subject:"cxf git commit\: Cleaning up AbstractImplicitService and prototyping the code to deal with id_token response type in OidcImplicitService, not complete yet"

cxf git commit: Cleaning up AbstractImplicitService and prototyping the code to deal with id_token response type in OidcImplicitService, not complete yet

2016-02-05 Thread sergeyb

Repository: cxf
Updated Branches:
  refs/heads/master 89cdf0a99 -> 5239e3a36


Cleaning up AbstractImplicitService and prototyping the code to deal with 
id_token response type in OidcImplicitService, not complete yet


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5239e3a3
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5239e3a3
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5239e3a3

Branch: refs/heads/master
Commit: 5239e3a36abed124856276e36cc2384f32e22c38
Parents: 89cdf0a
Author: Sergey Beryozkin 
Authored: Fri Feb 5 13:32:33 2016 +
Committer: Sergey Beryozkin 
Committed: Fri Feb 5 13:32:33 2016 +

--
 .../services/AbstractImplicitGrantService.java  | 84 
 .../services/AuthorizationCodeGrantService.java |  7 +-
 .../services/RedirectionBasedGrantService.java  | 21 -
 .../security/oidc/idp/OidcImplicitService.java  | 48 +--
 4 files changed, 94 insertions(+), 66 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/5239e3a3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index 5133374..f3c466b 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -63,26 +63,18 @@ public abstract class AbstractImplicitGrantService extends 
RedirectionBasedGrant
UserSubject userSubject,
ServerAccessToken preAuthorizedToken) {
 
-boolean tokenCanBeReturned = preAuthorizedToken != null;
 ServerAccessToken token = null;
 if (preAuthorizedToken == null) {
-tokenCanBeReturned = canAccessTokenBeReturned(state, 
requestedScope, approvedScope);
-if (tokenCanBeReturned) {
-AccessTokenRegistration reg = new AccessTokenRegistration();
-reg.setClient(client);
-reg.setGrantType(super.getSupportedGrantType());
-reg.setSubject(userSubject);
-reg.setRequestedScope(requestedScope);
-if (approvedScope == null || approvedScope.isEmpty()) {
-// no down-scoping done by a user, all of the requested 
scopes have been authorized
-reg.setApprovedScope(requestedScope);
-} else {
-reg.setApprovedScope(approvedScope);
-}
-
reg.setAudiences(Collections.singletonList(state.getAudience()));
-reg.setNonce(state.getNonce());
-token = getDataProvider().createAccessToken(reg);
-}
+AccessTokenRegistration reg = new AccessTokenRegistration();
+reg.setClient(client);
+reg.setGrantType(super.getSupportedGrantType());
+reg.setSubject(userSubject);
+reg.setRequestedScope(requestedScope);
+reg.setApprovedScope(getApprovedScope(requestedScope, 
approvedScope));
+
+reg.setAudiences(Collections.singletonList(state.getAudience()));
+reg.setNonce(state.getNonce());
+token = getDataProvider().createAccessToken(reg);
 } else {
 token = preAuthorizedToken;
 if (state.getNonce() != null) {
@@ -90,39 +82,20 @@ public abstract class AbstractImplicitGrantService extends 
RedirectionBasedGrant
 }
 }
 
-ClientAccessToken clientToken = null;
-if (token != null) {
-clientToken = OAuthUtils.toClientAccessToken(token, 
isWriteOptionalParameters());
-} else {
-// this is not ideal - it is only done to have OIDC Implicit to 
have an id_token added
-// via AccessTokenResponseFilter. Note if id_token is needed (with 
or without access token)
-// then the service needs to be injected with SubjectCreator, 
example, DefaultSubjectCreator
-// extension which will have a chance to attach id_token to 
Subject properties which are checked
-// by id_token AccessTokenResponseFilter. If at is also needed 
then OAuthDataProvider may deal 
-// with attaching id_token itself in which case no

cxf git commit: Cleaning up AbstractImplicitService and prototyping the code to deal with id_token response type in OidcImplicitService, not complete yet

2016-02-05 Thread sergeyb

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 0ddd071dd -> 9f457003d


Cleaning up AbstractImplicitService and prototyping the code to deal with 
id_token response type in OidcImplicitService, not complete yet


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9f457003
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9f457003
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9f457003

Branch: refs/heads/3.1.x-fixes
Commit: 9f457003d766950abc6a22d87d7045d3cf6aee44
Parents: 0ddd071
Author: Sergey Beryozkin 
Authored: Fri Feb 5 13:32:33 2016 +
Committer: Sergey Beryozkin 
Committed: Fri Feb 5 13:34:56 2016 +

--
 .../services/AbstractImplicitGrantService.java  | 84 
 .../services/AuthorizationCodeGrantService.java |  7 +-
 .../services/RedirectionBasedGrantService.java  | 21 -
 .../security/oidc/idp/OidcImplicitService.java  | 48 +--
 4 files changed, 94 insertions(+), 66 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/9f457003/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index 5133374..f3c466b 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -63,26 +63,18 @@ public abstract class AbstractImplicitGrantService extends 
RedirectionBasedGrant
UserSubject userSubject,
ServerAccessToken preAuthorizedToken) {
 
-boolean tokenCanBeReturned = preAuthorizedToken != null;
 ServerAccessToken token = null;
 if (preAuthorizedToken == null) {
-tokenCanBeReturned = canAccessTokenBeReturned(state, 
requestedScope, approvedScope);
-if (tokenCanBeReturned) {
-AccessTokenRegistration reg = new AccessTokenRegistration();
-reg.setClient(client);
-reg.setGrantType(super.getSupportedGrantType());
-reg.setSubject(userSubject);
-reg.setRequestedScope(requestedScope);
-if (approvedScope == null || approvedScope.isEmpty()) {
-// no down-scoping done by a user, all of the requested 
scopes have been authorized
-reg.setApprovedScope(requestedScope);
-} else {
-reg.setApprovedScope(approvedScope);
-}
-
reg.setAudiences(Collections.singletonList(state.getAudience()));
-reg.setNonce(state.getNonce());
-token = getDataProvider().createAccessToken(reg);
-}
+AccessTokenRegistration reg = new AccessTokenRegistration();
+reg.setClient(client);
+reg.setGrantType(super.getSupportedGrantType());
+reg.setSubject(userSubject);
+reg.setRequestedScope(requestedScope);
+reg.setApprovedScope(getApprovedScope(requestedScope, 
approvedScope));
+
+reg.setAudiences(Collections.singletonList(state.getAudience()));
+reg.setNonce(state.getNonce());
+token = getDataProvider().createAccessToken(reg);
 } else {
 token = preAuthorizedToken;
 if (state.getNonce() != null) {
@@ -90,39 +82,20 @@ public abstract class AbstractImplicitGrantService extends 
RedirectionBasedGrant
 }
 }
 
-ClientAccessToken clientToken = null;
-if (token != null) {
-clientToken = OAuthUtils.toClientAccessToken(token, 
isWriteOptionalParameters());
-} else {
-// this is not ideal - it is only done to have OIDC Implicit to 
have an id_token added
-// via AccessTokenResponseFilter. Note if id_token is needed (with 
or without access token)
-// then the service needs to be injected with SubjectCreator, 
example, DefaultSubjectCreator
-// extension which will have a chance to attach id_token to 
Subject properties which are checked
-// by id_token AccessTokenResponseFilter. If at is also needed 
then OAuthDataProvider may deal 
-// with attaching id_token itself in which

cxf git commit: Cleaning up AbstractImplicitService and prototyping the code to deal with id_token response type in OidcImplicitService, not complete yet

cxf git commit: Cleaning up AbstractImplicitService and prototyping the code to deal with id_token response type in OidcImplicitService, not complete yet

2 matches

Site Navigation

Mail list logo

Footer information