Repository: cxf Updated Branches: refs/heads/3.0.x-fixes c1c40ba6b -> a81bfea92
Prototyping some code supporting an implicit link between a JWT user token encoded as a header and a signed payload Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a81bfea9 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a81bfea9 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a81bfea9 Branch: refs/heads/3.0.x-fixes Commit: a81bfea92d6b1e128ae89c63c34b7a5b2290ab12 Parents: c1c40ba Author: Sergey Beryozkin <[email protected]> Authored: Tue Nov 18 23:27:54 2014 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Nov 18 23:28:51 2014 +0100 ---------------------------------------------------------------------- .../security/jose/jaxrs/AbstractJwsWriterProvider.java | 8 +++++++- .../security/jose/jaxrs/JwsContainerRequestFilter.java | 12 ++++++++++++ .../rs/security/jose/jaxrs/JwsWriterInterceptor.java | 1 + 3 files changed, 20 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/a81bfea9/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java index ff0a5aa..139f20f 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/AbstractJwsWriterProvider.java @@ -35,7 +35,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsUtils; public class AbstractJwsWriterProvider { private static final String RSSEC_SIGNATURE_OUT_PROPS = "rs.security.signature.out.properties"; private static final String RSSEC_SIGNATURE_PROPS = "rs.security.signature.properties"; - + private static final String JWS_CONTEXT_PROPERTY = "org.apache.cxf.jws.context"; private JwsSignatureProvider sigProvider; public void setSignatureProvider(JwsSignatureProvider signatureProvider) { @@ -56,6 +56,12 @@ public class AbstractJwsWriterProvider { headers.setAlgorithm(theSigProvider.getAlgorithm()); return theSigProvider; } + protected void setRequestContextProperty(Message m, JoseHeaders headers) { + String context = (String)m.getContextualProperty(JWS_CONTEXT_PROPERTY); + if (context != null) { + headers.setHeader(JWS_CONTEXT_PROPERTY, context); + } + } protected void writeJws(JwsCompactProducer p, JwsSignatureProvider theSigProvider, OutputStream os) throws IOException { p.signWith(theSigProvider); http://git-wip-us.apache.org/repos/asf/cxf/blob/a81bfea9/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java index e3b4ba4..6ced711 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.java @@ -36,6 +36,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; @PreMatching @Priority(Priorities.JWS_SERVER_READ_PRIORITY) public class JwsContainerRequestFilter extends AbstractJwsReaderProvider implements ContainerRequestFilter { + private static final String JWS_CONTEXT_PROPERTY = "org.apache.cxf.jws.context"; @Override public void filter(ContainerRequestContext context) throws IOException { if (HttpMethod.GET.equals(context.getMethod())) { @@ -47,6 +48,7 @@ public class JwsContainerRequestFilter extends AbstractJwsReaderProvider impleme context.abortWith(JAXRSUtils.toResponse(400)); return; } + validateRequestContextProperty(p); byte[] bytes = p.getDecodedJwsPayloadBytes(); context.setEntityStream(new ByteArrayInputStream(bytes)); context.getHeaders().putSingle("Content-Length", Integer.toString(bytes.length)); @@ -56,4 +58,14 @@ public class JwsContainerRequestFilter extends AbstractJwsReaderProvider impleme context.getHeaders().putSingle("Content-Type", ct); } } + protected void validateRequestContextProperty(JwsCompactConsumer c) { + String context = (String)JAXRSUtils.getCurrentMessage().get(JWS_CONTEXT_PROPERTY); + if (context != null) { + String headerCtx = (String)c.getJoseHeaders().getHeader(JWS_CONTEXT_PROPERTY); + if (headerCtx == null || !headerCtx.equals(context)) { + throw new SecurityException(); + } + } + + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/a81bfea9/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java index c79f305..44eb42f 100644 --- a/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java +++ b/rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwsWriterInterceptor.java @@ -102,6 +102,7 @@ public class JwsWriterInterceptor extends AbstractJwsWriterProvider implements W } } } + private void setJoseMediaType(WriterInterceptorContext ctx) { MediaType joseMediaType = JAXRSUtils.toMediaType(JoseConstants.MEDIA_TYPE_JOSE); ctx.setMediaType(joseMediaType);
