[2/3] cxf git commit: Fixing some failing tests
Fixing some failing tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e17d0222 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e17d0222 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e17d0222 Branch: refs/heads/3.0.x-fixes Commit: e17d02229227aaf308a599fabd682cfd18f85f48 Parents: 5553937 Author: Colm O hEigeartaigh Authored: Thu Nov 19 17:52:27 2015 + Committer: Colm O hEigeartaigh Committed: Thu Nov 19 21:35:35 2015 + -- .../jaxrs/security/certs/jwkPublicSet.txt| 6 +++--- .../src/test/resources/sts.jks | Bin 3980 -> 4121 bytes 2 files changed, 3 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/e17d0222/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt -- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt index 87f5733..9313284 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt @@ -16,15 +16,15 @@ "kty":"RSA", "kid":"AliceCert", "x5c": [ - "MIIDojCCAoqgAwIBAgIBIDANBgkqhkiG9w0BAQsFADAzMRMwEQYDVQQKDAphcGFjaGUub3JnMQwwCgYDVQQLDANlbmcxDjAMBgNVBAMMBWN4ZmNhMB4XDTE1MTAyMDA5NTM1N1oXDTI1MTAxNzA5NTM1N1owMzETMBEGA1UEChMKYXBhY2hlLm9yZzEMMAoGA1UECxMDZW5nMQ4wDAYDVQQDEwVhbGljZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSBK+IlFaDphtJa96Vjt5et9KMEw/dIzDe+OfZQjAUSkZ1FQoWDaIOkrnbXq/7jfz7dgOx0QS9AMrgh7sEMnd0NGm1tmQr12Zxb9CIkIVFKTBQseCnJGn4Qctt24GVROqlogXs8/Og2NeSa8XJhnUwJFPoVG1QDHswVANlE6jS9TOXZG6fN5TyRwZwrzRVrcbDfUxV+t+HOTBeI/hrFlrJLYfPohZsGIckZvO7AwT6BH9A32L04HfZLGHFwtIjFKTXueC2R8BJZl/HQ8ctwr50L4wytowcpiQT1viJU9gj01xMkRR9wJ+ybenpciQw22wNn2BQ48B3t749Xg8h6v1MCAwEAAaOBwDCBvTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUcKtIwhA3fgWTH49HUGN0W2Jlbj8wYwYDVR0jBFwwWoAUf9/5nypuX3z3t7Lo8QRpkvj2uGOhN6Q1MDMxEzARBgNVBAoMCmFwYWNoZS5vcmcxDDAKBgNVBAsMA2VuZzEOMAwGA1UEAwwFY3hmY2GCCQDr8Tla2IcxaDANBgkqhkiG9w0BAQsFAAOCAQEAPnReJBRXZHTyKTt1Z/k+nLjALGO5h8pejvmqoOt8/i9jMghS+5Pdjel8b9+RFofdC7i88pUHt+ZGrZ vYEFXl/+UJFWjPt/X/QwrWKbDT95iFPJOSJxk0XL15HS7uKqEWaF2O9EOHndg5XR6YFYuSkHLA6PSsWVXsfgQ4WhTHgcSXz7pgeh7gdp8ItLJ7mBcqN1Jk94yd5BiEfo8Woyh+TVaFoWZcIgN2MfRTk9B75EWrkw5UsUoJ6/Dpq3+kqz+81DfUfTsmKgPWoT3y4UBSnPkFhF7uWguVKd/jUb6StXiNEIrwHYDxzJzBXK1nAFPnNQl+OzDE8J1BPf1pi/acAg==" -] + "MIIDojCCAoqgAwIBAgIBIDANBgkqhkiG9w0BAQsFADAzMRMwEQYDVQQKEwphcGFjaGUub3JnMQwwCgYDVQQLEwNlbmcxDjAMBgNVBAMTBWN4ZmNhMB4XDTE1MTExOTE1MjExN1oXDTI1MTExNjE1MjExN1owMzETMBEGA1UEChMKYXBhY2hlLm9yZzEMMAoGA1UECxMDZW5nMQ4wDAYDVQQDEwVhbGljZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJEtSxj+Fj6DUu8pSm1PaQxWOQLfTjTS3f5S1xD+HZ23oQE9q0gJ1tmcmGoi8EGYd6uC2YTLo8mcAya9pvxiXNPhbkzm6XvQbmvKKjMVe3MOm0OMZu64UgbFcuDxQ5yTHbJbq/sODUUE+AzlvkEiSceibg8LjjVwhWApR39yTDyVoUwtWC3hKUgAaRh1pRkcGJY5/hu9zPiKWxpApvjcRKW8e6EDP5+HJtEfv4FAulXyuN3NWlA+BTzhU3vCcFeUSK8GyJ2EYe7jU7escnn6VOU31YiZlwf4L+nlcShrssBU+QS7t0e1tnx39XwYPnMMfk3IJ5XHrzWELamDFzJUANsCAwEAAaOBwDCBvTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUdtunjeY0on5gtDZ464z81hD/RR4wYwYDVR0jBFwwWoAUIU7wL46HJSo67vTRvPZ3mlfF54mhN6Q1MDMxEzARBgNVBAoTCmFwYWNoZS5vcmcxDDAKBgNVBAsTA2VuZzEOMAwGA1UEAxMFY3hmY2GCCQCs4D589C1IpDANBgkqhkiG9w0BAQsFAAOCAQEAH5/3uv40Hif/AjEgLtCNm+V8B2zszugwJWS/0aCJkb/Qj22XnOSJ6kmBHkBvlJ70el2SmrW+ZysZo+ II+qds663wsfrzBv4egnSNWRFBPeAhYdGNAAaqAbDduRHa4vUdmcYTHEl/EZCabQSr7VH1+L6yCvwbnhDf8LZVDrFLcTeNOqhQnN/vUaG1wu8csrTLuzZzEZ5YF8bBJQmlN9s7J1DzM60TgfrNJcCCYalFBQspQmnlFIqVoJC5n88GOUzcCCQ3YoT1zDqlVuJhasW2PoD3C0NRkFXdu9268xNG/lLgf+mcX2jEzfHAzb8+sxZKReBfE8T8QBIBd+GW6vRshA==" + ] }, { "kty":"RSA", "kid":"BobCert", "x5c": [ - "MIIDoDCCAoigAwIBAgIBIjANBgkqhkiG9w0BAQsFADAzMRMwEQYDVQQKDAphcGFjaGUub3JnMQwwCgYDVQQLDANlbmcxDjAMBgNVBAMMBWN4ZmNhMB4XDTE1MTAyMDA5NTYyNloXDTI1MTAxNzA5NTYyNlowMTETMBEGA1UEChMKYXBhY2hlLm9yZzEMMAoGA1UECxMDZW5nMQwwCgYDVQQDEwNib2IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEjgfe3UUVEr7CVA+one1q/CCyU/1gN0jUpXf15hroR45Mhq0yEiStFMjIEfJJKyjRuwnfPrRf8FVMjRPLo9NLe1r1HMcVLaepZzhD1WgqRjAk0nymBN3zpFQDxyc5BGYiZLjgzmM7wlHW7XE+QSSlfjdH0EEoGXgHJitosQ78rq3iJlBgriN7OQuJynkHgRjMM9aKwHRs/y/03BmnMh1yq2PG1ptuWl/GspXrvgY9dfEGWppm1cC9FBPZcF8Y/l0I9kYArtbAGNcfcRpG2pQwSB+sKJAOHrm6ofzIEv+eJW7EX9GfQo5ab99CBDwC5iOSPPSfSW5eKn6+737tFTFPAgMBAAGjgcAwgb0wCQYDVR0TBAIwADAsBglgh
[3/3] cxf git commit: Recording .gitmergeinfo Changes
Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/db0775c4 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/db0775c4 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/db0775c4 Branch: refs/heads/3.0.x-fixes Commit: db0775c4fbadba4cd2d6f10200a159cd6e4f08e2 Parents: e17d022 Author: Colm O hEigeartaigh Authored: Thu Nov 19 21:35:37 2015 + Committer: Colm O hEigeartaigh Committed: Thu Nov 19 21:35:37 2015 + -- .gitmergeinfo | 4 1 file changed, 4 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/db0775c4/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index e104876..b7b2dee 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -145,6 +145,7 @@ B 456eff5885d85e2cfe30b639bd5a442929a3f9de B 46838d8a346687e9f8ff2f6e279e3ba83f99c5f3 B 46ce1778d9a4d6a30e38b393a08dd4ecae2dbb09 B 46f0d5fff8a4d846831b5e9d7ac0405fe06d2ccd +B 4702274c7a8bad71ab512744ad39f5207bfe86cd B 470bdcb40597dce5e5cf957000ab60b0b4c1fce4 B 478de215af2da2c03f439bbbd8341b234bb7bee8 B 47b1a4ae21cfc70cea3b48ebd2be72fd184f1370 @@ -279,6 +280,7 @@ B 7f7cc3c390b95f9d7589eb192538551416c313db B 7faee992154aadf83dde26942f424db4c764b5fd B 7fb966c9150652273c69852af79d90c3ed7b030e B 7fbbd1d13bbb7ccbbc1213ed86a456794583fd3e +B 7fdc34030bdcfaa4226c28ea8ce83f34563a5b6d B 80014cf0e6fb1ba62ffdb3766acffd2130eef9d6 B 80d7128a3ba1944a603c73e5e908d86c9bf27648 B 8176b1b0faad2de44a4ff85083c74b5a4b74918a @@ -374,6 +376,7 @@ B ab4eaac0be87291b7f053d144dc8fbf9d98634c3 B ac33a5b83e2c487a4e7c08c6c15539e64ceea24e B ad5763ef8ea1ff3c8ddea2c3a6fabdaae6acddd6 B ad700a5f6471f55680821f6d04b182f5d3a6054e +B ade622bf89a6d72d1aca4ab3a82dc4450cd5a603 B af100a919178b0938fcc04d9c8d1dd1269e351b9 B afd70f562f769c1f1ed26a275cbb3763b24cba43 B afeb2ab056a4a4377db11d597c675108eb780d16 @@ -429,6 +432,7 @@ B c5609a479c87ea75e016b61daeafe0021f693332 B c5c21d5b61fbd57e79f0bf39fa56ef9814c417fd B c5da4140da8fe63c4a10845b95258bbda9ab2058 B c750e54452bfa4cb9b0db018dad135b298847095 +B c8887c9b250d53148b7c0f59b5f55dbd34f02a80 B c933c0be9254f5858102aea69d306908ce8a1f0c B c9ec28df42e815b0771964fdae96b7ecb2e2281b B ca1f38bcbcc5097af7e537173cacb24806b4b490
[1/3] cxf git commit: Updating expired certs
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes a4a755686 -> db0775c4f Updating expired certs Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5553937e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5553937e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5553937e Branch: refs/heads/3.0.x-fixes Commit: 5553937e8e08cd8cd39c88734e6d99dce322e25d Parents: a4a7556 Author: Colm O hEigeartaigh Authored: Thu Nov 19 16:41:29 2015 + Committer: Colm O hEigeartaigh Committed: Thu Nov 19 21:35:30 2015 + -- .../saml/sso/SAMLResponseValidatorTest.java | 1 + .../sso/saml/src/test/resources/alice.jks| Bin 1861 -> 4125 bytes rt/rs/security/xml/src/test/resources/alice.jks | Bin 1861 -> 4125 bytes rt/ws/security/src/test/resources/alice.jks | Bin 3984 -> 4125 bytes rt/ws/security/src/test/resources/cxfca.jks | Bin 891 -> 961 bytes .../src/test/resources/certs/alice.jks | Bin 2428 -> 4125 bytes .../xkms-client/src/test/resources/certs/bob.jks | Bin 2422 -> 4122 bytes .../src/test/resources/certs/cxfca.jks | Bin 1306 -> 961 bytes systests/kerberos/src/test/resources/alice.jks | Bin 3984 -> 4125 bytes systests/kerberos/src/test/resources/bob.jks | Bin 3979 -> 4122 bytes .../cxf/systest/jaxrs/security/certs/alice.jks | Bin 3984 -> 4125 bytes .../cxf/systest/jaxrs/security/certs/bob.jks | Bin 3979 -> 4122 bytes .../cxf/systest/jaxrs/security/certs/cxfca.jks | Bin 891 -> 961 bytes .../src/test/resources/certs/alice.jks | Bin 3984 -> 4125 bytes .../src/test/resources/certs/bob.jks | Bin 3979 -> 4122 bytes .../src/test/resources/certs/cxfca.jks | Bin 891 -> 961 bytes .../src/test/resources/keys/alice.jks| Bin 3984 -> 4125 bytes .../src/test/resources/keys/bob.jks | Bin 3979 -> 4122 bytes .../src/test/resources/keys/cxfca.jks| Bin 891 -> 961 bytes .../transports/src/test/resources/keys/alice.jks | Bin 3984 -> 4125 bytes .../transports/src/test/resources/keys/bob.jks | Bin 3979 -> 4122 bytes .../transports/src/test/resources/keys/cxfca.jks | Bin 891 -> 961 bytes .../ws-rm/src/test/resources/certs/alice.jks | Bin 3984 -> 4125 bytes systests/ws-rm/src/test/resources/certs/bob.jks | Bin 3979 -> 4122 bytes .../src/test/resources/alice.jks | Bin 3984 -> 4125 bytes .../src/test/resources/bob.jks | Bin 3979 -> 4122 bytes .../src/test/resources/cxfca.jks | Bin 891 -> 961 bytes .../src/test/resources/certs/alice.jks | Bin 3984 -> 4125 bytes .../ws-security/src/test/resources/certs/bob.jks | Bin 3979 -> 4122 bytes .../src/test/resources/certs/cxfca.jks | Bin 891 -> 961 bytes .../src/test/resources/certs/xkms/bob.crt| Bin 932 -> 932 bytes .../resources/certs/xkms/trusted_cas/cxfca.crt | Bin 829 -> 899 bytes 32 files changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/5553937e/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java -- diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java index 6717813..51b8f80 100644 --- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java +++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java @@ -462,6 +462,7 @@ public class SAMLResponseValidatorTest extends org.junit.Assert { InputStream input = Merlin.loadInputStream(loader, "alice.jks"); keyStore.load(input, "password".toCharArray()); ((Merlin)issuerCrypto).setKeyStore(keyStore); +issuerCrypto.setDefaultX509Identifier("alice"); response.getAssertions().add(assertion.getSaml2()); signResponse(response, "alice", "password", issuerCrypto, false); http://git-wip-us.apache.org/repos/asf/cxf/blob/5553937e/rt/rs/security/sso/saml/src/test/resources/alice.jks -- diff --git a/rt/rs/security/sso/saml/src/test/resources/alice.jks b/rt/rs/security/sso/saml/src/test/resources/alice.jks index 3a788c2..213b26c 100644 Binary files a/rt/rs/security/sso/saml/src/test/resources/alice.jks and b/rt/rs/security/sso/saml/src/test/resources/alice.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/5553937e/rt/rs/security/xml/src/test/resources/alice.jks -- diff --git a/rt/rs
cxf git commit: [CXF-6676] Adding a test
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 358549e21 -> a4a755686 [CXF-6676] Adding a test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a4a75568 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a4a75568 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a4a75568 Branch: refs/heads/3.0.x-fixes Commit: a4a7556868a192ed514a18261ede914f9b0bf665 Parents: 358549e Author: Sergey Beryozkin Authored: Thu Nov 19 21:28:00 2015 + Committer: Sergey Beryozkin Committed: Thu Nov 19 21:30:21 2015 + -- .../tools/wadlto/jaxrs/JAXRSContainerTest.java | 48 .../src/test/resources/wadl/testComplexPath.xml | 13 ++ 2 files changed, 61 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a4a75568/tools/wadlto/jaxrs/src/test/java/org/apache/cxf/tools/wadlto/jaxrs/JAXRSContainerTest.java -- diff --git a/tools/wadlto/jaxrs/src/test/java/org/apache/cxf/tools/wadlto/jaxrs/JAXRSContainerTest.java b/tools/wadlto/jaxrs/src/test/java/org/apache/cxf/tools/wadlto/jaxrs/JAXRSContainerTest.java index 5c0ab34..bbcde20 100644 --- a/tools/wadlto/jaxrs/src/test/java/org/apache/cxf/tools/wadlto/jaxrs/JAXRSContainerTest.java +++ b/tools/wadlto/jaxrs/src/test/java/org/apache/cxf/tools/wadlto/jaxrs/JAXRSContainerTest.java @@ -28,7 +28,10 @@ import java.net.URLClassLoader; import java.util.List; import javax.ws.rs.Consumes; +import javax.ws.rs.GET; import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; import javax.ws.rs.QueryParam; import org.apache.cxf.helpers.FileUtils; @@ -405,6 +408,51 @@ public class JAXRSContainerTest extends ProcessorTestBase { } } +@Test +public void testComplexPath() { +try { +JAXRSContainer container = new JAXRSContainer(null); + +ToolContext context = new ToolContext(); +context.put(WadlToolConstants.CFG_OUTPUTDIR, output.getCanonicalPath()); +context.put(WadlToolConstants.CFG_WADLURL, getLocation("/wadl/testComplexPath.xml")); +context.put(WadlToolConstants.CFG_COMPILE, "true"); + +container.setContext(context); +container.execute(); + +assertNotNull(output.list()); + +List files = FileUtils.getFilesRecurse(output, ".+\\." + "class" + "$"); +assertEquals(1, files.size()); +assertTrue(checkContains(files, "application.Resource.class")); +@SuppressWarnings("resource") +ClassLoader loader = new URLClassLoader(new URL[] {output.toURI().toURL() }); + +Class test1 = loader.loadClass("application.Resource"); +Method[] test1Methods = test1.getDeclaredMethods(); +assertEquals(1, test1Methods.length); +assertEquals(2, test1Methods[0].getAnnotations().length); +assertNotNull(test1Methods[0].getAnnotation(GET.class)); +Path path = test1Methods[0].getAnnotation(Path.class); +assertNotNull(path); +assertEquals("/get-add-method", path.value()); + +assertEquals("getGetaddmethod", test1Methods[0].getName()); +Class[] paramTypes = test1Methods[0].getParameterTypes(); +assertEquals(1, paramTypes.length); +Annotation[][] paramAnns = test1Methods[0].getParameterAnnotations(); +assertEquals(String.class, paramTypes[0]); +assertEquals(1, paramAnns[0].length); +PathParam test1PathParam1 = (PathParam)paramAnns[0][0]; +assertEquals("id", test1PathParam1.value()); + +} catch (Exception e) { +e.printStackTrace(); +fail(); +} +} + @Test public void testCodeGenWithImportedSchemaAndResourceSet() { try { http://git-wip-us.apache.org/repos/asf/cxf/blob/a4a75568/tools/wadlto/jaxrs/src/test/resources/wadl/testComplexPath.xml -- diff --git a/tools/wadlto/jaxrs/src/test/resources/wadl/testComplexPath.xml b/tools/wadlto/jaxrs/src/test/resources/wadl/testComplexPath.xml new file mode 100644 index 000..372ca85 --- /dev/null +++ b/tools/wadlto/jaxrs/src/test/resources/wadl/testComplexPath.xml @@ -0,0 +1,13 @@ +http://wadl.dev.java.net/2009/02"; xmlns:xs="http://www.w3.org/2001/XMLSchema"; > + + + + + + + + + + + +
cxf git commit: [CXF-6676] Adding a test
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes c8887c9b2 -> 296ce494a [CXF-6676] Adding a test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/296ce494 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/296ce494 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/296ce494 Branch: refs/heads/3.1.x-fixes Commit: 296ce494aaca47e362fee3f736da20125a0ce1d8 Parents: c8887c9 Author: Sergey Beryozkin Authored: Thu Nov 19 21:28:00 2015 + Committer: Sergey Beryozkin Committed: Thu Nov 19 21:29:18 2015 + -- .../tools/wadlto/jaxrs/JAXRSContainerTest.java | 48 .../src/test/resources/wadl/testComplexPath.xml | 13 ++ 2 files changed, 61 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/296ce494/tools/wadlto/jaxrs/src/test/java/org/apache/cxf/tools/wadlto/jaxrs/JAXRSContainerTest.java -- diff --git a/tools/wadlto/jaxrs/src/test/java/org/apache/cxf/tools/wadlto/jaxrs/JAXRSContainerTest.java b/tools/wadlto/jaxrs/src/test/java/org/apache/cxf/tools/wadlto/jaxrs/JAXRSContainerTest.java index 5c0ab34..bbcde20 100644 --- a/tools/wadlto/jaxrs/src/test/java/org/apache/cxf/tools/wadlto/jaxrs/JAXRSContainerTest.java +++ b/tools/wadlto/jaxrs/src/test/java/org/apache/cxf/tools/wadlto/jaxrs/JAXRSContainerTest.java @@ -28,7 +28,10 @@ import java.net.URLClassLoader; import java.util.List; import javax.ws.rs.Consumes; +import javax.ws.rs.GET; import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; import javax.ws.rs.QueryParam; import org.apache.cxf.helpers.FileUtils; @@ -405,6 +408,51 @@ public class JAXRSContainerTest extends ProcessorTestBase { } } +@Test +public void testComplexPath() { +try { +JAXRSContainer container = new JAXRSContainer(null); + +ToolContext context = new ToolContext(); +context.put(WadlToolConstants.CFG_OUTPUTDIR, output.getCanonicalPath()); +context.put(WadlToolConstants.CFG_WADLURL, getLocation("/wadl/testComplexPath.xml")); +context.put(WadlToolConstants.CFG_COMPILE, "true"); + +container.setContext(context); +container.execute(); + +assertNotNull(output.list()); + +List files = FileUtils.getFilesRecurse(output, ".+\\." + "class" + "$"); +assertEquals(1, files.size()); +assertTrue(checkContains(files, "application.Resource.class")); +@SuppressWarnings("resource") +ClassLoader loader = new URLClassLoader(new URL[] {output.toURI().toURL() }); + +Class test1 = loader.loadClass("application.Resource"); +Method[] test1Methods = test1.getDeclaredMethods(); +assertEquals(1, test1Methods.length); +assertEquals(2, test1Methods[0].getAnnotations().length); +assertNotNull(test1Methods[0].getAnnotation(GET.class)); +Path path = test1Methods[0].getAnnotation(Path.class); +assertNotNull(path); +assertEquals("/get-add-method", path.value()); + +assertEquals("getGetaddmethod", test1Methods[0].getName()); +Class[] paramTypes = test1Methods[0].getParameterTypes(); +assertEquals(1, paramTypes.length); +Annotation[][] paramAnns = test1Methods[0].getParameterAnnotations(); +assertEquals(String.class, paramTypes[0]); +assertEquals(1, paramAnns[0].length); +PathParam test1PathParam1 = (PathParam)paramAnns[0][0]; +assertEquals("id", test1PathParam1.value()); + +} catch (Exception e) { +e.printStackTrace(); +fail(); +} +} + @Test public void testCodeGenWithImportedSchemaAndResourceSet() { try { http://git-wip-us.apache.org/repos/asf/cxf/blob/296ce494/tools/wadlto/jaxrs/src/test/resources/wadl/testComplexPath.xml -- diff --git a/tools/wadlto/jaxrs/src/test/resources/wadl/testComplexPath.xml b/tools/wadlto/jaxrs/src/test/resources/wadl/testComplexPath.xml new file mode 100644 index 000..372ca85 --- /dev/null +++ b/tools/wadlto/jaxrs/src/test/resources/wadl/testComplexPath.xml @@ -0,0 +1,13 @@ +http://wadl.dev.java.net/2009/02"; xmlns:xs="http://www.w3.org/2001/XMLSchema"; > + + + + + + + + + + + +
cxf git commit: [CXF-6676] Adding a test
Repository: cxf Updated Branches: refs/heads/master 826bf21ae -> bfe64272d [CXF-6676] Adding a test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bfe64272 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bfe64272 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bfe64272 Branch: refs/heads/master Commit: bfe64272daa1f32d40eeb0b16d000c54a134b1d2 Parents: 826bf21 Author: Sergey Beryozkin Authored: Thu Nov 19 21:28:00 2015 + Committer: Sergey Beryozkin Committed: Thu Nov 19 21:28:00 2015 + -- .../tools/wadlto/jaxrs/JAXRSContainerTest.java | 48 .../src/test/resources/wadl/testComplexPath.xml | 13 ++ 2 files changed, 61 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/bfe64272/tools/wadlto/jaxrs/src/test/java/org/apache/cxf/tools/wadlto/jaxrs/JAXRSContainerTest.java -- diff --git a/tools/wadlto/jaxrs/src/test/java/org/apache/cxf/tools/wadlto/jaxrs/JAXRSContainerTest.java b/tools/wadlto/jaxrs/src/test/java/org/apache/cxf/tools/wadlto/jaxrs/JAXRSContainerTest.java index 5c0ab34..bbcde20 100644 --- a/tools/wadlto/jaxrs/src/test/java/org/apache/cxf/tools/wadlto/jaxrs/JAXRSContainerTest.java +++ b/tools/wadlto/jaxrs/src/test/java/org/apache/cxf/tools/wadlto/jaxrs/JAXRSContainerTest.java @@ -28,7 +28,10 @@ import java.net.URLClassLoader; import java.util.List; import javax.ws.rs.Consumes; +import javax.ws.rs.GET; import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; import javax.ws.rs.QueryParam; import org.apache.cxf.helpers.FileUtils; @@ -405,6 +408,51 @@ public class JAXRSContainerTest extends ProcessorTestBase { } } +@Test +public void testComplexPath() { +try { +JAXRSContainer container = new JAXRSContainer(null); + +ToolContext context = new ToolContext(); +context.put(WadlToolConstants.CFG_OUTPUTDIR, output.getCanonicalPath()); +context.put(WadlToolConstants.CFG_WADLURL, getLocation("/wadl/testComplexPath.xml")); +context.put(WadlToolConstants.CFG_COMPILE, "true"); + +container.setContext(context); +container.execute(); + +assertNotNull(output.list()); + +List files = FileUtils.getFilesRecurse(output, ".+\\." + "class" + "$"); +assertEquals(1, files.size()); +assertTrue(checkContains(files, "application.Resource.class")); +@SuppressWarnings("resource") +ClassLoader loader = new URLClassLoader(new URL[] {output.toURI().toURL() }); + +Class test1 = loader.loadClass("application.Resource"); +Method[] test1Methods = test1.getDeclaredMethods(); +assertEquals(1, test1Methods.length); +assertEquals(2, test1Methods[0].getAnnotations().length); +assertNotNull(test1Methods[0].getAnnotation(GET.class)); +Path path = test1Methods[0].getAnnotation(Path.class); +assertNotNull(path); +assertEquals("/get-add-method", path.value()); + +assertEquals("getGetaddmethod", test1Methods[0].getName()); +Class[] paramTypes = test1Methods[0].getParameterTypes(); +assertEquals(1, paramTypes.length); +Annotation[][] paramAnns = test1Methods[0].getParameterAnnotations(); +assertEquals(String.class, paramTypes[0]); +assertEquals(1, paramAnns[0].length); +PathParam test1PathParam1 = (PathParam)paramAnns[0][0]; +assertEquals("id", test1PathParam1.value()); + +} catch (Exception e) { +e.printStackTrace(); +fail(); +} +} + @Test public void testCodeGenWithImportedSchemaAndResourceSet() { try { http://git-wip-us.apache.org/repos/asf/cxf/blob/bfe64272/tools/wadlto/jaxrs/src/test/resources/wadl/testComplexPath.xml -- diff --git a/tools/wadlto/jaxrs/src/test/resources/wadl/testComplexPath.xml b/tools/wadlto/jaxrs/src/test/resources/wadl/testComplexPath.xml new file mode 100644 index 000..372ca85 --- /dev/null +++ b/tools/wadlto/jaxrs/src/test/resources/wadl/testComplexPath.xml @@ -0,0 +1,13 @@ +http://wadl.dev.java.net/2009/02"; xmlns:xs="http://www.w3.org/2001/XMLSchema"; > + + + + + + + + + + + +
cxf git commit: Fixing failing STS test
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes a9da42b02 -> c8887c9b2 Fixing failing STS test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c8887c9b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c8887c9b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c8887c9b Branch: refs/heads/3.1.x-fixes Commit: c8887c9b250d53148b7c0f59b5f55dbd34f02a80 Parents: a9da42b Author: Colm O hEigeartaigh Authored: Thu Nov 19 20:18:12 2015 + Committer: Colm O hEigeartaigh Committed: Thu Nov 19 20:18:12 2015 + -- .../test/java/org/apache/cxf/systest/sts/jwt/JaxrsJWTTest.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/c8887c9b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JaxrsJWTTest.java -- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JaxrsJWTTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JaxrsJWTTest.java index 890a111..76fcb6e 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JaxrsJWTTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JaxrsJWTTest.java @@ -20,7 +20,7 @@ package org.apache.cxf.systest.sts.jwt; import java.io.IOException; import java.net.URL; -import java.util.Collections; +import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -91,7 +91,8 @@ public class JaxrsJWTTest extends AbstractBusClientServerTestBase { final String address = "https://localhost:"; + PORT + "/doubleit/services/doubleit-rs"; final int numToDouble = 25; -List providers = Collections.singletonList(new JwtOutFilter()); +List providers = new ArrayList(); +providers.add(new JwtOutFilter()); WebClient client = WebClient.create(address, providers); client.type("text/plain").accept("text/plain");
[5/5] cxf git commit: Fixing some failing tests
Fixing some failing tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a9da42b0 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a9da42b0 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a9da42b0 Branch: refs/heads/3.1.x-fixes Commit: a9da42b02fdfb509db43425fc719318e0731beb6 Parents: 35bebef Author: Colm O hEigeartaigh Authored: Thu Nov 19 17:52:27 2015 + Committer: Colm O hEigeartaigh Committed: Thu Nov 19 17:53:26 2015 + -- .../jaxrs/security/certs/jwkPublicSet.txt| 6 +++--- .../src/test/resources/sts.jks | Bin 3980 -> 4121 bytes 2 files changed, 3 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a9da42b0/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt -- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt index 87f5733..9313284 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt @@ -16,15 +16,15 @@ "kty":"RSA", "kid":"AliceCert", "x5c": [ - "MIIDojCCAoqgAwIBAgIBIDANBgkqhkiG9w0BAQsFADAzMRMwEQYDVQQKDAphcGFjaGUub3JnMQwwCgYDVQQLDANlbmcxDjAMBgNVBAMMBWN4ZmNhMB4XDTE1MTAyMDA5NTM1N1oXDTI1MTAxNzA5NTM1N1owMzETMBEGA1UEChMKYXBhY2hlLm9yZzEMMAoGA1UECxMDZW5nMQ4wDAYDVQQDEwVhbGljZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSBK+IlFaDphtJa96Vjt5et9KMEw/dIzDe+OfZQjAUSkZ1FQoWDaIOkrnbXq/7jfz7dgOx0QS9AMrgh7sEMnd0NGm1tmQr12Zxb9CIkIVFKTBQseCnJGn4Qctt24GVROqlogXs8/Og2NeSa8XJhnUwJFPoVG1QDHswVANlE6jS9TOXZG6fN5TyRwZwrzRVrcbDfUxV+t+HOTBeI/hrFlrJLYfPohZsGIckZvO7AwT6BH9A32L04HfZLGHFwtIjFKTXueC2R8BJZl/HQ8ctwr50L4wytowcpiQT1viJU9gj01xMkRR9wJ+ybenpciQw22wNn2BQ48B3t749Xg8h6v1MCAwEAAaOBwDCBvTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUcKtIwhA3fgWTH49HUGN0W2Jlbj8wYwYDVR0jBFwwWoAUf9/5nypuX3z3t7Lo8QRpkvj2uGOhN6Q1MDMxEzARBgNVBAoMCmFwYWNoZS5vcmcxDDAKBgNVBAsMA2VuZzEOMAwGA1UEAwwFY3hmY2GCCQDr8Tla2IcxaDANBgkqhkiG9w0BAQsFAAOCAQEAPnReJBRXZHTyKTt1Z/k+nLjALGO5h8pejvmqoOt8/i9jMghS+5Pdjel8b9+RFofdC7i88pUHt+ZGrZ vYEFXl/+UJFWjPt/X/QwrWKbDT95iFPJOSJxk0XL15HS7uKqEWaF2O9EOHndg5XR6YFYuSkHLA6PSsWVXsfgQ4WhTHgcSXz7pgeh7gdp8ItLJ7mBcqN1Jk94yd5BiEfo8Woyh+TVaFoWZcIgN2MfRTk9B75EWrkw5UsUoJ6/Dpq3+kqz+81DfUfTsmKgPWoT3y4UBSnPkFhF7uWguVKd/jUb6StXiNEIrwHYDxzJzBXK1nAFPnNQl+OzDE8J1BPf1pi/acAg==" -] + "MIIDojCCAoqgAwIBAgIBIDANBgkqhkiG9w0BAQsFADAzMRMwEQYDVQQKEwphcGFjaGUub3JnMQwwCgYDVQQLEwNlbmcxDjAMBgNVBAMTBWN4ZmNhMB4XDTE1MTExOTE1MjExN1oXDTI1MTExNjE1MjExN1owMzETMBEGA1UEChMKYXBhY2hlLm9yZzEMMAoGA1UECxMDZW5nMQ4wDAYDVQQDEwVhbGljZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJEtSxj+Fj6DUu8pSm1PaQxWOQLfTjTS3f5S1xD+HZ23oQE9q0gJ1tmcmGoi8EGYd6uC2YTLo8mcAya9pvxiXNPhbkzm6XvQbmvKKjMVe3MOm0OMZu64UgbFcuDxQ5yTHbJbq/sODUUE+AzlvkEiSceibg8LjjVwhWApR39yTDyVoUwtWC3hKUgAaRh1pRkcGJY5/hu9zPiKWxpApvjcRKW8e6EDP5+HJtEfv4FAulXyuN3NWlA+BTzhU3vCcFeUSK8GyJ2EYe7jU7escnn6VOU31YiZlwf4L+nlcShrssBU+QS7t0e1tnx39XwYPnMMfk3IJ5XHrzWELamDFzJUANsCAwEAAaOBwDCBvTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUdtunjeY0on5gtDZ464z81hD/RR4wYwYDVR0jBFwwWoAUIU7wL46HJSo67vTRvPZ3mlfF54mhN6Q1MDMxEzARBgNVBAoTCmFwYWNoZS5vcmcxDDAKBgNVBAsTA2VuZzEOMAwGA1UEAxMFY3hmY2GCCQCs4D589C1IpDANBgkqhkiG9w0BAQsFAAOCAQEAH5/3uv40Hif/AjEgLtCNm+V8B2zszugwJWS/0aCJkb/Qj22XnOSJ6kmBHkBvlJ70el2SmrW+ZysZo+ II+qds663wsfrzBv4egnSNWRFBPeAhYdGNAAaqAbDduRHa4vUdmcYTHEl/EZCabQSr7VH1+L6yCvwbnhDf8LZVDrFLcTeNOqhQnN/vUaG1wu8csrTLuzZzEZ5YF8bBJQmlN9s7J1DzM60TgfrNJcCCYalFBQspQmnlFIqVoJC5n88GOUzcCCQ3YoT1zDqlVuJhasW2PoD3C0NRkFXdu9268xNG/lLgf+mcX2jEzfHAzb8+sxZKReBfE8T8QBIBd+GW6vRshA==" + ] }, { "kty":"RSA", "kid":"BobCert", "x5c": [ - "MIIDoDCCAoigAwIBAgIBIjANBgkqhkiG9w0BAQsFADAzMRMwEQYDVQQKDAphcGFjaGUub3JnMQwwCgYDVQQLDANlbmcxDjAMBgNVBAMMBWN4ZmNhMB4XDTE1MTAyMDA5NTYyNloXDTI1MTAxNzA5NTYyNlowMTETMBEGA1UEChMKYXBhY2hlLm9yZzEMMAoGA1UECxMDZW5nMQwwCgYDVQQDEwNib2IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEjgfe3UUVEr7CVA+one1q/CCyU/1gN0jUpXf15hroR45Mhq0yEiStFMjIEfJJKyjRuwnfPrRf8FVMjRPLo9NLe1r1HMcVLaepZzhD1WgqRjAk0nymBN3zpFQDxyc5BGYiZLjgzmM7wlHW7XE+QSSlfjdH0EEoGXgHJitosQ78rq3iJlBgriN7OQuJynkHgRjMM9aKwHRs/y/03BmnMh1yq2PG1ptuWl/GspXrvgY9dfEGWppm1cC9FBPZcF8Y/l0I9kYArtbAGNcfcRpG2pQwSB+sKJAOHrm6ofzIEv+eJW7EX9GfQo5ab99CBDwC5iOSPPSfSW5eKn6+737tFTFPAgMBAAGjgcAwgb0wCQYDVR0TBAIwADAsBglgh
[2/5] cxf git commit: Adding a system test for a JAX-RS service and JWT/STS
Adding a system test for a JAX-RS service and JWT/STS Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ade622bf Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ade622bf Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ade622bf Branch: refs/heads/3.1.x-fixes Commit: ade622bf89a6d72d1aca4ab3a82dc4450cd5a603 Parents: 7fdc340 Author: Colm O hEigeartaigh Authored: Thu Nov 19 14:40:57 2015 + Committer: Colm O hEigeartaigh Committed: Thu Nov 19 17:53:20 2015 + -- services/sts/systests/advanced/pom.xml | 6 + .../systest/sts/jwt/DoubleItPortTypeImpl.java | 41 + .../apache/cxf/systest/sts/jwt/JWTUnitTest.java | 2 +- .../cxf/systest/sts/jwt/JaxrsJWTTest.java | 152 ++ .../org/apache/cxf/systest/sts/jwt/Server.java | 46 ++ .../cxf/systest/sts/deployment/cxf-sts.xml | 3 +- .../apache/cxf/systest/sts/jwt/DoubleIt.wsdl| 157 +++ .../apache/cxf/systest/sts/jwt/cxf-client.xml | 39 + .../apache/cxf/systest/sts/jwt/cxf-service.xml | 53 +++ .../cxf/systest/sts/jwt/cxf-unit-client.xml | 39 - .../org/apache/cxf/systest/sts/jwt/jaxrs.xml| 26 +++ 11 files changed, 522 insertions(+), 42 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/ade622bf/services/sts/systests/advanced/pom.xml -- diff --git a/services/sts/systests/advanced/pom.xml b/services/sts/systests/advanced/pom.xml index bd288e5..96b1b7d 100644 --- a/services/sts/systests/advanced/pom.xml +++ b/services/sts/systests/advanced/pom.xml @@ -56,6 +56,12 @@ org.apache.cxf +cxf-rt-rs-security-jose-jaxrs +${project.version} +test + + +org.apache.cxf cxf-rt-frontend-jaxws ${project.version} test http://git-wip-us.apache.org/repos/asf/cxf/blob/ade622bf/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/DoubleItPortTypeImpl.java -- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/DoubleItPortTypeImpl.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/DoubleItPortTypeImpl.java new file mode 100644 index 000..e9b50aa --- /dev/null +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/DoubleItPortTypeImpl.java @@ -0,0 +1,41 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.sts.jwt; + +import javax.annotation.Resource; +import javax.jws.WebService; +import javax.xml.ws.WebServiceContext; + +import org.apache.cxf.feature.Features; +import org.example.contract.doubleit.DoubleItPortType; + +@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt";, +serviceName = "DoubleItService", +endpointInterface = "org.example.contract.doubleit.DoubleItPortType") +@Features(features = "org.apache.cxf.feature.LoggingFeature") +public class DoubleItPortTypeImpl implements DoubleItPortType { + +@Resource +WebServiceContext wsContext; + +public int doubleIt(int numberToDouble) { +return numberToDouble * 2; +} + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/ade622bf/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JWTUnitTest.java -- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JWTUnitTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JWTUnitTest.java index 90da0c3..00ed2b1 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JWTUnitTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JWTUnitTest.java @@ -61,7 +61,7 @@ pu
[4/5] cxf git commit: Updating expired certs
Updating expired certs Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/35bebef6 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/35bebef6 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/35bebef6 Branch: refs/heads/3.1.x-fixes Commit: 35bebef60de1221475534d6b1e5eeba643db6a0b Parents: 4702274 Author: Colm O hEigeartaigh Authored: Thu Nov 19 16:41:29 2015 + Committer: Colm O hEigeartaigh Committed: Thu Nov 19 17:53:23 2015 + -- .../saml/sso/SAMLResponseValidatorTest.java | 1 + .../sso/saml/src/test/resources/alice.jks| Bin 1861 -> 4125 bytes rt/rs/security/xml/src/test/resources/alice.jks | Bin 1861 -> 4125 bytes rt/ws/security/src/test/resources/alice.jks | Bin 3984 -> 4125 bytes rt/ws/security/src/test/resources/cxfca.jks | Bin 891 -> 961 bytes .../src/test/resources/certs/alice.jks | Bin 2428 -> 4125 bytes .../xkms-client/src/test/resources/certs/bob.jks | Bin 2422 -> 4122 bytes .../src/test/resources/certs/cxfca.jks | Bin 1306 -> 961 bytes systests/kerberos/src/test/resources/alice.jks | Bin 3984 -> 4125 bytes systests/kerberos/src/test/resources/bob.jks | Bin 3979 -> 4122 bytes .../cxf/systest/jaxrs/security/certs/alice.jks | Bin 3984 -> 4125 bytes .../cxf/systest/jaxrs/security/certs/bob.jks | Bin 3979 -> 4122 bytes .../cxf/systest/jaxrs/security/certs/cxfca.jks | Bin 891 -> 961 bytes .../src/test/resources/certs/alice.jks | Bin 3984 -> 4125 bytes .../src/test/resources/certs/bob.jks | Bin 3979 -> 4122 bytes .../src/test/resources/certs/cxfca.jks | Bin 891 -> 961 bytes .../src/test/resources/keys/alice.jks| Bin 3984 -> 4125 bytes .../src/test/resources/keys/bob.jks | Bin 3979 -> 4122 bytes .../src/test/resources/keys/cxfca.jks| Bin 891 -> 961 bytes .../transports/src/test/resources/keys/alice.jks | Bin 3984 -> 4125 bytes .../transports/src/test/resources/keys/bob.jks | Bin 3979 -> 4122 bytes .../transports/src/test/resources/keys/cxfca.jks | Bin 891 -> 961 bytes .../ws-rm/src/test/resources/certs/alice.jks | Bin 3984 -> 4125 bytes systests/ws-rm/src/test/resources/certs/bob.jks | Bin 3979 -> 4122 bytes .../src/test/resources/alice.jks | Bin 3984 -> 4125 bytes .../src/test/resources/bob.jks | Bin 3979 -> 4122 bytes .../src/test/resources/cxfca.jks | Bin 891 -> 961 bytes .../src/test/resources/certs/alice.jks | Bin 3984 -> 4125 bytes .../ws-security/src/test/resources/certs/bob.jks | Bin 3979 -> 4122 bytes .../src/test/resources/certs/cxfca.jks | Bin 891 -> 961 bytes .../src/test/resources/certs/xkms/bob.crt| Bin 932 -> 932 bytes .../resources/certs/xkms/trusted_cas/cxfca.crt | Bin 829 -> 899 bytes 32 files changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/35bebef6/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java -- diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java index a5921c2..f33a63b 100644 --- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java +++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java @@ -462,6 +462,7 @@ public class SAMLResponseValidatorTest extends org.junit.Assert { InputStream input = Merlin.loadInputStream(loader, "alice.jks"); keyStore.load(input, "password".toCharArray()); ((Merlin)issuerCrypto).setKeyStore(keyStore); +issuerCrypto.setDefaultX509Identifier("alice"); response.getAssertions().add(assertion.getSaml2()); signResponse(response, "alice", "password", issuerCrypto, false); http://git-wip-us.apache.org/repos/asf/cxf/blob/35bebef6/rt/rs/security/sso/saml/src/test/resources/alice.jks -- diff --git a/rt/rs/security/sso/saml/src/test/resources/alice.jks b/rt/rs/security/sso/saml/src/test/resources/alice.jks index 3a788c2..213b26c 100644 Binary files a/rt/rs/security/sso/saml/src/test/resources/alice.jks and b/rt/rs/security/sso/saml/src/test/resources/alice.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/35bebef6/rt/rs/security/xml/src/test/resources/alice.jks -- diff --git a/rt/rs/security/xml/src/test/resources/alice.jks b/rt/rs/security/xml/src/test/resources/
[2/5] cxf git commit: Fixing failing test
Fixing failing test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f196ceb4 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f196ceb4 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f196ceb4 Branch: refs/heads/master Commit: f196ceb4a3fd77106e8de183bd0786f1d8dd780b Parents: 52d2142 Author: Colm O hEigeartaigh Authored: Thu Nov 19 16:41:19 2015 + Committer: Colm O hEigeartaigh Committed: Thu Nov 19 17:52:48 2015 + -- .../test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/f196ceb4/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java -- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java index de2a9ae..beaf0ce 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java @@ -168,7 +168,7 @@ public class Soap12Test extends AbstractBusClientServerTestBase { try { String badAddress = -"https://localhost:"; + PORT + "/doubleit/services/doubleitbadtransportsaml1"; +"https://localhost:"; + PORT + "/doubleit/services/baddoubleittransportsaml1"; requestSecurityToken(SAML1_TOKEN_TYPE, BEARER_KEYTYPE, bus, badAddress); fail("Failure expected on a bad endpoint address"); } catch (SoapFault ex) {
[1/5] cxf git commit: Some changes to the STSTokenOutInterceptor to make it easier to subclass
Repository: cxf Updated Branches: refs/heads/master cd2c481ef -> 826bf21ae Some changes to the STSTokenOutInterceptor to make it easier to subclass Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a24540a8 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a24540a8 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a24540a8 Branch: refs/heads/master Commit: a24540a86cc014d3479541413378d53cb4dd Parents: cd2c481 Author: Colm O hEigeartaigh Authored: Thu Nov 19 14:27:39 2015 + Committer: Colm O hEigeartaigh Committed: Thu Nov 19 17:52:47 2015 + -- .../policy/interceptors/STSTokenOutInterceptor.java | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a24540a8/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java index 14b8b5f..f0683e0 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java @@ -51,7 +51,11 @@ public class STSTokenOutInterceptor extends AbstractPhaseInterceptor { private TokenRequestParams tokenParams; public STSTokenOutInterceptor(AuthParams authParams, String stsWsdlLocation, Bus bus) { -super(Phase.PREPARE_SEND); +this(Phase.PREPARE_SEND, authParams, stsWsdlLocation, bus); +} + +public STSTokenOutInterceptor(String phase, AuthParams authParams, String stsWsdlLocation, Bus bus) { +super(phase); this.stsClient = configureBasicSTSClient(authParams, stsWsdlLocation, bus); this.tokenParams = new TokenRequestParams(); } @@ -79,6 +83,12 @@ public class STSTokenOutInterceptor extends AbstractPhaseInterceptor { if (tok == null) { LOG.warning("Security token was not retrieved from STS"); } +processToken(message, tok); +} + +// An extension point to allow custom processing of the token +protected void processToken(Message message, SecurityToken tok) { + } public STSClient getSTSClient() {
[3/5] cxf git commit: Fixing failing test
Fixing failing test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4702274c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4702274c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4702274c Branch: refs/heads/3.1.x-fixes Commit: 4702274c7a8bad71ab512744ad39f5207bfe86cd Parents: ade622b Author: Colm O hEigeartaigh Authored: Thu Nov 19 16:41:19 2015 + Committer: Colm O hEigeartaigh Committed: Thu Nov 19 17:53:21 2015 + -- .../test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/4702274c/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java -- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java index de2a9ae..beaf0ce 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java @@ -168,7 +168,7 @@ public class Soap12Test extends AbstractBusClientServerTestBase { try { String badAddress = -"https://localhost:"; + PORT + "/doubleit/services/doubleitbadtransportsaml1"; +"https://localhost:"; + PORT + "/doubleit/services/baddoubleittransportsaml1"; requestSecurityToken(SAML1_TOKEN_TYPE, BEARER_KEYTYPE, bus, badAddress); fail("Failure expected on a bad endpoint address"); } catch (SoapFault ex) {
[4/5] cxf git commit: Fixing some failing tests
Fixing some failing tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/826bf21a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/826bf21a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/826bf21a Branch: refs/heads/master Commit: 826bf21ae919bc9f2375a798847340b9b0624577 Parents: 92c5c70 Author: Colm O hEigeartaigh Authored: Thu Nov 19 17:52:27 2015 + Committer: Colm O hEigeartaigh Committed: Thu Nov 19 17:52:48 2015 + -- .../jaxrs/security/certs/jwkPublicSet.txt| 6 +++--- .../src/test/resources/sts.jks | Bin 3980 -> 4121 bytes 2 files changed, 3 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/826bf21a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt -- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt index 87f5733..9313284 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt @@ -16,15 +16,15 @@ "kty":"RSA", "kid":"AliceCert", "x5c": [ - "MIIDojCCAoqgAwIBAgIBIDANBgkqhkiG9w0BAQsFADAzMRMwEQYDVQQKDAphcGFjaGUub3JnMQwwCgYDVQQLDANlbmcxDjAMBgNVBAMMBWN4ZmNhMB4XDTE1MTAyMDA5NTM1N1oXDTI1MTAxNzA5NTM1N1owMzETMBEGA1UEChMKYXBhY2hlLm9yZzEMMAoGA1UECxMDZW5nMQ4wDAYDVQQDEwVhbGljZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSBK+IlFaDphtJa96Vjt5et9KMEw/dIzDe+OfZQjAUSkZ1FQoWDaIOkrnbXq/7jfz7dgOx0QS9AMrgh7sEMnd0NGm1tmQr12Zxb9CIkIVFKTBQseCnJGn4Qctt24GVROqlogXs8/Og2NeSa8XJhnUwJFPoVG1QDHswVANlE6jS9TOXZG6fN5TyRwZwrzRVrcbDfUxV+t+HOTBeI/hrFlrJLYfPohZsGIckZvO7AwT6BH9A32L04HfZLGHFwtIjFKTXueC2R8BJZl/HQ8ctwr50L4wytowcpiQT1viJU9gj01xMkRR9wJ+ybenpciQw22wNn2BQ48B3t749Xg8h6v1MCAwEAAaOBwDCBvTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUcKtIwhA3fgWTH49HUGN0W2Jlbj8wYwYDVR0jBFwwWoAUf9/5nypuX3z3t7Lo8QRpkvj2uGOhN6Q1MDMxEzARBgNVBAoMCmFwYWNoZS5vcmcxDDAKBgNVBAsMA2VuZzEOMAwGA1UEAwwFY3hmY2GCCQDr8Tla2IcxaDANBgkqhkiG9w0BAQsFAAOCAQEAPnReJBRXZHTyKTt1Z/k+nLjALGO5h8pejvmqoOt8/i9jMghS+5Pdjel8b9+RFofdC7i88pUHt+ZGrZ vYEFXl/+UJFWjPt/X/QwrWKbDT95iFPJOSJxk0XL15HS7uKqEWaF2O9EOHndg5XR6YFYuSkHLA6PSsWVXsfgQ4WhTHgcSXz7pgeh7gdp8ItLJ7mBcqN1Jk94yd5BiEfo8Woyh+TVaFoWZcIgN2MfRTk9B75EWrkw5UsUoJ6/Dpq3+kqz+81DfUfTsmKgPWoT3y4UBSnPkFhF7uWguVKd/jUb6StXiNEIrwHYDxzJzBXK1nAFPnNQl+OzDE8J1BPf1pi/acAg==" -] + "MIIDojCCAoqgAwIBAgIBIDANBgkqhkiG9w0BAQsFADAzMRMwEQYDVQQKEwphcGFjaGUub3JnMQwwCgYDVQQLEwNlbmcxDjAMBgNVBAMTBWN4ZmNhMB4XDTE1MTExOTE1MjExN1oXDTI1MTExNjE1MjExN1owMzETMBEGA1UEChMKYXBhY2hlLm9yZzEMMAoGA1UECxMDZW5nMQ4wDAYDVQQDEwVhbGljZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJEtSxj+Fj6DUu8pSm1PaQxWOQLfTjTS3f5S1xD+HZ23oQE9q0gJ1tmcmGoi8EGYd6uC2YTLo8mcAya9pvxiXNPhbkzm6XvQbmvKKjMVe3MOm0OMZu64UgbFcuDxQ5yTHbJbq/sODUUE+AzlvkEiSceibg8LjjVwhWApR39yTDyVoUwtWC3hKUgAaRh1pRkcGJY5/hu9zPiKWxpApvjcRKW8e6EDP5+HJtEfv4FAulXyuN3NWlA+BTzhU3vCcFeUSK8GyJ2EYe7jU7escnn6VOU31YiZlwf4L+nlcShrssBU+QS7t0e1tnx39XwYPnMMfk3IJ5XHrzWELamDFzJUANsCAwEAAaOBwDCBvTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUdtunjeY0on5gtDZ464z81hD/RR4wYwYDVR0jBFwwWoAUIU7wL46HJSo67vTRvPZ3mlfF54mhN6Q1MDMxEzARBgNVBAoTCmFwYWNoZS5vcmcxDDAKBgNVBAsTA2VuZzEOMAwGA1UEAxMFY3hmY2GCCQCs4D589C1IpDANBgkqhkiG9w0BAQsFAAOCAQEAH5/3uv40Hif/AjEgLtCNm+V8B2zszugwJWS/0aCJkb/Qj22XnOSJ6kmBHkBvlJ70el2SmrW+ZysZo+ II+qds663wsfrzBv4egnSNWRFBPeAhYdGNAAaqAbDduRHa4vUdmcYTHEl/EZCabQSr7VH1+L6yCvwbnhDf8LZVDrFLcTeNOqhQnN/vUaG1wu8csrTLuzZzEZ5YF8bBJQmlN9s7J1DzM60TgfrNJcCCYalFBQspQmnlFIqVoJC5n88GOUzcCCQ3YoT1zDqlVuJhasW2PoD3C0NRkFXdu9268xNG/lLgf+mcX2jEzfHAzb8+sxZKReBfE8T8QBIBd+GW6vRshA==" + ] }, { "kty":"RSA", "kid":"BobCert", "x5c": [ - "MIIDoDCCAoigAwIBAgIBIjANBgkqhkiG9w0BAQsFADAzMRMwEQYDVQQKDAphcGFjaGUub3JnMQwwCgYDVQQLDANlbmcxDjAMBgNVBAMMBWN4ZmNhMB4XDTE1MTAyMDA5NTYyNloXDTI1MTAxNzA5NTYyNlowMTETMBEGA1UEChMKYXBhY2hlLm9yZzEMMAoGA1UECxMDZW5nMQwwCgYDVQQDEwNib2IwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEjgfe3UUVEr7CVA+one1q/CCyU/1gN0jUpXf15hroR45Mhq0yEiStFMjIEfJJKyjRuwnfPrRf8FVMjRPLo9NLe1r1HMcVLaepZzhD1WgqRjAk0nymBN3zpFQDxyc5BGYiZLjgzmM7wlHW7XE+QSSlfjdH0EEoGXgHJitosQ78rq3iJlBgriN7OQuJynkHgRjMM9aKwHRs/y/03BmnMh1yq2PG1ptuWl/GspXrvgY9dfEGWppm1cC9FBPZcF8Y/l0I9kYArtbAGNcfcRpG2pQwSB+sKJAOHrm6ofzIEv+eJW7EX9GfQo5ab99CBDwC5iOSPPSfSW5eKn6+737tFTFPAgMBAAGjgcAwgb0wCQYDVR0TBAIwADAsBglghkgBhv
[3/5] cxf git commit: Updating expired certs
Updating expired certs Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/92c5c700 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/92c5c700 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/92c5c700 Branch: refs/heads/master Commit: 92c5c700b49f1b7be698363629ccd0034f26a4a5 Parents: f196ceb Author: Colm O hEigeartaigh Authored: Thu Nov 19 16:41:29 2015 + Committer: Colm O hEigeartaigh Committed: Thu Nov 19 17:52:48 2015 + -- .../saml/sso/SAMLResponseValidatorTest.java | 1 + .../sso/saml/src/test/resources/alice.jks| Bin 1861 -> 4125 bytes rt/rs/security/xml/src/test/resources/alice.jks | Bin 1861 -> 4125 bytes rt/ws/security/src/test/resources/alice.jks | Bin 3984 -> 4125 bytes rt/ws/security/src/test/resources/cxfca.jks | Bin 891 -> 961 bytes .../src/test/resources/certs/alice.jks | Bin 2428 -> 4125 bytes .../xkms-client/src/test/resources/certs/bob.jks | Bin 2422 -> 4122 bytes .../src/test/resources/certs/cxfca.jks | Bin 1306 -> 961 bytes systests/kerberos/src/test/resources/alice.jks | Bin 3984 -> 4125 bytes systests/kerberos/src/test/resources/bob.jks | Bin 3979 -> 4122 bytes .../cxf/systest/jaxrs/security/certs/alice.jks | Bin 3984 -> 4125 bytes .../cxf/systest/jaxrs/security/certs/bob.jks | Bin 3979 -> 4122 bytes .../cxf/systest/jaxrs/security/certs/cxfca.jks | Bin 891 -> 961 bytes .../src/test/resources/certs/alice.jks | Bin 3984 -> 4125 bytes .../src/test/resources/certs/bob.jks | Bin 3979 -> 4122 bytes .../src/test/resources/certs/cxfca.jks | Bin 891 -> 961 bytes .../src/test/resources/keys/alice.jks| Bin 3984 -> 4125 bytes .../src/test/resources/keys/bob.jks | Bin 3979 -> 4122 bytes .../src/test/resources/keys/cxfca.jks| Bin 891 -> 961 bytes .../transports/src/test/resources/keys/alice.jks | Bin 3984 -> 4125 bytes .../transports/src/test/resources/keys/bob.jks | Bin 3979 -> 4122 bytes .../transports/src/test/resources/keys/cxfca.jks | Bin 891 -> 961 bytes .../ws-rm/src/test/resources/certs/alice.jks | Bin 3984 -> 4125 bytes systests/ws-rm/src/test/resources/certs/bob.jks | Bin 3979 -> 4122 bytes .../src/test/resources/alice.jks | Bin 3984 -> 4125 bytes .../src/test/resources/bob.jks | Bin 3979 -> 4122 bytes .../src/test/resources/cxfca.jks | Bin 891 -> 961 bytes .../src/test/resources/certs/alice.jks | Bin 3984 -> 4125 bytes .../ws-security/src/test/resources/certs/bob.jks | Bin 3979 -> 4122 bytes .../src/test/resources/certs/cxfca.jks | Bin 891 -> 961 bytes .../src/test/resources/certs/xkms/bob.crt| Bin 932 -> 932 bytes .../resources/certs/xkms/trusted_cas/cxfca.crt | Bin 829 -> 899 bytes 32 files changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/92c5c700/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java -- diff --git a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java index a5921c2..f33a63b 100644 --- a/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java +++ b/rt/rs/security/sso/saml/src/test/java/org/apache/cxf/rs/security/saml/sso/SAMLResponseValidatorTest.java @@ -462,6 +462,7 @@ public class SAMLResponseValidatorTest extends org.junit.Assert { InputStream input = Merlin.loadInputStream(loader, "alice.jks"); keyStore.load(input, "password".toCharArray()); ((Merlin)issuerCrypto).setKeyStore(keyStore); +issuerCrypto.setDefaultX509Identifier("alice"); response.getAssertions().add(assertion.getSaml2()); signResponse(response, "alice", "password", issuerCrypto, false); http://git-wip-us.apache.org/repos/asf/cxf/blob/92c5c700/rt/rs/security/sso/saml/src/test/resources/alice.jks -- diff --git a/rt/rs/security/sso/saml/src/test/resources/alice.jks b/rt/rs/security/sso/saml/src/test/resources/alice.jks index 3a788c2..213b26c 100644 Binary files a/rt/rs/security/sso/saml/src/test/resources/alice.jks and b/rt/rs/security/sso/saml/src/test/resources/alice.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/92c5c700/rt/rs/security/xml/src/test/resources/alice.jks -- diff --git a/rt/rs/security/xml/src/test/resources/alice.jks b/rt/rs/security/xml/src/test/resources/alice
[1/5] cxf git commit: Some changes to the STSTokenOutInterceptor to make it easier to subclass
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 9680acf2e -> a9da42b02 Some changes to the STSTokenOutInterceptor to make it easier to subclass Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7fdc3403 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7fdc3403 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7fdc3403 Branch: refs/heads/3.1.x-fixes Commit: 7fdc34030bdcfaa4226c28ea8ce83f34563a5b6d Parents: 9680acf Author: Colm O hEigeartaigh Authored: Thu Nov 19 14:27:39 2015 + Committer: Colm O hEigeartaigh Committed: Thu Nov 19 17:53:19 2015 + -- .../policy/interceptors/STSTokenOutInterceptor.java | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/7fdc3403/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java index 14b8b5f..f0683e0 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java @@ -51,7 +51,11 @@ public class STSTokenOutInterceptor extends AbstractPhaseInterceptor { private TokenRequestParams tokenParams; public STSTokenOutInterceptor(AuthParams authParams, String stsWsdlLocation, Bus bus) { -super(Phase.PREPARE_SEND); +this(Phase.PREPARE_SEND, authParams, stsWsdlLocation, bus); +} + +public STSTokenOutInterceptor(String phase, AuthParams authParams, String stsWsdlLocation, Bus bus) { +super(phase); this.stsClient = configureBasicSTSClient(authParams, stsWsdlLocation, bus); this.tokenParams = new TokenRequestParams(); } @@ -79,6 +83,12 @@ public class STSTokenOutInterceptor extends AbstractPhaseInterceptor { if (tok == null) { LOG.warning("Security token was not retrieved from STS"); } +processToken(message, tok); +} + +// An extension point to allow custom processing of the token +protected void processToken(Message message, SecurityToken tok) { + } public STSClient getSTSClient() {
[5/5] cxf git commit: Adding a system test for a JAX-RS service and JWT/STS
Adding a system test for a JAX-RS service and JWT/STS Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/52d2142b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/52d2142b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/52d2142b Branch: refs/heads/master Commit: 52d2142beb8f4b343258e8c672cb1b241fcc4b2d Parents: a24540a Author: Colm O hEigeartaigh Authored: Thu Nov 19 14:40:57 2015 + Committer: Colm O hEigeartaigh Committed: Thu Nov 19 17:52:48 2015 + -- services/sts/systests/advanced/pom.xml | 6 + .../systest/sts/jwt/DoubleItPortTypeImpl.java | 41 + .../apache/cxf/systest/sts/jwt/JWTUnitTest.java | 2 +- .../cxf/systest/sts/jwt/JaxrsJWTTest.java | 152 ++ .../org/apache/cxf/systest/sts/jwt/Server.java | 46 ++ .../cxf/systest/sts/deployment/cxf-sts.xml | 3 +- .../apache/cxf/systest/sts/jwt/DoubleIt.wsdl| 157 +++ .../apache/cxf/systest/sts/jwt/cxf-client.xml | 39 + .../apache/cxf/systest/sts/jwt/cxf-service.xml | 53 +++ .../cxf/systest/sts/jwt/cxf-unit-client.xml | 39 - .../org/apache/cxf/systest/sts/jwt/jaxrs.xml| 26 +++ 11 files changed, 522 insertions(+), 42 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/52d2142b/services/sts/systests/advanced/pom.xml -- diff --git a/services/sts/systests/advanced/pom.xml b/services/sts/systests/advanced/pom.xml index c1aa190..27a76d1 100644 --- a/services/sts/systests/advanced/pom.xml +++ b/services/sts/systests/advanced/pom.xml @@ -56,6 +56,12 @@ org.apache.cxf +cxf-rt-rs-security-jose-jaxrs +${project.version} +test + + +org.apache.cxf cxf-rt-frontend-jaxws ${project.version} test http://git-wip-us.apache.org/repos/asf/cxf/blob/52d2142b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/DoubleItPortTypeImpl.java -- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/DoubleItPortTypeImpl.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/DoubleItPortTypeImpl.java new file mode 100644 index 000..e9b50aa --- /dev/null +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/DoubleItPortTypeImpl.java @@ -0,0 +1,41 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.sts.jwt; + +import javax.annotation.Resource; +import javax.jws.WebService; +import javax.xml.ws.WebServiceContext; + +import org.apache.cxf.feature.Features; +import org.example.contract.doubleit.DoubleItPortType; + +@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt";, +serviceName = "DoubleItService", +endpointInterface = "org.example.contract.doubleit.DoubleItPortType") +@Features(features = "org.apache.cxf.feature.LoggingFeature") +public class DoubleItPortTypeImpl implements DoubleItPortType { + +@Resource +WebServiceContext wsContext; + +public int doubleIt(int numberToDouble) { +return numberToDouble * 2; +} + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/52d2142b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JWTUnitTest.java -- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JWTUnitTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JWTUnitTest.java index 90da0c3..00ed2b1 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JWTUnitTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JWTUnitTest.java @@ -61,7 +61,7 @@ public
cxf-fediz git commit: Close the ApplicationContext
Repository: cxf-fediz Updated Branches: refs/heads/master 1f7749cec -> b241d3b5b Close the ApplicationContext Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/b241d3b5 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/b241d3b5 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/b241d3b5 Branch: refs/heads/master Commit: b241d3b5bfee7648e1fe592eb207263f70815efa Parents: 1f7749c Author: Colm O hEigeartaigh Authored: Thu Nov 19 16:55:37 2015 + Committer: Colm O hEigeartaigh Committed: Thu Nov 19 16:56:07 2015 + -- .../apache/cxf/fediz/service/oidc/HomeRealmCallbackHandler.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b241d3b5/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/HomeRealmCallbackHandler.java -- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/HomeRealmCallbackHandler.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/HomeRealmCallbackHandler.java index 7d85a9d..db93ca2 100644 --- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/HomeRealmCallbackHandler.java +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/HomeRealmCallbackHandler.java @@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest; import org.apache.cxf.fediz.core.spi.HomeRealmCallback; import org.apache.cxf.rs.security.oauth2.common.Client; import org.springframework.context.ApplicationContext; +import org.springframework.context.support.AbstractApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext; public class HomeRealmCallbackHandler implements CallbackHandler { @@ -38,7 +39,6 @@ public class HomeRealmCallbackHandler implements CallbackHandler { if (callbacks[i] instanceof HomeRealmCallback) { HomeRealmCallback callback = (HomeRealmCallback) callbacks[i]; -@SuppressWarnings("resource") ApplicationContext ctx = new ClassPathXmlApplicationContext("data-manager.xml"); OAuthDataManager dataManager = (OAuthDataManager)ctx.getBean("oauthProvider"); @@ -51,6 +51,8 @@ public class HomeRealmCallbackHandler implements CallbackHandler { callback.setHomeRealm(((FedizClient)client).getHomeRealm()); } } + +((AbstractApplicationContext)ctx).close(); } else { throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); }
cxf-fediz git commit: [FEDIZ-134] Making the nonce available to the data provider
Repository: cxf-fediz Updated Branches: refs/heads/master 355dceb1d -> 1f7749cec [FEDIZ-134] Making the nonce available to the data provider Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/1f7749ce Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/1f7749ce Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/1f7749ce Branch: refs/heads/master Commit: 1f7749cec7eccb0c0bc33da783e233742102cb48 Parents: 355dceb Author: Sergey Beryozkin Authored: Thu Nov 19 16:46:36 2015 + Committer: Sergey Beryozkin Committed: Thu Nov 19 16:46:36 2015 + -- .../service/oidc/LocalSamlTokenConverter.java | 7 +++- .../fediz/service/oidc/OAuthDataManager.java| 39 .../fediz/service/oidc/SamlTokenConverter.java | 3 +- .../WEB-INF/views/oAuthAuthorizationData.jsp| 8 4 files changed, 40 insertions(+), 17 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1f7749ce/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java -- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java index 0c1bb1d..001c537 100644 --- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/LocalSamlTokenConverter.java @@ -35,7 +35,8 @@ public class LocalSamlTokenConverter implements SamlTokenConverter { public IdToken convertToIdToken(Element samlToken, String subjectName, ClaimCollection claims, -String clientId) { +String clientId, +String nonce) { IdToken idToken = new IdToken(); idToken.setSubject(subjectName); idToken.setAudience(clientId); @@ -90,6 +91,10 @@ public class LocalSamlTokenConverter implements SamlTokenConverter { } } +if (nonce != null) { +idToken.setNonce(nonce); +} + return idToken; } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1f7749ce/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java -- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java index a207b17..d9d90fb 100644 --- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java @@ -30,11 +30,13 @@ import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer; import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; import org.apache.cxf.rs.security.jose.jws.JwsUtils; +import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.grants.code.AbstractCodeDataProvider; +import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration; import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken; @@ -81,17 +83,19 @@ public class OAuthDataManager extends AbstractCodeDataProvider { // Grants @Override -protected void saveCodeGrant(ServerAuthorizationCodeGrant grant) { -createIdToken(grant.getClient(), grant.getSubject()); -doSaveCodeGrant(grant); +public ServerAuthorizationCodeGrant createCodeGrant(AuthorizationCodeRegistration reg) +throws OAuthServiceException { +ServerAuthorizationCodeGrant grant = super.createCodeGrant(reg); +createIdToken(grant.getClient(), grant.getSubject(), reg.getNonce()); +return grant; } - -protected void doSaveCodeGrant(ServerAuthorizationCodeGrant grant) { + +@Override +protected void saveCodeGrant(ServerAuthorizationCodeGrant grant) { codeGrants.put(grant.getCode(), grant); - } - +
cxf git commit: More nonce related updates and making sure the OAuthServiceException mappers can be reused in case of nonce/etc validation issues
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 8c09f501a -> 9680acf2e More nonce related updates and making sure the OAuthServiceException mappers can be reused in case of nonce/etc validation issues Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9680acf2 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9680acf2 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9680acf2 Branch: refs/heads/3.1.x-fixes Commit: 9680acf2ea8b7b9bb08d5db6a07f91a12f26ccee Parents: 8c09f50 Author: Sergey Beryozkin Authored: Thu Nov 19 16:34:10 2015 + Committer: Sergey Beryozkin Committed: Thu Nov 19 16:35:18 2015 + -- .../security/oauth2/client/JoseClientCodeStateManager.java | 7 --- .../security/oauth2/client/MemoryClientCodeStateManager.java | 4 +++- .../cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java | 8 +--- 3 files changed, 12 insertions(+), 7 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/9680acf2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java index e269d19..18802b9 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java @@ -57,11 +57,13 @@ public class JoseClientCodeStateManager implements ClientCodeStateManager { if (theEncryptionProvider == null && theSigProvider == null) { throw new OAuthServiceException("The state can not be protected"); } +MultivaluedMap redirectMap = new MetadataMap(); if (generateNonce && theSigProvider != null) { JwsCompactProducer nonceProducer = new JwsCompactProducer(OAuthUtils.generateRandomTokenKey()); String nonceParam = nonceProducer.signWith(theSigProvider); requestState.putSingle(OAuthConstants.NONCE, nonceParam); +redirectMap.putSingle(OAuthConstants.NONCE, nonceParam); } Map stateMap = CastUtils.cast((Map)requestState); String json = jsonp.toJson(stateMap); @@ -75,15 +77,14 @@ public class JoseClientCodeStateManager implements ClientCodeStateManager { if (theEncryptionProvider != null) { stateParam = theEncryptionProvider.encrypt(StringUtils.toBytesUTF8(stateParam), null); } -MultivaluedMap map = new MetadataMap(); if (storeInSession) { String sessionStateAttribute = OAuthUtils.generateRandomTokenKey(); OAuthUtils.setSessionToken(mc, stateParam, sessionStateAttribute, 0); stateParam = sessionStateAttribute; } -map.putSingle(OAuthConstants.STATE, stateParam); +redirectMap.putSingle(OAuthConstants.STATE, stateParam); -return map; +return redirectMap; } @Override http://git-wip-us.apache.org/repos/asf/cxf/blob/9680acf2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java index 6403eda..33a95df 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java @@ -38,13 +38,15 @@ public class MemoryClientCodeStateManager implements ClientCodeStateManager { public MultivaluedMap toRedirectState(MessageContext mc, MultivaluedMap requestState) { String stateParam = OAuthUtils.generateRandomTokenKey(); +MultivaluedMap redirectMap = new MetadataMap(); + if (generateNonce) { String nonceParam = MessageDigestUtils.generate(CryptoUtils.generateSecureRandomBytes(16)); requestState.putSingle(OAuthConstants.NONCE, nonceParam); +redirectMap.putSingle(OAuthConstants.NONCE, nonceParam); }
cxf git commit: More nonce related updates and making sure the OAuthServiceException mappers can be reused in case of nonce/etc validation issues
Repository: cxf Updated Branches: refs/heads/master db4f6b540 -> cd2c481ef More nonce related updates and making sure the OAuthServiceException mappers can be reused in case of nonce/etc validation issues Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/cd2c481e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/cd2c481e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/cd2c481e Branch: refs/heads/master Commit: cd2c481ef654e884aef3089152230e7016167248 Parents: db4f6b5 Author: Sergey Beryozkin Authored: Thu Nov 19 16:34:10 2015 + Committer: Sergey Beryozkin Committed: Thu Nov 19 16:34:10 2015 + -- .../security/oauth2/client/JoseClientCodeStateManager.java | 7 --- .../security/oauth2/client/MemoryClientCodeStateManager.java | 4 +++- .../cxf/rs/security/oidc/rp/OidcClientCodeRequestFilter.java | 8 +--- 3 files changed, 12 insertions(+), 7 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/cd2c481e/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java index e269d19..18802b9 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java @@ -57,11 +57,13 @@ public class JoseClientCodeStateManager implements ClientCodeStateManager { if (theEncryptionProvider == null && theSigProvider == null) { throw new OAuthServiceException("The state can not be protected"); } +MultivaluedMap redirectMap = new MetadataMap(); if (generateNonce && theSigProvider != null) { JwsCompactProducer nonceProducer = new JwsCompactProducer(OAuthUtils.generateRandomTokenKey()); String nonceParam = nonceProducer.signWith(theSigProvider); requestState.putSingle(OAuthConstants.NONCE, nonceParam); +redirectMap.putSingle(OAuthConstants.NONCE, nonceParam); } Map stateMap = CastUtils.cast((Map)requestState); String json = jsonp.toJson(stateMap); @@ -75,15 +77,14 @@ public class JoseClientCodeStateManager implements ClientCodeStateManager { if (theEncryptionProvider != null) { stateParam = theEncryptionProvider.encrypt(StringUtils.toBytesUTF8(stateParam), null); } -MultivaluedMap map = new MetadataMap(); if (storeInSession) { String sessionStateAttribute = OAuthUtils.generateRandomTokenKey(); OAuthUtils.setSessionToken(mc, stateParam, sessionStateAttribute, 0); stateParam = sessionStateAttribute; } -map.putSingle(OAuthConstants.STATE, stateParam); +redirectMap.putSingle(OAuthConstants.STATE, stateParam); -return map; +return redirectMap; } @Override http://git-wip-us.apache.org/repos/asf/cxf/blob/cd2c481e/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java index 6403eda..33a95df 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java @@ -38,13 +38,15 @@ public class MemoryClientCodeStateManager implements ClientCodeStateManager { public MultivaluedMap toRedirectState(MessageContext mc, MultivaluedMap requestState) { String stateParam = OAuthUtils.generateRandomTokenKey(); +MultivaluedMap redirectMap = new MetadataMap(); + if (generateNonce) { String nonceParam = MessageDigestUtils.generate(CryptoUtils.generateSecureRandomBytes(16)); requestState.putSingle(OAuthConstants.NONCE, nonceParam); +redirectMap.putSingle(OAuthConstants.NONCE, nonceParam); } map.
cxf git commit: Making it easier to validate the nonce flows with the Memory provider
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 4b577dc98 -> 8c09f501a Making it easier to validate the nonce flows with the Memory provider Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8c09f501 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8c09f501 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8c09f501 Branch: refs/heads/3.1.x-fixes Commit: 8c09f501af1d7fe77219396f1e0a5de65146bbe6 Parents: 4b577dc Author: Sergey Beryozkin Authored: Thu Nov 19 14:13:01 2015 + Committer: Sergey Beryozkin Committed: Thu Nov 19 14:14:24 2015 + -- .../oauth2/client/JoseClientCodeStateManager.java| 2 +- .../oauth2/client/MemoryClientCodeStateManager.java | 11 ++- .../org/apache/cxf/rs/security/oidc/common/IdToken.java | 3 ++- .../rs/security/oidc/rp/OidcClientCodeRequestFilter.java | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/8c09f501/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java index afc5c96..e269d19 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java @@ -61,7 +61,7 @@ public class JoseClientCodeStateManager implements ClientCodeStateManager { if (generateNonce && theSigProvider != null) { JwsCompactProducer nonceProducer = new JwsCompactProducer(OAuthUtils.generateRandomTokenKey()); String nonceParam = nonceProducer.signWith(theSigProvider); -requestState.putSingle("nonce", nonceParam); +requestState.putSingle(OAuthConstants.NONCE, nonceParam); } Map stateMap = CastUtils.cast((Map)requestState); String json = jsonp.toJson(stateMap); http://git-wip-us.apache.org/repos/asf/cxf/blob/8c09f501/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java index 727839b..6403eda 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java @@ -27,15 +27,21 @@ import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; +import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.apache.cxf.rt.security.crypto.MessageDigestUtils; public class MemoryClientCodeStateManager implements ClientCodeStateManager { private ConcurrentHashMap> map = new ConcurrentHashMap>(); - +private boolean generateNonce; @Override public MultivaluedMap toRedirectState(MessageContext mc, MultivaluedMap requestState) { String stateParam = OAuthUtils.generateRandomTokenKey(); +if (generateNonce) { +String nonceParam = MessageDigestUtils.generate(CryptoUtils.generateSecureRandomBytes(16)); +requestState.putSingle(OAuthConstants.NONCE, nonceParam); +} map.put(stateParam, requestState); OAuthUtils.setSessionToken(mc, stateParam, "state", 0); MultivaluedMap redirectMap = new MetadataMap(); @@ -53,4 +59,7 @@ public class MemoryClientCodeStateManager implements ClientCodeStateManager { } return map.remove(stateParam); } +public void setGenerateNonce(boolean generateNonce) { +this.generateNonce = generateNonce; +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/8c09f501/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/IdToken.java -- diff --
cxf git commit: Making it easier to validate the nonce flows with the Memory provider
Repository: cxf Updated Branches: refs/heads/master 8c49fffad -> db4f6b540 Making it easier to validate the nonce flows with the Memory provider Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/db4f6b54 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/db4f6b54 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/db4f6b54 Branch: refs/heads/master Commit: db4f6b540889d7d66e665f03dc562fc31eec60b4 Parents: 8c49fff Author: Sergey Beryozkin Authored: Thu Nov 19 14:13:01 2015 + Committer: Sergey Beryozkin Committed: Thu Nov 19 14:13:01 2015 + -- .../oauth2/client/JoseClientCodeStateManager.java| 2 +- .../oauth2/client/MemoryClientCodeStateManager.java | 11 ++- .../org/apache/cxf/rs/security/oidc/common/IdToken.java | 3 ++- .../rs/security/oidc/rp/OidcClientCodeRequestFilter.java | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/db4f6b54/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java index afc5c96..e269d19 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/JoseClientCodeStateManager.java @@ -61,7 +61,7 @@ public class JoseClientCodeStateManager implements ClientCodeStateManager { if (generateNonce && theSigProvider != null) { JwsCompactProducer nonceProducer = new JwsCompactProducer(OAuthUtils.generateRandomTokenKey()); String nonceParam = nonceProducer.signWith(theSigProvider); -requestState.putSingle("nonce", nonceParam); +requestState.putSingle(OAuthConstants.NONCE, nonceParam); } Map stateMap = CastUtils.cast((Map)requestState); String json = jsonp.toJson(stateMap); http://git-wip-us.apache.org/repos/asf/cxf/blob/db4f6b54/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java index 727839b..6403eda 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientCodeStateManager.java @@ -27,15 +27,21 @@ import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; +import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.apache.cxf.rt.security.crypto.MessageDigestUtils; public class MemoryClientCodeStateManager implements ClientCodeStateManager { private ConcurrentHashMap> map = new ConcurrentHashMap>(); - +private boolean generateNonce; @Override public MultivaluedMap toRedirectState(MessageContext mc, MultivaluedMap requestState) { String stateParam = OAuthUtils.generateRandomTokenKey(); +if (generateNonce) { +String nonceParam = MessageDigestUtils.generate(CryptoUtils.generateSecureRandomBytes(16)); +requestState.putSingle(OAuthConstants.NONCE, nonceParam); +} map.put(stateParam, requestState); OAuthUtils.setSessionToken(mc, stateParam, "state", 0); MultivaluedMap redirectMap = new MetadataMap(); @@ -53,4 +59,7 @@ public class MemoryClientCodeStateManager implements ClientCodeStateManager { } return map.remove(stateParam); } +public void setGenerateNonce(boolean generateNonce) { +this.generateNonce = generateNonce; +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/db4f6b54/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/IdToken.java -- diff --git a/rt/
cxf git commit: Sorry, 1 more nonce update
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 20076a8c3 -> 4b577dc98 Sorry, 1 more nonce update Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4b577dc9 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4b577dc9 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4b577dc9 Branch: refs/heads/3.1.x-fixes Commit: 4b577dc98cc61e4aead2f0bdff6d017c8a7679df Parents: 20076a8 Author: Sergey Beryozkin Authored: Thu Nov 19 13:48:30 2015 + Committer: Sergey Beryozkin Committed: Thu Nov 19 13:49:11 2015 + -- .../cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/4b577dc9/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java index a6a1c4c..fd25fa7 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java @@ -164,7 +164,7 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide state.setRedirectUri(parts[5]); } if (!StringUtils.isEmpty(parts[6])) { -state.setRedirectUri(parts[6]); +state.setNonce(parts[6]); } return state; }
cxf git commit: Sorry, 1 more nonce update
Repository: cxf Updated Branches: refs/heads/master e954491e7 -> 8c49fffad Sorry, 1 more nonce update Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8c49fffa Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8c49fffa Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8c49fffa Branch: refs/heads/master Commit: 8c49fffad8ba5f448c00441afae1c933d1625f69 Parents: e954491 Author: Sergey Beryozkin Authored: Thu Nov 19 13:48:30 2015 + Committer: Sergey Beryozkin Committed: Thu Nov 19 13:48:30 2015 + -- .../cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/8c49fffa/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java index a6a1c4c..fd25fa7 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JoseSessionTokenProvider.java @@ -164,7 +164,7 @@ public class JoseSessionTokenProvider implements SessionAuthenticityTokenProvide state.setRedirectUri(parts[5]); } if (!StringUtils.isEmpty(parts[6])) { -state.setRedirectUri(parts[6]); +state.setNonce(parts[6]); } return state; }
cxf git commit: One more nonce related update
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 29dbad4a9 -> 20076a8c3 One more nonce related update Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/20076a8c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/20076a8c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/20076a8c Branch: refs/heads/3.1.x-fixes Commit: 20076a8c3ee335121dcb580640d8d98f5f48a6d7 Parents: 29dbad4 Author: Sergey Beryozkin Authored: Thu Nov 19 13:42:22 2015 + Committer: Sergey Beryozkin Committed: Thu Nov 19 13:43:23 2015 + -- .../rs/security/oauth2/services/RedirectionBasedGrantService.java | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/20076a8c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java index 4d96f9a..cc9baba 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java @@ -248,6 +248,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService state.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE)); state.setProposedScope(params.getFirst(OAuthConstants.SCOPE)); state.setState(params.getFirst(OAuthConstants.STATE)); +state.setNonce(params.getFirst(OAuthConstants.NONCE)); } return state; }
cxf git commit: One more nonce related update
Repository: cxf Updated Branches: refs/heads/master 4b0ba1a12 -> e954491e7 One more nonce related update Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e954491e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e954491e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e954491e Branch: refs/heads/master Commit: e954491e7065ce2b50e3e0870f2897daba6b1d20 Parents: 4b0ba1a Author: Sergey Beryozkin Authored: Thu Nov 19 13:42:22 2015 + Committer: Sergey Beryozkin Committed: Thu Nov 19 13:42:22 2015 + -- .../rs/security/oauth2/services/RedirectionBasedGrantService.java | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/e954491e/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java index 4d96f9a..cc9baba 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java @@ -248,6 +248,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService state.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE)); state.setProposedScope(params.getFirst(OAuthConstants.SCOPE)); state.setState(params.getFirst(OAuthConstants.STATE)); +state.setNonce(params.getFirst(OAuthConstants.NONCE)); } return state; }
cxf git commit: Making sure an implicit or code nonce is available to OAuthDataProviders
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 577eb154c -> 29dbad4a9 Making sure an implicit or code nonce is available to OAuthDataProviders Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/29dbad4a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/29dbad4a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/29dbad4a Branch: refs/heads/3.1.x-fixes Commit: 29dbad4a995ba09d97b131807585b46cb02c43af Parents: 577eb15 Author: Sergey Beryozkin Authored: Thu Nov 19 13:16:06 2015 + Committer: Sergey Beryozkin Committed: Thu Nov 19 13:20:11 2015 + -- .../security/oauth2/common/AccessTokenRegistration.java | 9 + .../rs/security/oauth2/common/OAuthRedirectionState.java | 11 +++ .../grants/code/AuthorizationCodeRegistration.java | 7 +++ .../oauth2/provider/JoseSessionTokenProvider.java| 7 +++ .../oauth2/services/AbstractImplicitGrantService.java| 1 + .../oauth2/services/AuthorizationCodeGrantService.java | 1 + .../oauth2/services/RedirectionBasedGrantService.java| 1 + .../cxf/rs/security/oauth2/utils/OAuthConstants.java | 1 + 8 files changed, 38 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/29dbad4a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java index b2641fc..db443da 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java @@ -31,6 +31,7 @@ public class AccessTokenRegistration { private String grantType; private UserSubject subject; private String audience; +private String nonce; private String clientCodeVerifier; /** @@ -129,5 +130,13 @@ public class AccessTokenRegistration { public void setClientCodeVerifier(String clientCodeVerifier) { this.clientCodeVerifier = clientCodeVerifier; } + +public String getNonce() { +return nonce; +} + +public void setNonce(String nonce) { +this.nonce = nonce; +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/29dbad4a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java index 0f05abd..4acc109 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java @@ -28,6 +28,7 @@ public class OAuthRedirectionState implements Serializable { private String state; private String proposedScope; private String audience; +private String nonce; private String clientCodeChallenge; public OAuthRedirectionState() { @@ -112,4 +113,14 @@ public class OAuthRedirectionState implements Serializable { public void setClientCodeChallenge(String clientCodeChallenge) { this.clientCodeChallenge = clientCodeChallenge; } + + +public String getNonce() { +return nonce; +} + + +public void setNonce(String nonce) { +this.nonce = nonce; +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/29dbad4a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java index a7126b4..1319cad 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration
cxf git commit: Making sure an implicit or code nonce is available to OAuthDataProviders
Repository: cxf Updated Branches: refs/heads/master 248c8f045 -> 4b0ba1a12 Making sure an implicit or code nonce is available to OAuthDataProviders Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4b0ba1a1 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4b0ba1a1 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4b0ba1a1 Branch: refs/heads/master Commit: 4b0ba1a1207ea1e73f08266e64ae42268b9f1797 Parents: 248c8f0 Author: Sergey Beryozkin Authored: Thu Nov 19 13:16:06 2015 + Committer: Sergey Beryozkin Committed: Thu Nov 19 13:16:06 2015 + -- .../security/oauth2/common/AccessTokenRegistration.java | 9 + .../rs/security/oauth2/common/OAuthRedirectionState.java | 11 +++ .../grants/code/AuthorizationCodeRegistration.java | 7 +++ .../oauth2/provider/JoseSessionTokenProvider.java| 7 +++ .../oauth2/services/AbstractImplicitGrantService.java| 1 + .../oauth2/services/AuthorizationCodeGrantService.java | 1 + .../oauth2/services/RedirectionBasedGrantService.java| 1 + .../cxf/rs/security/oauth2/utils/OAuthConstants.java | 1 + 8 files changed, 38 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/4b0ba1a1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java index b2641fc..db443da 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java @@ -31,6 +31,7 @@ public class AccessTokenRegistration { private String grantType; private UserSubject subject; private String audience; +private String nonce; private String clientCodeVerifier; /** @@ -129,5 +130,13 @@ public class AccessTokenRegistration { public void setClientCodeVerifier(String clientCodeVerifier) { this.clientCodeVerifier = clientCodeVerifier; } + +public String getNonce() { +return nonce; +} + +public void setNonce(String nonce) { +this.nonce = nonce; +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/4b0ba1a1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java index 0f05abd..4acc109 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthRedirectionState.java @@ -28,6 +28,7 @@ public class OAuthRedirectionState implements Serializable { private String state; private String proposedScope; private String audience; +private String nonce; private String clientCodeChallenge; public OAuthRedirectionState() { @@ -112,4 +113,14 @@ public class OAuthRedirectionState implements Serializable { public void setClientCodeChallenge(String clientCodeChallenge) { this.clientCodeChallenge = clientCodeChallenge; } + + +public String getNonce() { +return nonce; +} + + +public void setNonce(String nonce) { +this.nonce = nonce; +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/4b0ba1a1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java index a7126b4..1319cad 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeRegistration.java @@ -
cxf-fediz git commit: [FEDIZ-134] Making sure the id token is set on UserSubject if the implicit grant is used
Repository: cxf-fediz Updated Branches: refs/heads/master 22d7bdc04 -> 355dceb1d [FEDIZ-134] Making sure the id token is set on UserSubject if the implicit grant is used Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/355dceb1 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/355dceb1 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/355dceb1 Branch: refs/heads/master Commit: 355dceb1d2788dba9741fd683929c36d76bb3155 Parents: 22d7bdc Author: Sergey Beryozkin Authored: Thu Nov 19 11:02:19 2015 + Committer: Sergey Beryozkin Committed: Thu Nov 19 11:02:19 2015 + -- .../fediz/service/oidc/OAuthDataManager.java| 73 1 file changed, 43 insertions(+), 30 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/355dceb1/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java -- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java index 5e3ff4f..a207b17 100644 --- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java @@ -33,6 +33,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsUtils; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; +import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.grants.code.AbstractCodeDataProvider; import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; @@ -81,14 +82,7 @@ public class OAuthDataManager extends AbstractCodeDataProvider { // Grants @Override protected void saveCodeGrant(ServerAuthorizationCodeGrant grant) { -Principal principal = messageContext.getSecurityContext().getUserPrincipal(); - -if (principal instanceof FedizPrincipal) { -String joseIdToken = getJoseIdToken((FedizPrincipal)principal, grant.getClient()); -grant.getSubject().getProperties().put(OidcUtils.ID_TOKEN, joseIdToken); -} else { -throw new OAuthServiceException("Unsupported principal"); -} +createIdToken(grant.getClient(), grant.getSubject()); doSaveCodeGrant(grant); } @@ -96,24 +90,7 @@ public class OAuthDataManager extends AbstractCodeDataProvider { codeGrants.put(grant.getCode(), grant); } - -protected String getJoseIdToken(FedizPrincipal principal, Client client) { -IdToken idToken = tokenConverter.convertToIdToken(principal.getLoginToken(), - principal.getName(), - principal.getClaims(), - client.getClientId()); -JwsJwtCompactProducer p = new JwsJwtCompactProducer(idToken); -return p.signWith(getJwsSignatureProvider(client)); -// the JWS compact output may also need to be encrypted -} - -protected JwsSignatureProvider getJwsSignatureProvider(Client client) { -if (signIdTokenWithClientSecret && client.isConfidential()) { -return OAuthUtils.getClientSecretSignatureProvider(client.getClientSecret()); -} -return JwsUtils.loadSignatureProvider(true); - -} + @Override public ServerAuthorizationCodeGrant removeCodeGrant(String code) throws OAuthServiceException { @@ -123,6 +100,11 @@ public class OAuthDataManager extends AbstractCodeDataProvider { // Access Tokens @Override protected void saveAccessToken(ServerAccessToken token) { +createIdToken(token.getClient(), token.getSubject()); +doSaveAccessToken(token); +} + +protected void doSaveAccessToken(ServerAccessToken token) { accessTokens.put(token.getTokenKey(), token); } @@ -174,10 +156,6 @@ public class OAuthDataManager extends AbstractCodeDataProvider { this.messageContext = messageContext; } -public void setTokenConverter(SamlTokenConverter tokenConverter) { -this.tokenConverter = tokenConverter; -} - public void setScopes(Map scopes) { for (Map.Entry entry : scopes.entrySet()) { OAuthPermission permission = new OAuthPermission(entry.getKey(), entry.getValue()); @@ -188,6 +166,36 @@ public cl