Repository: cxf Updated Branches: refs/heads/master 4ddc8d5b3 -> 2cfcbbc2c
[CXF-6165] Finalizing the demo Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2cfcbbc2 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2cfcbbc2 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2cfcbbc2 Branch: refs/heads/master Commit: 2cfcbbc2ce20118e06ca3ef11f08f6f106181055 Parents: 4ddc8d5 Author: Sergey Beryozkin <[email protected]> Authored: Tue Jul 7 17:29:28 2015 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Jul 7 17:29:28 2015 +0100 ---------------------------------------------------------------------- .../release/samples/jax_rs/big_query/README.txt | 4 ++ .../demo/jaxrs/server/BigQueryResponse.java | 18 +++++++ .../java/demo/jaxrs/server/BigQueryService.java | 29 +++++----- .../java/demo/jaxrs/server/BigQueryStart.java | 32 +++++++++++ .../main/webapp/WEB-INF/applicationContext.xml | 57 +++++++++++++------- .../src/main/webapp/forms/bigQueryResponse.jsp | 4 +- .../src/main/webapp/forms/bigQueryStart.jsp | 51 ++++++++++++++++++ .../webapp/forms/oidcClientTokenContext.jsp | 12 ----- .../src/main/webapp/forms/startSearch.jsp | 46 ---------------- .../oidc/rp/OidcRpAuthenticationFilter.java | 21 ++++++-- 10 files changed, 175 insertions(+), 99 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/2cfcbbc2/distribution/src/main/release/samples/jax_rs/big_query/README.txt ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/jax_rs/big_query/README.txt b/distribution/src/main/release/samples/jax_rs/big_query/README.txt new file mode 100644 index 0000000..ee4cd9a --- /dev/null +++ b/distribution/src/main/release/samples/jax_rs/big_query/README.txt @@ -0,0 +1,4 @@ +JAX-RS Big Query Demo +===================== + + http://git-wip-us.apache.org/repos/asf/cxf/blob/2cfcbbc2/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryResponse.java ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryResponse.java b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryResponse.java index 32030a6..238ecb9 100644 --- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryResponse.java +++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryResponse.java @@ -1,3 +1,21 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package demo.jaxrs.server; import java.util.LinkedList; http://git-wip-us.apache.org/repos/asf/cxf/blob/2cfcbbc2/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java index 2c1932f..99441ba 100644 --- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java +++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryService.java @@ -46,38 +46,39 @@ public class BigQueryService { + "\"maxResults\": %d" + "}"; + @Context + private OidcClientTokenContext oidcContext; private WebClient bigQueryClient; - @POST - @Path("/complete") + @GET + @Path("/start") @Produces("text/html") - public BigQueryResponse completeBigQueryPost(@Context OidcClientTokenContext context) { - return completeBigQueryGet(context); + public BigQueryStart startBigQuerySearch() { + return new BigQueryStart(getUserInfo()); } - @GET + @POST @Path("/complete") @Produces("text/html") - public BigQueryResponse completeBigQueryGet(@Context OidcClientTokenContext context) { + public BigQueryResponse completeBigQuerySearch() { - ClientAccessToken accessToken = context.getToken(); + ClientAccessToken accessToken = oidcContext.getToken(); - MultivaluedMap<String, String> state = context.getState(); + MultivaluedMap<String, String> state = oidcContext.getState(); String searchWord = state.getFirst("word"); String maxResults = state.getFirst("maxResults"); - BigQueryResponse bigQueryResponse = new BigQueryResponse(getUserInfo(context), - searchWord); + BigQueryResponse bigQueryResponse = new BigQueryResponse(getUserInfo(), searchWord); bigQueryResponse.setTexts(getMatchingTexts(bigQueryClient, accessToken, searchWord, maxResults)); return bigQueryResponse; } - private String getUserInfo(OidcClientTokenContext context) { - if (context.getUserInfo() != null) { - return context.getUserInfo().getName(); + private String getUserInfo() { + if (oidcContext.getUserInfo() != null) { + return oidcContext.getUserInfo().getName(); } else { - return context.getIdToken().getSubject(); + return oidcContext.getIdToken().getSubject(); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/2cfcbbc2/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryStart.java ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryStart.java b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryStart.java new file mode 100644 index 0000000..b49fef2 --- /dev/null +++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryStart.java @@ -0,0 +1,32 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package demo.jaxrs.server; + + +public class BigQueryStart { + private String userName; + public BigQueryStart(String userName) { + this.userName = userName; + } + + public String getUserName() { + return userName; + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/2cfcbbc2/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml index e6d20df..e099c28 100644 --- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml +++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/WEB-INF/applicationContext.xml @@ -48,6 +48,7 @@ <property name="bigQueryClient" ref="bigQueryClient"/> </bean> + <!-- project_id is allocated in Google Developer Console --> <jaxrsclient:client id="bigQueryClient" threadSafe="true" address="https://www.googleapis.com/bigquery/v2/projects/${project_id}/queries"; serviceClass="org.apache.cxf.jaxrs.client.WebClient"> @@ -63,6 +64,7 @@ <bean id="searchView" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider"> <property name="useClassNames" value="true"/> <property name="locationPrefix" value="/forms/"/> + <property name="beanName" value="data"/> </bean> <bean id="oidcRpFilter" class="org.apache.cxf.rs.security.oidc.rp.OidcRpAuthenticationFilter"> @@ -72,8 +74,8 @@ --> <property name="stateManager" ref="stateManager"/> - <!-- RP endpoint address to redirect to if no OIDC context is available --> - <property name="rpServiceAddress" value="oidc/rp"/> + <!-- The address to redirect to if no OIDC context is available --> + <property name="redirectUri" value="/forms/simpleLogin.jsp"/> </bean> <!-- @@ -102,11 +104,14 @@ the context is available --> <property name="stateManager" ref="stateManager"/> <!-- Where to redirect to once the authentication is complete --> - <property name="defaultLocation" value="/forms/startSearch.jsp"/> + <property name="defaultLocation" value="/service/search/start"/> </bean> <!-- The state manager shared between the RP and application endpoints --> <bean id="stateManager" class="org.apache.cxf.rs.security.oauth2.client.MemoryClientTokenContextManager"/> + <!-- This filter redirect to Google Authorization service, exchanges an authorization code for access token, + extracts OIDC IdToken, requests OIDC UserInfo and makes it all available as OidcCientTokenContext + --> <bean id="rpOidcRequestFilter" class="org.apache.cxf.rs.security.oidc.rp.OidcClientCodeRequestFilter"> <property name="clientCodeStateManager" ref="rpClientCodeStateManager"/> <property name="scopes" value="openid email profile https://www.googleapis.com/auth/bigquery.readonly"/> @@ -117,9 +122,11 @@ <property name="startUri" value="rp"/> <property name="completeUri" value="rp/complete"/> </bean> + <!-- This state manager creates an OAuth2 'state' parameter and saves it in the HTTP session --> <bean id="rpClientCodeStateManager" class="org.apache.cxf.rs.security.oauth2.client.MemoryClientCodeStateManager"/> - <!-- WebClient for requesting an OAuth2 Access token --> + <!-- WebClient for requesting an OAuth2 Access token. + rpOidcRequestFilter uses it to exchange a code for a token --> <jaxrsclient:client id="atServiceClient" threadSafe="true" address="https://accounts.google.com/o/oauth2/token"; @@ -137,43 +144,53 @@ </jaxrsclient:features> </jaxrsclient:client> - <!-- WebClient for requesting an OIDC UserInfo --> - <jaxrsclient:client id="userInfoServiceClient" threadSafe="true" - address="https://www.googleapis.com/plus/v1/people/me/openIdConnect"; + <!-- The RP filter uses this client to read OIDC IdToken from OAuth2 access token and + request OIDC UserInfo. If OIDC IdToken only is required then registering + org.apache.cxf.rs.security.oidc.rp.IdTokenReader is enough. + --> + <bean id="userInfoClient" class="org.apache.cxf.rs.security.oidc.rp.UserInfoClient"> + <!-- these properties are needed to validate IdToken --> + <property name="jwkSetClient" ref="jwkSetClient"/> + <property name="issuerId" value="accounts.google.com"/> + <property name="clockOffset" value="10"/> + <!-- this one is needed to get OIDC UserInfo --> + <property name="userInfoServiceClient" ref="userInfoServiceClient"/> + </bean> + + <!-- WebClient for requesting an OIDC IDP JWK Set + This client is used to get a JWK key required to validate OIDC IdToken returned with the OAuth2 access token --> + <jaxrsclient:client id="jwkSetClient" threadSafe="true" + address="https://www.googleapis.com/oauth2/v2/certs"; serviceClass="org.apache.cxf.jaxrs.client.WebClient"> <jaxrsclient:headers> <entry key="Accept" value="application/json"/> </jaxrsclient:headers> <jaxrsclient:providers> - <bean class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/> + <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/> </jaxrsclient:providers> <jaxrsclient:features> <ref bean="loggingFeature"/> </jaxrsclient:features> - </jaxrsclient:client> + </jaxrsclient:client> - <!-- WebClient for requesting an OIDC IDP JWK Set --> - <jaxrsclient:client id="jwkSetClient" threadSafe="true" - address="https://www.googleapis.com/oauth2/v2/certs"; + <!-- WebClient for requesting an OIDC UserInfo + This client is optional if the application is happy working with OIDC IDToken only --> + + <jaxrsclient:client id="userInfoServiceClient" threadSafe="true" + address="https://www.googleapis.com/plus/v1/people/me/openIdConnect"; serviceClass="org.apache.cxf.jaxrs.client.WebClient"> <jaxrsclient:headers> <entry key="Accept" value="application/json"/> </jaxrsclient:headers> <jaxrsclient:providers> - <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/> + <bean class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/> </jaxrsclient:providers> <jaxrsclient:features> <ref bean="loggingFeature"/> </jaxrsclient:features> </jaxrsclient:client> - <bean id="userInfoClient" class="org.apache.cxf.rs.security.oidc.rp.UserInfoClient"> - <property name="jwkSetClient" ref="jwkSetClient"/> - <property name="issuerId" value="accounts.google.com"/> - <property name="userInfoServiceClient" ref="userInfoServiceClient"/> - <property name="clockOffset" value="10"/> - </bean> - + <!-- Client id and secret allocated in Google Developer Console --> <bean id="consumer" class="org.apache.cxf.rs.security.oauth2.client.Consumer"> <property name="key" value="${client_id}"/> <property name="secret" value="${client_secret}"/> http://git-wip-us.apache.org/repos/asf/cxf/blob/2cfcbbc2/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/bigQueryResponse.jsp ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/bigQueryResponse.jsp b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/bigQueryResponse.jsp index 19c6c55..bbd2909 100644 --- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/bigQueryResponse.jsp +++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/bigQueryResponse.jsp @@ -1,7 +1,7 @@ <%@ page import="javax.servlet.http.HttpServletRequest, demo.jaxrs.server.BigQueryResponse, demo.jaxrs.server.ShakespeareText" %> <% - BigQueryResponse bgResponse = (BigQueryResponse) request.getAttribute("bigqueryresponse"); + BigQueryResponse bgResponse = (BigQueryResponse) request.getAttribute("data"); String basePath = request.getContextPath() + request.getServletPath(); if (!basePath.endsWith("/")) { basePath += "/"; @@ -43,7 +43,7 @@ <br/> <p> -Back to <a href="<%= basePath %>forms/startSearch.jsp">Search Service</a>. +Back to <a href="<%= basePath %>service/search/start">Search Service</a>. </p> </big></big> </div> http://git-wip-us.apache.org/repos/asf/cxf/blob/2cfcbbc2/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/bigQueryStart.jsp ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/bigQueryStart.jsp b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/bigQueryStart.jsp new file mode 100644 index 0000000..b818617 --- /dev/null +++ b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/bigQueryStart.jsp @@ -0,0 +1,51 @@ +<%@ page import="javax.servlet.http.HttpServletRequest, demo.jaxrs.server.BigQueryStart" %> + +<% + BigQueryStart bq = (BigQueryStart) request.getAttribute("data"); +%> +<html xmlns="http://www.w3.org/1999/xhtml";> +<head> + <title>Shakespeare Text Search</title> + <STYLE TYPE="text/css"> + <!-- + input {font-family:verdana, arial, helvetica, sans-serif;font-size:20px;line-height:40px;} + div.padded { + padding-left: 5em; + } + --> +</STYLE> +</head> +<body> +<div class="padded"> +<h1><%= bq.getUserName() %>, Welcome to Shakespeare Text Search Service</h1> +<em></em> +<p> + <table> + <form action="https://localhost:8080/bigquery/service/search/complete"; method="POST"> + <tr> + <td><big><big><big>Text Word:</big></big></big></td> + <td> + <input type="text" name="word" value="brave"/> + </td> + </tr> + <tr> + <td><big><big><big>Max Results:</big></big></big></td> + <td> + <input type="text" name="maxResults" value="10"/> + </td> + </tr> + <tr> + <td> + + </td> + </tr> + <tr> + <td colspan="2"> + <input type="submit" value=" Find Texts "/> + </td> + </tr> + </form> + </table> +</div> +</body> +</html> http://git-wip-us.apache.org/repos/asf/cxf/blob/2cfcbbc2/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/oidcClientTokenContext.jsp ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/oidcClientTokenContext.jsp b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/oidcClientTokenContext.jsp deleted file mode 100644 index 58d183d..0000000 --- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/oidcClientTokenContext.jsp +++ /dev/null @@ -1,12 +0,0 @@ -<%@ page import="javax.servlet.http.HttpServletRequest, org.apache.cxf.rs.security.oidc.rp.OidcClientTokenContext" %> - -<% - OidcClientTokenContext context = (OidcClientTokenContext) request.getAttribute("oidcclienttokencontext"); -%> -<html> -<body> -<div class="padded"> -<h2>Welcome, <%= context.getIdToken().getClaim("email") %></h2> -</div> -</body> -</html> http://git-wip-us.apache.org/repos/asf/cxf/blob/2cfcbbc2/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/startSearch.jsp ---------------------------------------------------------------------- diff --git a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/startSearch.jsp b/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/startSearch.jsp deleted file mode 100644 index 23269f4..0000000 --- a/distribution/src/main/release/samples/jax_rs/big_query/src/main/webapp/forms/startSearch.jsp +++ /dev/null @@ -1,46 +0,0 @@ -<html xmlns="http://www.w3.org/1999/xhtml";> -<head> - <title>Shakespeare Text Search</title> - <STYLE TYPE="text/css"> - <!-- - input {font-family:verdana, arial, helvetica, sans-serif;font-size:20px;line-height:40px;} - div.padded { - padding-left: 15em; - } - --> -</STYLE> -</head> -<body> -<div class="padded"> -<h1>Welcome to Shakespeare Text Search Service</h1> -<em></em> -<p> - <table> - <form action="https://localhost:8080/bigquery/service/search/complete"; method="POST"> - <tr> - <td><big><big><big>Text Word:</big></big></big></td> - <td> - <input type="text" name="word" value="brave"/> - </td> - </tr> - <tr> - <td><big><big><big>Max Results:</big></big></big></td> - <td> - <input type="text" name="maxResults" value="10"/> - </td> - </tr> - <tr> - <td> - - </td> - </tr> - <tr> - <td colspan="2"> - <input type="submit" value=" Find Texts "/> - </td> - </tr> - </form> - </table> -</div> -</body> -</html> http://git-wip-us.apache.org/repos/asf/cxf/blob/2cfcbbc2/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java index 52df086..415e2cc 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/OidcRpAuthenticationFilter.java @@ -18,6 +18,8 @@ */ package org.apache.cxf.rs.security.oidc.rp; +import java.net.URI; + import javax.annotation.Priority; import javax.ws.rs.Priorities; import javax.ws.rs.container.ContainerRequestContext; @@ -43,14 +45,23 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter { @Context private MessageContext mc; private ClientTokenContextManager stateManager; - private String rpServiceAddress; + private String redirectUri; public void filter(ContainerRequestContext rc) { if (checkSecurityContext(rc)) { return; } else { - UriBuilder ub = rc.getUriInfo().getBaseUriBuilder().path(rpServiceAddress); - rc.abortWith(Response.seeOther(ub.build()) + URI redirectAddress = null; + if (redirectUri.startsWith("/")) { + String basePath = (String)mc.get("http.base.path"); + redirectAddress = UriBuilder.fromUri(basePath).path(redirectUri).build(); + } else if (redirectUri.startsWith("http")) { + redirectAddress = URI.create(redirectUri); + } else { + UriBuilder ub = rc.getUriInfo().getBaseUriBuilder().path(redirectUri); + redirectAddress = ub.build(); + } + rc.abortWith(Response.seeOther(redirectAddress) .header(HttpHeaders.CACHE_CONTROL, "no-cache, no-store") .header("Pragma", "no-cache") .build()); @@ -80,8 +91,8 @@ public class OidcRpAuthenticationFilter implements ContainerRequestFilter { } return requestState; } - public void setRpServiceAddress(String rpServiceAddress) { - this.rpServiceAddress = rpServiceAddress; + public void setRedirectUri(String redirectUri) { + this.redirectUri = redirectUri; } public void setStateManager(ClientTokenContextManager stateManager) { this.stateManager = stateManager;
