Sergey Beryozkin 
Committed: Fri Nov 13 15:13:42 2015 +

--
 .../cxf/plugin/FedizRedirectBindingFilter.java  | 252 +++
 .../src/main/webapp/WEB-INF/cxf-service.xml |   1 +
 2 files changed, 149 insertions(+), 104 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9f05f896/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
--
diff --git 
a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
 
b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
index 1f1e3c8..731b24a 100644
--- 
a/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
+++ 
b/plugins/cxf/src/main/java/org/apache/cxf/fediz/cxf/plugin/FedizRedirectBindingFilter.java
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.fediz.cxf.plugin;
 
+import java.io.IOException;
 import java.io.InputStream;
 import java.net.URI;
 import java.security.cert.X509Certificate;
@@ -32,6 +33,8 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.HttpMethod;
 import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerResponseContext;
+import javax.ws.rs.container.ContainerResponseFilter;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Cookie;
 import javax.ws.rs.core.HttpHeaders;
@@ -40,6 +43,7 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.ResponseBuilder;
 
 import org.w3c.dom.Document;
+
 import org.apache.cxf.fediz.core.FederationConstants;
 import org.apache.cxf.fediz.core.RequestState;
 import org.apache.cxf.fediz.core.SAMLSSOConstants;
@@ -65,12 +69,15 @@ import org.apache.wss4j.common.util.DOM2Writer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter {
+public class FedizRedirectBindingFilter extends AbstractServiceProviderFilter
+implements ContainerResponseFilter {
 
 private static final Logger LOG = 
LoggerFactory.getLogger(FedizRedirectBindingFilter.class);
 
 @Context 
 private MessageContext messageContext;
+
+private boolean redirectOnInitialSignIn;
 
 public void filter(ContainerRequestContext context) {
 Message m = JAXRSUtils.getCurrentMessage();
@@ -107,127 +114,146 @@ public class FedizRedirectBindingFilter extends 
AbstractServiceProviderFilter {
 return;
 } else {
 if (isSignInRequired(fedConfig, params)) {
-// Unauthenticated -> redirect
-FedizProcessor processor = 
-
FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
-
-HttpServletRequest request = 
messageContext.getHttpServletRequest();
-try {
-RedirectionResponse redirectionResponse = 
-processor.createSignInRequest(request, fedConfig);
-String redirectURL = 
redirectionResponse.getRedirectionURL();
-if (redirectURL != null) {
-ResponseBuilder response = Response.seeOther(new 
URI(redirectURL));
-Map headers = 
redirectionResponse.getHeaders();
-if (!headers.isEmpty()) {
-for (String headerName : headers.keySet()) {
-response.header(headerName, 
headers.get(headerName));
-}
-}
-
-// Save the RequestState
-RequestState requestState = 
redirectionResponse.getRequestState();
-if (requestState != null && requestState.getState() != 
null) {
-
getStateManager().setRequestState(requestState.getState(), requestState);
-
-String contextCookie = 
-
CookieUtils.createCookie(SECURITY_CONTEXT_STATE,
-

cxf git commit: Fix checkstyle

2015-11-13 Thread dkulp 
Repository: cxf
Updated Branches:
  refs/heads/master 92b8fbba1 -> 16feba3f0


Fix checkstyle


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/16feba3f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/16feba3f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/16feba3f

Branch: refs/heads/master
Commit: 16feba3f058d19458e4da4da0bf8dc65fe4bade0
Parents: 92b8fbb
Author: Daniel Kulp 
Authored: Fri Nov 13 12:20:34 2015 -0500
Committer: Daniel Kulp 
Committed: Fri Nov 13 12:20:50 2015 -0500

--
 .../atmosphere/DefaultProtocolInterceptor.java  | 93 +++-
 1 file changed, 52 insertions(+), 41 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/16feba3f/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
--
diff --git 
a/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
 
b/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
index 54431ce..3dde4b5 100644
--- 
a/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
+++ 
b/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
@@ -298,49 +298,60 @@ public class DefaultProtocolInterceptor extends 
AtmosphereInterceptorAdapter {
 @Override
 public ServletOutputStream getOutputStream() throws IOException {
 if (sout == null) {
-sout = new ServletOutputStream() {
-CachedOutputStream out = new CachedOutputStream();
-OutputStream getOut() {
-if (out == null) {
-out = new CachedOutputStream();
-}
-return out;
-}
-void send(boolean complete) throws IOException {
-if (out == null) {
-return;
-}
-if (response.getStatus() >= 400) {
-int i = response.getStatus();
-response.setStatus(200);
-response.addIntHeader(WebSocketUtils.SC_KEY, i);
-}
-out.flush();
-out.lockOutputStream();
-out.writeCacheTo(delegate);
-delegate.flush();
-out.close();
-out = null;
-}
-public void write(int i) throws IOException {
-getOut().write(i);
-}
-public void close() throws IOException {
-send(true);
-delegate.close();
-}
-public void flush() throws IOException {
-send(false);
-}
-public void write(byte[] b, int off, int len) throws 
IOException {
-getOut().write(b, off, len);
-}
-public void write(byte[] b) throws IOException {
-getOut().write(b);
-}
-};
+sout = new BufferedServletOutputStream();
 }
 return sout;
 }
+
+private final class BufferedServletOutputStream extends 
ServletOutputStream {
+CachedOutputStream out = new CachedOutputStream();
+
+OutputStream getOut() {
+if (out == null) {
+out = new CachedOutputStream();
+}
+return out;
+}
+
+void send(boolean complete) throws IOException {
+if (out == null) {
+return;
+}
+if (response.getStatus() >= 400) {
+int i = response.getStatus();
+response.setStatus(200);
+response.addIntHeader(WebSocketUtils.SC_KEY, i);
+}
+out.flush();
+out.lockOutputStream();
+out.writeCacheTo(delegate);
+delegate.flush();
+out.close();
+out = null;
+}
+
+public void write(int i) throws IOException {
+getOut().write(i);
+}
+
+public void close() throws IOException {
+

cxf-fediz git commit: FEDIZ-134: avoiding a possible comflict between algo properties

2015-11-13 Thread sergeyb 
Repository: cxf-fediz
Updated Branches:
  refs/heads/master a9ac5873d -> 1c4d2f580


FEDIZ-134: avoiding a possible comflict between algo properties


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/1c4d2f58
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/1c4d2f58
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/1c4d2f58

Branch: refs/heads/master
Commit: 1c4d2f580e8dd9ee456510aaac48cd7e6efca015
Parents: a9ac587
Author: Sergey Beryozkin 
Authored: Fri Nov 13 16:52:39 2015 +
Committer: Sergey Beryozkin 
Committed: Fri Nov 13 16:52:39 2015 +

--
 .../org/apache/cxf/fediz/service/oidc/OAuthDataManager.java| 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1c4d2f58/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
--
diff --git 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
index b1e632e..c498161 100644
--- 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
+++ 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
@@ -111,9 +111,9 @@ public class OAuthDataManager extends 
AbstractCodeDataProvider {
 protected JwsSignatureProvider getJwsSignatureProvider(Client client) {
 if (signIdTokenWithClientSecret && client.isConfidential() && 
client.getClientSecret() != null) {
 Properties sigProps = JwsUtils.loadSignatureOutProperties(false);
-// HS256, HS384, HS512
-SignatureAlgorithm sigAlgo = 
JwsUtils.getSignatureAlgorithm(sigProps, 
-SignatureAlgorithm.HS256); 
+SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm(
+
sigProps.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM));
+sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256;
 if (AlgorithmUtils.isHmacSign(sigAlgo)) {
 return 
JwsUtils.getHmacSignatureProvider(client.getClientSecret(), sigAlgo);
 }

cxf git commit: Fix checkstyle

2015-11-13 Thread dkulp 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 4744117f9 -> efac3c9e5


Fix checkstyle


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/efac3c9e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/efac3c9e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/efac3c9e

Branch: refs/heads/3.1.x-fixes
Commit: efac3c9e56559370e2d8c8733f7886f83662b4e4
Parents: 4744117
Author: Daniel Kulp 
Authored: Fri Nov 13 12:20:34 2015 -0500
Committer: Daniel Kulp 
Committed: Fri Nov 13 12:21:07 2015 -0500

--
 .../atmosphere/DefaultProtocolInterceptor.java  | 93 +++-
 1 file changed, 52 insertions(+), 41 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/efac3c9e/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
--
diff --git 
a/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
 
b/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
index 54431ce..3dde4b5 100644
--- 
a/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
+++ 
b/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
@@ -298,49 +298,60 @@ public class DefaultProtocolInterceptor extends 
AtmosphereInterceptorAdapter {
 @Override
 public ServletOutputStream getOutputStream() throws IOException {
 if (sout == null) {
-sout = new ServletOutputStream() {
-CachedOutputStream out = new CachedOutputStream();
-OutputStream getOut() {
-if (out == null) {
-out = new CachedOutputStream();
-}
-return out;
-}
-void send(boolean complete) throws IOException {
-if (out == null) {
-return;
-}
-if (response.getStatus() >= 400) {
-int i = response.getStatus();
-response.setStatus(200);
-response.addIntHeader(WebSocketUtils.SC_KEY, i);
-}
-out.flush();
-out.lockOutputStream();
-out.writeCacheTo(delegate);
-delegate.flush();
-out.close();
-out = null;
-}
-public void write(int i) throws IOException {
-getOut().write(i);
-}
-public void close() throws IOException {
-send(true);
-delegate.close();
-}
-public void flush() throws IOException {
-send(false);
-}
-public void write(byte[] b, int off, int len) throws 
IOException {
-getOut().write(b, off, len);
-}
-public void write(byte[] b) throws IOException {
-getOut().write(b);
-}
-};
+sout = new BufferedServletOutputStream();
 }
 return sout;
 }
+
+private final class BufferedServletOutputStream extends 
ServletOutputStream {
+CachedOutputStream out = new CachedOutputStream();
+
+OutputStream getOut() {
+if (out == null) {
+out = new CachedOutputStream();
+}
+return out;
+}
+
+void send(boolean complete) throws IOException {
+if (out == null) {
+return;
+}
+if (response.getStatus() >= 400) {
+int i = response.getStatus();
+response.setStatus(200);
+response.addIntHeader(WebSocketUtils.SC_KEY, i);
+}
+out.flush();
+out.lockOutputStream();
+out.writeCacheTo(delegate);
+delegate.flush();
+out.close();
+out = null;
+}
+
+public void write(int i) throws IOException {
+getOut().write(i);
+}
+
+public void close() throws IOException {
+

cxf git commit: Introducing a dedicated property for checking client secret algorithms

2015-11-13 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 5e8334b2d -> 4744117f9


Introducing a dedicated property for checking client secret algorithms


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4744117f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4744117f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4744117f

Branch: refs/heads/3.1.x-fixes
Commit: 4744117f9228e8f25cc2cba2255f6e6a516e2d2a
Parents: 5e8334b
Author: Sergey Beryozkin 
Authored: Fri Nov 13 16:46:39 2015 +
Committer: Sergey Beryozkin 
Committed: Fri Nov 13 16:48:30 2015 +

--
 .../oauth2/provider/AbstractOAuthJoseJwtConsumer.java   | 9 +++--
 .../oauth2/provider/AbstractOAuthJoseJwtProducer.java   | 9 +++--
 .../apache/cxf/rs/security/oauth2/utils/OAuthConstants.java | 5 +
 3 files changed, 19 insertions(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/4744117f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
index 5d2fa3b..175346e 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtConsumer.java
@@ -31,6 +31,7 @@ import 
org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 public abstract class AbstractOAuthJoseJwtConsumer extends 
AbstractJoseJwtConsumer {
@@ -47,7 +48,9 @@ public abstract class AbstractOAuthJoseJwtConsumer extends 
AbstractJoseJwtConsum
 protected JwsSignatureVerifier getInitializedSignatureVerifier(String 
clientSecret) {
 if (verifyWithClientSecret) {
 Properties props = JwsUtils.loadSignatureInProperties(false);
-SignatureAlgorithm sigAlgo = JwsUtils.getSignatureAlgorithm(props, 
SignatureAlgorithm.HS256);
+SignatureAlgorithm sigAlgo = SignatureAlgorithm.getAlgorithm(
+
props.getProperty(OAuthConstants.CLIENT_SECRET_SIGNATURE_ALGORITHM));
+sigAlgo = sigAlgo != null ? sigAlgo : SignatureAlgorithm.HS256;
 if (AlgorithmUtils.isHmacSign(sigAlgo)) {
 return JwsUtils.getHmacSignatureVerifier(clientSecret, 
sigAlgo);
 }
@@ -59,7 +62,9 @@ public abstract class AbstractOAuthJoseJwtConsumer extends 
AbstractJoseJwtConsum
 if (decryptWithClientSecret) {
 SecretKey key = CryptoUtils.decodeSecretKey(clientSecret);
 Properties props = JweUtils.loadEncryptionInProperties(false);
-ContentAlgorithm ctAlgo = 
JweUtils.getContentEncryptionAlgorithm(props, ContentAlgorithm.A128GCM);
+ContentAlgorithm ctAlgo = ContentAlgorithm.getAlgorithm(
+
props.getProperty(OAuthConstants.CLIENT_SECRET_ENCRYPTION_ALGORITHM));
+ctAlgo = ctAlgo != null ? ctAlgo : ContentAlgorithm.A128GCM;
 theDecryptionProvider = JweUtils.getDirectKeyJweDecryption(key, 
ctAlgo);
 }
 return theDecryptionProvider;

http://git-wip-us.apache.org/repos/asf/cxf/blob/4744117f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
index fec38bc..5e1c870 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
@@ -32,6 +32,7 @@ import 
org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsUtils;
 import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;

cxf git commit: Recording .gitmergeinfo Changes

2015-11-13 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 5704f28b5 -> a90a0b216


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a90a0b21
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a90a0b21
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a90a0b21

Branch: refs/heads/3.0.x-fixes
Commit: a90a0b216d05be1892d6713679e8faf6fcdafd91
Parents: 5704f28
Author: Colm O hEigeartaigh 
Authored: Fri Nov 13 16:46:30 2015 +
Committer: Colm O hEigeartaigh 
Committed: Fri Nov 13 16:46:30 2015 +

--
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/a90a0b21/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 25b1b2f..bec5c84 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -194,6 +194,7 @@ B 5bc8c0c41e3cef645ee6c7a1587d19e844fc7e4c
 B 5c678face89e4d38b2879bc4679ce3b92ac3aeb0
 B 5d387616bc1787f3ae50dbe2a185c6abb0e9955b
 B 5e06ba0c4970700477484bd2409a226aa9ec7f0a
+B 5e8334b2d62fa5ae453ba12becffc7db154d71cb
 B 5f94e273e7e8d99915eeda1189824f13488eb013
 B 5faf182264c64bd3c0abc0addc9746b64492c864
 B 5fbd407bac5af5e55bb280125405d75b7add872b

cxf git commit: Fixing some failing tests

2015-11-13 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/master 79f590ee8 -> 67ac0ab27


Fixing some failing tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/67ac0ab2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/67ac0ab2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/67ac0ab2

Branch: refs/heads/master
Commit: 67ac0ab2732b4b974824796cf13d0ed42712b879
Parents: 79f590e
Author: Colm O hEigeartaigh 
Authored: Fri Nov 13 15:06:55 2015 +
Committer: Colm O hEigeartaigh 
Committed: Fri Nov 13 15:06:55 2015 +

--
 .../apache/cxf/sts/token/provider/JWTTokenProviderTest.java| 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/67ac0ab2/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
--
diff --git 
a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
 
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
index 51ef210..c81f746 100644
--- 
a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
+++ 
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
@@ -387,11 +387,7 @@ public class JWTTokenProviderTest extends org.junit.Assert 
{
 "org.apache.wss4j.crypto.provider", 
"org.apache.wss4j.common.crypto.Merlin"
 );
 properties.put("org.apache.wss4j.crypto.merlin.keystore.password", 
"stsspass");
-if (unrestrictedPoliciesInstalled) {
-properties.put("org.apache.wss4j.crypto.merlin.keystore.file", 
"stsstore.jks");
-} else {
-properties.put("org.apache.wss4j.crypto.merlin.keystore.file", 
"restricted/stsstore.jks");
-}
+properties.put("org.apache.wss4j.crypto.merlin.keystore.file", 
"stsstore.jks");
 
 return properties;
 }

cxf git commit: Fixing some failing tests

2015-11-13 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 2e8802825 -> 22d0c244d


Fixing some failing tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/22d0c244
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/22d0c244
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/22d0c244

Branch: refs/heads/3.1.x-fixes
Commit: 22d0c244d3b60aafbd3c070e9599012019de486c
Parents: 2e88028
Author: Colm O hEigeartaigh 
Authored: Fri Nov 13 15:06:55 2015 +
Committer: Colm O hEigeartaigh 
Committed: Fri Nov 13 15:07:32 2015 +

--
 .../apache/cxf/sts/token/provider/JWTTokenProviderTest.java| 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/22d0c244/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
--
diff --git 
a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
 
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
index 51ef210..c81f746 100644
--- 
a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
+++ 
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/JWTTokenProviderTest.java
@@ -387,11 +387,7 @@ public class JWTTokenProviderTest extends org.junit.Assert 
{
 "org.apache.wss4j.crypto.provider", 
"org.apache.wss4j.common.crypto.Merlin"
 );
 properties.put("org.apache.wss4j.crypto.merlin.keystore.password", 
"stsspass");
-if (unrestrictedPoliciesInstalled) {
-properties.put("org.apache.wss4j.crypto.merlin.keystore.file", 
"stsstore.jks");
-} else {
-properties.put("org.apache.wss4j.crypto.merlin.keystore.file", 
"restricted/stsstore.jks");
-}
+properties.put("org.apache.wss4j.crypto.merlin.keystore.file", 
"stsstore.jks");
 
 return properties;
 }

cxf git commit: Recording .gitmergeinfo Changes

2015-11-13 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 1c4ffc8ee -> 5704f28b5


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5704f28b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5704f28b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5704f28b

Branch: refs/heads/3.0.x-fixes
Commit: 5704f28b5cd7344f62acee838a26a3d22fc38344
Parents: 1c4ffc8
Author: Colm O hEigeartaigh 
Authored: Fri Nov 13 15:09:01 2015 +
Committer: Colm O hEigeartaigh 
Committed: Fri Nov 13 15:09:01 2015 +

--
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/5704f28b/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 6b9c226..25b1b2f 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -58,6 +58,7 @@ B 2004b1021ce0d0975eb49cae36416863bd8c59bb
 B 20467ecea3cb0778bd02e60029d4d4ec7a8a2483
 B 20539c0278472689722204f0c08e68a86597aae1
 B 222137cb2ee577e6582a644b7ae73bbc0a75d4d1
+B 22d0c244d3b60aafbd3c070e9599012019de486c
 B 2302aa5820661975bb04857fa6d48bb68bebb4f7
 B 2345b6e4ff4adf48e9adf5e0b9245da3f7afa011
 B 237ace40ea2c204f68848309b9483c322499b524

cxf git commit: Adding JWTValidator

2015-11-13 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 22d0c244d -> 5e8334b2d


Adding JWTValidator


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5e8334b2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5e8334b2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5e8334b2

Branch: refs/heads/3.1.x-fixes
Commit: 5e8334b2d62fa5ae453ba12becffc7db154d71cb
Parents: 22d0c24
Author: Colm O hEigeartaigh 
Authored: Fri Nov 13 16:28:07 2015 +
Committer: Colm O hEigeartaigh 
Committed: Fri Nov 13 16:35:02 2015 +

--
 .../apache/cxf/sts/request/ReceivedToken.java   |   7 +-
 .../token/validator/jwt/JWTTokenValidator.java  | 207 
 .../token/validator/JWTTokenValidatorTest.java  | 246 +++
 3 files changed, 459 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/5e8334b2/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/ReceivedToken.java
--
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/ReceivedToken.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/ReceivedToken.java
index c2e1aee..252ec60 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/ReceivedToken.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/ReceivedToken.java
@@ -33,7 +33,7 @@ import org.apache.cxf.ws.security.sts.provider.STSException;
 
 /**
  * This class contains values that have been extracted from a received Token. 
The Token can be a
- * JAXB UsernameTokenType/BinarySecurityTokenType or a DOM Element.
+ * JAXB UsernameTokenType/BinarySecurityTokenType, a DOM Element or a String.
  */
 public class ReceivedToken {
 
@@ -74,6 +74,11 @@ public class ReceivedToken {
 }
 this.token = receivedToken;
 isDOMElement = true;
+} else if (receivedToken instanceof String) {
+if (LOG.isLoggable(Level.FINE)) {
+LOG.fine("Found ValidateTarget String");
+}
+this.token = receivedToken;
 } else {
 LOG.fine("Found ValidateTarget object of unknown type");
 throw new STSException(

http://git-wip-us.apache.org/repos/asf/cxf/blob/5e8334b2/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
--
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
new file mode 100644
index 000..837c3c1
--- /dev/null
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
@@ -0,0 +1,207 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.validator.jwt;
+
+import java.security.KeyStore;
+import java.security.Principal;
+import java.util.Properties;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.rs.security.jose.common.JoseConstants;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.cxf.rs.security.jose.jwt.JwtUtils;
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.ReceivedToken.STATE;
+import org.apache.cxf.sts.token.validator.TokenValidator;
+import org.apache.cxf.sts.token.validator.TokenValidatorParameters;
+import

svn commit: r972319 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2015-5253.txt.asc security-advisories.html

2015-11-13 Thread buildbot 
Author: buildbot
Date: Fri Nov 13 17:47:39 2015
New Revision: 972319

Log:
Production update by buildbot for cxf

Added:

websites/production/cxf/content/security-advisories.data/CVE-2015-5253.txt.asc
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/security-advisories.html

Modified: websites/production/cxf/content/cache/main.pageCache
==
Binary files - no diff available.

Added: 
websites/production/cxf/content/security-advisories.data/CVE-2015-5253.txt.asc
==
--- 
websites/production/cxf/content/security-advisories.data/CVE-2015-5253.txt.asc 
(added)
+++ 
websites/production/cxf/content/security-advisories.data/CVE-2015-5253.txt.asc 
Fri Nov 13 17:47:39 2015
@@ -0,0 +1,43 @@
+-BEGIN PGP SIGNED MESSAGE-
+Hash: SHA1
+
+
+CVE-2015-5253: Apache CXF SAML SSO processing is vulnerable to a wrapping 
attack
+
+Severity: Major
+
+Vendor: The Apache Software Foundation
+
+Versions Affected:
+
+This vulnerability affects all versions of Apache CXF prior to 3.1.3, 3.0.7 
and 2.7.18.
+
+Description:
+
+Apache CXF offers a module that adds support for SAML SSO to a JAX-RS endpoint.
+It is possible to construct a SAML Response by means of a wrapping attack, that
+allows a malicious user to log in instead of the principal extracted from
+the signed SAML assertion.
+
+This has been fixed in revision:
+
+https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=commit;h=845eccb6484b43ba02875c71e824db23ae4f20c0
+
+Migration:
+
+CXF 2.7.x users should upgrade to 2.7.18 or later as soon as possible.
+CXF 3.0.x users should upgrade to 3.0.7 or later as soon as possible.
+CXF 3.1.x users should upgrade to 3.1.3 or later as soon as possible.
+
+References: http://cxf.apache.org/security-advisories.html
+-BEGIN PGP SIGNATURE-
+Version: GnuPG v1
+
+iQEcBAEBAgAGBQJWQy+4AAoJEGe/gLEK1TmDRiUIALQIwSJBJU7c+p4hqlgbYfSK
+Kn0wnTw91xSQmXZzn7JnB76EECZXOubEBtpvszSjawetRvHHIhjkgowEzKFbKDXQ
+xHiy7v2SwTmbSyAUcJQ069velrW86aEUaQlUPB4pHWjTvCvFgDiZLncLKG9wGya5
+A3jdRldZmKOJ3Niv2D2NZsZqzDVDo1OyS/RtBOgeW+KcovIgcUeIgo8SWakuPf6v
+gk3ZtRa8wMKcgAjY7S1Tm+aQVBh4m2cNT+obn48C1Sq2g7mQXEGuvP3VaF7Gbo+m
+zvrbbz++GxC5PPXv3qjBZH2o2Q/IdsiSAtRe+6vVUVQniFJzXkZHor2biUZVnFs=
+=b3bL
+-END PGP SIGNATURE-

Modified: websites/production/cxf/content/security-advisories.html
==
--- websites/production/cxf/content/security-advisories.html (original)
+++ websites/production/cxf/content/security-advisories.html Fri Nov 13 
17:47:39 2015
@@ -99,7 +99,7 @@ Apache CXF -- Security Advisories
  


-2015CVE-2015-5175: Apache CXF Fediz 
application plugins are vulnerable to Denial of Service (DoS) 
attacks2014CVE-2014-3577: Apache CXF SSL 
hostname verification bypassNote on CVE-2014-3566: SSL 3.0 
support in Apache CXF, aka the "POODLE" attack.CVE-2014-3623: Apache CXF does 
not properly enforce the security semantics of SAML SubjectConfirmation methods 
when used with the TransportBindingCVE-2014-3584: Apache CXF 
JAX-RS SAML handling is vulnerable to a Denial of Service (DoS) 
attackCVE-2014-0109: HTML content 
posted to SOAP endpoint could cause OOM errorsCVE-2014-0110: Large invalid 
content co
 uld cause temporary space to fillCVE-2014-0034: The 
SecurityTokenService accepts certain invalid SAML Tokens as validCVE-2014-0035: 
UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning 
policy2013CVE-2013-2160 - Denial of 
Service Attacks on Apache CXFNote on CVE-2012-5575 - XML Encryption backwards 
compatibility attack on Apache CXF.CVE-2013-0239 - Authentication bypass in the case 
of WS-SecurityPolicy enable
 d plaintext UsernameTokens.2012CVE-2012-5633 - WSS4JInInterceptor always allows 
HTTP Get requests from browser.Note on CVE-2011-2487 - Bleichenbacher 
attack against distributed symmetric key in WS-Security.CVE-2012-3451 - Apache CXF is 
vulnerable to SOAP Action spoofing attacks on Document Literal web 
services.CVE-2012-2379 - 
Apache CXF does not verify that elements were signed or encrypted by a 
particular Supporting Token.CVE-2012-2378 - Apache CXF does not pick up some 
child policies of WS-SecurityPolicy 1.1 SupportingToken policy assertions on 
the client side.Note 
on CVE-2011-1096 - XML Encrypt
 ion flaw / Character pattern encoding attack.CVE-2012-0803 - Apache CXF does not validate 
UsernameToken policies correctly.2010http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf;>CVE-2010-2076
 - DTD based XML attacks.
+2015CVE-2015-5253: Apache CXF SAML 
SSO processing is vulnerable to a wrapping attackCVE-2015-5175: Apache CXF Fediz 
application plugins are vulnerable to Denial of Service (DoS) 
attacks2014CVE-2014-3577: Apache CXF SSL 
hostname verification bypassNote on CVE-2014-3566: SSL 3.0

[2/2] cxf git commit: Fix pmd error

2015-11-13 Thread dkulp 
Fix pmd error


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f831e9f5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f831e9f5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f831e9f5

Branch: refs/heads/3.1.x-fixes
Commit: f831e9f5ee56bff9e4472782300f9558ba234f80
Parents: efac3c9
Author: Daniel Kulp 
Authored: Fri Nov 13 12:42:45 2015 -0500
Committer: Daniel Kulp 
Committed: Fri Nov 13 12:44:44 2015 -0500

--
 .../websocket/atmosphere/DefaultProtocolInterceptor.java| 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/f831e9f5/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
--
diff --git 
a/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
 
b/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
index 3dde4b5..1a2cd9a 100644
--- 
a/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
+++ 
b/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
@@ -286,25 +286,28 @@ public class DefaultProtocolInterceptor extends 
AtmosphereInterceptorAdapter {
 // a workaround to flush the header data upon close when no write 
operation occurs  
 private class WrappedAtmosphereResponse extends AtmosphereResponse {
 final AtmosphereResponse response;
-final ServletOutputStream delegate;
 ServletOutputStream sout;
 WrappedAtmosphereResponse(AtmosphereResponse resp, AtmosphereRequest 
req) throws IOException {
 super((HttpServletResponse)resp.getResponse(), null, req, 
resp.isDestroyable());
 response = resp;
 response.request(req);
-delegate = super.getOutputStream();
 }
 
 @Override
 public ServletOutputStream getOutputStream() throws IOException {
 if (sout == null) {
-sout = new BufferedServletOutputStream();
+sout = new 
BufferedServletOutputStream(super.getOutputStream());
 }
 return sout;
 }
 
 private final class BufferedServletOutputStream extends 
ServletOutputStream {
+final ServletOutputStream delegate;
 CachedOutputStream out = new CachedOutputStream();
+
+BufferedServletOutputStream(ServletOutputStream d) {
+delegate = d;
+}
 
 OutputStream getOut() {
 if (out == null) {

[1/2] cxf git commit: Recording .gitmergeinfo Changes

2015-11-13 Thread dkulp 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes efac3c9e5 -> dd3c8f9d0


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dd3c8f9d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dd3c8f9d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dd3c8f9d

Branch: refs/heads/3.1.x-fixes
Commit: dd3c8f9d05b549d7aeb3804476bdc3fb344cf2d8
Parents: f831e9f
Author: Daniel Kulp 
Authored: Fri Nov 13 12:44:44 2015 -0500
Committer: Daniel Kulp 
Committed: Fri Nov 13 12:44:44 2015 -0500

--
 .gitmergeinfo | 2 ++
 1 file changed, 2 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/dd3c8f9d/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 8bd298f..f2766bb 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -4,6 +4,8 @@ B 39851b83af116611ce0efe70c4b9a32ee8491523
 B 59b8615053ddcad353fbebcd9a5b1109ae0897a1
 B 65e1e07fdb810ec9de135530ca3e3d23821836a3
 B 7fc957efa3a193a5f2ae178b8a608717ce4c5b26
+B a261507ebd3104b1a00298801ec9815ed1e7a728
 B ced98c6e937bd93f92dac9043fa0406c696bfd84
+B f0e08b7bea2660542e18294d490e68c7b14aaa4b
 B f1b56150d6520e73d2ade2296c3b2f13839e63e5
 B fb30f8bffc85fcc3208fcc0e1eda4b54a89b5d37

cxf git commit: Fix pmd error

2015-11-13 Thread dkulp 
Repository: cxf
Updated Branches:
  refs/heads/master 16feba3f0 -> 4ced4ae4f


Fix pmd error


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4ced4ae4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4ced4ae4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4ced4ae4

Branch: refs/heads/master
Commit: 4ced4ae4f31f34ac5e2f98e52ab91b3aee701f43
Parents: 16feba3
Author: Daniel Kulp 
Authored: Fri Nov 13 12:42:45 2015 -0500
Committer: Daniel Kulp 
Committed: Fri Nov 13 12:42:45 2015 -0500

--
 .../websocket/atmosphere/DefaultProtocolInterceptor.java| 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/4ced4ae4/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
--
diff --git 
a/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
 
b/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
index 3dde4b5..1a2cd9a 100644
--- 
a/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
+++ 
b/rt/transports/websocket/src/main/java/org/apache/cxf/transport/websocket/atmosphere/DefaultProtocolInterceptor.java
@@ -286,25 +286,28 @@ public class DefaultProtocolInterceptor extends 
AtmosphereInterceptorAdapter {
 // a workaround to flush the header data upon close when no write 
operation occurs  
 private class WrappedAtmosphereResponse extends AtmosphereResponse {
 final AtmosphereResponse response;
-final ServletOutputStream delegate;
 ServletOutputStream sout;
 WrappedAtmosphereResponse(AtmosphereResponse resp, AtmosphereRequest 
req) throws IOException {
 super((HttpServletResponse)resp.getResponse(), null, req, 
resp.isDestroyable());
 response = resp;
 response.request(req);
-delegate = super.getOutputStream();
 }
 
 @Override
 public ServletOutputStream getOutputStream() throws IOException {
 if (sout == null) {
-sout = new BufferedServletOutputStream();
+sout = new 
BufferedServletOutputStream(super.getOutputStream());
 }
 return sout;
 }
 
 private final class BufferedServletOutputStream extends 
ServletOutputStream {
+final ServletOutputStream delegate;
 CachedOutputStream out = new CachedOutputStream();
+
+BufferedServletOutputStream(ServletOutputStream d) {
+delegate = d;
+}
 
 OutputStream getOut() {
 if (out == null) {

cxf git commit: Makaing sure the code filter can catch all code response errors

2015-11-13 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/master bf52c1759 -> 144ee70dc


Makaing sure the code filter can catch all code response errors


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/144ee70d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/144ee70d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/144ee70d

Branch: refs/heads/master
Commit: 144ee70dc163a1dbcfbfa891a3fed0b98b7edf21
Parents: bf52c17
Author: Sergey Beryozkin 
Authored: Fri Nov 13 10:56:58 2015 +
Committer: Sergey Beryozkin 
Committed: Fri Nov 13 10:56:58 2015 +

--
 .../cxf/rs/security/oauth2/client/AccessDeniedResponse.java  | 8 +++-
 .../rs/security/oauth2/client/ClientCodeRequestFilter.java   | 4 ++--
 .../oauth2/provider/AbstractOAuthJoseJwtProducer.java| 5 +++--
 3 files changed, 12 insertions(+), 5 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/144ee70d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java
index 9ec28ab..16a87bf 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java
@@ -19,5 +19,11 @@
 package org.apache.cxf.rs.security.oauth2.client;
 
 public class AccessDeniedResponse {
-
+private String error;
+public AccessDeniedResponse(String error) {
+this.error = error;
+}
+public String getError() {
+return error;
+}
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/144ee70d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index 3e312a3..18285a6 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -115,10 +115,10 @@ public class ClientCodeRequestFilter implements 
ContainerRequestFilter {
 if (sc == null || sc.getUserPrincipal() == null) {
 if (codeParam == null 
 && requestParams.containsKey(OAuthConstants.ERROR_KEY)
-&& 
OAuthConstants.ACCESS_DENIED.equals(requestParams.getFirst(OAuthConstants.ERROR_KEY))
 && !faultAccessDeniedResponses) {
 if (!applicationCanHandleAccessDenied) {
-rc.abortWith(Response.ok(new 
AccessDeniedResponse()).build());
+String error = 
requestParams.getFirst(OAuthConstants.ERROR_KEY);
+rc.abortWith(Response.ok(new 
AccessDeniedResponse(error)).build());
 }
 } else {
 throw ExceptionUtils.toNotAuthorizedException(null, null);

http://git-wip-us.apache.org/repos/asf/cxf/blob/144ee70d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
index b0a7414..fec38bc 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
@@ -22,6 +22,7 @@ import java.util.Properties;
 
 import javax.crypto.SecretKey;
 
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
 import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
@@ -44,7 +45,7 @@ public abstract class

[2/2] cxf git commit: NPE fix

2015-11-13 Thread coheigea 
NPE fix


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c5413a80
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c5413a80
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c5413a80

Branch: refs/heads/master
Commit: c5413a80e67b9b9a319ab8e3112486f093892528
Parents: 0b8ac3e
Author: Colm O hEigeartaigh 
Authored: Fri Nov 13 11:15:30 2015 +
Committer: Colm O hEigeartaigh 
Committed: Fri Nov 13 12:39:30 2015 +

--
 .../rs/security/oauth2/services/RedirectionBasedGrantService.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/c5413a80/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 51ea97e..667de92 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -271,7 +271,7 @@ public abstract class RedirectionBasedGrantService extends 
AbstractOAuthService
 sessionTokenParamName = OAuthConstants.SESSION_AUTHENTICITY_TOKEN;
 }
 String sessionToken = params.getFirst(sessionTokenParamName);
-if (!compareRequestAndSessionTokens(sessionToken, params, 
userSubject)) {
+if (sessionToken == null || 
!compareRequestAndSessionTokens(sessionToken, params, userSubject)) {
 throw ExceptionUtils.toBadRequestException(null, null); 
 }

[1/2] cxf git commit: Use client id instead of principal name if it's available

2015-11-13 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/master 0b8ac3e0e -> 79f590ee8


Use client id instead of principal name if it's available


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/79f590ee
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/79f590ee
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/79f590ee

Branch: refs/heads/master
Commit: 79f590ee8f51943aa95a9e6e245f906be85d6fbb
Parents: c5413a8
Author: Colm O hEigeartaigh 
Authored: Fri Nov 13 12:25:57 2015 +
Committer: Colm O hEigeartaigh 
Committed: Fri Nov 13 12:39:30 2015 +

--
 .../cxf/rs/security/oauth2/services/AbstractTokenService.java| 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/79f590ee/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
index 29eadcb..61e3165 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
@@ -65,12 +65,12 @@ public class AbstractTokenService extends 
AbstractOAuthService {
 client = getAndValidateClientFromIdAndSecret(clientId,
   
params.getFirst(OAuthConstants.CLIENT_SECRET));
 }
-} else if (principal.getName() != null) {
-client = getClient(principal.getName());
 } else {
 String clientId = retrieveClientId(params);
 if (clientId != null) {
 client = getClient(clientId);
+} else if (principal.getName() != null) {
+client = getClient(principal.getName());
 } 
 }
 if (client == null) {

[1/2] cxf git commit: NPE fix

2015-11-13 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes e80086821 -> 2e8802825


NPE fix


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/13521bd1
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/13521bd1
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/13521bd1

Branch: refs/heads/3.1.x-fixes
Commit: 13521bd10962d41f16f699f42876874b53a448f3
Parents: e800868
Author: Colm O hEigeartaigh 
Authored: Fri Nov 13 11:15:30 2015 +
Committer: Colm O hEigeartaigh 
Committed: Fri Nov 13 13:37:00 2015 +

--
 .../rs/security/oauth2/services/RedirectionBasedGrantService.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/13521bd1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 51ea97e..667de92 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -271,7 +271,7 @@ public abstract class RedirectionBasedGrantService extends 
AbstractOAuthService
 sessionTokenParamName = OAuthConstants.SESSION_AUTHENTICITY_TOKEN;
 }
 String sessionToken = params.getFirst(sessionTokenParamName);
-if (!compareRequestAndSessionTokens(sessionToken, params, 
userSubject)) {
+if (sessionToken == null || 
!compareRequestAndSessionTokens(sessionToken, params, userSubject)) {
 throw ExceptionUtils.toBadRequestException(null, null); 
 }

[3/3] cxf git commit: Recording .gitmergeinfo Changes

2015-11-13 Thread coheigea 
Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1c4ffc8e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1c4ffc8e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1c4ffc8e

Branch: refs/heads/3.0.x-fixes
Commit: 1c4ffc8ee75fc2dcc21913b7ca35fd8f9eb4615b
Parents: 2a0142e
Author: Colm O hEigeartaigh 
Authored: Fri Nov 13 13:39:00 2015 +
Committer: Colm O hEigeartaigh 
Committed: Fri Nov 13 13:39:00 2015 +

--
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/1c4ffc8e/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 33fd585..6b9c226 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -562,6 +562,7 @@ M 0f7b744eb8e4ad8c4eee2ffd10bdaa1da1364deb
 M 10a8386fcef4b7f2220ceceaa6aedca60846f6d1
 M 10b043faa0652a6a06f5f020173162edef7fb0ca
 M 12d070f4392316cdfff03eb41abe22531ed64ee9
+M 13521bd10962d41f16f699f42876874b53a448f3
 M 16ffa0f10dac874cd5727d312ac56a78b13e5ca9
 M 1701e6c8d4e794f25d69781e3f69357723ad7fcf
 M 174bd11dcfeae47998723757542abe56c792cc76

[1/3] cxf git commit: NPE fix

2015-11-13 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 3f240045b -> 1c4ffc8ee


NPE fix


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1da85e32
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1da85e32
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1da85e32

Branch: refs/heads/3.0.x-fixes
Commit: 1da85e324276d380836fb7dcbff2d83526b3946f
Parents: 3f24004
Author: Colm O hEigeartaigh 
Authored: Fri Nov 13 11:15:30 2015 +
Committer: Colm O hEigeartaigh 
Committed: Fri Nov 13 13:38:59 2015 +

--
 .../rs/security/oauth2/services/RedirectionBasedGrantService.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/1da85e32/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index a6260bd..e260bbc 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -229,7 +229,7 @@ public abstract class RedirectionBasedGrantService extends 
AbstractOAuthService
 sessionTokenParamName = OAuthConstants.SESSION_AUTHENTICITY_TOKEN;
 }
 String sessionToken = params.getFirst(sessionTokenParamName);
-if (!compareRequestAndSessionTokens(sessionToken, params, 
userSubject)) {
+if (sessionToken == null || 
!compareRequestAndSessionTokens(sessionToken, params, userSubject)) {
 throw ExceptionUtils.toBadRequestException(null, null); 
 }
 //TODO: additionally we can check that the Principal that got 
authenticated

[2/3] cxf git commit: Use client id instead of principal name if it's available

2015-11-13 Thread coheigea 
Use client id instead of principal name if it's available


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2a0142e8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2a0142e8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2a0142e8

Branch: refs/heads/3.0.x-fixes
Commit: 2a0142e89c960095a7bb723803251e7e6ff4cae5
Parents: 1da85e3
Author: Colm O hEigeartaigh 
Authored: Fri Nov 13 12:25:57 2015 +
Committer: Colm O hEigeartaigh 
Committed: Fri Nov 13 13:39:00 2015 +

--
 .../cxf/rs/security/oauth2/services/AbstractTokenService.java| 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/2a0142e8/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
index 29eadcb..61e3165 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
@@ -65,12 +65,12 @@ public class AbstractTokenService extends 
AbstractOAuthService {
 client = getAndValidateClientFromIdAndSecret(clientId,
   
params.getFirst(OAuthConstants.CLIENT_SECRET));
 }
-} else if (principal.getName() != null) {
-client = getClient(principal.getName());
 } else {
 String clientId = retrieveClientId(params);
 if (clientId != null) {
 client = getClient(clientId);
+} else if (principal.getName() != null) {
+client = getClient(principal.getName());
 } 
 }
 if (client == null) {

cxf-fediz git commit: [FEDIZ-134] Supporting public clients

2015-11-13 Thread sergeyb 
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 799d27485 -> 890e2277b


[FEDIZ-134] Supporting public clients


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/890e2277
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/890e2277
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/890e2277

Branch: refs/heads/master
Commit: 890e2277be2e80a0077fb1ce36e5dfb57c8e1e0e
Parents: 799d274
Author: Sergey Beryozkin 
Authored: Fri Nov 13 14:10:59 2015 +
Committer: Sergey Beryozkin 
Committed: Fri Nov 13 14:10:59 2015 +

--
 services/oidc/src/main/webapp/WEB-INF/applicationContext.xml | 2 ++
 1 file changed, 2 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/890e2277/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
--
diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml 
b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
index 4520c21..2ab43d9 100644
--- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
@@ -31,6 +31,7 @@

  
  
+ 

 
 
@@ -67,6 +68,7 @@
 
 
 
+

[2/2] cxf git commit: Use client id instead of principal name if it's available

2015-11-13 Thread coheigea 
Use client id instead of principal name if it's available


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2e880282
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2e880282
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2e880282

Branch: refs/heads/3.1.x-fixes
Commit: 2e88028254a89e6ecea2bf607b50f60d66aaeaae
Parents: 13521bd
Author: Colm O hEigeartaigh 
Authored: Fri Nov 13 12:25:57 2015 +
Committer: Colm O hEigeartaigh 
Committed: Fri Nov 13 13:37:01 2015 +

--
 .../cxf/rs/security/oauth2/services/AbstractTokenService.java| 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/2e880282/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
index 29eadcb..61e3165 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
@@ -65,12 +65,12 @@ public class AbstractTokenService extends 
AbstractOAuthService {
 client = getAndValidateClientFromIdAndSecret(clientId,
   
params.getFirst(OAuthConstants.CLIENT_SECRET));
 }
-} else if (principal.getName() != null) {
-client = getClient(principal.getName());
 } else {
 String clientId = retrieveClientId(params);
 if (clientId != null) {
 client = getClient(clientId);
+} else if (principal.getName() != null) {
+client = getClient(principal.getName());
 } 
 }
 if (client == null) {