cxf git commit: Prototyping OAuth2 redirection service which can support all the response types on a single path

2016-02-05 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 9aae5c562 -> 0b7e0e914


Prototyping OAuth2 redirection service which can support all the response types 
on a single path


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0b7e0e91
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0b7e0e91
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0b7e0e91

Branch: refs/heads/3.1.x-fixes
Commit: 0b7e0e914328aa7a78a2eab00bb1040c703e9b63
Parents: 9aae5c5
Author: Sergey Beryozkin 
Authored: Fri Feb 5 16:53:40 2016 +
Committer: Sergey Beryozkin 
Committed: Fri Feb 5 16:55:15 2016 +

--
 .../oauth2/services/AuthorizationService.java   | 91 
 .../services/RedirectionBasedGrantService.java  |  5 +-
 2 files changed, 95 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/0b7e0e91/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java
new file mode 100644
index 000..376f74d
--- /dev/null
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java
@@ -0,0 +1,91 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth2.services;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+@Path("authorize")
+public class AuthorizationService {
+
+private Map servicesMap = 
+new HashMap();
+
+@Context 
+public void setMessageContext(MessageContext context) {
+for (RedirectionBasedGrantService service : servicesMap.values()) {
+service.setMessageContext(context);
+}
+}
+@GET
+@Produces({"application/xhtml+xml", "text/html", "application/xml", 
"application/json" })
+public Response authorize(@QueryParam(OAuthConstants.RESPONSE_TYPE) String 
responseType) {
+return getService(responseType).authorize();
+}
+
+@GET
+@Path("/decision")
+public Response 
authorizeDecision(@QueryParam(OAuthConstants.RESPONSE_TYPE) String 
responseType) {
+return getService(responseType).authorizeDecision();
+}
+
+/**
+ * Processes the end user decision
+ * @return The grant value, authorization code or the token
+ */
+@POST
+@Path("/decision")
+@Consumes("application/x-www-form-urlencoded")
+public Response authorizeDecisionForm(MultivaluedMap 
params) {
+String responseType = params.getFirst(OAuthConstants.RESPONSE_TYPE);
+return getService(responseType).authorizeDecisionForm(params);
+}
+
+private RedirectionBasedGrantService getService(String responseType) {
+if (responseType == null || !servicesMap.containsKey(responseType)) {
+throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
+}
+return servicesMap.get(responseType);
+}
+
+public void setServices(List services) {
+for (RedirectionBasedGrantService service : services) {
+for (String responseType :

cxf git commit: Prototyping OAuth2 redirection service which can support all the response types on a single path

2016-02-05 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/master 307ddaf6f -> af11d1bff


Prototyping OAuth2 redirection service which can support all the response types 
on a single path


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/af11d1bf
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/af11d1bf
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/af11d1bf

Branch: refs/heads/master
Commit: af11d1bffbd7dbc3995259418c3b8b7dbf29d85d
Parents: 307ddaf
Author: Sergey Beryozkin 
Authored: Fri Feb 5 16:53:40 2016 +
Committer: Sergey Beryozkin 
Committed: Fri Feb 5 16:53:40 2016 +

--
 .../oauth2/services/AuthorizationService.java   | 91 
 .../services/RedirectionBasedGrantService.java  |  5 +-
 2 files changed, 95 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/af11d1bf/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java
new file mode 100644
index 000..376f74d
--- /dev/null
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java
@@ -0,0 +1,91 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth2.services;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+@Path("authorize")
+public class AuthorizationService {
+
+private Map servicesMap = 
+new HashMap();
+
+@Context 
+public void setMessageContext(MessageContext context) {
+for (RedirectionBasedGrantService service : servicesMap.values()) {
+service.setMessageContext(context);
+}
+}
+@GET
+@Produces({"application/xhtml+xml", "text/html", "application/xml", 
"application/json" })
+public Response authorize(@QueryParam(OAuthConstants.RESPONSE_TYPE) String 
responseType) {
+return getService(responseType).authorize();
+}
+
+@GET
+@Path("/decision")
+public Response 
authorizeDecision(@QueryParam(OAuthConstants.RESPONSE_TYPE) String 
responseType) {
+return getService(responseType).authorizeDecision();
+}
+
+/**
+ * Processes the end user decision
+ * @return The grant value, authorization code or the token
+ */
+@POST
+@Path("/decision")
+@Consumes("application/x-www-form-urlencoded")
+public Response authorizeDecisionForm(MultivaluedMap 
params) {
+String responseType = params.getFirst(OAuthConstants.RESPONSE_TYPE);
+return getService(responseType).authorizeDecisionForm(params);
+}
+
+private RedirectionBasedGrantService getService(String responseType) {
+if (responseType == null || !servicesMap.containsKey(responseType)) {
+throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
+}
+return servicesMap.get(responseType);
+}
+
+public void setServices(List services) {
+for (RedirectionBasedGrantService service : services) {
+for (String responseType :

[2/2] cxf git commit: Refactor of "BasicAuthFilter"

2016-02-05 Thread coheigea 
Refactor of "BasicAuthFilter"


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9aae5c56
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9aae5c56
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9aae5c56

Branch: refs/heads/3.1.x-fixes
Commit: 9aae5c5622dec1198a333ac6bb3508d3ca4634c1
Parents: dbfaf2b
Author: Colm O hEigeartaigh 
Authored: Fri Feb 5 14:54:03 2016 +
Committer: Colm O hEigeartaigh 
Committed: Fri Feb 5 15:00:32 2016 +

--
 .../features/src/main/resources/features.xml|   5 +-
 rt/security-saml/pom.xml|   2 +-
 .../interceptor/WSS4JBasicAuthValidator.java| 166 +++
 .../trust/AuthPolicyValidatingInterceptor.java  | 117 -
 .../cxf/systest/sts/rest/BasicAuthFilter.java   | 117 -
 .../systest/sts/rest/WSS4JBasicAuthFilter.java  |  54 ++
 .../cxf/systest/sts/rest/cxf-rest-sts.xml   |   2 +-
 .../security/oauth2/common/BasicAuthFilter.java | 117 -
 .../oauth2/common/WSS4JBasicAuthFilter.java |  54 ++
 .../security/oauth2/filters/oauth20-server.xml  |   2 +-
 .../oauth2/grants/grants-negative-server.xml|   2 +-
 .../security/oauth2/grants/grants-server.xml|   2 +-
 12 files changed, 311 insertions(+), 329 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/9aae5c56/osgi/karaf/features/src/main/resources/features.xml
--
diff --git a/osgi/karaf/features/src/main/resources/features.xml 
b/osgi/karaf/features/src/main/resources/features.xml
index 3d3a128..5e509ac 100644
--- a/osgi/karaf/features/src/main/resources/features.xml
+++ b/osgi/karaf/features/src/main/resources/features.xml
@@ -114,14 +114,13 @@
 mvn:org.apache.cxf/cxf-rt-ws-mex/${project.version}
 
 
-cxf-rt-security
-cxf-ws-policy
 wss4j
+cxf-rt-security-saml
+cxf-ws-policy
 cxf-ws-addr
 mvn:org.apache.geronimo.specs/geronimo-jta_1.1_spec/${cxf.geronimo.transaction.version}
 mvn:net.sf.ehcache/ehcache/${cxf.ehcache.version}
 mvn:org.apache.cxf/cxf-rt-ws-security/${project.version}
-mvn:org.apache.cxf/cxf-rt-security-saml/${project.version}
 
 
 cxf-core

http://git-wip-us.apache.org/repos/asf/cxf/blob/9aae5c56/rt/security-saml/pom.xml
--
diff --git a/rt/security-saml/pom.xml b/rt/security-saml/pom.xml
index 23c4caa..085ec2f 100644
--- a/rt/security-saml/pom.xml
+++ b/rt/security-saml/pom.xml
@@ -43,7 +43,7 @@
 
 
 org.apache.wss4j
-wss4j-ws-security-common
+wss4j-ws-security-dom
 ${cxf.wss4j.version}
 
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/9aae5c56/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java
--
diff --git 
a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java
 
b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java
new file mode 100644
index 000..a5fc8b3
--- /dev/null
+++ 
b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java
@@ -0,0 +1,166 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.saml.interceptor;
+
+import java.security.Principal;
+import java.util.Set;
+import java.util.logging.Logger;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.w3c.dom.Document;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.rt.security.SecurityConstants;
+import

[1/2] cxf git commit: Renaming tests

2016-02-05 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 6a0873647 -> 9aae5c562


Renaming tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dbfaf2b5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dbfaf2b5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dbfaf2b5

Branch: refs/heads/3.1.x-fixes
Commit: dbfaf2b5aea3c4b09a825c82cae88c9d5f777aac
Parents: 6a08736
Author: Colm O hEigeartaigh 
Authored: Fri Feb 5 12:09:56 2016 +
Committer: Colm O hEigeartaigh 
Committed: Fri Feb 5 15:00:31 2016 +

--
 .../cxf/systest/sts/rest/BasicAuthFilter.java   | 117 +++
 .../cxf/systest/sts/rest/RESTUnitTest.java  | 149 +++
 .../cxf/systest/sts/rest/STSRESTServer.java |  46 ++
 .../systest/sts/restunit/BasicAuthFilter.java   | 117 ---
 .../cxf/systest/sts/restunit/RESTUnitTest.java  | 149 ---
 .../cxf/systest/sts/restunit/STSRESTServer.java |  46 --
 .../apache/cxf/systest/sts/rest/cxf-client.xml  |  33 
 .../cxf/systest/sts/rest/cxf-rest-sts.xml   | 142 ++
 .../cxf/systest/sts/restunit/cxf-client.xml |  33 
 .../cxf/systest/sts/restunit/cxf-rest-sts.xml   | 142 --
 10 files changed, 487 insertions(+), 487 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/dbfaf2b5/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java
--
diff --git 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java
 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java
new file mode 100644
index 000..30b0b86
--- /dev/null
+++ 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java
@@ -0,0 +1,117 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.rest;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.core.Response;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.jaxrs.utils.ExceptionUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.message.token.UsernameToken;
+import org.apache.wss4j.dom.validate.Credential;
+import org.apache.wss4j.dom.validate.UsernameTokenValidator;
+
+/**
+ * A simple filter to validate a Basic Auth username/password via a 
CallbackHandler
+ */
+public class BasicAuthFilter implements ContainerRequestFilter {
+
+private CallbackHandler callbackHandler;
+
+public void filter(ContainerRequestContext requestContext) throws 
IOException {
+Message message = JAXRSUtils.getCurrentMessage();
+AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
+
+if (policy == null || policy.getUserName() == null || 
policy.getPassword() == null) {
+requestContext.abortWith(
+Response.status(401).header("WWW-Authenticate", "Basic 
realm=\"IdP\"").build());
+}
+
+try {
+UsernameToken token = convertPolicyToToken(policy);
+Credential credential = new Credential();
+credential.setUsernametoken(token);
+
+RequestData data = new RequestData();
+data.setMsgContext(message);
+data.setCallbackHandler(callbackHandler);
+UsernameTokenValidator

[1/2] cxf git commit: Refactor of "BasicAuthFilter"

2016-02-05 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/master f5606894d -> 307ddaf6f


Refactor of "BasicAuthFilter"


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/307ddaf6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/307ddaf6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/307ddaf6

Branch: refs/heads/master
Commit: 307ddaf6fe29102d5dc67b66749eb80ad60ce38e
Parents: ba7eab4
Author: Colm O hEigeartaigh 
Authored: Fri Feb 5 14:54:03 2016 +
Committer: Colm O hEigeartaigh 
Committed: Fri Feb 5 14:54:44 2016 +

--
 .../features/src/main/resources/features.xml|   5 +-
 rt/security-saml/pom.xml|   2 +-
 .../interceptor/WSS4JBasicAuthValidator.java| 166 +++
 .../trust/AuthPolicyValidatingInterceptor.java  | 117 -
 .../cxf/systest/sts/rest/BasicAuthFilter.java   | 117 -
 .../systest/sts/rest/WSS4JBasicAuthFilter.java  |  54 ++
 .../cxf/systest/sts/rest/cxf-rest-sts.xml   |   2 +-
 .../security/oauth2/common/BasicAuthFilter.java | 117 -
 .../oauth2/common/WSS4JBasicAuthFilter.java |  54 ++
 .../security/oauth2/filters/oauth20-server.xml  |   2 +-
 .../oauth2/grants/grants-negative-server.xml|   2 +-
 .../security/oauth2/grants/grants-server.xml|   2 +-
 12 files changed, 311 insertions(+), 329 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/osgi/karaf/features/src/main/resources/features.xml
--
diff --git a/osgi/karaf/features/src/main/resources/features.xml 
b/osgi/karaf/features/src/main/resources/features.xml
index 3d3a128..5e509ac 100644
--- a/osgi/karaf/features/src/main/resources/features.xml
+++ b/osgi/karaf/features/src/main/resources/features.xml
@@ -114,14 +114,13 @@
 mvn:org.apache.cxf/cxf-rt-ws-mex/${project.version}
 
 
-cxf-rt-security
-cxf-ws-policy
 wss4j
+cxf-rt-security-saml
+cxf-ws-policy
 cxf-ws-addr
 mvn:org.apache.geronimo.specs/geronimo-jta_1.1_spec/${cxf.geronimo.transaction.version}
 mvn:net.sf.ehcache/ehcache/${cxf.ehcache.version}
 mvn:org.apache.cxf/cxf-rt-ws-security/${project.version}
-mvn:org.apache.cxf/cxf-rt-security-saml/${project.version}
 
 
 cxf-core

http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/rt/security-saml/pom.xml
--
diff --git a/rt/security-saml/pom.xml b/rt/security-saml/pom.xml
index 351fe56..530b2cd 100644
--- a/rt/security-saml/pom.xml
+++ b/rt/security-saml/pom.xml
@@ -43,7 +43,7 @@
 
 
 org.apache.wss4j
-wss4j-ws-security-common
+wss4j-ws-security-dom
 ${cxf.wss4j.version}
 
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/307ddaf6/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java
--
diff --git 
a/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java
 
b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java
new file mode 100644
index 000..a5fc8b3
--- /dev/null
+++ 
b/rt/security-saml/src/main/java/org/apache/cxf/rt/security/saml/interceptor/WSS4JBasicAuthValidator.java
@@ -0,0 +1,166 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.saml.interceptor;
+
+import java.security.Principal;
+import java.util.Set;
+import java.util.logging.Logger;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.w3c.dom.Document;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.message.Message;

[2/2] cxf git commit: Renaming tests

2016-02-05 Thread coheigea 
Renaming tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ba7eab43
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ba7eab43
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ba7eab43

Branch: refs/heads/master
Commit: ba7eab4318240e8d897b2a98e540f873ae110256
Parents: f560689
Author: Colm O hEigeartaigh 
Authored: Fri Feb 5 12:09:56 2016 +
Committer: Colm O hEigeartaigh 
Committed: Fri Feb 5 14:54:44 2016 +

--
 .../cxf/systest/sts/rest/BasicAuthFilter.java   | 117 +++
 .../cxf/systest/sts/rest/RESTUnitTest.java  | 149 +++
 .../cxf/systest/sts/rest/STSRESTServer.java |  46 ++
 .../systest/sts/restunit/BasicAuthFilter.java   | 117 ---
 .../cxf/systest/sts/restunit/RESTUnitTest.java  | 149 ---
 .../cxf/systest/sts/restunit/STSRESTServer.java |  46 --
 .../apache/cxf/systest/sts/rest/cxf-client.xml  |  33 
 .../cxf/systest/sts/rest/cxf-rest-sts.xml   | 142 ++
 .../cxf/systest/sts/restunit/cxf-client.xml |  33 
 .../cxf/systest/sts/restunit/cxf-rest-sts.xml   | 142 --
 10 files changed, 487 insertions(+), 487 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/ba7eab43/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java
--
diff --git 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java
 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java
new file mode 100644
index 000..30b0b86
--- /dev/null
+++ 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/BasicAuthFilter.java
@@ -0,0 +1,117 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.rest;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.core.Response;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.jaxrs.utils.ExceptionUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.message.token.UsernameToken;
+import org.apache.wss4j.dom.validate.Credential;
+import org.apache.wss4j.dom.validate.UsernameTokenValidator;
+
+/**
+ * A simple filter to validate a Basic Auth username/password via a 
CallbackHandler
+ */
+public class BasicAuthFilter implements ContainerRequestFilter {
+
+private CallbackHandler callbackHandler;
+
+public void filter(ContainerRequestContext requestContext) throws 
IOException {
+Message message = JAXRSUtils.getCurrentMessage();
+AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
+
+if (policy == null || policy.getUserName() == null || 
policy.getPassword() == null) {
+requestContext.abortWith(
+Response.status(401).header("WWW-Authenticate", "Basic 
realm=\"IdP\"").build());
+}
+
+try {
+UsernameToken token = convertPolicyToToken(policy);
+Credential credential = new Credential();
+credential.setUsernametoken(token);
+
+RequestData data = new RequestData();
+data.setMsgContext(message);
+data.setCallbackHandler(callbackHandler);
+UsernameTokenValidator validator = new UsernameTokenValidator();
+credential =

buildbot success in on cxf-site-production

2016-02-05 Thread buildbot 
The Buildbot has detected a restored build on builder cxf-site-production while 
building . Full details are available at:
https://ci.apache.org/builders/cxf-site-production/builds/5291

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: bb-cms-slave

Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this 
build
Build Source Stamp: [branch cxf/web] HEAD
Blamelist: 

Build succeeded!

Sincerely,
 -The Buildbot

buildbot failure in on cxf-site-production

2016-02-05 Thread buildbot 
The Buildbot has detected a new failure on builder cxf-site-production while 
building . Full details are available at:
https://ci.apache.org/builders/cxf-site-production/builds/5293

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: bb-cms-slave

Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this 
build
Build Source Stamp: [branch cxf/web] HEAD
Blamelist: 

BUILD FAILED: failed compile

Sincerely,
 -The Buildbot

[2/3] cxf git commit: Changing the default to issue tokens rather than WS-Trust responses

2016-02-05 Thread coheigea 
Changing the default to issue tokens rather than WS-Trust responses


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/72821c78
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/72821c78
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/72821c78

Branch: refs/heads/master
Commit: 72821c781bb43dd2a846fd85eed706d316bc4a2e
Parents: 7ea12c2
Author: Colm O hEigeartaigh 
Authored: Fri Feb 5 17:53:25 2016 +
Committer: Colm O hEigeartaigh 
Committed: Fri Feb 5 17:54:04 2016 +

--
 .../cxf/sts/rest/RESTSecurityTokenService.java  |  8 +++
 .../sts/rest/RESTSecurityTokenServiceImpl.java  | 61 -
 .../cxf/systest/sts/rest/RESTUnitTest.java  | 71 +++-
 3 files changed, 107 insertions(+), 33 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/72821c78/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
--
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
index 04cc0f6..a68194d 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
@@ -63,6 +63,14 @@ public interface RESTSecurityTokenService {
 })
 Response getToken(@PathParam("tokenType") String tokenType, 
@QueryParam("keyType") String keyType,
 @QueryParam("claim") List requestedClaims);
+
+@GET
+@Path("ws-trust/{tokenType}")
+@Produces({
+MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON
+})
+Response getTokenViaWSTrust(@PathParam("tokenType") String tokenType, 
@QueryParam("keyType") String keyType,
+@QueryParam("claim") List requestedClaims);
 
 @POST
 @Produces({

http://git-wip-us.apache.org/repos/asf/cxf/blob/72821c78/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
--
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
index 393b806..ae454ab 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
@@ -45,6 +45,7 @@ import 
org.apache.cxf.ws.security.sts.provider.model.ClaimsType;
 import org.apache.cxf.ws.security.sts.provider.model.ObjectFactory;
 import 
org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
+import 
org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType;
 import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.wss4j.dom.WSConstants;
 
@@ -90,6 +91,36 @@ public class RESTSecurityTokenServiceImpl extends 
SecurityTokenServiceImpl imple
 
 @Override
 public Response getToken(String tokenType, String keyType, List 
requestedClaims) {
+RequestSecurityTokenResponseType response = 
+issueToken(tokenType, keyType, requestedClaims);
+
+RequestedSecurityTokenType requestedToken = 
getRequestedSecurityToken(response);
+
+return Response.ok(requestedToken.getAny()).build();
+}
+
+@Override
+public Response getTokenViaWSTrust(String tokenType, String keyType, 
List requestedClaims) {
+return getToken(tokenType, keyType, requestedClaims);
+}
+
+private RequestedSecurityTokenType 
getRequestedSecurityToken(RequestSecurityTokenResponseType response) {
+for (Object obj : response.getAny()) {
+if (obj instanceof JAXBElement) {
+JAXBElement jaxbElement = (JAXBElement)obj;
+if 
("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart())) {
+return (RequestedSecurityTokenType)jaxbElement.getValue();
+}
+}
+}
+return null;
+}
+
+private RequestSecurityTokenResponseType issueToken(
+String tokenType,
+String keyType,
+List requestedClaims
+) {
 if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) {
 tokenType = tokenTypeMap.get(tokenType);
 }
@@ -141,32 +172,32 @@ public class RESTSecurityTokenServiceImpl extends 
SecurityTokenServiceImpl imple
   //  }

[1/3] cxf git commit: Update SourceProvider to be able to write out any Nodes and not just Documents

2016-02-05 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/master af11d1bff -> f8834cf0d


Update SourceProvider to be able to write out any Nodes and not just Documents


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f8834cf0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f8834cf0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f8834cf0

Branch: refs/heads/master
Commit: f8834cf0d4397e0f6acab078b96fe1a228c42d02
Parents: 72821c7
Author: Colm O hEigeartaigh 
Authored: Fri Feb 5 17:53:39 2016 +
Committer: Colm O hEigeartaigh 
Committed: Fri Feb 5 17:54:04 2016 +

--
 .../apache/cxf/jaxrs/provider/SourceProvider.java| 15 ++-
 1 file changed, 10 insertions(+), 5 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/f8834cf0/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java
--
diff --git 
a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java
 
b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java
index 52bf495..20e29d0 100644
--- 
a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java
+++ 
b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java
@@ -44,7 +44,7 @@ import javax.xml.transform.sax.SAXSource;
 import javax.xml.transform.stream.StreamSource;
 
 import org.w3c.dom.Document;
-
+import org.w3c.dom.Node;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.io.CachedOutputStream;
 import org.apache.cxf.jaxrs.ext.MessageContext;
@@ -72,7 +72,7 @@ public class SourceProvider extends 
AbstractConfigurableProvider implements
 
 public boolean isWriteable(Class type, Type genericType, Annotation[] 
annotations, MediaType mt) {
 return Source.class.isAssignableFrom(type)
-|| Document.class.isAssignableFrom(type);
+|| Node.class.isAssignableFrom(type);
 }
 
 public boolean isReadable(Class type, Type genericType, Annotation[] 
annotations, MediaType mt) {
@@ -189,9 +189,14 @@ public class SourceProvider extends 
AbstractConfigurableProvider implements
 
 String encoding = HttpUtils.getSetEncoding(mt, headers, 
StandardCharsets.UTF_8.name());
 
-XMLStreamReader reader = 
-source instanceof Source ? 
StaxUtils.createXMLStreamReader((Source)source) 
-: StaxUtils.createXMLStreamReader((Document)source);
+XMLStreamReader reader = null;
+if (source instanceof Source) {
+reader = StaxUtils.createXMLStreamReader((Source)source);
+} else if (source instanceof Document) {
+reader = StaxUtils.createXMLStreamReader((Document)source);
+} else {
+reader = StaxUtils.createXMLStreamReader(new 
DOMSource((Node)source));
+}
 XMLStreamWriter writer = StaxUtils.createXMLStreamWriter(os, encoding);
 try {
 StaxUtils.copy(reader, writer);

[3/3] cxf git commit: Fixed TLS client auth issue

2016-02-05 Thread coheigea 
Fixed TLS client auth issue


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7ea12c2d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7ea12c2d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7ea12c2d

Branch: refs/heads/master
Commit: 7ea12c2dab4440f2dcd3b070a662957534fd6011
Parents: af11d1b
Author: Colm O hEigeartaigh 
Authored: Fri Feb 5 16:14:08 2016 +
Committer: Colm O hEigeartaigh 
Committed: Fri Feb 5 17:54:04 2016 +

--
 .../sts/rest/RESTSecurityTokenServiceImpl.java  | 16 +-
 .../cxf/systest/sts/rest/RESTUnitTest.java  |  2 +-
 .../systest/sts/rest/WSS4JBasicAuthFilter.java  | 54 
 .../basic/src/test/resources/logging.properties |  4 +-
 .../apache/cxf/systest/sts/rest/cxf-client.xml  |  3 ++
 .../cxf/systest/sts/rest/cxf-rest-sts.xml   |  8 +--
 6 files changed, 22 insertions(+), 65 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/7ea12c2d/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
--
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
index 6955931..393b806 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
@@ -20,6 +20,7 @@
 package org.apache.cxf.sts.rest;
 
 import java.security.Principal;
+import java.security.cert.X509Certificate;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -34,6 +35,8 @@ import org.w3c.dom.Element;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.phase.PhaseInterceptorChain;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.sts.QNameConstants;
 import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider;
@@ -87,7 +90,6 @@ public class RESTSecurityTokenServiceImpl extends 
SecurityTokenServiceImpl imple
 
 @Override
 public Response getToken(String tokenType, String keyType, List 
requestedClaims) {
-
 if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) {
 tokenType = tokenTypeMap.get(tokenType);
 }
@@ -213,6 +215,18 @@ public class RESTSecurityTokenServiceImpl extends 
SecurityTokenServiceImpl imple
 
 @Override
 protected Principal getPrincipal() {
+SecurityContext sc = 
(SecurityContext)messageContext.get(SecurityContext.class);
+if (sc == null || sc.getUserPrincipal() == null) {
+// Get the TLS client principal if no security context is set up
+TLSSessionInfo tlsInfo = 
+
(TLSSessionInfo)PhaseInterceptorChain.getCurrentMessage().get(TLSSessionInfo.class);
+if (tlsInfo != null && tlsInfo.getPeerCertificates() != null 
+&& tlsInfo.getPeerCertificates().length > 0
+&& (tlsInfo.getPeerCertificates()[0] instanceof 
X509Certificate)
+) {
+return 
((X509Certificate)tlsInfo.getPeerCertificates()[0]).getSubjectX500Principal();
+} 
+}
 return messageContext.getSecurityContext().getUserPrincipal();
 }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/7ea12c2d/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
--
diff --git 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
index 0668e39..7caf0f2 100644
--- 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
+++ 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
@@ -77,7 +77,7 @@ public class RESTUnitTest extends 
AbstractBusClientServerTestBase {
 SpringBusFactory.setThreadDefaultBus(bus);
 
 String address = "https://localhost:; + STSPORT + 
"/SecurityTokenService/token";
-WebClient client = WebClient.create(address, "alice", "clarinet", 
busFile.toString());
+WebClient client = WebClient.create(address, busFile.toString());
 
 client.type("application/xml").accept("application/xml");
 client.path("saml2.0");

[3/3] cxf git commit: Update SourceProvider to be able to write out any Nodes and not just Documents

2016-02-05 Thread coheigea 
Update SourceProvider to be able to write out any Nodes and not just Documents


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/96802a24
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/96802a24
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/96802a24

Branch: refs/heads/3.1.x-fixes
Commit: 96802a240f833a1e1cf66cca376f8123b75d68cf
Parents: bbe5e87
Author: Colm O hEigeartaigh 
Authored: Fri Feb 5 17:53:39 2016 +
Committer: Colm O hEigeartaigh 
Committed: Fri Feb 5 20:39:46 2016 +

--
 .../apache/cxf/jaxrs/provider/SourceProvider.java| 15 ++-
 1 file changed, 10 insertions(+), 5 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/96802a24/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java
--
diff --git 
a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java
 
b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java
index 52bf495..20e29d0 100644
--- 
a/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java
+++ 
b/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/SourceProvider.java
@@ -44,7 +44,7 @@ import javax.xml.transform.sax.SAXSource;
 import javax.xml.transform.stream.StreamSource;
 
 import org.w3c.dom.Document;
-
+import org.w3c.dom.Node;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.io.CachedOutputStream;
 import org.apache.cxf.jaxrs.ext.MessageContext;
@@ -72,7 +72,7 @@ public class SourceProvider extends 
AbstractConfigurableProvider implements
 
 public boolean isWriteable(Class type, Type genericType, Annotation[] 
annotations, MediaType mt) {
 return Source.class.isAssignableFrom(type)
-|| Document.class.isAssignableFrom(type);
+|| Node.class.isAssignableFrom(type);
 }
 
 public boolean isReadable(Class type, Type genericType, Annotation[] 
annotations, MediaType mt) {
@@ -189,9 +189,14 @@ public class SourceProvider extends 
AbstractConfigurableProvider implements
 
 String encoding = HttpUtils.getSetEncoding(mt, headers, 
StandardCharsets.UTF_8.name());
 
-XMLStreamReader reader = 
-source instanceof Source ? 
StaxUtils.createXMLStreamReader((Source)source) 
-: StaxUtils.createXMLStreamReader((Document)source);
+XMLStreamReader reader = null;
+if (source instanceof Source) {
+reader = StaxUtils.createXMLStreamReader((Source)source);
+} else if (source instanceof Document) {
+reader = StaxUtils.createXMLStreamReader((Document)source);
+} else {
+reader = StaxUtils.createXMLStreamReader(new 
DOMSource((Node)source));
+}
 XMLStreamWriter writer = StaxUtils.createXMLStreamWriter(os, encoding);
 try {
 StaxUtils.copy(reader, writer);

[1/3] cxf git commit: Fixed TLS client auth issue

2016-02-05 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 0b7e0e914 -> 96802a240


Fixed TLS client auth issue


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/194224fa
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/194224fa
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/194224fa

Branch: refs/heads/3.1.x-fixes
Commit: 194224faeb3e8eb6c8feabe6397f6b42ff0f605d
Parents: 0b7e0e9
Author: Colm O hEigeartaigh 
Authored: Fri Feb 5 16:14:08 2016 +
Committer: Colm O hEigeartaigh 
Committed: Fri Feb 5 20:39:43 2016 +

--
 .../sts/rest/RESTSecurityTokenServiceImpl.java  | 16 +-
 .../cxf/systest/sts/rest/RESTUnitTest.java  |  2 +-
 .../systest/sts/rest/WSS4JBasicAuthFilter.java  | 54 
 .../basic/src/test/resources/logging.properties |  4 +-
 .../apache/cxf/systest/sts/rest/cxf-client.xml  |  3 ++
 .../cxf/systest/sts/rest/cxf-rest-sts.xml   |  8 +--
 6 files changed, 22 insertions(+), 65 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/194224fa/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
--
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
index 6955931..393b806 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
@@ -20,6 +20,7 @@
 package org.apache.cxf.sts.rest;
 
 import java.security.Principal;
+import java.security.cert.X509Certificate;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -34,6 +35,8 @@ import org.w3c.dom.Element;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.phase.PhaseInterceptorChain;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.sts.QNameConstants;
 import org.apache.cxf.sts.STSConstants;
 import org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider;
@@ -87,7 +90,6 @@ public class RESTSecurityTokenServiceImpl extends 
SecurityTokenServiceImpl imple
 
 @Override
 public Response getToken(String tokenType, String keyType, List 
requestedClaims) {
-
 if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) {
 tokenType = tokenTypeMap.get(tokenType);
 }
@@ -213,6 +215,18 @@ public class RESTSecurityTokenServiceImpl extends 
SecurityTokenServiceImpl imple
 
 @Override
 protected Principal getPrincipal() {
+SecurityContext sc = 
(SecurityContext)messageContext.get(SecurityContext.class);
+if (sc == null || sc.getUserPrincipal() == null) {
+// Get the TLS client principal if no security context is set up
+TLSSessionInfo tlsInfo = 
+
(TLSSessionInfo)PhaseInterceptorChain.getCurrentMessage().get(TLSSessionInfo.class);
+if (tlsInfo != null && tlsInfo.getPeerCertificates() != null 
+&& tlsInfo.getPeerCertificates().length > 0
+&& (tlsInfo.getPeerCertificates()[0] instanceof 
X509Certificate)
+) {
+return 
((X509Certificate)tlsInfo.getPeerCertificates()[0]).getSubjectX500Principal();
+} 
+}
 return messageContext.getSecurityContext().getUserPrincipal();
 }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/194224fa/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
--
diff --git 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
index 0668e39..7caf0f2 100644
--- 
a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
+++ 
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
@@ -77,7 +77,7 @@ public class RESTUnitTest extends 
AbstractBusClientServerTestBase {
 SpringBusFactory.setThreadDefaultBus(bus);
 
 String address = "https://localhost:; + STSPORT + 
"/SecurityTokenService/token";
-WebClient client = WebClient.create(address, "alice", "clarinet", 
busFile.toString());
+WebClient client = WebClient.create(address, busFile.toString());
 
 client.type("application/xml").accept("application/xml");

[2/2] cxf git commit: Recording .gitmergeinfo Changes

2016-02-05 Thread coheigea 
Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bcaa41ad
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bcaa41ad
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bcaa41ad

Branch: refs/heads/3.0.x-fixes
Commit: bcaa41ad148dd37814325f00b5c65b8b9494f23f
Parents: a068069
Author: Colm O hEigeartaigh 
Authored: Fri Feb 5 20:40:18 2016 +
Committer: Colm O hEigeartaigh 
Committed: Fri Feb 5 20:40:18 2016 +

--
 .gitmergeinfo | 3 +++
 1 file changed, 3 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/bcaa41ad/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 6f47eaa..7df8685 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -64,6 +64,7 @@ B 1805027c9ce9925fb875e92fc5314aa826632151
 B 18204e5bb0173ccea83c0afd10e4450f370287a0
 B 1824d9cae26c3b141d873d0d01036602ac339c37
 B 18d64577e5ef1ef3ce26e82db1821b894bd43578
+B 194224faeb3e8eb6c8feabe6397f6b42ff0f605d
 B 1960703149a11052490cf16ec3682408470298f9
 B 1a5708e21708a9ed96991cd56ff89b3fd4eac15a
 B 1a8fd7c02bc6a620e276086b665d430217116767
@@ -441,6 +442,7 @@ B 94cfe7e48a50104b22457aa47b39d06329d16d32
 B 9511cd40a9701ee1b46ba28b61154f6f0833b7d9
 B 95c3d899174e39263a773e89a22efbd40be77d4b
 B 962f8167450b19b7819355141bfa9617fcb2e2c5
+B 96802a240f833a1e1cf66cca376f8123b75d68cf
 B 9680acf2ea8b7b9bb08d5db6a07f91a12f26ccee
 B 96d0e7c75f6e583f7a3a8ae1849528863c81d5ad
 B 96ed80508cf15f7dc8c2d5a73225a36dbc096ee2
@@ -557,6 +559,7 @@ B ba8fc3d351121ec8eb2ce37cd12e014f722c741d
 B bb0a94734f583e5b6b1e42303aa6ba7a49958f18
 B bb1edc5dd96c50ed2c3294f6834310e0a6d4381e
 B bb9b5d2e15c0e30d12a6dea3db1a6f720aaf07ad
+B bbe5e870579720272af49b9cea65b8293d5b1f3c
 B bbfe35e464e2f4a6a4783420104d0d90c287fff7
 B bc752dc5bd89b5d70d00435fc1185e72659d7e4d
 B bc9e3714adc8848f37694eea62d33748b01fbb91

[1/2] cxf git commit: Recording .gitmergeinfo Changes

2016-02-05 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 640f3a914 -> bcaa41ad1


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a0680698
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a0680698
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a0680698

Branch: refs/heads/3.0.x-fixes
Commit: a0680698c90ddade110fd6b8324609e96baf78fa
Parents: 640f3a9
Author: Colm O hEigeartaigh 
Authored: Fri Feb 5 15:01:14 2016 +
Committer: Colm O hEigeartaigh 
Committed: Fri Feb 5 15:01:14 2016 +

--
 .gitmergeinfo | 2 ++
 1 file changed, 2 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/a0680698/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 14eec1c..6f47eaa 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -451,6 +451,7 @@ B 9896b920035a1d1be1aef28a1d1a5eb876445c82
 B 99963f9a08c9782b7c661f2b5ff8e9ce95ab3dbe
 B 99f4092de01d60b8369ff84036d543e9d20ecefc
 B 9a2c82620001b76a2065960686f9bc8f384c4d58
+B 9aae5c5622dec1198a333ac6bb3508d3ca4634c1
 B 9ac66adffb73f3474fde064fab1013ecdd24be7c
 B 9ae69b3b323f48de033f62be9fc2780f11b0c761
 B 9b93ca4bda4ba8abce2e2248059f2ccfd35391b2
@@ -646,6 +647,7 @@ B da53162f385fa73957626446cbd63ea269c1ee26
 B db18a965fb238b8515ab74eb63d13c863c279476
 B db51e1a99ab886f179c677579ba798b450069287
 B dbf8d58d565ba7f3a8c43b917f7e9182cabe5efa
+B dbfaf2b5aea3c4b09a825c82cae88c9d5f777aac
 B dc6fe383b095c6823e5de707b1c091556c9c378a
 B dc986e411b2f7449d6cd92481431cfebe18689bd
 B dd3c8f9d05b549d7aeb3804476bdc3fb344cf2d8

[2/3] cxf git commit: Changing the default to issue tokens rather than WS-Trust responses

2016-02-05 Thread coheigea 
Changing the default to issue tokens rather than WS-Trust responses


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bbe5e870
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bbe5e870
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bbe5e870

Branch: refs/heads/3.1.x-fixes
Commit: bbe5e870579720272af49b9cea65b8293d5b1f3c
Parents: 194224f
Author: Colm O hEigeartaigh 
Authored: Fri Feb 5 17:53:25 2016 +
Committer: Colm O hEigeartaigh 
Committed: Fri Feb 5 20:39:45 2016 +

--
 .../cxf/sts/rest/RESTSecurityTokenService.java  |  8 +++
 .../sts/rest/RESTSecurityTokenServiceImpl.java  | 61 -
 .../cxf/systest/sts/rest/RESTUnitTest.java  | 71 +++-
 3 files changed, 107 insertions(+), 33 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/bbe5e870/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
--
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
index 04cc0f6..a68194d 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
@@ -63,6 +63,14 @@ public interface RESTSecurityTokenService {
 })
 Response getToken(@PathParam("tokenType") String tokenType, 
@QueryParam("keyType") String keyType,
 @QueryParam("claim") List requestedClaims);
+
+@GET
+@Path("ws-trust/{tokenType}")
+@Produces({
+MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON
+})
+Response getTokenViaWSTrust(@PathParam("tokenType") String tokenType, 
@QueryParam("keyType") String keyType,
+@QueryParam("claim") List requestedClaims);
 
 @POST
 @Produces({

http://git-wip-us.apache.org/repos/asf/cxf/blob/bbe5e870/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
--
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
index 393b806..ae454ab 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
@@ -45,6 +45,7 @@ import 
org.apache.cxf.ws.security.sts.provider.model.ClaimsType;
 import org.apache.cxf.ws.security.sts.provider.model.ObjectFactory;
 import 
org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
 import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
+import 
org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType;
 import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.wss4j.dom.WSConstants;
 
@@ -90,6 +91,36 @@ public class RESTSecurityTokenServiceImpl extends 
SecurityTokenServiceImpl imple
 
 @Override
 public Response getToken(String tokenType, String keyType, List 
requestedClaims) {
+RequestSecurityTokenResponseType response = 
+issueToken(tokenType, keyType, requestedClaims);
+
+RequestedSecurityTokenType requestedToken = 
getRequestedSecurityToken(response);
+
+return Response.ok(requestedToken.getAny()).build();
+}
+
+@Override
+public Response getTokenViaWSTrust(String tokenType, String keyType, 
List requestedClaims) {
+return getToken(tokenType, keyType, requestedClaims);
+}
+
+private RequestedSecurityTokenType 
getRequestedSecurityToken(RequestSecurityTokenResponseType response) {
+for (Object obj : response.getAny()) {
+if (obj instanceof JAXBElement) {
+JAXBElement jaxbElement = (JAXBElement)obj;
+if 
("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart())) {
+return (RequestedSecurityTokenType)jaxbElement.getValue();
+}
+}
+}
+return null;
+}
+
+private RequestSecurityTokenResponseType issueToken(
+String tokenType,
+String keyType,
+List requestedClaims
+) {
 if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) {
 tokenType = tokenTypeMap.get(tokenType);
 }
@@ -141,32 +172,32 @@ public class RESTSecurityTokenServiceImpl extends 
SecurityTokenServiceImpl imple
   //

buildbot success in on cxf-site-production

2016-02-05 Thread buildbot 
The Buildbot has detected a restored build on builder cxf-site-production while 
building . Full details are available at:
https://ci.apache.org/builders/cxf-site-production/builds/5282

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: bb-cms-slave

Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this 
build
Build Source Stamp: [branch cxf/web] HEAD
Blamelist: 

Build succeeded!

Sincerely,
 -The Buildbot

buildbot failure in on cxf-site-production

2016-02-05 Thread buildbot 
The Buildbot has detected a new failure on builder cxf-site-production while 
building . Full details are available at:
https://ci.apache.org/builders/cxf-site-production/builds/5283

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: bb-cms-slave

Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this 
build
Build Source Stamp: [branch cxf/web] HEAD
Blamelist: 

BUILD FAILED: failed compile

Sincerely,
 -The Buildbot

buildbot success in on cxf-site-production

2016-02-05 Thread buildbot 
The Buildbot has detected a restored build on builder cxf-site-production while 
building . Full details are available at:
https://ci.apache.org/builders/cxf-site-production/builds/5285

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: bb-cms-slave

Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this 
build
Build Source Stamp: [branch cxf/web] HEAD
Blamelist: 

Build succeeded!

Sincerely,
 -The Buildbot

cxf git commit: Converting most of AbstractJose* helpers into concrete classes to make it simpler to delegate to them without having to extend

2016-02-05 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/master 5239e3a36 -> 5c8c5f5b0


Converting most of AbstractJose* helpers into concrete classes to make it 
simpler to delegate to them without having to extend


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5c8c5f5b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5c8c5f5b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5c8c5f5b

Branch: refs/heads/master
Commit: 5c8c5f5b0097c0d448f089e34b94b1f6ba2c97e7
Parents: 5239e3a
Author: Sergey Beryozkin 
Authored: Fri Feb 5 14:15:58 2016 +
Committer: Sergey Beryozkin 
Committed: Fri Feb 5 14:15:58 2016 +

--
 .../jaxrs/JwtAuthenticationClientFilter.java|   4 +-
 .../jose/jaxrs/JwtAuthenticationFilter.java |   4 +-
 .../jose/jwt/AbstractJoseJwtConsumer.java   | 107 ---
 .../jose/jwt/AbstractJoseJwtProducer.java   |  91 -
 .../grants/code/JwtRequestCodeFilter.java   |   4 +-
 .../provider/AbstractOAuthJoseJwtConsumer.java  |  60 --
 .../provider/AbstractOAuthJoseJwtProducer.java  |  71 ---
 .../AbstractOAuthServerJoseJwtProducer.java |  65 ---
 .../jwt/AbstactJwtAccessTokenValidator.java |   4 +-
 .../oidc/idp/IdTokenResponseFilter.java |   4 +-
 .../rs/security/oidc/idp/UserInfoService.java   |   4 +-
 .../oidc/rp/AbstractTokenValidator.java | 192 ---
 .../cxf/rs/security/oidc/rp/IdTokenReader.java  |   2 +-
 .../cxf/rs/security/oidc/rp/UserInfoClient.java |   2 +-
 14 files changed, 14 insertions(+), 600 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/5c8c5f5b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
--
diff --git 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
index 0319e8b..9cbbdf5 100644
--- 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
+++ 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
@@ -33,14 +33,14 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.apache.cxf.rs.security.jose.common.JoseException;
 import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
-import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;
+import org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 @Priority(Priorities.AUTHENTICATION)
-public class JwtAuthenticationClientFilter extends AbstractJoseJwtProducer 
+public class JwtAuthenticationClientFilter extends JoseJwtProducer 
 implements ClientRequestFilter {
 
 private static final String DEFAULT_AUTH_SCHEME = "JWT";

http://git-wip-us.apache.org/repos/asf/cxf/blob/5c8c5f5b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
--
diff --git 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
index 50c6a13..eeda86d 100644
--- 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
+++ 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
@@ -35,14 +35,14 @@ import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.rs.security.jose.common.JoseConstants;
 import org.apache.cxf.rs.security.jose.common.JoseException;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
-import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer;
+import org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.jose.jwt.JwtUtils;
 import org.apache.cxf.security.SecurityContext;
 
 @PreMatching
 @Priority(Priorities.AUTHENTICATION)
-public class JwtAuthenticationFilter extends AbstractJoseJwtConsumer 
implements ContainerRequestFilter {
+public class JwtAuthenticationFilter

cxf git commit: Cleaning up AbstractImplicitService and prototyping the code to deal with id_token response type in OidcImplicitService, not complete yet

2016-02-05 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/master 89cdf0a99 -> 5239e3a36


Cleaning up AbstractImplicitService and prototyping the code to deal with 
id_token response type in OidcImplicitService, not complete yet


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5239e3a3
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5239e3a3
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5239e3a3

Branch: refs/heads/master
Commit: 5239e3a36abed124856276e36cc2384f32e22c38
Parents: 89cdf0a
Author: Sergey Beryozkin 
Authored: Fri Feb 5 13:32:33 2016 +
Committer: Sergey Beryozkin 
Committed: Fri Feb 5 13:32:33 2016 +

--
 .../services/AbstractImplicitGrantService.java  | 84 
 .../services/AuthorizationCodeGrantService.java |  7 +-
 .../services/RedirectionBasedGrantService.java  | 21 -
 .../security/oidc/idp/OidcImplicitService.java  | 48 +--
 4 files changed, 94 insertions(+), 66 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/5239e3a3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index 5133374..f3c466b 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -63,26 +63,18 @@ public abstract class AbstractImplicitGrantService extends 
RedirectionBasedGrant
UserSubject userSubject,
ServerAccessToken preAuthorizedToken) {
 
-boolean tokenCanBeReturned = preAuthorizedToken != null;
 ServerAccessToken token = null;
 if (preAuthorizedToken == null) {
-tokenCanBeReturned = canAccessTokenBeReturned(state, 
requestedScope, approvedScope);
-if (tokenCanBeReturned) {
-AccessTokenRegistration reg = new AccessTokenRegistration();
-reg.setClient(client);
-reg.setGrantType(super.getSupportedGrantType());
-reg.setSubject(userSubject);
-reg.setRequestedScope(requestedScope);
-if (approvedScope == null || approvedScope.isEmpty()) {
-// no down-scoping done by a user, all of the requested 
scopes have been authorized
-reg.setApprovedScope(requestedScope);
-} else {
-reg.setApprovedScope(approvedScope);
-}
-
reg.setAudiences(Collections.singletonList(state.getAudience()));
-reg.setNonce(state.getNonce());
-token = getDataProvider().createAccessToken(reg);
-}
+AccessTokenRegistration reg = new AccessTokenRegistration();
+reg.setClient(client);
+reg.setGrantType(super.getSupportedGrantType());
+reg.setSubject(userSubject);
+reg.setRequestedScope(requestedScope);
+reg.setApprovedScope(getApprovedScope(requestedScope, 
approvedScope));
+
+reg.setAudiences(Collections.singletonList(state.getAudience()));
+reg.setNonce(state.getNonce());
+token = getDataProvider().createAccessToken(reg);
 } else {
 token = preAuthorizedToken;
 if (state.getNonce() != null) {
@@ -90,39 +82,20 @@ public abstract class AbstractImplicitGrantService extends 
RedirectionBasedGrant
 }
 }
 
-ClientAccessToken clientToken = null;
-if (token != null) {
-clientToken = OAuthUtils.toClientAccessToken(token, 
isWriteOptionalParameters());
-} else {
-// this is not ideal - it is only done to have OIDC Implicit to 
have an id_token added
-// via AccessTokenResponseFilter. Note if id_token is needed (with 
or without access token)
-// then the service needs to be injected with SubjectCreator, 
example, DefaultSubjectCreator
-// extension which will have a chance to attach id_token to 
Subject properties which are checked
-// by id_token AccessTokenResponseFilter. If at is also needed 
then OAuthDataProvider may deal 
-// with attaching id_token itself in which case no

cxf git commit: Cleaning up AbstractImplicitService and prototyping the code to deal with id_token response type in OidcImplicitService, not complete yet

2016-02-05 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 0ddd071dd -> 9f457003d


Cleaning up AbstractImplicitService and prototyping the code to deal with 
id_token response type in OidcImplicitService, not complete yet


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9f457003
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9f457003
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9f457003

Branch: refs/heads/3.1.x-fixes
Commit: 9f457003d766950abc6a22d87d7045d3cf6aee44
Parents: 0ddd071
Author: Sergey Beryozkin 
Authored: Fri Feb 5 13:32:33 2016 +
Committer: Sergey Beryozkin 
Committed: Fri Feb 5 13:34:56 2016 +

--
 .../services/AbstractImplicitGrantService.java  | 84 
 .../services/AuthorizationCodeGrantService.java |  7 +-
 .../services/RedirectionBasedGrantService.java  | 21 -
 .../security/oidc/idp/OidcImplicitService.java  | 48 +--
 4 files changed, 94 insertions(+), 66 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/9f457003/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index 5133374..f3c466b 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -63,26 +63,18 @@ public abstract class AbstractImplicitGrantService extends 
RedirectionBasedGrant
UserSubject userSubject,
ServerAccessToken preAuthorizedToken) {
 
-boolean tokenCanBeReturned = preAuthorizedToken != null;
 ServerAccessToken token = null;
 if (preAuthorizedToken == null) {
-tokenCanBeReturned = canAccessTokenBeReturned(state, 
requestedScope, approvedScope);
-if (tokenCanBeReturned) {
-AccessTokenRegistration reg = new AccessTokenRegistration();
-reg.setClient(client);
-reg.setGrantType(super.getSupportedGrantType());
-reg.setSubject(userSubject);
-reg.setRequestedScope(requestedScope);
-if (approvedScope == null || approvedScope.isEmpty()) {
-// no down-scoping done by a user, all of the requested 
scopes have been authorized
-reg.setApprovedScope(requestedScope);
-} else {
-reg.setApprovedScope(approvedScope);
-}
-
reg.setAudiences(Collections.singletonList(state.getAudience()));
-reg.setNonce(state.getNonce());
-token = getDataProvider().createAccessToken(reg);
-}
+AccessTokenRegistration reg = new AccessTokenRegistration();
+reg.setClient(client);
+reg.setGrantType(super.getSupportedGrantType());
+reg.setSubject(userSubject);
+reg.setRequestedScope(requestedScope);
+reg.setApprovedScope(getApprovedScope(requestedScope, 
approvedScope));
+
+reg.setAudiences(Collections.singletonList(state.getAudience()));
+reg.setNonce(state.getNonce());
+token = getDataProvider().createAccessToken(reg);
 } else {
 token = preAuthorizedToken;
 if (state.getNonce() != null) {
@@ -90,39 +82,20 @@ public abstract class AbstractImplicitGrantService extends 
RedirectionBasedGrant
 }
 }
 
-ClientAccessToken clientToken = null;
-if (token != null) {
-clientToken = OAuthUtils.toClientAccessToken(token, 
isWriteOptionalParameters());
-} else {
-// this is not ideal - it is only done to have OIDC Implicit to 
have an id_token added
-// via AccessTokenResponseFilter. Note if id_token is needed (with 
or without access token)
-// then the service needs to be injected with SubjectCreator, 
example, DefaultSubjectCreator
-// extension which will have a chance to attach id_token to 
Subject properties which are checked
-// by id_token AccessTokenResponseFilter. If at is also needed 
then OAuthDataProvider may deal 
-// with attaching id_token itself in which

cxf git commit: Converting most of AbstractJose* helpers into concrete classes to make it simpler to delegate to them without having to extend

2016-02-05 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 9f457003d -> 89b7bb172


Converting most of AbstractJose* helpers into concrete classes to make it 
simpler to delegate to them without having to extend


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/89b7bb17
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/89b7bb17
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/89b7bb17

Branch: refs/heads/3.1.x-fixes
Commit: 89b7bb172804ebaffaa69c9207065e50eb5a5d36
Parents: 9f45700
Author: Sergey Beryozkin 
Authored: Fri Feb 5 14:15:58 2016 +
Committer: Sergey Beryozkin 
Committed: Fri Feb 5 14:17:29 2016 +

--
 .../jaxrs/JwtAuthenticationClientFilter.java|   4 +-
 .../jose/jaxrs/JwtAuthenticationFilter.java |   4 +-
 .../jose/jwt/AbstractJoseJwtConsumer.java   | 107 ---
 .../jose/jwt/AbstractJoseJwtProducer.java   |  91 -
 .../grants/code/JwtRequestCodeFilter.java   |   4 +-
 .../provider/AbstractOAuthJoseJwtConsumer.java  |  60 --
 .../provider/AbstractOAuthJoseJwtProducer.java  |  71 ---
 .../AbstractOAuthServerJoseJwtProducer.java |  65 ---
 .../jwt/AbstactJwtAccessTokenValidator.java |   4 +-
 .../oidc/idp/IdTokenResponseFilter.java |   4 +-
 .../rs/security/oidc/idp/UserInfoService.java   |   4 +-
 .../oidc/rp/AbstractTokenValidator.java | 192 ---
 .../cxf/rs/security/oidc/rp/IdTokenReader.java  |   2 +-
 .../cxf/rs/security/oidc/rp/UserInfoClient.java |   2 +-
 14 files changed, 14 insertions(+), 600 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/89b7bb17/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
--
diff --git 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
index 0319e8b..9cbbdf5 100644
--- 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
+++ 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.java
@@ -33,14 +33,14 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.apache.cxf.rs.security.jose.common.JoseException;
 import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
-import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtProducer;
+import org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 @Priority(Priorities.AUTHENTICATION)
-public class JwtAuthenticationClientFilter extends AbstractJoseJwtProducer 
+public class JwtAuthenticationClientFilter extends JoseJwtProducer 
 implements ClientRequestFilter {
 
 private static final String DEFAULT_AUTH_SCHEME = "JWT";

http://git-wip-us.apache.org/repos/asf/cxf/blob/89b7bb17/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
--
diff --git 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
index 50c6a13..eeda86d 100644
--- 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
+++ 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
@@ -35,14 +35,14 @@ import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.rs.security.jose.common.JoseConstants;
 import org.apache.cxf.rs.security.jose.common.JoseException;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
-import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer;
+import org.apache.cxf.rs.security.jose.jwt.JoseJwtConsumer;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.jose.jwt.JwtUtils;
 import org.apache.cxf.security.SecurityContext;
 
 @PreMatching
 @Priority(Priorities.AUTHENTICATION)
-public class JwtAuthenticationFilter extends AbstractJoseJwtConsumer 
implements ContainerRequestFilter {
+public class

buildbot failure in on cxf-site-production

2016-02-05 Thread buildbot 
The Buildbot has detected a new failure on builder cxf-site-production while 
building . Full details are available at:
https://ci.apache.org/builders/cxf-site-production/builds/5287

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: bb-cms-slave

Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this 
build
Build Source Stamp: [branch cxf/web] HEAD
Blamelist: 

BUILD FAILED: failed compile

Sincerely,
 -The Buildbot

cxf git commit: Adding the renamed resources

2016-02-05 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/master 5c8c5f5b0 -> dcf440746


Adding the renamed resources


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dcf44074
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dcf44074
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dcf44074

Branch: refs/heads/master
Commit: dcf4407466d5c307feb5f3be387ed8667dba6e32
Parents: 5c8c5f5
Author: Sergey Beryozkin 
Authored: Fri Feb 5 14:20:40 2016 +
Committer: Sergey Beryozkin 
Committed: Fri Feb 5 14:20:40 2016 +

--
 .../rs/security/jose/jwt/JoseJwtConsumer.java   | 107 +++
 .../rs/security/jose/jwt/JoseJwtProducer.java   |  91 +
 .../oauth2/provider/OAuthJoseJwtConsumer.java   |  60 ++
 .../oauth2/provider/OAuthJoseJwtProducer.java   |  71 +++
 .../provider/OAuthServerJoseJwtProducer.java|  65 +++
 .../security/oidc/rp/OidcClaimsValidator.java   | 192 +++
 6 files changed, 586 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/dcf44074/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java
new file mode 100644
index 000..35a6eee
--- /dev/null
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java
@@ -0,0 +1,107 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwt;
+
+import org.apache.cxf.rs.security.jose.common.AbstractJoseConsumer;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
+import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+
+public class JoseJwtConsumer extends AbstractJoseConsumer {
+private boolean jwsRequired = true;
+private boolean jweRequired;
+
+public JwtToken getJwtToken(String wrappedJwtToken) {
+return getJwtToken(wrappedJwtToken, null, null);
+}
+public JwtToken getJwtToken(String wrappedJwtToken,
+   JweDecryptionProvider theDecryptor,
+   JwsSignatureVerifier theSigVerifier) {
+if (!isJwsRequired() && !isJweRequired()) {
+throw new JwtException("Unable to process JWT");
+}
+
+JweHeaders jweHeaders = new JweHeaders();
+if (isJweRequired()) {
+JweJwtCompactConsumer jwtConsumer = new 
JweJwtCompactConsumer(wrappedJwtToken);
+
+if (theDecryptor == null) {
+theDecryptor = 
getInitializedDecryptionProvider(jwtConsumer.getHeaders());
+}
+if (theDecryptor == null) {
+throw new JwtException("Unable to decrypt JWT");
+}
+
+if (!isJwsRequired()) {
+return jwtConsumer.decryptWith(theDecryptor);
+}
+
+JweDecryptionOutput decOutput = 
theDecryptor.decrypt(wrappedJwtToken);
+wrappedJwtToken = decOutput.getContentText();
+jweHeaders = decOutput.getHeaders();
+}
+
+JwsJwtCompactConsumer jwtConsumer = new 
JwsJwtCompactConsumer(wrappedJwtToken);
+JwtToken jwt = jwtConsumer.getJwtToken();
+// Store the encryption headers as well
+jwt = new JwtToken(jwt.getJwsHeaders(), jweHeaders, jwt.getClaims());
+
+if (isJwsRequired()) {
+if (theSigVerifier == null) {
+theSigVerifier =

cxf git commit: Adding the renamed resources

2016-02-05 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 89b7bb172 -> c3399966e


Adding the renamed resources


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c3399966
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c3399966
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c3399966

Branch: refs/heads/3.1.x-fixes
Commit: c3399966e4060837fd17511d604a26c8d12dad7c
Parents: 89b7bb1
Author: Sergey Beryozkin 
Authored: Fri Feb 5 14:20:40 2016 +
Committer: Sergey Beryozkin 
Committed: Fri Feb 5 14:21:19 2016 +

--
 .../rs/security/jose/jwt/JoseJwtConsumer.java   | 107 +++
 .../rs/security/jose/jwt/JoseJwtProducer.java   |  91 +
 .../oauth2/provider/OAuthJoseJwtConsumer.java   |  60 ++
 .../oauth2/provider/OAuthJoseJwtProducer.java   |  71 +++
 .../provider/OAuthServerJoseJwtProducer.java|  65 +++
 .../security/oidc/rp/OidcClaimsValidator.java   | 192 +++
 6 files changed, 586 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/c3399966/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java
new file mode 100644
index 000..35a6eee
--- /dev/null
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JoseJwtConsumer.java
@@ -0,0 +1,107 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jwt;
+
+import org.apache.cxf.rs.security.jose.common.AbstractJoseConsumer;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput;
+import org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider;
+import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
+import org.apache.cxf.rs.security.jose.jwe.JweJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+
+public class JoseJwtConsumer extends AbstractJoseConsumer {
+private boolean jwsRequired = true;
+private boolean jweRequired;
+
+public JwtToken getJwtToken(String wrappedJwtToken) {
+return getJwtToken(wrappedJwtToken, null, null);
+}
+public JwtToken getJwtToken(String wrappedJwtToken,
+   JweDecryptionProvider theDecryptor,
+   JwsSignatureVerifier theSigVerifier) {
+if (!isJwsRequired() && !isJweRequired()) {
+throw new JwtException("Unable to process JWT");
+}
+
+JweHeaders jweHeaders = new JweHeaders();
+if (isJweRequired()) {
+JweJwtCompactConsumer jwtConsumer = new 
JweJwtCompactConsumer(wrappedJwtToken);
+
+if (theDecryptor == null) {
+theDecryptor = 
getInitializedDecryptionProvider(jwtConsumer.getHeaders());
+}
+if (theDecryptor == null) {
+throw new JwtException("Unable to decrypt JWT");
+}
+
+if (!isJwsRequired()) {
+return jwtConsumer.decryptWith(theDecryptor);
+}
+
+JweDecryptionOutput decOutput = 
theDecryptor.decrypt(wrappedJwtToken);
+wrappedJwtToken = decOutput.getContentText();
+jweHeaders = decOutput.getHeaders();
+}
+
+JwsJwtCompactConsumer jwtConsumer = new 
JwsJwtCompactConsumer(wrappedJwtToken);
+JwtToken jwt = jwtConsumer.getJwtToken();
+// Store the encryption headers as well
+jwt = new JwtToken(jwt.getJwsHeaders(), jweHeaders, jwt.getClaims());
+
+if (isJwsRequired()) {
+if (theSigVerifier == null) {
+

cxf git commit: Updating OidcImplicitService to process IdToken

2016-02-05 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes c3399966e -> 14ed2e2c4


Updating OidcImplicitService to process IdToken


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/14ed2e2c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/14ed2e2c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/14ed2e2c

Branch: refs/heads/3.1.x-fixes
Commit: 14ed2e2c44b6da7641c95fb57212f8b5a5e77f3d
Parents: c339996
Author: Sergey Beryozkin 
Authored: Fri Feb 5 14:30:05 2016 +
Committer: Sergey Beryozkin 
Committed: Fri Feb 5 14:31:20 2016 +

--
 .../cxf/rs/security/oidc/idp/OidcImplicitService.java | 10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/14ed2e2c/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
--
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
index 01ae147..c13b89d 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
@@ -25,6 +25,8 @@ import java.util.List;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
 
+import org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthError;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
@@ -43,6 +45,7 @@ public class OidcImplicitService extends ImplicitGrantService 
{
 private static final String ID_TOKEN_RESPONSE_TYPE = "id_token";
 private static final String ID_TOKEN_AND_AT_RESPONSE_TYPE = "id_token 
token";
 private boolean skipAuthorizationWithOidcScope;
+private JoseJwtProducer idTokenHandler;
 
 public OidcImplicitService() {
 super(new HashSet(Arrays.asList(ID_TOKEN_RESPONSE_TYPE,
@@ -112,10 +115,15 @@ public class OidcImplicitService extends 
ImplicitGrantService {
 OidcUserSubject sub = (OidcUserSubject)subject;
 IdToken idToken = new IdToken(sub.getIdToken());
 idToken.setNonce(state.getNonce());
-return null; //super.processJwt(new JwtToken(idToken));
+JoseJwtProducer processor = idTokenHandler == null ? new 
JoseJwtProducer() : null; 
+return processor.processJwt(new JwtToken(idToken));
 } else {
 return null;
 }
 }
+
+public void setIdTokenJoseHandler(JoseJwtProducer idTokenJoseHandler) {
+this.idTokenHandler = idTokenJoseHandler;
+}
 
 }

cxf git commit: Fixing a typo

2016-02-05 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 14ed2e2c4 -> 6a0873647


Fixing a typo


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6a087364
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6a087364
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6a087364

Branch: refs/heads/3.1.x-fixes
Commit: 6a08736476f84c3bc40826d6debc6d4d96589cde
Parents: 14ed2e2
Author: Sergey Beryozkin 
Authored: Fri Feb 5 14:32:25 2016 +
Committer: Sergey Beryozkin 
Committed: Fri Feb 5 14:33:20 2016 +

--
 .../org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/6a087364/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
--
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
index c13b89d..f8a72ab 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java
@@ -115,7 +115,7 @@ public class OidcImplicitService extends 
ImplicitGrantService {
 OidcUserSubject sub = (OidcUserSubject)subject;
 IdToken idToken = new IdToken(sub.getIdToken());
 idToken.setNonce(state.getNonce());
-JoseJwtProducer processor = idTokenHandler == null ? new 
JoseJwtProducer() : null; 
+JoseJwtProducer processor = idTokenHandler == null ? new 
JoseJwtProducer() : idTokenHandler; 
 return processor.processJwt(new JwtToken(idToken));
 } else {
 return null;

buildbot success in on cxf-site-production

2016-02-05 Thread buildbot 
The Buildbot has detected a restored build on builder cxf-site-production while 
building . Full details are available at:
https://ci.apache.org/builders/cxf-site-production/builds/5299

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: bb-cms-slave

Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this 
build
Build Source Stamp: [branch cxf/web] HEAD
Blamelist: 

Build succeeded!

Sincerely,
 -The Buildbot

buildbot success in on cxf-site-production

2016-02-05 Thread buildbot 
The Buildbot has detected a restored build on builder cxf-site-production while 
building . Full details are available at:
https://ci.apache.org/builders/cxf-site-production/builds/5303

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: bb-cms-slave

Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this 
build
Build Source Stamp: [branch cxf/web] HEAD
Blamelist: 

Build succeeded!

Sincerely,
 -The Buildbot

buildbot success in on cxf-site-production

2016-02-05 Thread buildbot 
The Buildbot has detected a restored build on builder cxf-site-production while 
building . Full details are available at:
https://ci.apache.org/builders/cxf-site-production/builds/5301

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: bb-cms-slave

Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this 
build
Build Source Stamp: [branch cxf/web] HEAD
Blamelist: 

Build succeeded!

Sincerely,
 -The Buildbot

buildbot failure in on cxf-site-production

2016-02-05 Thread buildbot 
The Buildbot has detected a new failure on builder cxf-site-production while 
building . Full details are available at:
https://ci.apache.org/builders/cxf-site-production/builds/5302

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: bb-cms-slave

Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this 
build
Build Source Stamp: [branch cxf/web] HEAD
Blamelist: 

BUILD FAILED: failed compile

Sincerely,
 -The Buildbot