Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 96cd11b04 -> e3cf81814
Making OidcHybridService extend OidcImplicitService as it requires fewer overrides and a bit more flexible Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e3cf8181 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e3cf8181 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e3cf8181 Branch: refs/heads/3.1.x-fixes Commit: e3cf81814730be1b2a1b35a7a5d62ac4da061ab8 Parents: 96cd11b Author: Sergey Beryozkin <[email protected]> Authored: Fri Mar 4 17:02:02 2016 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Fri Mar 4 17:04:15 2016 +0000 ---------------------------------------------------------------------- .../services/AbstractImplicitGrantService.java | 2 +- .../oauth2/services/ImplicitGrantService.java | 6 +- .../rs/security/oidc/idp/OidcHybridService.java | 59 +++++++++++++------- .../security/oidc/idp/OidcImplicitService.java | 8 ++- 4 files changed, 51 insertions(+), 24 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/e3cf8181/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java index db5bc73..99db2eb 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java @@ -67,7 +67,7 @@ public abstract class AbstractImplicitGrantService extends RedirectionBasedGrant return Response.seeOther(URI.create(sb.toString())).build(); } - public StringBuilder prepareGrant(OAuthRedirectionState state, + protected StringBuilder prepareGrant(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, http://git-wip-us.apache.org/repos/asf/cxf/blob/e3cf8181/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java index e0fec11..7f0aa8e 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java @@ -45,9 +45,13 @@ public class ImplicitGrantService extends AbstractImplicitGrantService { public ImplicitGrantService() { super(OAuthConstants.TOKEN_RESPONSE_TYPE, OAuthConstants.IMPLICIT_GRANT); } - public ImplicitGrantService(Set<String> responseTypes) { + protected ImplicitGrantService(Set<String> responseTypes) { super(responseTypes, OAuthConstants.IMPLICIT_GRANT); } + protected ImplicitGrantService(Set<String> supportedResponseTypes, + String supportedGrantType) { + super(supportedResponseTypes, supportedGrantType); + } @Override protected OAuthAuthorizationData createAuthorizationData(Client client, MultivaluedMap<String, String> params, http://git-wip-us.apache.org/repos/asf/cxf/blob/e3cf8181/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java index 1f53de1..4c59601 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcHybridService.java @@ -23,16 +23,18 @@ import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Set; + +import javax.ws.rs.Path; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.common.UserSubject; -import org.apache.cxf.rs.security.oauth2.services.AbstractImplicitGrantService; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; - -public class OidcHybridService extends AbstractImplicitGrantService { +@Path("authorize-hybrid") +public class OidcHybridService extends OidcImplicitService { public static final String CODE_AT_RESPONSE_TYPE = "code token"; public static final String CODE_ID_TOKEN_RESPONSE_TYPE = "code id_token"; public static final String CODE_ID_TOKEN_AT_RESPONSE_TYPE = "code id_token token"; @@ -40,22 +42,39 @@ public class OidcHybridService extends AbstractImplicitGrantService { static { IMPLICIT_RESPONSE_TYPES = new HashMap<String, String>(); IMPLICIT_RESPONSE_TYPES.put(CODE_AT_RESPONSE_TYPE, OAuthConstants.TOKEN_RESPONSE_TYPE); - IMPLICIT_RESPONSE_TYPES.put(CODE_ID_TOKEN_RESPONSE_TYPE, OidcImplicitService.ID_TOKEN_RESPONSE_TYPE); - IMPLICIT_RESPONSE_TYPES.put(CODE_ID_TOKEN_AT_RESPONSE_TYPE, OidcImplicitService.ID_TOKEN_AT_RESPONSE_TYPE); + IMPLICIT_RESPONSE_TYPES.put(CODE_ID_TOKEN_RESPONSE_TYPE, ID_TOKEN_RESPONSE_TYPE); + IMPLICIT_RESPONSE_TYPES.put(CODE_ID_TOKEN_AT_RESPONSE_TYPE, ID_TOKEN_AT_RESPONSE_TYPE); + IMPLICIT_RESPONSE_TYPES.put(ID_TOKEN_RESPONSE_TYPE, ID_TOKEN_RESPONSE_TYPE); + IMPLICIT_RESPONSE_TYPES.put(ID_TOKEN_AT_RESPONSE_TYPE, ID_TOKEN_AT_RESPONSE_TYPE); } private OidcAuthorizationCodeService codeService; - private OidcImplicitService implicitService; public OidcHybridService() { - super(new HashSet<String>(Arrays.asList(CODE_AT_RESPONSE_TYPE, - CODE_ID_TOKEN_RESPONSE_TYPE, - CODE_ID_TOKEN_AT_RESPONSE_TYPE)), - "Hybrid"); + this(false); + } + public OidcHybridService(boolean hybridOnly) { + super(getResponseTypes(hybridOnly), "Hybrid"); + } + + private static Set<String> getResponseTypes(boolean hybridOnly) { + List<String> types = + Arrays.asList(CODE_AT_RESPONSE_TYPE, CODE_ID_TOKEN_RESPONSE_TYPE, CODE_ID_TOKEN_AT_RESPONSE_TYPE); + if (!hybridOnly) { + types.add(ID_TOKEN_RESPONSE_TYPE); + types.add(ID_TOKEN_AT_RESPONSE_TYPE); + } + return new HashSet<String>(types); } + @Override + protected boolean canAccessTokenBeReturned(String responseType) { + return ID_TOKEN_AT_RESPONSE_TYPE.equals(responseType) + || CODE_AT_RESPONSE_TYPE.equals(responseType) + || CODE_ID_TOKEN_AT_RESPONSE_TYPE.equals(responseType); + } @Override - public StringBuilder prepareGrant(OAuthRedirectionState state, + protected StringBuilder prepareGrant(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, @@ -63,15 +82,18 @@ public class OidcHybridService extends AbstractImplicitGrantService { ServerAccessToken preAuthorizedToken) { String actualResponseType = state.getResponseType(); - state.setResponseType(OAuthConstants.CODE_RESPONSE_TYPE); - String code = codeService.getGrantCode(state, client, requestedScope, - approvedScope, userSubject, preAuthorizedToken); state.setResponseType(IMPLICIT_RESPONSE_TYPES.get(actualResponseType)); - StringBuilder sb = implicitService.prepareGrant(state, client, requestedScope, + StringBuilder sb = super.prepareGrant(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); - sb.append("&"); - sb.append(OAuthConstants.AUTHORIZATION_CODE_VALUE).append("=").append(code); + if (actualResponseType.startsWith(OAuthConstants.AUTHORIZATION_CODE_VALUE)) { + state.setResponseType(OAuthConstants.CODE_RESPONSE_TYPE); + String code = codeService.getGrantCode(state, client, requestedScope, + approvedScope, userSubject, preAuthorizedToken); + + sb.append("&"); + sb.append(OAuthConstants.AUTHORIZATION_CODE_VALUE).append("=").append(code); + } return sb; } @@ -81,7 +103,4 @@ public class OidcHybridService extends AbstractImplicitGrantService { } - public void setImplicitService(OidcImplicitService implicitService) { - this.implicitService = implicitService; - } } http://git-wip-us.apache.org/repos/asf/cxf/blob/e3cf8181/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java index 4d41da0..87d721b 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcImplicitService.java @@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.oidc.idp; import java.util.Arrays; import java.util.HashSet; import java.util.List; +import java.util.Set; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; @@ -52,7 +53,10 @@ public class OidcImplicitService extends ImplicitGrantService { super(new HashSet<String>(Arrays.asList(ID_TOKEN_RESPONSE_TYPE, ID_TOKEN_AT_RESPONSE_TYPE))); } - + protected OidcImplicitService(Set<String> supportedResponseTypes, + String supportedGrantType) { + super(supportedResponseTypes, supportedGrantType); + } @Override protected boolean canAccessTokenBeReturned(String responseType) { return ID_TOKEN_AT_RESPONSE_TYPE.equals(responseType); @@ -85,7 +89,7 @@ public class OidcImplicitService extends ImplicitGrantService { } @Override - public StringBuilder prepareGrant(OAuthRedirectionState state, + protected StringBuilder prepareGrant(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope,
