[20/33] cxf git commit: [CXF-6692] Updates to the way some claims are set
[CXF-6692] Updates to the way some claims are set Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b69f76c6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b69f76c6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b69f76c6 Branch: refs/heads/master-jaxrs-2.1 Commit: b69f76c6a43376f85c4b3bc5135b58f717463e8f Parents: 0f51e22 Author: Sergey Beryozkin Authored: Fri Aug 12 13:18:42 2016 +0100 Committer: Sergey Beryozkin Committed: Fri Aug 12 13:18:42 2016 +0100 -- .../oauth2/filters/JwtAccessTokenValidator.java | 27 +++- .../provider/AbstractOAuthDataProvider.java | 15 ++- .../oauth2/utils/JwtAccessTokenUtils.java | 20 +-- .../oauth2/filters/OAuth2JwtFiltersTest.java| 5 ++-- 4 files changed, 33 insertions(+), 34 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/b69f76c6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java index 252bed7..769f7bb 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java @@ -40,6 +40,10 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTokenValidator { +private static final String USERNAME_CLAIM = "username"; + +private String usernameClaim = USERNAME_CLAIM; + public List getSupportedAuthorizationSchemes() { return Collections.singletonList(OAuthConstants.BEARER_AUTHORIZATION_SCHEME); } @@ -61,8 +65,9 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTo private AccessTokenValidation convertClaimsToValidation(JwtClaims claims) { AccessTokenValidation atv = new AccessTokenValidation(); atv.setInitialValidationSuccessful(true); -if (claims.getAudience() != null) { -atv.setClientId(claims.getAudience()); +String clientId = claims.getStringProperty(OAuthConstants.CLIENT_ID); +if (clientId != null) { +atv.setClientId(clientId); } if (claims.getIssuedAt() != null) { atv.setTokenIssuedAt(claims.getIssuedAt()); @@ -72,15 +77,9 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTo if (claims.getExpiryTime() != null) { atv.setTokenLifetime(claims.getExpiryTime() - atv.getTokenIssuedAt()); } -Object resourceAud = claims.getClaim(OAuthConstants.RESOURCE_INDICATOR); -if (resourceAud != null) { -List auds = null; -if (resourceAud instanceof List) { -auds = CastUtils.cast((List)resourceAud); -} else { -auds = Collections.singletonList((String)resourceAud); -} -atv.setAudiences(auds); +List audiences = claims.getAudiences(); +if (audiences != null && !audiences.isEmpty()) { +atv.setAudiences(claims.getAudiences()); } if (claims.getIssuer() != null) { atv.setTokenIssuer(claims.getIssuer()); @@ -97,7 +96,7 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTo } atv.setTokenScopes(perms); } -String username = (String)claims.getClaim("preferred_username"); +String username = (String)claims.getClaim(usernameClaim); if (username != null) { UserSubject userSubject = new UserSubject(username); if (claims.getSubject() != null) { @@ -110,4 +109,8 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTo return atv; } +public void setUsernameClaim(String usernameClaim) { +this.usernameClaim = usernameClaim; +} + } http://git-wip-us.apache.org/repos/asf/cxf/blob/b69f76c6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/sec
cxf git commit: [CXF-6692] Updates to the way some claims are set
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 7d19676c1 -> 55431b527 [CXF-6692] Updates to the way some claims are set Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/55431b52 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/55431b52 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/55431b52 Branch: refs/heads/3.1.x-fixes Commit: 55431b527baa162793a9dd5bc16e4328802fa7b8 Parents: 7d19676 Author: Sergey Beryozkin Authored: Fri Aug 12 13:18:42 2016 +0100 Committer: Sergey Beryozkin Committed: Fri Aug 12 13:19:40 2016 +0100 -- .../oauth2/filters/JwtAccessTokenValidator.java | 27 +++- .../provider/AbstractOAuthDataProvider.java | 15 ++- .../oauth2/utils/JwtAccessTokenUtils.java | 20 +-- .../oauth2/filters/OAuth2JwtFiltersTest.java| 5 ++-- 4 files changed, 33 insertions(+), 34 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/55431b52/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java index 252bed7..769f7bb 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java @@ -40,6 +40,10 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTokenValidator { +private static final String USERNAME_CLAIM = "username"; + +private String usernameClaim = USERNAME_CLAIM; + public List getSupportedAuthorizationSchemes() { return Collections.singletonList(OAuthConstants.BEARER_AUTHORIZATION_SCHEME); } @@ -61,8 +65,9 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTo private AccessTokenValidation convertClaimsToValidation(JwtClaims claims) { AccessTokenValidation atv = new AccessTokenValidation(); atv.setInitialValidationSuccessful(true); -if (claims.getAudience() != null) { -atv.setClientId(claims.getAudience()); +String clientId = claims.getStringProperty(OAuthConstants.CLIENT_ID); +if (clientId != null) { +atv.setClientId(clientId); } if (claims.getIssuedAt() != null) { atv.setTokenIssuedAt(claims.getIssuedAt()); @@ -72,15 +77,9 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTo if (claims.getExpiryTime() != null) { atv.setTokenLifetime(claims.getExpiryTime() - atv.getTokenIssuedAt()); } -Object resourceAud = claims.getClaim(OAuthConstants.RESOURCE_INDICATOR); -if (resourceAud != null) { -List auds = null; -if (resourceAud instanceof List) { -auds = CastUtils.cast((List)resourceAud); -} else { -auds = Collections.singletonList((String)resourceAud); -} -atv.setAudiences(auds); +List audiences = claims.getAudiences(); +if (audiences != null && !audiences.isEmpty()) { +atv.setAudiences(claims.getAudiences()); } if (claims.getIssuer() != null) { atv.setTokenIssuer(claims.getIssuer()); @@ -97,7 +96,7 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTo } atv.setTokenScopes(perms); } -String username = (String)claims.getClaim("preferred_username"); +String username = (String)claims.getClaim(usernameClaim); if (username != null) { UserSubject userSubject = new UserSubject(username); if (claims.getSubject() != null) { @@ -110,4 +109,8 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTo return atv; } +public void setUsernameClaim(String usernameClaim) { +this.usernameClaim = usernameClaim; +} + } http://git-wip-us.apache.org/repos/asf/cxf/blob/55431b52/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.
cxf git commit: [CXF-6692] Updates to the way some claims are set
Repository: cxf Updated Branches: refs/heads/master 0f51e22bc -> b69f76c6a [CXF-6692] Updates to the way some claims are set Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b69f76c6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b69f76c6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b69f76c6 Branch: refs/heads/master Commit: b69f76c6a43376f85c4b3bc5135b58f717463e8f Parents: 0f51e22 Author: Sergey Beryozkin Authored: Fri Aug 12 13:18:42 2016 +0100 Committer: Sergey Beryozkin Committed: Fri Aug 12 13:18:42 2016 +0100 -- .../oauth2/filters/JwtAccessTokenValidator.java | 27 +++- .../provider/AbstractOAuthDataProvider.java | 15 ++- .../oauth2/utils/JwtAccessTokenUtils.java | 20 +-- .../oauth2/filters/OAuth2JwtFiltersTest.java| 5 ++-- 4 files changed, 33 insertions(+), 34 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/b69f76c6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java index 252bed7..769f7bb 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/JwtAccessTokenValidator.java @@ -40,6 +40,10 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTokenValidator { +private static final String USERNAME_CLAIM = "username"; + +private String usernameClaim = USERNAME_CLAIM; + public List getSupportedAuthorizationSchemes() { return Collections.singletonList(OAuthConstants.BEARER_AUTHORIZATION_SCHEME); } @@ -61,8 +65,9 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTo private AccessTokenValidation convertClaimsToValidation(JwtClaims claims) { AccessTokenValidation atv = new AccessTokenValidation(); atv.setInitialValidationSuccessful(true); -if (claims.getAudience() != null) { -atv.setClientId(claims.getAudience()); +String clientId = claims.getStringProperty(OAuthConstants.CLIENT_ID); +if (clientId != null) { +atv.setClientId(clientId); } if (claims.getIssuedAt() != null) { atv.setTokenIssuedAt(claims.getIssuedAt()); @@ -72,15 +77,9 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTo if (claims.getExpiryTime() != null) { atv.setTokenLifetime(claims.getExpiryTime() - atv.getTokenIssuedAt()); } -Object resourceAud = claims.getClaim(OAuthConstants.RESOURCE_INDICATOR); -if (resourceAud != null) { -List auds = null; -if (resourceAud instanceof List) { -auds = CastUtils.cast((List)resourceAud); -} else { -auds = Collections.singletonList((String)resourceAud); -} -atv.setAudiences(auds); +List audiences = claims.getAudiences(); +if (audiences != null && !audiences.isEmpty()) { +atv.setAudiences(claims.getAudiences()); } if (claims.getIssuer() != null) { atv.setTokenIssuer(claims.getIssuer()); @@ -97,7 +96,7 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTo } atv.setTokenScopes(perms); } -String username = (String)claims.getClaim("preferred_username"); +String username = (String)claims.getClaim(usernameClaim); if (username != null) { UserSubject userSubject = new UserSubject(username); if (claims.getSubject() != null) { @@ -110,4 +109,8 @@ public class JwtAccessTokenValidator extends JoseJwtConsumer implements AccessTo return atv; } +public void setUsernameClaim(String usernameClaim) { +this.usernameClaim = usernameClaim; +} + } http://git-wip-us.apache.org/repos/asf/cxf/blob/b69f76c6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/r