cxf git commit: Fixing build

Fri, 09 Oct 2015 07:42:57 -0700 

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes caff64536 -> a118ac840


Fixing build


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a118ac84
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a118ac84
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a118ac84

Branch: refs/heads/3.0.x-fixes
Commit: a118ac840be1e0bf2260b3985911c5644e916ec4
Parents: caff645
Author: Colm O hEigeartaigh <[email protected]>
Authored: Fri Oct 9 15:40:43 2015 +0100
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Fri Oct 9 15:41:32 2015 +0100

----------------------------------------------------------------------
 .../oauth2/grants/jwt/AbstractJwtHandler.java   | 31 +++++++++++++++++++-
 .../oauth2/tokens/jwt/JwtAccessTokenUtils.java  | 15 ++++++++--
 2 files changed, 43 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/a118ac84/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java
index ddc4af0..baafd5f 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/jwt/AbstractJwtHandler.java
@@ -38,6 +38,8 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 public abstract class AbstractJwtHandler extends AbstractGrantHandler {
     private Set<String> supportedIssuers; 
     private JwsSignatureVerifier jwsVerifier;
+    private int ttl = 300;
+    private int futureTTL;
         
     protected AbstractJwtHandler(List<String> grants) {
         super(grants);
@@ -54,7 +56,18 @@ public abstract class AbstractJwtHandler extends 
AbstractGrantHandler {
         validateIssuer(claims.getIssuer());
         validateSubject(client, claims.getSubject());
         validateAudience(client, claims.getAudience());
-        JwtUtils.validateJwtTimeClaims(claims);    
+        
+        // If we have no issued time then we need to have an expiry
+        boolean expiredRequired = claims.getIssuedAt() == null;
+        JwtUtils.validateJwtExpiry(claims, expiredRequired);
+        
+        JwtUtils.validateJwtNotBefore(claims, futureTTL, false);
+        
+        // If we have no expiry then we must have an issued at
+        boolean issuedAtRequired = claims.getExpiryTime() == null;
+        if (issuedAtRequired) {
+            JwtUtils.validateJwtTTL(claims, ttl, issuedAtRequired);
+        }
     }
 
     protected void validateIssuer(String issuer) {
@@ -82,4 +95,20 @@ public abstract class AbstractJwtHandler extends 
AbstractGrantHandler {
         } 
         return JwsUtils.loadSignatureVerifier(true);
     }
+    
+    public int getTtl() {
+        return ttl;
+    }
+
+    public void setTtl(int ttl) {
+        this.ttl = ttl;
+    }
+
+    public int getFutureTTL() {
+        return futureTTL;
+    }
+
+    public void setFutureTTL(int futureTTL) {
+        this.futureTTL = futureTTL;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a118ac84/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java
index 1a28191..a88d96f 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/jwt/JwtAccessTokenUtils.java
@@ -110,9 +110,20 @@ public final class JwtAccessTokenUtils {
             throw new SecurityException();
         }
     }
-    public static void validateJwtClaims(JwtClaims claims, Client c) {
+    public static void validateJwtClaims(JwtClaims claims, int ttl, int 
futureTTL, Client c) {
         validateJwtSubjectAndAudience(claims, c);
-        JwtUtils.validateJwtTimeClaims(claims);
+        
+        // If we have no issued time then we need to have an expiry
+        boolean expiredRequired = claims.getIssuedAt() == null;
+        JwtUtils.validateJwtExpiry(claims, expiredRequired);
+        
+        JwtUtils.validateJwtNotBefore(claims, futureTTL, false);
+        
+        // If we have no expiry then we must have an issued at
+        boolean issuedAtRequired = claims.getExpiryTime() == null;
+        if (issuedAtRequired) {
+            JwtUtils.validateJwtTTL(claims, ttl, issuedAtRequired);
+        }
     }
     
     private static void validateJwtSubjectAndAudience(JwtClaims claims, Client 
c) {

Reply via email to