buildbot failure in on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building . Full details are available at: https://ci.apache.org/builders/cxf-site-production/builds/5305 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
buildbot success in on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building . Full details are available at: https://ci.apache.org/builders/cxf-site-production/builds/5303 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
buildbot failure in on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building . Full details are available at: https://ci.apache.org/builders/cxf-site-production/builds/5302 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
buildbot success in on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building . Full details are available at: https://ci.apache.org/builders/cxf-site-production/builds/5301 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
buildbot failure in on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building . Full details are available at: https://ci.apache.org/builders/cxf-site-production/builds/5300 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
buildbot success in on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building . Full details are available at: https://ci.apache.org/builders/cxf-site-production/builds/5299 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
[2/2] cxf git commit: Recording .gitmergeinfo Changes
Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bcaa41ad Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bcaa41ad Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bcaa41ad Branch: refs/heads/3.0.x-fixes Commit: bcaa41ad148dd37814325f00b5c65b8b9494f23f Parents: a068069 Author: Colm O hEigeartaigh Authored: Fri Feb 5 20:40:18 2016 + Committer: Colm O hEigeartaigh Committed: Fri Feb 5 20:40:18 2016 + -- .gitmergeinfo | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/bcaa41ad/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 6f47eaa..7df8685 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -64,6 +64,7 @@ B 1805027c9ce9925fb875e92fc5314aa826632151 B 18204e5bb0173ccea83c0afd10e4450f370287a0 B 1824d9cae26c3b141d873d0d01036602ac339c37 B 18d64577e5ef1ef3ce26e82db1821b894bd43578 +B 194224faeb3e8eb6c8feabe6397f6b42ff0f605d B 1960703149a11052490cf16ec3682408470298f9 B 1a5708e21708a9ed96991cd56ff89b3fd4eac15a B 1a8fd7c02bc6a620e276086b665d430217116767 @@ -441,6 +442,7 @@ B 94cfe7e48a50104b22457aa47b39d06329d16d32 B 9511cd40a9701ee1b46ba28b61154f6f0833b7d9 B 95c3d899174e39263a773e89a22efbd40be77d4b B 962f8167450b19b7819355141bfa9617fcb2e2c5 +B 96802a240f833a1e1cf66cca376f8123b75d68cf B 9680acf2ea8b7b9bb08d5db6a07f91a12f26ccee B 96d0e7c75f6e583f7a3a8ae1849528863c81d5ad B 96ed80508cf15f7dc8c2d5a73225a36dbc096ee2 @@ -557,6 +559,7 @@ B ba8fc3d351121ec8eb2ce37cd12e014f722c741d B bb0a94734f583e5b6b1e42303aa6ba7a49958f18 B bb1edc5dd96c50ed2c3294f6834310e0a6d4381e B bb9b5d2e15c0e30d12a6dea3db1a6f720aaf07ad +B bbe5e870579720272af49b9cea65b8293d5b1f3c B bbfe35e464e2f4a6a4783420104d0d90c287fff7 B bc752dc5bd89b5d70d00435fc1185e72659d7e4d B bc9e3714adc8848f37694eea62d33748b01fbb91
[1/2] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 640f3a914 -> bcaa41ad1 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a0680698 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a0680698 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a0680698 Branch: refs/heads/3.0.x-fixes Commit: a0680698c90ddade110fd6b8324609e96baf78fa Parents: 640f3a9 Author: Colm O hEigeartaigh Authored: Fri Feb 5 15:01:14 2016 + Committer: Colm O hEigeartaigh Committed: Fri Feb 5 15:01:14 2016 + -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a0680698/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 14eec1c..6f47eaa 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -451,6 +451,7 @@ B 9896b920035a1d1be1aef28a1d1a5eb876445c82 B 99963f9a08c9782b7c661f2b5ff8e9ce95ab3dbe B 99f4092de01d60b8369ff84036d543e9d20ecefc B 9a2c82620001b76a2065960686f9bc8f384c4d58 +B 9aae5c5622dec1198a333ac6bb3508d3ca4634c1 B 9ac66adffb73f3474fde064fab1013ecdd24be7c B 9ae69b3b323f48de033f62be9fc2780f11b0c761 B 9b93ca4bda4ba8abce2e2248059f2ccfd35391b2 @@ -646,6 +647,7 @@ B da53162f385fa73957626446cbd63ea269c1ee26 B db18a965fb238b8515ab74eb63d13c863c279476 B db51e1a99ab886f179c677579ba798b450069287 B dbf8d58d565ba7f3a8c43b917f7e9182cabe5efa +B dbfaf2b5aea3c4b09a825c82cae88c9d5f777aac B dc6fe383b095c6823e5de707b1c091556c9c378a B dc986e411b2f7449d6cd92481431cfebe18689bd B dd3c8f9d05b549d7aeb3804476bdc3fb344cf2d8
[2/3] cxf git commit: Changing the default to issue tokens rather than WS-Trust responses
Changing the default to issue tokens rather than WS-Trust responses Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bbe5e870 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bbe5e870 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bbe5e870 Branch: refs/heads/3.1.x-fixes Commit: bbe5e870579720272af49b9cea65b8293d5b1f3c Parents: 194224f Author: Colm O hEigeartaigh Authored: Fri Feb 5 17:53:25 2016 + Committer: Colm O hEigeartaigh Committed: Fri Feb 5 20:39:45 2016 + -- .../cxf/sts/rest/RESTSecurityTokenService.java | 8 +++ .../sts/rest/RESTSecurityTokenServiceImpl.java | 61 - .../cxf/systest/sts/rest/RESTUnitTest.java | 71 +++- 3 files changed, 107 insertions(+), 33 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/bbe5e870/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java -- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java index 04cc0f6..a68194d 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java @@ -63,6 +63,14 @@ public interface RESTSecurityTokenService { }) Response getToken(@PathParam("tokenType") String tokenType, @QueryParam("keyType") String keyType, @QueryParam("claim") List requestedClaims); + +@GET +@Path("ws-trust/{tokenType}") +@Produces({ +MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON +}) +Response getTokenViaWSTrust(@PathParam("tokenType") String tokenType, @QueryParam("keyType") String keyType, +@QueryParam("claim") List requestedClaims); @POST @Produces({ http://git-wip-us.apache.org/repos/asf/cxf/blob/bbe5e870/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java -- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java index 393b806..ae454ab 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java @@ -45,6 +45,7 @@ import org.apache.cxf.ws.security.sts.provider.model.ClaimsType; import org.apache.cxf.ws.security.sts.provider.model.ObjectFactory; import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType; import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType; +import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType; import org.apache.cxf.ws.security.trust.STSUtils; import org.apache.wss4j.dom.WSConstants; @@ -90,6 +91,36 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple @Override public Response getToken(String tokenType, String keyType, List requestedClaims) { +RequestSecurityTokenResponseType response = +issueToken(tokenType, keyType, requestedClaims); + +RequestedSecurityTokenType requestedToken = getRequestedSecurityToken(response); + +return Response.ok(requestedToken.getAny()).build(); +} + +@Override +public Response getTokenViaWSTrust(String tokenType, String keyType, List requestedClaims) { +return getToken(tokenType, keyType, requestedClaims); +} + +private RequestedSecurityTokenType getRequestedSecurityToken(RequestSecurityTokenResponseType response) { +for (Object obj : response.getAny()) { +if (obj instanceof JAXBElement) { +JAXBElement jaxbElement = (JAXBElement)obj; +if ("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart())) { +return (RequestedSecurityTokenType)jaxbElement.getValue(); +} +} +} +return null; +} + +private RequestSecurityTokenResponseType issueToken( +String tokenType, +String keyType, +List requestedClaims +) { if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) { tokenType = tokenTypeMap.get(tokenType); } @@ -141,32 +172,32 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple // } // request.setContext(null);
[3/3] cxf git commit: Update SourceProvider to be able to write out any Nodes and not just Documents
Update SourceProvider to be able to write out any Nodes and not just Documents Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/96802a24 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/96802a24 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/96802a24 Branch: refs/heads/3.1.x-fixes Commit: 96802a240f833a1e1cf66cca376f8123b75d68cf Parents: bbe5e87 Author: Colm O hEigeartaigh Authored: Fri Feb 5 17:53:39 2016 + Committer: Colm O hEigeartaigh Committed: Fri Feb 5 20:39:46 2016 + -- .../apache/cxf/jaxrs/provider/SourceProvider.java| 15 ++- 1 file changed, 10 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/96802a24/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java -- diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java index 52bf495..20e29d0 100644 --- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java +++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java @@ -44,7 +44,7 @@ import javax.xml.transform.sax.SAXSource; import javax.xml.transform.stream.StreamSource; import org.w3c.dom.Document; - +import org.w3c.dom.Node; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.io.CachedOutputStream; import org.apache.cxf.jaxrs.ext.MessageContext; @@ -72,7 +72,7 @@ public class SourceProvider extends AbstractConfigurableProvider implements public boolean isWriteable(Class type, Type genericType, Annotation[] annotations, MediaType mt) { return Source.class.isAssignableFrom(type) -|| Document.class.isAssignableFrom(type); +|| Node.class.isAssignableFrom(type); } public boolean isReadable(Class type, Type genericType, Annotation[] annotations, MediaType mt) { @@ -189,9 +189,14 @@ public class SourceProvider extends AbstractConfigurableProvider implements String encoding = HttpUtils.getSetEncoding(mt, headers, StandardCharsets.UTF_8.name()); -XMLStreamReader reader = -source instanceof Source ? StaxUtils.createXMLStreamReader((Source)source) -: StaxUtils.createXMLStreamReader((Document)source); +XMLStreamReader reader = null; +if (source instanceof Source) { +reader = StaxUtils.createXMLStreamReader((Source)source); +} else if (source instanceof Document) { +reader = StaxUtils.createXMLStreamReader((Document)source); +} else { +reader = StaxUtils.createXMLStreamReader(new DOMSource((Node)source)); +} XMLStreamWriter writer = StaxUtils.createXMLStreamWriter(os, encoding); try { StaxUtils.copy(reader, writer);
[1/3] cxf git commit: Fixed TLS client auth issue
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 0b7e0e914 -> 96802a240 Fixed TLS client auth issue Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/194224fa Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/194224fa Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/194224fa Branch: refs/heads/3.1.x-fixes Commit: 194224faeb3e8eb6c8feabe6397f6b42ff0f605d Parents: 0b7e0e9 Author: Colm O hEigeartaigh Authored: Fri Feb 5 16:14:08 2016 + Committer: Colm O hEigeartaigh Committed: Fri Feb 5 20:39:43 2016 + -- .../sts/rest/RESTSecurityTokenServiceImpl.java | 16 +- .../cxf/systest/sts/rest/RESTUnitTest.java | 2 +- .../systest/sts/rest/WSS4JBasicAuthFilter.java | 54 .../basic/src/test/resources/logging.properties | 4 +- .../apache/cxf/systest/sts/rest/cxf-client.xml | 3 ++ .../cxf/systest/sts/rest/cxf-rest-sts.xml | 8 +-- 6 files changed, 22 insertions(+), 65 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/194224fa/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java -- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java index 6955931..393b806 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java @@ -20,6 +20,7 @@ package org.apache.cxf.sts.rest; import java.security.Principal; +import java.security.cert.X509Certificate; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -34,6 +35,8 @@ import org.w3c.dom.Element; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.phase.PhaseInterceptorChain; +import org.apache.cxf.security.SecurityContext; +import org.apache.cxf.security.transport.TLSSessionInfo; import org.apache.cxf.sts.QNameConstants; import org.apache.cxf.sts.STSConstants; import org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider; @@ -87,7 +90,6 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple @Override public Response getToken(String tokenType, String keyType, List requestedClaims) { - if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) { tokenType = tokenTypeMap.get(tokenType); } @@ -213,6 +215,18 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple @Override protected Principal getPrincipal() { +SecurityContext sc = (SecurityContext)messageContext.get(SecurityContext.class); +if (sc == null || sc.getUserPrincipal() == null) { +// Get the TLS client principal if no security context is set up +TLSSessionInfo tlsInfo = + (TLSSessionInfo)PhaseInterceptorChain.getCurrentMessage().get(TLSSessionInfo.class); +if (tlsInfo != null && tlsInfo.getPeerCertificates() != null +&& tlsInfo.getPeerCertificates().length > 0 +&& (tlsInfo.getPeerCertificates()[0] instanceof X509Certificate) +) { +return ((X509Certificate)tlsInfo.getPeerCertificates()[0]).getSubjectX500Principal(); +} +} return messageContext.getSecurityContext().getUserPrincipal(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/194224fa/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java -- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java index 0668e39..7caf0f2 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java @@ -77,7 +77,7 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase { SpringBusFactory.setThreadDefaultBus(bus); String address = "https://localhost:"; + STSPORT + "/SecurityTokenService/token"; -WebClient client = WebClient.create(address, "alice", "clarinet", busFile.toString()); +WebClient client = WebClient.create(address, busFile.toString()); client.type("application/xml").accept("application/xml"); client.path("saml2.0"); http://git-w
[3/3] cxf git commit: Fixed TLS client auth issue
Fixed TLS client auth issue Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7ea12c2d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7ea12c2d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7ea12c2d Branch: refs/heads/master Commit: 7ea12c2dab4440f2dcd3b070a662957534fd6011 Parents: af11d1b Author: Colm O hEigeartaigh Authored: Fri Feb 5 16:14:08 2016 + Committer: Colm O hEigeartaigh Committed: Fri Feb 5 17:54:04 2016 + -- .../sts/rest/RESTSecurityTokenServiceImpl.java | 16 +- .../cxf/systest/sts/rest/RESTUnitTest.java | 2 +- .../systest/sts/rest/WSS4JBasicAuthFilter.java | 54 .../basic/src/test/resources/logging.properties | 4 +- .../apache/cxf/systest/sts/rest/cxf-client.xml | 3 ++ .../cxf/systest/sts/rest/cxf-rest-sts.xml | 8 +-- 6 files changed, 22 insertions(+), 65 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/7ea12c2d/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java -- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java index 6955931..393b806 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java @@ -20,6 +20,7 @@ package org.apache.cxf.sts.rest; import java.security.Principal; +import java.security.cert.X509Certificate; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -34,6 +35,8 @@ import org.w3c.dom.Element; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.phase.PhaseInterceptorChain; +import org.apache.cxf.security.SecurityContext; +import org.apache.cxf.security.transport.TLSSessionInfo; import org.apache.cxf.sts.QNameConstants; import org.apache.cxf.sts.STSConstants; import org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider; @@ -87,7 +90,6 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple @Override public Response getToken(String tokenType, String keyType, List requestedClaims) { - if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) { tokenType = tokenTypeMap.get(tokenType); } @@ -213,6 +215,18 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple @Override protected Principal getPrincipal() { +SecurityContext sc = (SecurityContext)messageContext.get(SecurityContext.class); +if (sc == null || sc.getUserPrincipal() == null) { +// Get the TLS client principal if no security context is set up +TLSSessionInfo tlsInfo = + (TLSSessionInfo)PhaseInterceptorChain.getCurrentMessage().get(TLSSessionInfo.class); +if (tlsInfo != null && tlsInfo.getPeerCertificates() != null +&& tlsInfo.getPeerCertificates().length > 0 +&& (tlsInfo.getPeerCertificates()[0] instanceof X509Certificate) +) { +return ((X509Certificate)tlsInfo.getPeerCertificates()[0]).getSubjectX500Principal(); +} +} return messageContext.getSecurityContext().getUserPrincipal(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/7ea12c2d/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java -- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java index 0668e39..7caf0f2 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java @@ -77,7 +77,7 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase { SpringBusFactory.setThreadDefaultBus(bus); String address = "https://localhost:"; + STSPORT + "/SecurityTokenService/token"; -WebClient client = WebClient.create(address, "alice", "clarinet", busFile.toString()); +WebClient client = WebClient.create(address, busFile.toString()); client.type("application/xml").accept("application/xml"); client.path("saml2.0"); http://git-wip-us.apache.org/repos/asf/cxf/blob/7ea12c2d/services/sts/systests/basic/src/test/java/or
[1/3] cxf git commit: Update SourceProvider to be able to write out any Nodes and not just Documents
Repository: cxf Updated Branches: refs/heads/master af11d1bff -> f8834cf0d Update SourceProvider to be able to write out any Nodes and not just Documents Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f8834cf0 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f8834cf0 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f8834cf0 Branch: refs/heads/master Commit: f8834cf0d4397e0f6acab078b96fe1a228c42d02 Parents: 72821c7 Author: Colm O hEigeartaigh Authored: Fri Feb 5 17:53:39 2016 + Committer: Colm O hEigeartaigh Committed: Fri Feb 5 17:54:04 2016 + -- .../apache/cxf/jaxrs/provider/SourceProvider.java| 15 ++- 1 file changed, 10 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/f8834cf0/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java -- diff --git a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java index 52bf495..20e29d0 100644 --- a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java +++ b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java @@ -44,7 +44,7 @@ import javax.xml.transform.sax.SAXSource; import javax.xml.transform.stream.StreamSource; import org.w3c.dom.Document; - +import org.w3c.dom.Node; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.io.CachedOutputStream; import org.apache.cxf.jaxrs.ext.MessageContext; @@ -72,7 +72,7 @@ public class SourceProvider extends AbstractConfigurableProvider implements public boolean isWriteable(Class type, Type genericType, Annotation[] annotations, MediaType mt) { return Source.class.isAssignableFrom(type) -|| Document.class.isAssignableFrom(type); +|| Node.class.isAssignableFrom(type); } public boolean isReadable(Class type, Type genericType, Annotation[] annotations, MediaType mt) { @@ -189,9 +189,14 @@ public class SourceProvider extends AbstractConfigurableProvider implements String encoding = HttpUtils.getSetEncoding(mt, headers, StandardCharsets.UTF_8.name()); -XMLStreamReader reader = -source instanceof Source ? StaxUtils.createXMLStreamReader((Source)source) -: StaxUtils.createXMLStreamReader((Document)source); +XMLStreamReader reader = null; +if (source instanceof Source) { +reader = StaxUtils.createXMLStreamReader((Source)source); +} else if (source instanceof Document) { +reader = StaxUtils.createXMLStreamReader((Document)source); +} else { +reader = StaxUtils.createXMLStreamReader(new DOMSource((Node)source)); +} XMLStreamWriter writer = StaxUtils.createXMLStreamWriter(os, encoding); try { StaxUtils.copy(reader, writer);
[2/3] cxf git commit: Changing the default to issue tokens rather than WS-Trust responses
Changing the default to issue tokens rather than WS-Trust responses Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/72821c78 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/72821c78 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/72821c78 Branch: refs/heads/master Commit: 72821c781bb43dd2a846fd85eed706d316bc4a2e Parents: 7ea12c2 Author: Colm O hEigeartaigh Authored: Fri Feb 5 17:53:25 2016 + Committer: Colm O hEigeartaigh Committed: Fri Feb 5 17:54:04 2016 + -- .../cxf/sts/rest/RESTSecurityTokenService.java | 8 +++ .../sts/rest/RESTSecurityTokenServiceImpl.java | 61 - .../cxf/systest/sts/rest/RESTUnitTest.java | 71 +++- 3 files changed, 107 insertions(+), 33 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/72821c78/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java -- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java index 04cc0f6..a68194d 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java @@ -63,6 +63,14 @@ public interface RESTSecurityTokenService { }) Response getToken(@PathParam("tokenType") String tokenType, @QueryParam("keyType") String keyType, @QueryParam("claim") List requestedClaims); + +@GET +@Path("ws-trust/{tokenType}") +@Produces({ +MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON +}) +Response getTokenViaWSTrust(@PathParam("tokenType") String tokenType, @QueryParam("keyType") String keyType, +@QueryParam("claim") List requestedClaims); @POST @Produces({ http://git-wip-us.apache.org/repos/asf/cxf/blob/72821c78/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java -- diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java index 393b806..ae454ab 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java @@ -45,6 +45,7 @@ import org.apache.cxf.ws.security.sts.provider.model.ClaimsType; import org.apache.cxf.ws.security.sts.provider.model.ObjectFactory; import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType; import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType; +import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType; import org.apache.cxf.ws.security.trust.STSUtils; import org.apache.wss4j.dom.WSConstants; @@ -90,6 +91,36 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple @Override public Response getToken(String tokenType, String keyType, List requestedClaims) { +RequestSecurityTokenResponseType response = +issueToken(tokenType, keyType, requestedClaims); + +RequestedSecurityTokenType requestedToken = getRequestedSecurityToken(response); + +return Response.ok(requestedToken.getAny()).build(); +} + +@Override +public Response getTokenViaWSTrust(String tokenType, String keyType, List requestedClaims) { +return getToken(tokenType, keyType, requestedClaims); +} + +private RequestedSecurityTokenType getRequestedSecurityToken(RequestSecurityTokenResponseType response) { +for (Object obj : response.getAny()) { +if (obj instanceof JAXBElement) { +JAXBElement jaxbElement = (JAXBElement)obj; +if ("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart())) { +return (RequestedSecurityTokenType)jaxbElement.getValue(); +} +} +} +return null; +} + +private RequestSecurityTokenResponseType issueToken( +String tokenType, +String keyType, +List requestedClaims +) { if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) { tokenType = tokenTypeMap.get(tokenType); } @@ -141,32 +172,32 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple // } // request.setContext(null); -
buildbot failure in on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building . Full details are available at: https://ci.apache.org/builders/cxf-site-production/builds/5293 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
buildbot success in on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building . Full details are available at: https://ci.apache.org/builders/cxf-site-production/builds/5291 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
cxf git commit: Prototyping OAuth2 redirection service which can support all the response types on a single path
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 9aae5c562 -> 0b7e0e914 Prototyping OAuth2 redirection service which can support all the response types on a single path Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0b7e0e91 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0b7e0e91 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0b7e0e91 Branch: refs/heads/3.1.x-fixes Commit: 0b7e0e914328aa7a78a2eab00bb1040c703e9b63 Parents: 9aae5c5 Author: Sergey Beryozkin Authored: Fri Feb 5 16:53:40 2016 + Committer: Sergey Beryozkin Committed: Fri Feb 5 16:55:15 2016 + -- .../oauth2/services/AuthorizationService.java | 91 .../services/RedirectionBasedGrantService.java | 5 +- 2 files changed, 95 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/0b7e0e91/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java new file mode 100644 index 000..376f74d --- /dev/null +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java @@ -0,0 +1,91 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.rs.security.oauth2.services; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.ws.rs.Consumes; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MultivaluedMap; +import javax.ws.rs.core.Response; + +import org.apache.cxf.jaxrs.ext.MessageContext; +import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; + +@Path("authorize") +public class AuthorizationService { + +private Map servicesMap = +new HashMap(); + +@Context +public void setMessageContext(MessageContext context) { +for (RedirectionBasedGrantService service : servicesMap.values()) { +service.setMessageContext(context); +} +} +@GET +@Produces({"application/xhtml+xml", "text/html", "application/xml", "application/json" }) +public Response authorize(@QueryParam(OAuthConstants.RESPONSE_TYPE) String responseType) { +return getService(responseType).authorize(); +} + +@GET +@Path("/decision") +public Response authorizeDecision(@QueryParam(OAuthConstants.RESPONSE_TYPE) String responseType) { +return getService(responseType).authorizeDecision(); +} + +/** + * Processes the end user decision + * @return The grant value, authorization code or the token + */ +@POST +@Path("/decision") +@Consumes("application/x-www-form-urlencoded") +public Response authorizeDecisionForm(MultivaluedMap params) { +String responseType = params.getFirst(OAuthConstants.RESPONSE_TYPE); +return getService(responseType).authorizeDecisionForm(params); +} + +private RedirectionBasedGrantService getService(String responseType) { +if (responseType == null || !servicesMap.containsKey(responseType)) { +throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST); +} +return servicesMap.get(responseType); +} + +public void setServices(List services) { +for (RedirectionBasedGrantService service : services) { +for (String responseType : service.getSupportedResponseTypes()) { +servicesMap.put(responseType, service); +} +} + +} +} http://git
cxf git commit: Prototyping OAuth2 redirection service which can support all the response types on a single path
Repository: cxf Updated Branches: refs/heads/master 307ddaf6f -> af11d1bff Prototyping OAuth2 redirection service which can support all the response types on a single path Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/af11d1bf Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/af11d1bf Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/af11d1bf Branch: refs/heads/master Commit: af11d1bffbd7dbc3995259418c3b8b7dbf29d85d Parents: 307ddaf Author: Sergey Beryozkin Authored: Fri Feb 5 16:53:40 2016 + Committer: Sergey Beryozkin Committed: Fri Feb 5 16:53:40 2016 + -- .../oauth2/services/AuthorizationService.java | 91 .../services/RedirectionBasedGrantService.java | 5 +- 2 files changed, 95 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/af11d1bf/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java new file mode 100644 index 000..376f74d --- /dev/null +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java @@ -0,0 +1,91 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.rs.security.oauth2.services; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.ws.rs.Consumes; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MultivaluedMap; +import javax.ws.rs.core.Response; + +import org.apache.cxf.jaxrs.ext.MessageContext; +import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; + +@Path("authorize") +public class AuthorizationService { + +private Map servicesMap = +new HashMap(); + +@Context +public void setMessageContext(MessageContext context) { +for (RedirectionBasedGrantService service : servicesMap.values()) { +service.setMessageContext(context); +} +} +@GET +@Produces({"application/xhtml+xml", "text/html", "application/xml", "application/json" }) +public Response authorize(@QueryParam(OAuthConstants.RESPONSE_TYPE) String responseType) { +return getService(responseType).authorize(); +} + +@GET +@Path("/decision") +public Response authorizeDecision(@QueryParam(OAuthConstants.RESPONSE_TYPE) String responseType) { +return getService(responseType).authorizeDecision(); +} + +/** + * Processes the end user decision + * @return The grant value, authorization code or the token + */ +@POST +@Path("/decision") +@Consumes("application/x-www-form-urlencoded") +public Response authorizeDecisionForm(MultivaluedMap params) { +String responseType = params.getFirst(OAuthConstants.RESPONSE_TYPE); +return getService(responseType).authorizeDecisionForm(params); +} + +private RedirectionBasedGrantService getService(String responseType) { +if (responseType == null || !servicesMap.containsKey(responseType)) { +throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST); +} +return servicesMap.get(responseType); +} + +public void setServices(List services) { +for (RedirectionBasedGrantService service : services) { +for (String responseType : service.getSupportedResponseTypes()) { +servicesMap.put(responseType, service); +} +} + +} +} http://git-wip-us.ap
[1/2] cxf git commit: Renaming tests
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 6a0873647 -> 9aae5c562 Renaming tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dbfaf2b5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dbfaf2b5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dbfaf2b5 Branch: refs/heads/3.1.x-fixes Commit: dbfaf2b5aea3c4b09a825c82cae88c9d5f777aac Parents: 6a08736 Author: Colm O hEigeartaigh Authored: Fri Feb 5 12:09:56 2016 + Committer: Colm O hEigeartaigh Committed: Fri Feb 5 15:00:31 2016 + -- .../cxf/systest/sts/rest/BasicAuthFilter.java | 117 +++ .../cxf/systest/sts/rest/RESTUnitTest.java | 149 +++ .../cxf/systest/sts/rest/STSRESTServer.java | 46 ++ .../systest/sts/restunit/BasicAuthFilter.java | 117 --- .../cxf/systest/sts/restunit/RESTUnitTest.java | 149 --- .../cxf/systest/sts/restunit/STSRESTServer.java | 46 -- .../apache/cxf/systest/sts/rest/cxf-client.xml | 33 .../cxf/systest/sts/rest/cxf-rest-sts.xml | 142 ++ .../cxf/systest/sts/restunit/cxf-client.xml | 33 .../cxf/systest/sts/restunit/cxf-rest-sts.xml | 142 -- 10 files changed, 487 insertions(+), 487 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/dbfaf2b5/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java -- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java new file mode 100644 index 000..30b0b86 --- /dev/null +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java @@ -0,0 +1,117 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.sts.rest; + +import java.io.IOException; +import java.security.Principal; + +import javax.security.auth.callback.CallbackHandler; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.core.Response; + +import org.w3c.dom.Document; + +import org.apache.cxf.configuration.security.AuthorizationPolicy; +import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.jaxrs.utils.ExceptionUtils; +import org.apache.cxf.jaxrs.utils.JAXRSUtils; +import org.apache.cxf.message.Message; +import org.apache.cxf.security.SecurityContext; +import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl; +import org.apache.wss4j.dom.WSConstants; +import org.apache.wss4j.dom.handler.RequestData; +import org.apache.wss4j.dom.message.token.UsernameToken; +import org.apache.wss4j.dom.validate.Credential; +import org.apache.wss4j.dom.validate.UsernameTokenValidator; + +/** + * A simple filter to validate a Basic Auth username/password via a CallbackHandler + */ +public class BasicAuthFilter implements ContainerRequestFilter { + +private CallbackHandler callbackHandler; + +public void filter(ContainerRequestContext requestContext) throws IOException { +Message message = JAXRSUtils.getCurrentMessage(); +AuthorizationPolicy policy = message.get(AuthorizationPolicy.class); + +if (policy == null || policy.getUserName() == null || policy.getPassword() == null) { +requestContext.abortWith( +Response.status(401).header("WWW-Authenticate", "Basic realm=\"IdP\"").build()); +} + +try { +UsernameToken token = convertPolicyToToken(policy); +Credential credential = new Credential(); +credential.setUsernametoken(token); + +RequestData data = new RequestData(); +data.setMsgContext(message); +data.setCallbackHandler(callbackHandler); +UsernameTokenValidator validator = new UsernameTokenValidator(); +
[2/2] cxf git commit: Refactor of "BasicAuthFilter"
Refactor of "BasicAuthFilter" Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9aae5c56 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9aae5c56 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9aae5c56 Branch: refs/heads/3.1.x-fixes Commit: 9aae5c5622dec1198a333ac6bb3508d3ca4634c1 Parents: dbfaf2b Author: Colm O hEigeartaigh Authored: Fri Feb 5 14:54:03 2016 + Committer: Colm O hEigeartaigh Committed: Fri Feb 5 15:00:32 2016 + -- .../features/src/main/resources/features.xml| 5 +- rt/security-saml/pom.xml| 2 +- .../interceptor/WSS4JBasicAuthValidator.java| 166 +++ .../trust/AuthPolicyValidatingInterceptor.java | 117 - .../cxf/systest/sts/rest/BasicAuthFilter.java | 117 - .../systest/sts/rest/WSS4JBasicAuthFilter.java | 54 ++ .../cxf/systest/sts/rest/cxf-rest-sts.xml | 2 +- .../security/oauth2/common/BasicAuthFilter.java | 117 - .../oauth2/common/WSS4JBasicAuthFilter.java | 54 ++ .../security/oauth2/filters/oauth20-server.xml | 2 +- .../oauth2/grants/grants-negative-server.xml| 2 +- .../security/oauth2/grants/grants-server.xml| 2 +- 12 files changed, 311 insertions(+), 329 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/9aae5c56/osgi/karaf/features/src/main/resources/features.xml -- diff --git a/osgi/karaf/features/src/main/resources/features.xml b/osgi/karaf/features/src/main/resources/features.xml index 3d3a128..5e509ac 100644 --- a/osgi/karaf/features/src/main/resources/features.xml +++ b/osgi/karaf/features/src/main/resources/features.xml @@ -114,14 +114,13 @@ mvn:org.apache.cxf/cxf-rt-ws-mex/${project.version} -cxf-rt-security -cxf-ws-policy wss4j +cxf-rt-security-saml +cxf-ws-policy cxf-ws-addr mvn:org.apache.geronimo.specs/geronimo-jta_1.1_spec/${cxf.geronimo.transaction.version} mvn:net.sf.ehcache/ehcache/${cxf.ehcache.version} mvn:org.apache.cxf/cxf-rt-ws-security/${project.version} -mvn:org.apache.cxf/cxf-rt-security-saml/${project.version} cxf-core http://git-wip-us.apache.org/repos/asf/cxf/blob/9aae5c56/rt/security-saml/pom.xml -- diff --git a/rt/security-saml/pom.xml b/rt/security-saml/pom.xml index 23c4caa..085ec2f 100644 --- a/rt/security-saml/pom.xml +++ b/rt/security-saml/pom.xml @@ -43,7 +43,7 @@ org.apache.wss4j -wss4j-ws-security-common +wss4j-ws-security-dom ${cxf.wss4j.version} http://git-wip-us.apache.org/repos/asf/cxf/blob/9aae5c56/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java -- diff --git a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java new file mode 100644 index 000..a5fc8b3 --- /dev/null +++ b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java @@ -0,0 +1,166 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rt.security.saml.interceptor; + +import java.security.Principal; +import java.util.Set; +import java.util.logging.Logger; + +import javax.security.auth.callback.CallbackHandler; + +import org.w3c.dom.Document; +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.configuration.security.AuthorizationPolicy; +import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.message.Message; +import org.apache.cxf.rt.security.SecurityConstants; +import org.apache.cxf.rt.security.claims.ClaimCollection; +import o
[2/2] cxf git commit: Renaming tests
Renaming tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ba7eab43 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ba7eab43 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ba7eab43 Branch: refs/heads/master Commit: ba7eab4318240e8d897b2a98e540f873ae110256 Parents: f560689 Author: Colm O hEigeartaigh Authored: Fri Feb 5 12:09:56 2016 + Committer: Colm O hEigeartaigh Committed: Fri Feb 5 14:54:44 2016 + -- .../cxf/systest/sts/rest/BasicAuthFilter.java | 117 +++ .../cxf/systest/sts/rest/RESTUnitTest.java | 149 +++ .../cxf/systest/sts/rest/STSRESTServer.java | 46 ++ .../systest/sts/restunit/BasicAuthFilter.java | 117 --- .../cxf/systest/sts/restunit/RESTUnitTest.java | 149 --- .../cxf/systest/sts/restunit/STSRESTServer.java | 46 -- .../apache/cxf/systest/sts/rest/cxf-client.xml | 33 .../cxf/systest/sts/rest/cxf-rest-sts.xml | 142 ++ .../cxf/systest/sts/restunit/cxf-client.xml | 33 .../cxf/systest/sts/restunit/cxf-rest-sts.xml | 142 -- 10 files changed, 487 insertions(+), 487 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/ba7eab43/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java -- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java new file mode 100644 index 000..30b0b86 --- /dev/null +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java @@ -0,0 +1,117 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.sts.rest; + +import java.io.IOException; +import java.security.Principal; + +import javax.security.auth.callback.CallbackHandler; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.core.Response; + +import org.w3c.dom.Document; + +import org.apache.cxf.configuration.security.AuthorizationPolicy; +import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.jaxrs.utils.ExceptionUtils; +import org.apache.cxf.jaxrs.utils.JAXRSUtils; +import org.apache.cxf.message.Message; +import org.apache.cxf.security.SecurityContext; +import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl; +import org.apache.wss4j.dom.WSConstants; +import org.apache.wss4j.dom.handler.RequestData; +import org.apache.wss4j.dom.message.token.UsernameToken; +import org.apache.wss4j.dom.validate.Credential; +import org.apache.wss4j.dom.validate.UsernameTokenValidator; + +/** + * A simple filter to validate a Basic Auth username/password via a CallbackHandler + */ +public class BasicAuthFilter implements ContainerRequestFilter { + +private CallbackHandler callbackHandler; + +public void filter(ContainerRequestContext requestContext) throws IOException { +Message message = JAXRSUtils.getCurrentMessage(); +AuthorizationPolicy policy = message.get(AuthorizationPolicy.class); + +if (policy == null || policy.getUserName() == null || policy.getPassword() == null) { +requestContext.abortWith( +Response.status(401).header("WWW-Authenticate", "Basic realm=\"IdP\"").build()); +} + +try { +UsernameToken token = convertPolicyToToken(policy); +Credential credential = new Credential(); +credential.setUsernametoken(token); + +RequestData data = new RequestData(); +data.setMsgContext(message); +data.setCallbackHandler(callbackHandler); +UsernameTokenValidator validator = new UsernameTokenValidator(); +credential = validator.validate(credential, data); + +/
[1/2] cxf git commit: Refactor of "BasicAuthFilter"
Repository: cxf Updated Branches: refs/heads/master f5606894d -> 307ddaf6f Refactor of "BasicAuthFilter" Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/307ddaf6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/307ddaf6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/307ddaf6 Branch: refs/heads/master Commit: 307ddaf6fe29102d5dc67b66749eb80ad60ce38e Parents: ba7eab4 Author: Colm O hEigeartaigh Authored: Fri Feb 5 14:54:03 2016 + Committer: Colm O hEigeartaigh Committed: Fri Feb 5 14:54:44 2016 + -- .../features/src/main/resources/features.xml| 5 +- rt/security-saml/pom.xml| 2 +- .../interceptor/WSS4JBasicAuthValidator.java| 166 +++ .../trust/AuthPolicyValidatingInterceptor.java | 117 - .../cxf/systest/sts/rest/BasicAuthFilter.java | 117 - .../systest/sts/rest/WSS4JBasicAuthFilter.java | 54 ++ .../cxf/systest/sts/rest/cxf-rest-sts.xml | 2 +- .../security/oauth2/common/BasicAuthFilter.java | 117 - .../oauth2/common/WSS4JBasicAuthFilter.java | 54 ++ .../security/oauth2/filters/oauth20-server.xml | 2 +- .../oauth2/grants/grants-negative-server.xml| 2 +- .../security/oauth2/grants/grants-server.xml| 2 +- 12 files changed, 311 insertions(+), 329 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/osgi/karaf/features/src/main/resources/features.xml -- diff --git a/osgi/karaf/features/src/main/resources/features.xml b/osgi/karaf/features/src/main/resources/features.xml index 3d3a128..5e509ac 100644 --- a/osgi/karaf/features/src/main/resources/features.xml +++ b/osgi/karaf/features/src/main/resources/features.xml @@ -114,14 +114,13 @@ mvn:org.apache.cxf/cxf-rt-ws-mex/${project.version} -cxf-rt-security -cxf-ws-policy wss4j +cxf-rt-security-saml +cxf-ws-policy cxf-ws-addr mvn:org.apache.geronimo.specs/geronimo-jta_1.1_spec/${cxf.geronimo.transaction.version} mvn:net.sf.ehcache/ehcache/${cxf.ehcache.version} mvn:org.apache.cxf/cxf-rt-ws-security/${project.version} -mvn:org.apache.cxf/cxf-rt-security-saml/${project.version} cxf-core http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/rt/security-saml/pom.xml -- diff --git a/rt/security-saml/pom.xml b/rt/security-saml/pom.xml index 351fe56..530b2cd 100644 --- a/rt/security-saml/pom.xml +++ b/rt/security-saml/pom.xml @@ -43,7 +43,7 @@ org.apache.wss4j -wss4j-ws-security-common +wss4j-ws-security-dom ${cxf.wss4j.version} http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java -- diff --git a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java new file mode 100644 index 000..a5fc8b3 --- /dev/null +++ b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java @@ -0,0 +1,166 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rt.security.saml.interceptor; + +import java.security.Principal; +import java.util.Set; +import java.util.logging.Logger; + +import javax.security.auth.callback.CallbackHandler; + +import org.w3c.dom.Document; +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.configuration.security.AuthorizationPolicy; +import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.message.Message; +import org.apache.cxf.rt.security.SecurityConst
cxf git commit: Fixing a typo
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 14ed2e2c4 -> 6a0873647 Fixing a typo Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6a087364 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6a087364 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6a087364 Branch: refs/heads/3.1.x-fixes Commit: 6a08736476f84c3bc40826d6debc6d4d96589cde Parents: 14ed2e2 Author: Sergey Beryozkin Authored: Fri Feb 5 14:32:25 2016 + Committer: Sergey Beryozkin Committed: Fri Feb 5 14:33:20 2016 + -- .../org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/6a087364/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java -- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java index c13b89d..f8a72ab 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java @@ -115,7 +115,7 @@ public class OidcImplicitService extends ImplicitGrantService { OidcUserSubject sub = (OidcUserSubject)subject; IdToken idToken = new IdToken(sub.getIdToken()); idToken.setNonce(state.getNonce()); -JoseJwtProducer processor = idTokenHandler == null ? new JoseJwtProducer() : null; +JoseJwtProducer processor = idTokenHandler == null ? new JoseJwtProducer() : idTokenHandler; return processor.processJwt(new JwtToken(idToken)); } else { return null;
cxf git commit: Fixing a typo
Repository: cxf Updated Branches: refs/heads/master 9ffc542d0 -> f5606894d Fixing a typo Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f5606894 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f5606894 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f5606894 Branch: refs/heads/master Commit: f5606894dec0ea43cda33da563b2ccb9d57fb7d1 Parents: 9ffc542 Author: Sergey Beryozkin Authored: Fri Feb 5 14:32:25 2016 + Committer: Sergey Beryozkin Committed: Fri Feb 5 14:32:25 2016 + -- .../org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/f5606894/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java -- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java index c13b89d..f8a72ab 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java @@ -115,7 +115,7 @@ public class OidcImplicitService extends ImplicitGrantService { OidcUserSubject sub = (OidcUserSubject)subject; IdToken idToken = new IdToken(sub.getIdToken()); idToken.setNonce(state.getNonce()); -JoseJwtProducer processor = idTokenHandler == null ? new JoseJwtProducer() : null; +JoseJwtProducer processor = idTokenHandler == null ? new JoseJwtProducer() : idTokenHandler; return processor.processJwt(new JwtToken(idToken)); } else { return null;
cxf git commit: Updating OidcImplicitService to process IdToken
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes c3399966e -> 14ed2e2c4 Updating OidcImplicitService to process IdToken Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/14ed2e2c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/14ed2e2c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/14ed2e2c Branch: refs/heads/3.1.x-fixes Commit: 14ed2e2c44b6da7641c95fb57212f8b5a5e77f3d Parents: c339996 Author: Sergey Beryozkin Authored: Fri Feb 5 14:30:05 2016 + Committer: Sergey Beryozkin Committed: Fri Feb 5 14:31:20 2016 + -- .../cxf/rs/security/oidc/idp/OidcImplicitService.java | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/14ed2e2c/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java -- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java index 01ae147..c13b89d 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java @@ -25,6 +25,8 @@ import java.util.List; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; +import org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer; +import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.OAuthError; import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; @@ -43,6 +45,7 @@ public class OidcImplicitService extends ImplicitGrantService { private static final String ID_TOKEN_RESPONSE_TYPE = "id_token"; private static final String ID_TOKEN_AND_AT_RESPONSE_TYPE = "id_token token"; private boolean skipAuthorizationWithOidcScope; +private JoseJwtProducer idTokenHandler; public OidcImplicitService() { super(new HashSet(Arrays.asList(ID_TOKEN_RESPONSE_TYPE, @@ -112,10 +115,15 @@ public class OidcImplicitService extends ImplicitGrantService { OidcUserSubject sub = (OidcUserSubject)subject; IdToken idToken = new IdToken(sub.getIdToken()); idToken.setNonce(state.getNonce()); -return null; //super.processJwt(new JwtToken(idToken)); +JoseJwtProducer processor = idTokenHandler == null ? new JoseJwtProducer() : null; +return processor.processJwt(new JwtToken(idToken)); } else { return null; } } + +public void setIdTokenJoseHandler(JoseJwtProducer idTokenJoseHandler) { +this.idTokenHandler = idTokenJoseHandler; +} }
cxf git commit: Updating OidcImplicitService to process IdToken
Repository: cxf Updated Branches: refs/heads/master dcf440746 -> 9ffc542d0 Updating OidcImplicitService to process IdToken Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9ffc542d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9ffc542d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9ffc542d Branch: refs/heads/master Commit: 9ffc542d09419a602cd742535faf3f9e39f1af25 Parents: dcf4407 Author: Sergey Beryozkin Authored: Fri Feb 5 14:30:05 2016 + Committer: Sergey Beryozkin Committed: Fri Feb 5 14:30:05 2016 + -- .../cxf/rs/security/oidc/idp/OidcImplicitService.java | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/9ffc542d/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java -- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java index 01ae147..c13b89d 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java @@ -25,6 +25,8 @@ import java.util.List; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; +import org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer; +import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.OAuthError; import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; @@ -43,6 +45,7 @@ public class OidcImplicitService extends ImplicitGrantService { private static final String ID_TOKEN_RESPONSE_TYPE = "id_token"; private static final String ID_TOKEN_AND_AT_RESPONSE_TYPE = "id_token token"; private boolean skipAuthorizationWithOidcScope; +private JoseJwtProducer idTokenHandler; public OidcImplicitService() { super(new HashSet(Arrays.asList(ID_TOKEN_RESPONSE_TYPE, @@ -112,10 +115,15 @@ public class OidcImplicitService extends ImplicitGrantService { OidcUserSubject sub = (OidcUserSubject)subject; IdToken idToken = new IdToken(sub.getIdToken()); idToken.setNonce(state.getNonce()); -return null; //super.processJwt(new JwtToken(idToken)); +JoseJwtProducer processor = idTokenHandler == null ? new JoseJwtProducer() : null; +return processor.processJwt(new JwtToken(idToken)); } else { return null; } } + +public void setIdTokenJoseHandler(JoseJwtProducer idTokenJoseHandler) { +this.idTokenHandler = idTokenJoseHandler; +} }
cxf git commit: Adding the renamed resources
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 89b7bb172 -> c3399966e Adding the renamed resources Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c3399966 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c3399966 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c3399966 Branch: refs/heads/3.1.x-fixes Commit: c3399966e4060837fd17511d604a26c8d12dad7c Parents: 89b7bb1 Author: Sergey Beryozkin Authored: Fri Feb 5 14:20:40 2016 + Committer: Sergey Beryozkin Committed: Fri Feb 5 14:21:19 2016 + -- .../rs/security/jose/jwt/JoseJwtConsumer.java | 107 +++ .../rs/security/jose/jwt/JoseJwtProducer.java | 91 + .../oauth2/provider/OAuthJoseJwtConsumer.java | 60 ++ .../oauth2/provider/OAuthJoseJwtProducer.java | 71 +++ .../provider/OAuthServerJoseJwtProducer.java| 65 +++ .../security/oidc/rp/OidcClaimsValidator.java | 192 +++ 6 files changed, 586 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/c3399966/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java new file mode 100644 index 000..35a6eee --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java @@ -0,0 +1,107 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwt; + +import org.apache.cxf.rs.security.jose.common.AbstractJoseConsumer; +import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput; +import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider; +import org.apache.cxf.rs.security.jose.jwe.JweHeaders; +import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer; +import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; +import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; + +public class JoseJwtConsumer extends AbstractJoseConsumer { +private boolean jwsRequired = true; +private boolean jweRequired; + +public JwtToken getJwtToken(String wrappedJwtToken) { +return getJwtToken(wrappedJwtToken, null, null); +} +public JwtToken getJwtToken(String wrappedJwtToken, + JweDecryptionProvider theDecryptor, + JwsSignatureVerifier theSigVerifier) { +if (!isJwsRequired() && !isJweRequired()) { +throw new JwtException("Unable to process JWT"); +} + +JweHeaders jweHeaders = new JweHeaders(); +if (isJweRequired()) { +JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(wrappedJwtToken); + +if (theDecryptor == null) { +theDecryptor = getInitializedDecryptionProvider(jwtConsumer.getHeaders()); +} +if (theDecryptor == null) { +throw new JwtException("Unable to decrypt JWT"); +} + +if (!isJwsRequired()) { +return jwtConsumer.decryptWith(theDecryptor); +} + +JweDecryptionOutput decOutput = theDecryptor.decrypt(wrappedJwtToken); +wrappedJwtToken = decOutput.getContentText(); +jweHeaders = decOutput.getHeaders(); +} + +JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(wrappedJwtToken); +JwtToken jwt = jwtConsumer.getJwtToken(); +// Store the encryption headers as well +jwt = new JwtToken(jwt.getJwsHeaders(), jweHeaders, jwt.getClaims()); + +if (isJwsRequired()) { +if (theSigVerifier == null) { +theSigVerifier = getInitializedSignatureVerifier(jwt);
cxf git commit: Adding the renamed resources
Repository: cxf Updated Branches: refs/heads/master 5c8c5f5b0 -> dcf440746 Adding the renamed resources Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dcf44074 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dcf44074 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dcf44074 Branch: refs/heads/master Commit: dcf4407466d5c307feb5f3be387ed8667dba6e32 Parents: 5c8c5f5 Author: Sergey Beryozkin Authored: Fri Feb 5 14:20:40 2016 + Committer: Sergey Beryozkin Committed: Fri Feb 5 14:20:40 2016 + -- .../rs/security/jose/jwt/JoseJwtConsumer.java | 107 +++ .../rs/security/jose/jwt/JoseJwtProducer.java | 91 + .../oauth2/provider/OAuthJoseJwtConsumer.java | 60 ++ .../oauth2/provider/OAuthJoseJwtProducer.java | 71 +++ .../provider/OAuthServerJoseJwtProducer.java| 65 +++ .../security/oidc/rp/OidcClaimsValidator.java | 192 +++ 6 files changed, 586 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/dcf44074/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java new file mode 100644 index 000..35a6eee --- /dev/null +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java @@ -0,0 +1,107 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.jose.jwt; + +import org.apache.cxf.rs.security.jose.common.AbstractJoseConsumer; +import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput; +import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider; +import org.apache.cxf.rs.security.jose.jwe.JweHeaders; +import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer; +import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; +import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; + +public class JoseJwtConsumer extends AbstractJoseConsumer { +private boolean jwsRequired = true; +private boolean jweRequired; + +public JwtToken getJwtToken(String wrappedJwtToken) { +return getJwtToken(wrappedJwtToken, null, null); +} +public JwtToken getJwtToken(String wrappedJwtToken, + JweDecryptionProvider theDecryptor, + JwsSignatureVerifier theSigVerifier) { +if (!isJwsRequired() && !isJweRequired()) { +throw new JwtException("Unable to process JWT"); +} + +JweHeaders jweHeaders = new JweHeaders(); +if (isJweRequired()) { +JweJwtCompactConsumer jwtConsumer = new JweJwtCompactConsumer(wrappedJwtToken); + +if (theDecryptor == null) { +theDecryptor = getInitializedDecryptionProvider(jwtConsumer.getHeaders()); +} +if (theDecryptor == null) { +throw new JwtException("Unable to decrypt JWT"); +} + +if (!isJwsRequired()) { +return jwtConsumer.decryptWith(theDecryptor); +} + +JweDecryptionOutput decOutput = theDecryptor.decrypt(wrappedJwtToken); +wrappedJwtToken = decOutput.getContentText(); +jweHeaders = decOutput.getHeaders(); +} + +JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(wrappedJwtToken); +JwtToken jwt = jwtConsumer.getJwtToken(); +// Store the encryption headers as well +jwt = new JwtToken(jwt.getJwsHeaders(), jweHeaders, jwt.getClaims()); + +if (isJwsRequired()) { +if (theSigVerifier == null) { +theSigVerifier = getInitializedSignatureVerifier(jwt); +
cxf git commit: Converting most of AbstractJose* helpers into concrete classes to make it simpler to delegate to them without having to extend
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 9f457003d -> 89b7bb172 Converting most of AbstractJose* helpers into concrete classes to make it simpler to delegate to them without having to extend Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/89b7bb17 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/89b7bb17 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/89b7bb17 Branch: refs/heads/3.1.x-fixes Commit: 89b7bb172804ebaffaa69c9207065e50eb5a5d36 Parents: 9f45700 Author: Sergey Beryozkin Authored: Fri Feb 5 14:15:58 2016 + Committer: Sergey Beryozkin Committed: Fri Feb 5 14:17:29 2016 + -- .../jaxrs/JwtAuthenticationClientFilter.java| 4 +- .../jose/jaxrs/JwtAuthenticationFilter.java | 4 +- .../jose/jwt/AbstractJoseJwtConsumer.java | 107 --- .../jose/jwt/AbstractJoseJwtProducer.java | 91 - .../grants/code/JwtRequestCodeFilter.java | 4 +- .../provider/AbstractOAuthJoseJwtConsumer.java | 60 -- .../provider/AbstractOAuthJoseJwtProducer.java | 71 --- .../AbstractOAuthServerJoseJwtProducer.java | 65 --- .../jwt/AbstactJwtAccessTokenValidator.java | 4 +- .../oidc/idp/IdTokenResponseFilter.java | 4 +- .../rs/security/oidc/idp/UserInfoService.java | 4 +- .../oidc/rp/AbstractTokenValidator.java | 192 --- .../cxf/rs/security/oidc/rp/IdTokenReader.java | 2 +- .../cxf/rs/security/oidc/rp/UserInfoClient.java | 2 +- 14 files changed, 14 insertions(+), 600 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/89b7bb17/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java -- diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java index 0319e8b..9cbbdf5 100644 --- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java +++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java @@ -33,14 +33,14 @@ import org.apache.cxf.message.Message; import org.apache.cxf.phase.PhaseInterceptorChain; import org.apache.cxf.rs.security.jose.common.JoseException; import org.apache.cxf.rs.security.jose.jwe.JweHeaders; -import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer; +import org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtConstants; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rt.security.crypto.CryptoUtils; @Priority(Priorities.AUTHENTICATION) -public class JwtAuthenticationClientFilter extends AbstractJoseJwtProducer +public class JwtAuthenticationClientFilter extends JoseJwtProducer implements ClientRequestFilter { private static final String DEFAULT_AUTH_SCHEME = "JWT"; http://git-wip-us.apache.org/repos/asf/cxf/blob/89b7bb17/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java -- diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java index 50c6a13..eeda86d 100644 --- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java +++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java @@ -35,14 +35,14 @@ import org.apache.cxf.message.MessageUtils; import org.apache.cxf.rs.security.jose.common.JoseConstants; import org.apache.cxf.rs.security.jose.common.JoseException; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; -import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer; +import org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rs.security.jose.jwt.JwtUtils; import org.apache.cxf.security.SecurityContext; @PreMatching @Priority(Priorities.AUTHENTICATION) -public class JwtAuthenticationFilter extends AbstractJoseJwtConsumer implements ContainerRequestFilter { +public class JwtAuthenticationFilter extends JoseJwtConsumer implements
cxf git commit: Converting most of AbstractJose* helpers into concrete classes to make it simpler to delegate to them without having to extend
Repository: cxf Updated Branches: refs/heads/master 5239e3a36 -> 5c8c5f5b0 Converting most of AbstractJose* helpers into concrete classes to make it simpler to delegate to them without having to extend Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5c8c5f5b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5c8c5f5b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5c8c5f5b Branch: refs/heads/master Commit: 5c8c5f5b0097c0d448f089e34b94b1f6ba2c97e7 Parents: 5239e3a Author: Sergey Beryozkin Authored: Fri Feb 5 14:15:58 2016 + Committer: Sergey Beryozkin Committed: Fri Feb 5 14:15:58 2016 + -- .../jaxrs/JwtAuthenticationClientFilter.java| 4 +- .../jose/jaxrs/JwtAuthenticationFilter.java | 4 +- .../jose/jwt/AbstractJoseJwtConsumer.java | 107 --- .../jose/jwt/AbstractJoseJwtProducer.java | 91 - .../grants/code/JwtRequestCodeFilter.java | 4 +- .../provider/AbstractOAuthJoseJwtConsumer.java | 60 -- .../provider/AbstractOAuthJoseJwtProducer.java | 71 --- .../AbstractOAuthServerJoseJwtProducer.java | 65 --- .../jwt/AbstactJwtAccessTokenValidator.java | 4 +- .../oidc/idp/IdTokenResponseFilter.java | 4 +- .../rs/security/oidc/idp/UserInfoService.java | 4 +- .../oidc/rp/AbstractTokenValidator.java | 192 --- .../cxf/rs/security/oidc/rp/IdTokenReader.java | 2 +- .../cxf/rs/security/oidc/rp/UserInfoClient.java | 2 +- 14 files changed, 14 insertions(+), 600 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/5c8c5f5b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java -- diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java index 0319e8b..9cbbdf5 100644 --- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java +++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java @@ -33,14 +33,14 @@ import org.apache.cxf.message.Message; import org.apache.cxf.phase.PhaseInterceptorChain; import org.apache.cxf.rs.security.jose.common.JoseException; import org.apache.cxf.rs.security.jose.jwe.JweHeaders; -import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer; +import org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtConstants; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rt.security.crypto.CryptoUtils; @Priority(Priorities.AUTHENTICATION) -public class JwtAuthenticationClientFilter extends AbstractJoseJwtProducer +public class JwtAuthenticationClientFilter extends JoseJwtProducer implements ClientRequestFilter { private static final String DEFAULT_AUTH_SCHEME = "JWT"; http://git-wip-us.apache.org/repos/asf/cxf/blob/5c8c5f5b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java -- diff --git a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java index 50c6a13..eeda86d 100644 --- a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java +++ b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java @@ -35,14 +35,14 @@ import org.apache.cxf.message.MessageUtils; import org.apache.cxf.rs.security.jose.common.JoseConstants; import org.apache.cxf.rs.security.jose.common.JoseException; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; -import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer; +import org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.cxf.rs.security.jose.jwt.JwtUtils; import org.apache.cxf.security.SecurityContext; @PreMatching @Priority(Priorities.AUTHENTICATION) -public class JwtAuthenticationFilter extends AbstractJoseJwtConsumer implements ContainerRequestFilter { +public class JwtAuthenticationFilter extends JoseJwtConsumer implements Container
buildbot failure in on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building . Full details are available at: https://ci.apache.org/builders/cxf-site-production/builds/5287 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
cxf git commit: Cleaning up AbstractImplicitService and prototyping the code to deal with id_token response type in OidcImplicitService, not complete yet
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 0ddd071dd -> 9f457003d Cleaning up AbstractImplicitService and prototyping the code to deal with id_token response type in OidcImplicitService, not complete yet Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9f457003 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9f457003 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9f457003 Branch: refs/heads/3.1.x-fixes Commit: 9f457003d766950abc6a22d87d7045d3cf6aee44 Parents: 0ddd071 Author: Sergey Beryozkin Authored: Fri Feb 5 13:32:33 2016 + Committer: Sergey Beryozkin Committed: Fri Feb 5 13:34:56 2016 + -- .../services/AbstractImplicitGrantService.java | 84 .../services/AuthorizationCodeGrantService.java | 7 +- .../services/RedirectionBasedGrantService.java | 21 - .../security/oidc/idp/OidcImplicitService.java | 48 +-- 4 files changed, 94 insertions(+), 66 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/9f457003/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java index 5133374..f3c466b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java @@ -63,26 +63,18 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant UserSubject userSubject, ServerAccessToken preAuthorizedToken) { -boolean tokenCanBeReturned = preAuthorizedToken != null; ServerAccessToken token = null; if (preAuthorizedToken == null) { -tokenCanBeReturned = canAccessTokenBeReturned(state, requestedScope, approvedScope); -if (tokenCanBeReturned) { -AccessTokenRegistration reg = new AccessTokenRegistration(); -reg.setClient(client); -reg.setGrantType(super.getSupportedGrantType()); -reg.setSubject(userSubject); -reg.setRequestedScope(requestedScope); -if (approvedScope == null || approvedScope.isEmpty()) { -// no down-scoping done by a user, all of the requested scopes have been authorized -reg.setApprovedScope(requestedScope); -} else { -reg.setApprovedScope(approvedScope); -} - reg.setAudiences(Collections.singletonList(state.getAudience())); -reg.setNonce(state.getNonce()); -token = getDataProvider().createAccessToken(reg); -} +AccessTokenRegistration reg = new AccessTokenRegistration(); +reg.setClient(client); +reg.setGrantType(super.getSupportedGrantType()); +reg.setSubject(userSubject); +reg.setRequestedScope(requestedScope); +reg.setApprovedScope(getApprovedScope(requestedScope, approvedScope)); + +reg.setAudiences(Collections.singletonList(state.getAudience())); +reg.setNonce(state.getNonce()); +token = getDataProvider().createAccessToken(reg); } else { token = preAuthorizedToken; if (state.getNonce() != null) { @@ -90,39 +82,20 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant } } -ClientAccessToken clientToken = null; -if (token != null) { -clientToken = OAuthUtils.toClientAccessToken(token, isWriteOptionalParameters()); -} else { -// this is not ideal - it is only done to have OIDC Implicit to have an id_token added -// via AccessTokenResponseFilter. Note if id_token is needed (with or without access token) -// then the service needs to be injected with SubjectCreator, example, DefaultSubjectCreator -// extension which will have a chance to attach id_token to Subject properties which are checked -// by id_token AccessTokenResponseFilter. If at is also needed then OAuthDataProvider may deal -// with attaching id_token itself in which case no SubjectCreator injection is necessa
cxf git commit: Cleaning up AbstractImplicitService and prototyping the code to deal with id_token response type in OidcImplicitService, not complete yet
Repository: cxf Updated Branches: refs/heads/master 89cdf0a99 -> 5239e3a36 Cleaning up AbstractImplicitService and prototyping the code to deal with id_token response type in OidcImplicitService, not complete yet Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5239e3a3 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5239e3a3 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5239e3a3 Branch: refs/heads/master Commit: 5239e3a36abed124856276e36cc2384f32e22c38 Parents: 89cdf0a Author: Sergey Beryozkin Authored: Fri Feb 5 13:32:33 2016 + Committer: Sergey Beryozkin Committed: Fri Feb 5 13:32:33 2016 + -- .../services/AbstractImplicitGrantService.java | 84 .../services/AuthorizationCodeGrantService.java | 7 +- .../services/RedirectionBasedGrantService.java | 21 - .../security/oidc/idp/OidcImplicitService.java | 48 +-- 4 files changed, 94 insertions(+), 66 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/5239e3a3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java index 5133374..f3c466b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java @@ -63,26 +63,18 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant UserSubject userSubject, ServerAccessToken preAuthorizedToken) { -boolean tokenCanBeReturned = preAuthorizedToken != null; ServerAccessToken token = null; if (preAuthorizedToken == null) { -tokenCanBeReturned = canAccessTokenBeReturned(state, requestedScope, approvedScope); -if (tokenCanBeReturned) { -AccessTokenRegistration reg = new AccessTokenRegistration(); -reg.setClient(client); -reg.setGrantType(super.getSupportedGrantType()); -reg.setSubject(userSubject); -reg.setRequestedScope(requestedScope); -if (approvedScope == null || approvedScope.isEmpty()) { -// no down-scoping done by a user, all of the requested scopes have been authorized -reg.setApprovedScope(requestedScope); -} else { -reg.setApprovedScope(approvedScope); -} - reg.setAudiences(Collections.singletonList(state.getAudience())); -reg.setNonce(state.getNonce()); -token = getDataProvider().createAccessToken(reg); -} +AccessTokenRegistration reg = new AccessTokenRegistration(); +reg.setClient(client); +reg.setGrantType(super.getSupportedGrantType()); +reg.setSubject(userSubject); +reg.setRequestedScope(requestedScope); +reg.setApprovedScope(getApprovedScope(requestedScope, approvedScope)); + +reg.setAudiences(Collections.singletonList(state.getAudience())); +reg.setNonce(state.getNonce()); +token = getDataProvider().createAccessToken(reg); } else { token = preAuthorizedToken; if (state.getNonce() != null) { @@ -90,39 +82,20 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant } } -ClientAccessToken clientToken = null; -if (token != null) { -clientToken = OAuthUtils.toClientAccessToken(token, isWriteOptionalParameters()); -} else { -// this is not ideal - it is only done to have OIDC Implicit to have an id_token added -// via AccessTokenResponseFilter. Note if id_token is needed (with or without access token) -// then the service needs to be injected with SubjectCreator, example, DefaultSubjectCreator -// extension which will have a chance to attach id_token to Subject properties which are checked -// by id_token AccessTokenResponseFilter. If at is also needed then OAuthDataProvider may deal -// with attaching id_token itself in which case no SubjectCreator injection is necessary -
buildbot success in on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building . Full details are available at: https://ci.apache.org/builders/cxf-site-production/builds/5285 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
buildbot failure in on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building . Full details are available at: https://ci.apache.org/builders/cxf-site-production/builds/5283 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
buildbot success in on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building . Full details are available at: https://ci.apache.org/builders/cxf-site-production/builds/5282 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot