Repository: cxf-fediz Updated Branches: refs/heads/master 268bc2af0 -> d40a62f6d
Add a way of sending the client home realm to the IdP Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/d40a62f6 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/d40a62f6 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/d40a62f6 Branch: refs/heads/master Commit: d40a62f6de44a9d341c166c23c88f00ed0d85e86 Parents: 268bc2a Author: Colm O hEigeartaigh <[email protected]> Authored: Tue Nov 17 17:39:55 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Tue Nov 17 17:40:20 2015 +0000 ---------------------------------------------------------------------- .../service/oidc/ClientRegistrationService.java | 6 +- .../cxf/fediz/service/oidc/FedizClient.java | 58 +++++++++++++++++++ .../service/oidc/HomeRealmCallbackHandler.java | 60 ++++++++++++++++++++ .../fediz/service/oidc/OAuthDataManager.java | 2 +- .../oidc/src/main/resources/data-manager.xml | 43 ++++++++++++++ .../main/webapp/WEB-INF/applicationContext.xml | 15 +---- .../webapp/WEB-INF/views/registerClient.jsp | 10 ++++ 7 files changed, 178 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d40a62f6/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java index 4fdf7a2..f5f6721 100644 --- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java @@ -66,12 +66,14 @@ public class ClientRegistrationService { public Consumers registerForm(@FormParam("appName") String appName, @FormParam("appDescription") String appDesc, @FormParam("appType") String appType, - @FormParam("redirectURI") String redirectURI) { + @FormParam("redirectURI") String redirectURI, + @FormParam("homeRealm") String homeRealm) { String clientId = generateClientId(); boolean isConfidential = "confidential".equals(appType); String clientSecret = isConfidential ? generateClientSecret() : null; - Client newClient = new Client(clientId, clientSecret, isConfidential, appName, null); + FedizClient newClient = new FedizClient(clientId, clientSecret, isConfidential, appName, null); + newClient.setHomeRealm(homeRealm); newClient.setApplicationDescription(appDesc); if (!StringUtils.isEmpty(redirectURI)) { newClient.setRedirectUris(Collections.singletonList(redirectURI)); http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d40a62f6/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizClient.java ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizClient.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizClient.java new file mode 100644 index 0000000..fe07277 --- /dev/null +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/FedizClient.java @@ -0,0 +1,58 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.fediz.service.oidc; + +import org.apache.cxf.rs.security.oauth2.common.Client; + +/** + * Extends the OAuth Client by associating a client with a particular realm. + */ +public class FedizClient extends Client { + + private static final long serialVersionUID = -6186868745413555170L; + private String homeRealm; + + public FedizClient() { + super(); + } + + public FedizClient(String clientId, String clientSecret, boolean isConfidential) { + super(clientId, clientSecret, isConfidential); + } + + public FedizClient(String clientId, + String clientSecret, + boolean isConfidential, + String applicationName, + String applicationWebUri) { + super(clientId, clientSecret, isConfidential, applicationName, applicationWebUri); + + } + + public String getHomeRealm() { + return homeRealm; + } + + public void setHomeRealm(String homeRealm) { + this.homeRealm = homeRealm; + } + +} + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d40a62f6/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/HomeRealmCallbackHandler.java ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/HomeRealmCallbackHandler.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/HomeRealmCallbackHandler.java new file mode 100644 index 0000000..7d85a9d --- /dev/null +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/HomeRealmCallbackHandler.java @@ -0,0 +1,60 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.fediz.service.oidc; + +import java.io.IOException; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; +import javax.servlet.http.HttpServletRequest; + +import org.apache.cxf.fediz.core.spi.HomeRealmCallback; +import org.apache.cxf.rs.security.oauth2.common.Client; +import org.springframework.context.ApplicationContext; +import org.springframework.context.support.ClassPathXmlApplicationContext; + +public class HomeRealmCallbackHandler implements CallbackHandler { + + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof HomeRealmCallback) { + HomeRealmCallback callback = (HomeRealmCallback) callbacks[i]; + + @SuppressWarnings("resource") + ApplicationContext ctx = new ClassPathXmlApplicationContext("data-manager.xml"); + OAuthDataManager dataManager = (OAuthDataManager)ctx.getBean("oauthProvider"); + + HttpServletRequest request = callback.getRequest(); + String clientId = request.getParameter("client_id"); + + if (clientId != null) { + Client client = dataManager.getClient(clientId); + if (client instanceof FedizClient) { + callback.setHomeRealm(((FedizClient)client).getHomeRealm()); + } + } + } else { + throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); + } + } + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d40a62f6/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java index 8522680..036bef0 100644 --- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java @@ -54,7 +54,7 @@ public class OAuthDataManager extends AbstractCodeDataProvider { private Map<String, OAuthPermission> permissionMap = new HashMap<String, OAuthPermission>(); private MessageContext messageContext; private SamlTokenConverter tokenConverter = new LocalSamlTokenConverter(); - private Map<String, Client> clients = new ConcurrentHashMap<String, Client>(); + private static Map<String, Client> clients = new ConcurrentHashMap<String, Client>(); private Map<String, ServerAccessToken> accessTokens = new ConcurrentHashMap<String, ServerAccessToken>(); private Map<String, RefreshToken> refreshTokens = new ConcurrentHashMap<String, RefreshToken>(); private Map<String, ServerAuthorizationCodeGrant> codeGrants = http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d40a62f6/services/oidc/src/main/resources/data-manager.xml ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/resources/data-manager.xml b/services/oidc/src/main/resources/data-manager.xml new file mode 100644 index 0000000..9bfa4b5 --- /dev/null +++ b/services/oidc/src/main/resources/data-manager.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:jaxrs="http://cxf.apache.org/jaxrs"; + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans-3.0.xsd + http://cxf.apache.org/jaxrs + http://cxf.apache.org/schemas/jaxrs.xsd";> + + <bean id="oauthProvider" class="org.apache.cxf.fediz.service.oidc.OAuthDataManager"> + <!-- + <property name="scopes"> + <map> + <entry key="scopeName" value="scopeDescription" /> + </map> + </property> + --> + <!-- + <property name="signIdTokenWithClientSecret" value="true"/> + --> + </bean> + +</beans> + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d40a62f6/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml index ba56b40..2ebfc87 100644 --- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml +++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml @@ -26,6 +26,8 @@ http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd";> + <import resource="classpath:data-manager.xml" /> + <jaxrs:server address="/idp"> <jaxrs:serviceBeans> <bean id="oidcService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService"> @@ -91,18 +93,5 @@ </jaxrs:providers> </jaxrs:server> - <bean id="oauthProvider" class="org.apache.cxf.fediz.service.oidc.OAuthDataManager"> - <!-- - <property name="scopes"> - <map> - <entry key="scopeName" value="scopeDescription" /> - </map> - </property> - --> - <!-- - <property name="signIdTokenWithClientSecret" value="true"/> - --> - </bean> - </beans> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d40a62f6/services/oidc/src/main/webapp/WEB-INF/views/registerClient.jsp ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/webapp/WEB-INF/views/registerClient.jsp b/services/oidc/src/main/webapp/WEB-INF/views/registerClient.jsp index c6b0ff3..e32630e 100644 --- a/services/oidc/src/main/webapp/WEB-INF/views/registerClient.jsp +++ b/services/oidc/src/main/webapp/WEB-INF/views/registerClient.jsp @@ -65,6 +65,16 @@ </td> </tr> <tr> + <td colspan="2"> </td> + </tr> + <tr> + <td><big><big><big>Home Realm URI:</big></big></big></td> + <td> + <input type="text" size="50" name="homeRealm" + value=""/> + </td> + </tr> + <tr> <td> </td>
