Repository: cxf-fediz Updated Branches: refs/heads/master ab9483bf6 -> 167455bbe
[FEDIZ-172] Restoring Fediz-specific OAuthDataProviderImpl and supporting a case of the client_cred clients already being authenticated before the call reaches AccessTokenService Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/167455bb Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/167455bb Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/167455bb Branch: refs/heads/master Commit: 167455bbeaeca9d7f0f76b04bc70a072d8ac1b36 Parents: ab9483b Author: Sergey Beryozkin <[email protected]> Authored: Wed Jul 27 12:08:29 2016 +0300 Committer: Sergey Beryozkin <[email protected]> Committed: Wed Jul 27 12:08:29 2016 +0300 ---------------------------------------------------------------------- .../service/oidc/OAuthDataProviderImpl.java | 68 ++++++++++++++++++++ .../src/main/webapp/WEB-INF/data-manager.xml | 2 +- 2 files changed, 69 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/167455bb/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java new file mode 100644 index 0000000..7c37cc2 --- /dev/null +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java @@ -0,0 +1,68 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.oidc; + +import java.security.Principal; + +import org.apache.cxf.rs.security.oauth2.common.Client; +import org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; + +public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider { + + private boolean checkOnlyRegisteredClients; + + @Override + public Client getClient(String clientId) { + Client client = super.getClient(clientId); + if (client != null || checkOnlyRegisteredClients) { + return client; + } + String grantType = (String)getMessageContext().get(OAuthConstants.GRANT_TYPE); + if (OAuthConstants.CLIENT_CREDENTIALS_GRANT.equals(grantType)) { + // Pre-registering the OAuth2 Client representations for + // "client_credentials" can be difficult. + + String clientSecret = (String)getMessageContext().get(OAuthConstants.CLIENT_SECRET); + if (clientSecret != null) { + // Direct authentication with the back-end storage + return authenticateClient(clientId, clientSecret); + } else { + Principal p = super.getMessageContext().getSecurityContext().getUserPrincipal(); + if (clientId.equals(p.getName())) { + // Client was already authenticated with Servlet Security + // or CXF (JAAS/etc) filters + return new Client(clientId, null, true); + } + } + } + return null; + } + + protected Client authenticateClient(String clientId, String clientSecret) { + // If the authentication is successful: + // return new Client(clientId, clientSecret, true) + return null; + } + + public void setCheckOnlyRegisteredClients(boolean checkOnlyRegisteredClients) { + this.checkOnlyRegisteredClients = checkOnlyRegisteredClients; + } + +} http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/167455bb/services/oidc/src/main/webapp/WEB-INF/data-manager.xml ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml index 6422263..5640443 100644 --- a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml +++ b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml @@ -56,7 +56,7 @@ AbstractCodeDataProvider extension or implement AuthorizationCodeDataProvider directly --> <bean id="oauthProvider" - class="org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider" + class="org.apache.cxf.fediz.service.oidc.OAuthDataProviderImpl" init-method="init" destroy-method="close"> <!-- List of accepted scopes --> <property name="supportedScopes" ref="supportedScopes"/>
