Repository: cxf Updated Branches: refs/heads/master 557dc292f -> e617a2c58
[CXF-5607] More work around oidc authentication only Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e617a2c5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e617a2c5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e617a2c5 Branch: refs/heads/master Commit: e617a2c5865cf3d11d0d344a23dc2d493ff4809b Parents: 557dc29 Author: Sergey Beryozkin <[email protected]> Authored: Thu Jun 25 16:04:25 2015 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Thu Jun 25 16:04:25 2015 +0100 ---------------------------------------------------------------------- .../main/webapp/WEB-INF/applicationContext.xml | 2 - .../oidc/rp/OidcClientTokenContextImpl.java | 6 ++ .../security/oidc/rp/OidcIdTokenProvider.java | 7 +- .../oidc/rp/OidcIdTokenRequestFilter.java | 74 ++++++++++++++++++++ .../oidc/rp/OidcRpAuthenticationService.java | 22 +----- .../security/oidc/rp/OidcSecurityContext.java | 4 ++ 6 files changed, 93 insertions(+), 22 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/e617a2c5/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml index 528aa50..9da7e37 100644 --- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml +++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml @@ -130,8 +130,6 @@ <bean id="oidcRpService" class="org.apache.cxf.rs.security.oidc.rp.OidcRpAuthenticationService"> <property name="stateManager" ref="stateManager"/> <property name="defaultLocation" value="/forms/startSearch.jsp"/> - <property name="idTokenValidator" ref="userInfoClient"/> - <property name="consumer" ref="consumer"/> </bean> <jaxrs:server id="oidcRpServer" address="/oidc"> http://git-wip-us.apache.org/repos/asf/cxf/blob/e617a2c5/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientTokenContextImpl.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientTokenContextImpl.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientTokenContextImpl.java index 47164a7..c18be13 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientTokenContextImpl.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcClientTokenContextImpl.java @@ -26,6 +26,12 @@ public class OidcClientTokenContextImpl extends ClientTokenContextImpl implement private static final long serialVersionUID = 117239739331303618L; private IdToken idToken; private UserInfo userInfo; + public OidcClientTokenContextImpl() { + + } + public OidcClientTokenContextImpl(IdToken idToken) { + this.idToken = idToken; + } public IdToken getIdToken() { return idToken; } http://git-wip-us.apache.org/repos/asf/cxf/blob/e617a2c5/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java index 496a92c..fab9ae8 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenProvider.java @@ -26,6 +26,11 @@ import org.apache.cxf.rs.security.oidc.common.IdToken; public class OidcIdTokenProvider implements ContextProvider<IdToken> { @Override public IdToken createContext(Message m) { - return ((OidcClientTokenContext)m.getContent(ClientTokenContext.class)).getIdToken(); + + OidcClientTokenContext ctx = (OidcClientTokenContext)m.getContent(ClientTokenContext.class); + if (ctx != null) { + return ctx.getIdToken(); + } + return m.getContent(IdToken.class); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/e617a2c5/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java new file mode 100644 index 0000000..922a3d0 --- /dev/null +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcIdTokenRequestFilter.java @@ -0,0 +1,74 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.oidc.rp; + +import java.io.IOException; + +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.MultivaluedMap; +import javax.ws.rs.core.Response; + +import org.apache.cxf.jaxrs.impl.MetadataMap; +import org.apache.cxf.jaxrs.utils.FormUtils; +import org.apache.cxf.jaxrs.utils.JAXRSUtils; +import org.apache.cxf.rs.security.oauth2.client.ClientTokenContext; +import org.apache.cxf.rs.security.oauth2.client.Consumer; +import org.apache.cxf.rs.security.oidc.common.IdToken; + +public class OidcIdTokenRequestFilter implements ContainerRequestFilter { + private String tokenFormParameter = "idtoken"; + private IdTokenValidator idTokenValidator; + private Consumer consumer; + + @Override + public void filter(ContainerRequestContext requestContext) throws IOException { + MultivaluedMap<String, String> form = toFormData(requestContext); + String idTokenParamValue = form.getFirst(tokenFormParameter); + if (idTokenParamValue == null) { + requestContext.abortWith(Response.status(401).build()); + return; + } + + IdToken idToken = idTokenValidator.getIdToken(idTokenParamValue, consumer.getKey()); + JAXRSUtils.getCurrentMessage().setContent(ClientTokenContext.class, idToken); + requestContext.setSecurityContext(new OidcSecurityContext(idToken)); + + } + private MultivaluedMap<String, String> toFormData(ContainerRequestContext rc) { + MultivaluedMap<String, String> requestState = new MetadataMap<String, String>(); + if (MediaType.APPLICATION_FORM_URLENCODED_TYPE.isCompatible(rc.getMediaType())) { + String body = FormUtils.readBody(rc.getEntityStream(), "UTF-8"); + FormUtils.populateMapFromString(requestState, JAXRSUtils.getCurrentMessage(), body, + "UTF-8", false); + } + return requestState; + } + public void setIdTokenValidator(IdTokenValidator validator) { + this.idTokenValidator = validator; + } + public void setTokenFormParameter(String tokenFormParameter) { + this.tokenFormParameter = tokenFormParameter; + } + + public void setConsumer(Consumer consumer) { + this.consumer = consumer; + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/e617a2c5/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java index 70a7224..1c4eebe 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationService.java @@ -32,29 +32,21 @@ import javax.ws.rs.core.UriBuilder; import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.oauth2.client.ClientTokenContextManager; -import org.apache.cxf.rs.security.oauth2.client.Consumer; +import org.apache.cxf.rs.security.oidc.common.IdToken; @Path("rp") public class OidcRpAuthenticationService { private ClientTokenContextManager stateManager; private String defaultLocation; - private String tokenFormParameter = "idtoken"; @Context private MessageContext mc; - private IdTokenValidator idTokenValidator; - private Consumer consumer; - - public void setIdTokenValidator(IdTokenValidator validator) { - this.idTokenValidator = validator; - } @POST @Path("signin") @Consumes(MediaType.APPLICATION_FORM_URLENCODED) - public Response completeScriptAuthentication(MultivaluedMap<String, String> map) { - String idTokenParamValue = map.getFirst(tokenFormParameter); + public Response completeScriptAuthentication(@Context IdToken idToken) { OidcClientTokenContextImpl ctx = new OidcClientTokenContextImpl(); - ctx.setIdToken(idTokenValidator.getIdToken(idTokenParamValue, consumer.getKey())); + ctx.setIdToken(idToken); return completeAuthentication(ctx); } @@ -81,12 +73,4 @@ public class OidcRpAuthenticationService { public void setStateManager(ClientTokenContextManager stateManager) { this.stateManager = stateManager; } - - public void setTokenFormParameter(String tokenFormParameter) { - this.tokenFormParameter = tokenFormParameter; - } - - public void setConsumer(Consumer consumer) { - this.consumer = consumer; - } } http://git-wip-us.apache.org/repos/asf/cxf/blob/e617a2c5/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java index f8b8045..14dd8c3 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.java @@ -23,9 +23,13 @@ import javax.ws.rs.core.SecurityContext; import org.apache.cxf.common.security.SimpleSecurityContext; import org.apache.cxf.jaxrs.utils.HttpUtils; import org.apache.cxf.jaxrs.utils.JAXRSUtils; +import org.apache.cxf.rs.security.oidc.common.IdToken; public class OidcSecurityContext extends SimpleSecurityContext implements SecurityContext { private OidcClientTokenContext oidcContext; + public OidcSecurityContext(IdToken token) { + this(new OidcClientTokenContextImpl()); + } public OidcSecurityContext(OidcClientTokenContext oidcContext) { super(getUserName(oidcContext)); this.oidcContext = oidcContext;
