svn commit: r974485 - in /websites/production/cxf/content: cache/docs.pageCache docs/message-logging.html

[buildbot]

Author: buildbot
Date: Fri Dec  4 07:47:30 2015
New Revision: 974485

Log:
Production update by buildbot for cxf

Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/message-logging.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/message-logging.html
==
--- websites/production/cxf/content/docs/message-logging.html (original)
+++ websites/production/cxf/content/docs/message-logging.html Fri Dec  4 
07:47:30 2015
@@ -117,19 +117,22 @@ Apache CXF -- Message Logging
  


-Since CXF 3.1 the message logging code was moved into a 
separate module and gathered some new features.Auto logging for 
existing CXF endpointsUses slf4j MDC to log meta data 
separatelyAdds meta data for Rest callsAdds MD5 message id 
and exchange id for correlationSimple interface for writing your own 
appendersManual UsageCXF 
LoggingFeature
+Since CXF 3.1 the message logging code was moved into a 
separate module and gathered some new features.Auto logging for 
existing CXF endpoints and clientsUses slf4j MDC to log meta data 
separatelyAdds meta data for Rest callsAdds MD5 message id 
and exchange id for correlationSimple interface for writing your own 
appendersManual UsageCXF 
LoggingFeature
 jaxws:endpoint ...
   jaxws:features
bean class="org.apache.cxf.ext.logging.LoggingFeature"/
   /jaxws:features
 /jaxws:endpoint
-The LoggingFeature can also be used with JAXRS Endpoints and 
can also be specified using the @Features annoation.Auto 
logging for existing CXF endpoints in Apache KarafTo use the message 
logging in karaf it needs to be installed as a feature. It can then be 
activated for all endpoints using a config.Logging feature in karaf
+The LoggingFeature can be used with JAXWS as well JAXRS 
Endpoints and Clients. It can also be specified using the @Features 
annotation.Slf4j MDC 
values for meta dataThis is the raw logging information you get for a 
SOAP call:FieldValue@timestamp2015-06-08T14:43:27,097ZMDC.addresshttp://localhost:8181/cxf/personService; 
rel="nofollow">http://localhost:8181/cxf/personServicehttp://MDC.bundle.id; 
rel="nofollow">MDC.bundle.id90http://MDC.bundle.name; rel="nofollow">MDC.bundle.nameorg.apache.cxf.cxf-rt-features-loggingMDC.bundle.version3.1.0MDC.content-typetext/xml; charset=UTF-8MDC.encodingUTF-8MDC.exchangeId56b037e3-d254-4fe5-8723-f442835fa128MDC.headers{content-type=text/xml; charset=UTF-8, 
connection=keep-alive, Host=localhost:8181, Content-Length=251, SOAPAction="", 
User-Agent=Apache CXF 3.1.0, Accept=*/*, Pragma=no-cache, 
Cache-Control=no-cache}MDC.httpMethodPOSTMDC.messageIda46eebd2-60af-4975-ba42-8b8205ac884cMDC.portNamePersonServiceImplPortMDC.portTypeNamePersonServiceMDC.serviceNamePersonServiceImplServiceMDC.typeREQ_INlevelINFOloc.classorg.apache.cxf.ext.logging.slf4j.Slf4jEventSenderloc.fileSlf4jEventSender.javaloc.line55loc.methodsendloggerClassorg.ops4j.pax.logging.slf4j.Slf4jLoggerloggerNameorg.apache.cxf.services.PersonService.REQ_INmessagesoap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/%22%3E%3Csoap:Body%3E%3Cns2:getAll;
 
rel="nofollow">http://schemas.xmlsoap.org/soap/envelope/"soap:Bodyns2:getAll
 xmlns:ns2="http://model.personservice.cxf.karaf.tutorial.lr.net/%22; 
rel="nofollow">http://model.personservice.cxf.karaf.tutorial.lr.net/;; 
xmlns:ns3="http://person.jms2rest.camel.karaf.tutorial.lr.net%22/%3E%3C/soap:Body%3E%3C/soap:Envelope%3E;
 rel="nofollow">http://person.jms2rest.camel
 
.karaf.tutorial.lr.net"//soap:Body/soap:Envelope;threadNameqtp80604361-78timeStamp1433774607097Some 
things to note:The logger name is service 
namespace.ServiceName.type karaf by default only cuts it to 
just the type.A lot of the details are in the MDC 
valuesYou need to change your pax logging config to make these 
visible.You can use the logger name to fine tune which services you want 
to log this way. For example set the debug level to WARN for noisy services to 
avoid that they are logged or log some services to another file.Message id and exchange 
idThe messageId allows to
  uniquely identify messages even if they were collected from several servers. 
It is also transported over the wire so a request sent on one machine can be 
correlated with the request received on another machine.The exchangeId 
will be the same for an incoming request and the response sent out or on the 
other side for an outgoing request and the response for it. This allows to 
correlate request and responses and so follow the conversations.Simple interface to 
write custom appendersWrite a custom https://github.com/apache/cxf/blob/master/rt/features/logging/src/main/java/org/apache/cxf/ext/logging/event/LogEventSender.java;
 

cxf git commit: Adding support for validating audiences for JWT tokens as well as supporting multiple audiences

[coheigea]

Repository: cxf
Updated Branches:
  refs/heads/master b18cc39a1 -> 3a6981463


Adding support for validating audiences for JWT tokens as well as supporting 
multiple audiences


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3a698146
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3a698146
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3a698146

Branch: refs/heads/master
Commit: 3a69814631980dc348be5859ca85e5acd100d189
Parents: b18cc39
Author: Colm O hEigeartaigh 
Authored: Thu Dec 3 12:30:10 2015 +
Committer: Colm O hEigeartaigh 
Committed: Thu Dec 3 12:55:02 2015 +

--
 .../jose/jaxrs/JwtAuthenticationFilter.java |  2 +-
 .../cxf/rs/security/jose/jwt/JwtClaims.java | 20 +--
 .../cxf/rs/security/jose/jwt/JwtUtils.java  | 31 -
 .../oauth2/grants/jwt/AbstractJwtHandler.java   |  5 +--
 .../oauth2/tokens/jwt/JwtAccessTokenUtils.java  | 35 +---
 .../oidc/rp/AbstractTokenValidator.java |  6 ++--
 .../cxf/rs/security/oidc/rp/IdTokenReader.java  |  3 ++
 .../cxf/rs/security/oidc/rp/UserInfoClient.java | 14 
 .../security/jose/jwt/JWTAlgorithmTest.java | 14 
 .../security/jose/jwt/JWTAuthnAuthzTest.java|  5 +++
 10 files changed, 98 insertions(+), 37 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/3a698146/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
--
diff --git 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
index 2dc6095..97c127d 100644
--- 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
+++ 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
@@ -96,7 +96,7 @@ public class JwtAuthenticationFilter extends 
AbstractJoseJwtConsumer implements
 
 @Override
 protected void validateToken(JwtToken jwt) {
-JwtUtils.validateTokenClaims(jwt.getClaims(), ttl, clockOffset);
+JwtUtils.validateTokenClaims(jwt.getClaims(), ttl, clockOffset, true);
 }
 
 public int getClockOffset() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/3a698146/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
index 6fcc85d..fe5b08a 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
@@ -19,6 +19,8 @@
 
 package org.apache.cxf.rs.security.jose.jwt;
 
+import java.util.Collections;
+import java.util.List;
 import java.util.Map;
 
 import org.apache.cxf.jaxrs.json.basic.JsonMapObject;
@@ -52,11 +54,23 @@ public class JwtClaims extends JsonMapObject {
 }
 
 public void setAudience(String audience) {
-setClaim(JwtConstants.CLAIM_AUDIENCE, audience);
+setAudiences(Collections.singletonList(audience));
 }
 
-public String getAudience() {
-return (String)getClaim(JwtConstants.CLAIM_AUDIENCE);
+public void setAudiences(List audiences) {
+setClaim(JwtConstants.CLAIM_AUDIENCE, audiences);
+}
+
+@SuppressWarnings("unchecked")
+public List getAudiences() {
+Object audiences = getClaim(JwtConstants.CLAIM_AUDIENCE);
+if (audiences instanceof List) {
+return (List)audiences;
+} else if (audiences instanceof String) {
+return Collections.singletonList((String)audiences);
+}
+
+return Collections.emptyList();
 }
 
 public void setExpiryTime(Long expiresIn) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/3a698146/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
index fa6989a..f07a071 100644
--- 

cxf-fediz git commit: Updating new clients keeping the resource owner subject and pulling the existing regs on the start up

[sergeyb]

Repository: cxf-fediz
Updated Branches:
  refs/heads/master 1b2c9a0bc -> 29530b63f


Updating new clients keeping the resource owner subject and pulling the 
existing regs on the start up


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/29530b63
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/29530b63
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/29530b63

Branch: refs/heads/master
Commit: 29530b63fd9af6a4aeb13b845f0ddd7af7aa8716
Parents: 1b2c9a0
Author: Sergey Beryozkin 
Authored: Thu Dec 3 12:56:34 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 12:56:34 2015 +

--
 .../service/oidc/ClientRegistrationService.java | 21 +++-
 .../main/webapp/WEB-INF/applicationContext.xml  | 11 +-
 2 files changed, 26 insertions(+), 6 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/29530b63/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
--
diff --git 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
index c663b09..d4269d7 100644
--- 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
+++ 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
@@ -39,6 +39,7 @@ import javax.ws.rs.core.SecurityContext;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
 @Path("/")
@@ -85,6 +86,9 @@ public class ClientRegistrationService {
 if (!StringUtils.isEmpty(redirectURI)) {
 newClient.setRedirectUris(Collections.singletonList(redirectURI));
 }
+String userName = sc.getUserPrincipal().getName();
+UserSubject userSubject = new UserSubject(userName);
+newClient.setResourceOwnerSubject(userSubject);
 
 return registerNewClient(newClient);
 }
@@ -108,7 +112,11 @@ public class ClientRegistrationService {
 }
 
 protected Collection getClientRegistrations() {
-String userName = sc.getUserPrincipal().getName();
+String userName = getUserName();
+return getClientRegistrations(userName);
+}
+
+protected Collection getClientRegistrations(String userName) {
 Collection userClientRegs = registrations.get(userName);
 if (userClientRegs == null) {
 userClientRegs = new HashSet();
@@ -117,6 +125,10 @@ public class ClientRegistrationService {
 return userClientRegs;
 }
 
+private String getUserName() {
+return sc.getUserPrincipal().getName();
+}
+
 public void setDataProvider(OAuthDataManager m) {
 this.manager = m;
 }
@@ -124,5 +136,12 @@ public class ClientRegistrationService {
 public void setHomeRealms(Map homeRealms) {
 this.homeRealms = homeRealms;
 }
+
+public void init() {
+for (Client c : manager.getClients()) {
+String userName = c.getResourceOwnerSubject().getLogin();
+getClientRegistrations(userName).add(c);
+}
+}
 }
 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/29530b63/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
--
diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml 
b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
index 420fd4f..6702a0b 100644
--- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
@@ -55,12 +55,13 @@
 
 
 
+
+ 
 
 
-

 
 
@@ -74,7 +75,7 @@
 
 
 
-
+


   

cxf git commit: Removing println

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 951644d9c -> 4a0122981


Removing println


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4a012298
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4a012298
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4a012298

Branch: refs/heads/3.1.x-fixes
Commit: 4a0122981d4cb208a2eb8d4cde6e006022e8a8de
Parents: 951644d
Author: Sergey Beryozkin 
Authored: Thu Dec 3 10:31:35 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 10:32:24 2015 +

--
 .../java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java | 2 --
 1 file changed, 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/4a012298/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
index f82ce92..78d827b 100644
--- 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
+++ 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
@@ -30,7 +30,6 @@ import org.apache.cxf.message.MessageImpl;
 import org.apache.cxf.rs.security.jose.common.JoseConstants;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
-import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
 import org.apache.cxf.rs.security.jose.jwk.KeyType;
 
 import org.junit.Assert;
@@ -49,7 +48,6 @@ public class JwsUtilsTest extends Assert {
 List keys = keySet.getRsaKeys();
 assertEquals(1, keys.size());
 JsonWebKey key = keys.get(0);
-System.out.println(JwkUtils.jwkKeyToJson(key));
 assertEquals(KeyType.RSA, key.getKeyType());
 assertEquals("alice", key.getKeyId());
 assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));

cxf git commit: Removing println

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/master 4379faa2f -> b18cc39a1


Removing println


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b18cc39a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b18cc39a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b18cc39a

Branch: refs/heads/master
Commit: b18cc39a165dac76a1bdd6b8dd1d87ce02acf635
Parents: 4379faa
Author: Sergey Beryozkin 
Authored: Thu Dec 3 10:31:35 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 10:31:35 2015 +

--
 .../java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java | 2 --
 1 file changed, 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/b18cc39a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
index f82ce92..78d827b 100644
--- 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
+++ 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
@@ -30,7 +30,6 @@ import org.apache.cxf.message.MessageImpl;
 import org.apache.cxf.rs.security.jose.common.JoseConstants;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
-import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
 import org.apache.cxf.rs.security.jose.jwk.KeyType;
 
 import org.junit.Assert;
@@ -49,7 +48,6 @@ public class JwsUtilsTest extends Assert {
 List keys = keySet.getRsaKeys();
 assertEquals(1, keys.size());
 JsonWebKey key = keys.get(0);
-System.out.println(JwkUtils.jwkKeyToJson(key));
 assertEquals(KeyType.RSA, key.getKeyType());
 assertEquals("alice", key.getKeyId());
 assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));

cxf git commit: Adding a jws test for loading a publik key from JKS

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 50138677d -> 951644d9c


Adding a jws test for loading a publik key from JKS


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/951644d9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/951644d9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/951644d9

Branch: refs/heads/3.1.x-fixes
Commit: 951644d9c18634e1a552f36c7492b3baab11d04b
Parents: 5013867
Author: Sergey Beryozkin 
Authored: Thu Dec 3 10:27:59 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 10:29:05 2015 +

--
 .../cxf/rs/security/jose/jws/JwsUtilsTest.java  |  68 +++
 .../apache/cxf/rs/security/jose/jws/alice.jks   | Bin 0 -> 4125 bytes
 2 files changed, 68 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/951644d9/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
new file mode 100644
index 000..f82ce92
--- /dev/null
+++ 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jws;
+
+import java.util.List;
+import java.util.Properties;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.message.ExchangeImpl;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.rs.security.jose.common.JoseConstants;
+import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
+import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
+import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
+import org.apache.cxf.rs.security.jose.jwk.KeyType;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class JwsUtilsTest extends Assert {
+@Test
+public void testLoadVerificationKeys() throws Exception {
+Properties p = new Properties();
+p.put(JoseConstants.RSSEC_KEY_STORE_FILE, 
+"org/apache/cxf/rs/security/jose/jws/alice.jks");
+p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password");
+p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice");
+JsonWebKeys keySet = 
JwsUtils.loadPublicVerificationKeys(createMessage(), p);
+assertEquals(1, keySet.asMap().size());
+List keys = keySet.getRsaKeys();
+assertEquals(1, keys.size());
+JsonWebKey key = keys.get(0);
+System.out.println(JwkUtils.jwkKeyToJson(key));
+assertEquals(KeyType.RSA, key.getKeyType());
+assertEquals("alice", key.getKeyId());
+assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));
+assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS));
+assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP));
+}
+
+private Message createMessage() {
+Message m = new MessageImpl();
+Exchange e = new ExchangeImpl();
+e.put(Bus.class, BusFactory.getThreadDefaultBus());
+m.setExchange(e);
+e.setInMessage(m);
+return m;
+}
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/951644d9/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/alice.jks
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/alice.jks
 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/alice.jks
new file mode 100644
index 000..213b26c
Binary files /dev/null and 

cxf git commit: Adding a jws test for loading a publik key from JKS

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/master 5e9e7f4e2 -> 4379faa2f


Adding a jws test for loading a publik key from JKS


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4379faa2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4379faa2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4379faa2

Branch: refs/heads/master
Commit: 4379faa2f9ec995f7242661dbe9c5935ff83c0da
Parents: 5e9e7f4
Author: Sergey Beryozkin 
Authored: Thu Dec 3 10:27:59 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 10:27:59 2015 +

--
 .../cxf/rs/security/jose/jws/JwsUtilsTest.java  |  68 +++
 .../apache/cxf/rs/security/jose/jws/alice.jks   | Bin 0 -> 4125 bytes
 2 files changed, 68 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/4379faa2/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
new file mode 100644
index 000..f82ce92
--- /dev/null
+++ 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jws;
+
+import java.util.List;
+import java.util.Properties;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.message.ExchangeImpl;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.rs.security.jose.common.JoseConstants;
+import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
+import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
+import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
+import org.apache.cxf.rs.security.jose.jwk.KeyType;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class JwsUtilsTest extends Assert {
+@Test
+public void testLoadVerificationKeys() throws Exception {
+Properties p = new Properties();
+p.put(JoseConstants.RSSEC_KEY_STORE_FILE, 
+"org/apache/cxf/rs/security/jose/jws/alice.jks");
+p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password");
+p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice");
+JsonWebKeys keySet = 
JwsUtils.loadPublicVerificationKeys(createMessage(), p);
+assertEquals(1, keySet.asMap().size());
+List keys = keySet.getRsaKeys();
+assertEquals(1, keys.size());
+JsonWebKey key = keys.get(0);
+System.out.println(JwkUtils.jwkKeyToJson(key));
+assertEquals(KeyType.RSA, key.getKeyType());
+assertEquals("alice", key.getKeyId());
+assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));
+assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS));
+assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP));
+}
+
+private Message createMessage() {
+Message m = new MessageImpl();
+Exchange e = new ExchangeImpl();
+e.put(Bus.class, BusFactory.getThreadDefaultBus());
+m.setExchange(e);
+e.setInMessage(m);
+return m;
+}
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/4379faa2/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/alice.jks
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/alice.jks
 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/alice.jks
new file mode 100644
index 000..213b26c
Binary files /dev/null and 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/alice.jks
 

[2/2] cxf git commit: Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/cxf

[sergeyb]

Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/cxf


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8006d4c4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8006d4c4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8006d4c4

Branch: refs/heads/master
Commit: 8006d4c4a7fc709993ab66cc2656f1cb6094281d
Parents: f37b8fc 70298ef
Author: Sergey Beryozkin 
Authored: Thu Dec 3 13:49:58 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 13:49:58 2015 +

--
 .../cxf/jaxrs/swagger/JaxRs2Extension.java  | 89 +++-
 .../cxf/tools/fortest/headers/SomeHeaders.java  | 39 +
 .../internal/jaxws/JaxwsServiceBuilderTest.java | 15 
 .../jaxws/expected/expected_someheaders.wsdl| 63 ++
 4 files changed, 204 insertions(+), 2 deletions(-)
--

[1/2] cxf git commit: Removing the obsolete JwtClaims.setAudience as agreed with Colm

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/master 70298efb5 -> 8006d4c4a


Removing the obsolete JwtClaims.setAudience as agreed with Colm


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f37b8fcf
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f37b8fcf
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f37b8fcf

Branch: refs/heads/master
Commit: f37b8fcf706bbaf1c0466e093a5bbf75d9a4dda2
Parents: 3a69814
Author: Sergey Beryozkin 
Authored: Thu Dec 3 13:49:38 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 13:49:38 2015 +

--
 .../cxf/rs/security/jose/jwt/JwtClaims.java | 10 ++
 .../jose/jws/JwsCompactReaderWriterTest.java|  3 +-
 .../oidc/idp/IdTokenResponseFilter.java |  4 ++-
 .../rs/security/oidc/idp/UserInfoService.java   |  4 ++-
 .../oidc/rp/AbstractTokenValidator.java |  5 +--
 .../cxf/rs/security/oidc/rp/IdTokenReader.java  |  3 --
 .../provider/jwt/DefaultJWTClaimsProvider.java  |  8 ++---
 .../security/jose/jwt/JWTAlgorithmTest.java | 34 
 .../security/jose/jwt/JWTAuthnAuthzTest.java| 16 ++---
 9 files changed, 47 insertions(+), 40 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/f37b8fcf/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
index fe5b08a..a3c77b9 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
@@ -23,6 +23,7 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.jaxrs.json.basic.JsonMapObject;
 
 
@@ -53,24 +54,19 @@ public class JwtClaims extends JsonMapObject {
 return (String)getClaim(JwtConstants.CLAIM_SUBJECT);
 }
 
-public void setAudience(String audience) {
-setAudiences(Collections.singletonList(audience));
-}
-
 public void setAudiences(List audiences) {
 setClaim(JwtConstants.CLAIM_AUDIENCE, audiences);
 }
 
-@SuppressWarnings("unchecked")
 public List getAudiences() {
 Object audiences = getClaim(JwtConstants.CLAIM_AUDIENCE);
 if (audiences instanceof List) {
-return (List)audiences;
+return CastUtils.cast((List)audiences);
 } else if (audiences instanceof String) {
 return Collections.singletonList((String)audiences);
 }
 
-return Collections.emptyList();
+return null;
 }
 
 public void setExpiryTime(Long expiresIn) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/f37b8fcf/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
index 9554dde..e1855ea 100644
--- 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
+++ 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
@@ -24,6 +24,7 @@ import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
 import java.security.interfaces.RSAPublicKey;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
@@ -142,7 +143,7 @@ public class JwsCompactReaderWriterTest extends Assert {
 JwtClaims claims = new JwtClaims();
 claims.setIssuer("https://jwt-idp.example.com;);
 claims.setSubject("mailto:m...@example.com;);
-claims.setAudience("https://jwt-rp.example.net;);
+
claims.setAudiences(Collections.singletonList("https://jwt-rp.example.net;));
 claims.setNotBefore(1300815780L);
 claims.setExpiryTime(1300819380L);
 claims.setClaim("http://claims.example.com/member;, true);

http://git-wip-us.apache.org/repos/asf/cxf/blob/f37b8fcf/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java

cxf git commit: add another wsdl generation test case for parameters with multiple headers

[ay]

Repository: cxf
Updated Branches:
  refs/heads/master 3a6981463 -> 1f608e3e3


add another wsdl generation test case for parameters with multiple headers


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1f608e3e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1f608e3e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1f608e3e

Branch: refs/heads/master
Commit: 1f608e3e36270aef1873cb57d2b63abb5a3df951
Parents: 3a69814
Author: Akitoshi Yoshida 
Authored: Thu Dec 3 12:37:26 2015 +0100
Committer: Akitoshi Yoshida 
Committed: Thu Dec 3 14:13:30 2015 +0100

--
 .../cxf/tools/fortest/headers/SomeHeaders.java  | 39 
 .../internal/jaxws/JaxwsServiceBuilderTest.java | 15 +
 .../jaxws/expected/expected_someheaders.wsdl| 63 
 3 files changed, 117 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/1f608e3e/tools/javato/ws/src/test/java/org/apache/cxf/tools/fortest/headers/SomeHeaders.java
--
diff --git 
a/tools/javato/ws/src/test/java/org/apache/cxf/tools/fortest/headers/SomeHeaders.java
 
b/tools/javato/ws/src/test/java/org/apache/cxf/tools/fortest/headers/SomeHeaders.java
new file mode 100644
index 000..acf879d
--- /dev/null
+++ 
b/tools/javato/ws/src/test/java/org/apache/cxf/tools/fortest/headers/SomeHeaders.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.tools.fortest.headers;
+
+
+import javax.jws.WebMethod;
+import javax.jws.WebParam;
+import javax.jws.WebResult;
+import javax.jws.WebService;
+
+@WebService(targetNamespace = "http://apache.org/cxf/test;, name = 
"SomeHeaders")
+public interface SomeHeaders {
+
+// using four parameters where two being headers
+@WebMethod()
+@WebResult (name = "someHeadersResponse") 
+String hello(
+ @WebParam(name = "body1") String body1,
+ @WebParam(name = "body2") String body2,
+ @WebParam(header = true, name = "header1") String header1,
+ @WebParam(header = true, name = "header2") String header2);
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/1f608e3e/tools/javato/ws/src/test/java/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/JaxwsServiceBuilderTest.java
--
diff --git 
a/tools/javato/ws/src/test/java/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/JaxwsServiceBuilderTest.java
 
b/tools/javato/ws/src/test/java/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/JaxwsServiceBuilderTest.java
index f49aaae..a97c3ea 100644
--- 
a/tools/javato/ws/src/test/java/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/JaxwsServiceBuilderTest.java
+++ 
b/tools/javato/ws/src/test/java/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/JaxwsServiceBuilderTest.java
@@ -259,6 +259,21 @@ public class JaxwsServiceBuilderTest extends 
ProcessorTestBase {
 assertWsdlEquals(new File(expectedFile), file);
 }
 
+@Test
+public void testMultipleHeaders() throws Exception {
+
builder.setServiceClass(org.apache.cxf.tools.fortest.headers.SomeHeaders.class);
+ServiceInfo service = builder.createService();
+
+generator.setServiceModel(service);
+File output = getOutputFile("someheaders.wsdl");
+assertNotNull(output);
+generator.generate(output);
+assertTrue(output.exists());
+
+URI expectedFile = 
this.getClass().getResource("expected/expected_someheaders.wsdl").toURI();
+assertWsdlEquals(new File(expectedFile), output);
+}
+
 // TODO: assertFileEquals
 @Test
 public void testCXF188() throws Exception {

http://git-wip-us.apache.org/repos/asf/cxf/blob/1f608e3e/tools/javato/ws/src/test/resources/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/expected/expected_someheaders.wsdl

cxf git commit: Preserving the original logic

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/master 8006d4c4a -> 06ab79005


Preserving the original logic


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/06ab7900
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/06ab7900
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/06ab7900

Branch: refs/heads/master
Commit: 06ab79005b9eb296cba08bf22733a6a8a4f7a805
Parents: 8006d4c
Author: Sergey Beryozkin 
Authored: Thu Dec 3 13:52:37 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 13:52:37 2015 +

--
 .../cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java| 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/06ab7900/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
--
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
index 9eb215b..faf353a 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
@@ -263,8 +263,9 @@ public class DefaultJWTClaimsProvider implements 
JWTClaimsProvider {
 }
 }
 }
-
-claims.setAudiences(audiences);
+if (!audiences.isEmpty()) {
+claims.setAudiences(audiences);
+}
 
 }
 

[1/2] cxf git commit: Preserving the original logic

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 21bbc3862 -> 564e9a692


Preserving the original logic


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/564e9a69
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/564e9a69
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/564e9a69

Branch: refs/heads/3.1.x-fixes
Commit: 564e9a6926f7b41982350e796d55bf8c371b912d
Parents: 9fe5435
Author: Sergey Beryozkin 
Authored: Thu Dec 3 13:52:37 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 14:22:41 2015 +

--
 .../cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java| 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/564e9a69/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
--
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
index 9eb215b..faf353a 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/DefaultJWTClaimsProvider.java
@@ -263,8 +263,9 @@ public class DefaultJWTClaimsProvider implements 
JWTClaimsProvider {
 }
 }
 }
-
-claims.setAudiences(audiences);
+if (!audiences.isEmpty()) {
+claims.setAudiences(audiences);
+}
 
 }
 

cxf git commit: Keeping IdToken and UserInfo as siblings as opposed to parent-child

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 564e9a692 -> 27cdfbd4b


Keeping IdToken and UserInfo as siblings as opposed to parent-child


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/27cdfbd4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/27cdfbd4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/27cdfbd4

Branch: refs/heads/3.1.x-fixes
Commit: 27cdfbd4bb5226c00bf701e38e46b52c5b5678b5
Parents: 564e9a6
Author: Sergey Beryozkin 
Authored: Thu Dec 3 14:15:15 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 14:23:40 2015 +

--
 .../security/oidc/common/AbstractUserInfo.java  | 178 +++
 .../cxf/rs/security/oidc/common/IdToken.java|   2 +-
 .../cxf/rs/security/oidc/common/UserInfo.java   | 146 +--
 3 files changed, 180 insertions(+), 146 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/27cdfbd4/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/AbstractUserInfo.java
--
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/AbstractUserInfo.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/AbstractUserInfo.java
new file mode 100644
index 000..426b1ed
--- /dev/null
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/AbstractUserInfo.java
@@ -0,0 +1,178 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.common;
+
+import java.util.Map;
+
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+
+public abstract class AbstractUserInfo extends JwtClaims {
+public static final String NAME_CLAIM = "name";
+public static final String GIVEN_NAME_CLAIM = "given_name";
+public static final String FAMILY_NAME_CLAIM = "family_name";
+public static final String MIDDLE_NAME_CLAIM = "middle_name";
+public static final String NICKNAME_CLAIM = "nickname";
+public static final String PREFERRED_USERNAME_CLAIM = "preferred_username";
+public static final String PROFILE_CLAIM = "profile";
+public static final String PICTURE_CLAIM = "picture";
+public static final String WEBSITE_CLAIM = "website";
+public static final String EMAIL_CLAIM = "email";
+public static final String EMAIL_VERIFIED_CLAIM = "email_verified";
+public static final String GENDER_CLAIM = "gender";
+public static final String ZONEINFO_CLAIM = "zoneinfo";
+public static final String LOCALE_CLAIM = "locale";
+public static final String BIRTHDATE_CLAIM = "birthdate";
+public static final String PHONE_CLAIM = "phone_number";
+public static final String PHONE_VERIFIED_CLAIM = "phone_number_verified";
+public static final String ADDRESS_CLAIM = "address";
+public static final String UPDATED_AT_CLAIM = "updated_at";
+public AbstractUserInfo() {
+}
+public AbstractUserInfo(JwtClaims claims) {
+this(claims.asMap());
+}
+public AbstractUserInfo(Map claims) {
+super(claims);
+}
+
+public void setName(String name) {
+setProperty(NAME_CLAIM, name);
+}
+public String getName() {
+return (String)getProperty(NAME_CLAIM);
+}
+public void setGivenName(String name) {
+setProperty(GIVEN_NAME_CLAIM, name);
+}
+public String getGivenName() {
+return (String)getProperty(GIVEN_NAME_CLAIM);
+}
+public void setFamilyName(String name) {
+setProperty(FAMILY_NAME_CLAIM, name);
+}
+public String getFamilyName() {
+return (String)getProperty(FAMILY_NAME_CLAIM);
+}
+public void setMiddleName(String name) {
+setProperty(MIDDLE_NAME_CLAIM, name);
+}
+public String getMiddleName() {
+return (String)getProperty(MIDDLE_NAME_CLAIM);
+}
+public void setNickName(String 

cxf git commit: add another wsdl generation test case for parameters with multiple headers

[ay]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 4a0122981 -> 45e0f05ed


add another wsdl generation test case for parameters with multiple headers


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/45e0f05e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/45e0f05e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/45e0f05e

Branch: refs/heads/3.1.x-fixes
Commit: 45e0f05ed5b29a33424d6f502db08dfc3898d0f0
Parents: 4a01229
Author: Akitoshi Yoshida 
Authored: Thu Dec 3 12:37:26 2015 +0100
Committer: Akitoshi Yoshida 
Committed: Thu Dec 3 14:15:28 2015 +0100

--
 .../cxf/tools/fortest/headers/SomeHeaders.java  | 39 
 .../internal/jaxws/JaxwsServiceBuilderTest.java | 15 +
 .../jaxws/expected/expected_someheaders.wsdl| 63 
 3 files changed, 117 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/45e0f05e/tools/javato/ws/src/test/java/org/apache/cxf/tools/fortest/headers/SomeHeaders.java
--
diff --git 
a/tools/javato/ws/src/test/java/org/apache/cxf/tools/fortest/headers/SomeHeaders.java
 
b/tools/javato/ws/src/test/java/org/apache/cxf/tools/fortest/headers/SomeHeaders.java
new file mode 100644
index 000..acf879d
--- /dev/null
+++ 
b/tools/javato/ws/src/test/java/org/apache/cxf/tools/fortest/headers/SomeHeaders.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.tools.fortest.headers;
+
+
+import javax.jws.WebMethod;
+import javax.jws.WebParam;
+import javax.jws.WebResult;
+import javax.jws.WebService;
+
+@WebService(targetNamespace = "http://apache.org/cxf/test;, name = 
"SomeHeaders")
+public interface SomeHeaders {
+
+// using four parameters where two being headers
+@WebMethod()
+@WebResult (name = "someHeadersResponse") 
+String hello(
+ @WebParam(name = "body1") String body1,
+ @WebParam(name = "body2") String body2,
+ @WebParam(header = true, name = "header1") String header1,
+ @WebParam(header = true, name = "header2") String header2);
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/45e0f05e/tools/javato/ws/src/test/java/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/JaxwsServiceBuilderTest.java
--
diff --git 
a/tools/javato/ws/src/test/java/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/JaxwsServiceBuilderTest.java
 
b/tools/javato/ws/src/test/java/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/JaxwsServiceBuilderTest.java
index f49aaae..a97c3ea 100644
--- 
a/tools/javato/ws/src/test/java/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/JaxwsServiceBuilderTest.java
+++ 
b/tools/javato/ws/src/test/java/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/JaxwsServiceBuilderTest.java
@@ -259,6 +259,21 @@ public class JaxwsServiceBuilderTest extends 
ProcessorTestBase {
 assertWsdlEquals(new File(expectedFile), file);
 }
 
+@Test
+public void testMultipleHeaders() throws Exception {
+
builder.setServiceClass(org.apache.cxf.tools.fortest.headers.SomeHeaders.class);
+ServiceInfo service = builder.createService();
+
+generator.setServiceModel(service);
+File output = getOutputFile("someheaders.wsdl");
+assertNotNull(output);
+generator.generate(output);
+assertTrue(output.exists());
+
+URI expectedFile = 
this.getClass().getResource("expected/expected_someheaders.wsdl").toURI();
+assertWsdlEquals(new File(expectedFile), output);
+}
+
 // TODO: assertFileEquals
 @Test
 public void testCXF188() throws Exception {

http://git-wip-us.apache.org/repos/asf/cxf/blob/45e0f05e/tools/javato/ws/src/test/resources/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/expected/expected_someheaders.wsdl

[2/3] cxf git commit: Handling bean validation annotations for @BeanParam fields

[ilgrosso]

Handling bean validation annotations for @BeanParam fields


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/70298efb
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/70298efb
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/70298efb

Branch: refs/heads/master
Commit: 70298efb50b53480b4030f8ff852d0e822dc0616
Parents: 1f608e3
Author: Francesco Chicchiriccò 
Authored: Thu Dec 3 14:30:45 2015 +0100
Committer: Francesco Chicchiriccò 
Committed: Thu Dec 3 14:31:41 2015 +0100

--
 .../cxf/jaxrs/swagger/JaxRs2Extension.java  | 89 +++-
 1 file changed, 87 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/70298efb/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/swagger/JaxRs2Extension.java
--
diff --git 
a/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/swagger/JaxRs2Extension.java
 
b/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/swagger/JaxRs2Extension.java
index 3c8ae95..b89a5e9 100644
--- 
a/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/swagger/JaxRs2Extension.java
+++ 
b/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/swagger/JaxRs2Extension.java
@@ -21,9 +21,18 @@ package org.apache.cxf.jaxrs.swagger;
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Type;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
+import javax.validation.constraints.DecimalMax;
+import javax.validation.constraints.DecimalMin;
+import javax.validation.constraints.Max;
+import javax.validation.constraints.Min;
+import javax.validation.constraints.NotNull;
+import javax.validation.constraints.Pattern;
+import javax.validation.constraints.Size;
 import javax.ws.rs.BeanParam;
 import javax.ws.rs.MatrixParam;
 
@@ -38,6 +47,7 @@ import io.swagger.jaxrs.ext.AbstractSwaggerExtension;
 import io.swagger.jaxrs.ext.SwaggerExtension;
 import io.swagger.jaxrs.ext.SwaggerExtensions;
 import io.swagger.models.parameters.Parameter;
+import io.swagger.models.properties.AbstractNumericProperty;
 import io.swagger.models.properties.ArrayProperty;
 import io.swagger.models.properties.Property;
 import io.swagger.models.properties.RefProperty;
@@ -115,6 +125,7 @@ public class JaxRs2Extension extends 
AbstractSwaggerExtension {
 // since downstream processors won't know how to 
introspect @BeanParam, process here
 for (Parameter param : extracted) {
 if (ParameterProcessor.applyAnnotations(null, param, 
paramType, paramAnnotations) != null) {
+applyBeanValidatorAnnotations(param, 
paramAnnotations);
 parameters.add(param);
 }
 }
@@ -130,11 +141,11 @@ public class JaxRs2Extension extends 
AbstractSwaggerExtension {
 return parameters;
 }
 
-private Property createProperty(Type type) {
+private Property createProperty(final Type type) {
 return 
enforcePrimitive(ModelConverters.getInstance().readAsProperty(type), 0);
 }
 
-private Property enforcePrimitive(Property in, int level) {
+private Property enforcePrimitive(final Property in, final int level) {
 if (in instanceof RefProperty) {
 return new StringProperty();
 }
@@ -148,4 +159,78 @@ public class JaxRs2Extension extends 
AbstractSwaggerExtension {
 }
 return in;
 }
+
+/**
+ * This is essentially a duplicate of {@link 
io.swagger.jackson.ModelResolver.applyBeanValidatorAnnotations}.
+ *
+ * @param property
+ * @param annotations
+ */
+private void applyBeanValidatorAnnotations(final Parameter property, final 
List annotations) {
+Map annos = new HashMap<>();
+if (annotations != null) {
+for (Annotation annotation : annotations) {
+annos.put(annotation.annotationType().getName(), annotation);
+}
+}
+if (annos.containsKey(NotNull.class.getName())) {
+property.setRequired(true);
+}
+if (annos.containsKey(Min.class.getName()) && property instanceof 
AbstractNumericProperty) {
+Min min = (Min) annos.get(Min.class.getName());
+AbstractNumericProperty ap = (AbstractNumericProperty) property;
+ap.setMinimum(new Double(min.value()));
+}
+if (annos.containsKey(Max.class.getName()) && property instanceof 
AbstractNumericProperty) {
+Max max = (Max) annos.get(Max.class.getName());
+AbstractNumericProperty ap = 

[3/3] cxf git commit: [CXF-6695] Handling bean validation annotations for @BeanParam fields

[ilgrosso]

[CXF-6695] Handling bean validation annotations for @BeanParam fields


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b1ab9e91
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b1ab9e91
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b1ab9e91

Branch: refs/heads/3.0.x-fixes
Commit: b1ab9e914193495b2301b5b1d85d7a47fc2cb81e
Parents: ace4d32
Author: Francesco Chicchiriccò 
Authored: Thu Dec 3 14:34:30 2015 +0100
Committer: Francesco Chicchiriccò 
Committed: Thu Dec 3 14:34:30 2015 +0100

--
 .../cxf/jaxrs/swagger/JaxRs2Extension.java  | 89 +++-
 1 file changed, 87 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/b1ab9e91/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/swagger/JaxRs2Extension.java
--
diff --git 
a/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/swagger/JaxRs2Extension.java
 
b/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/swagger/JaxRs2Extension.java
index 55054da..bba367f 100644
--- 
a/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/swagger/JaxRs2Extension.java
+++ 
b/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/swagger/JaxRs2Extension.java
@@ -21,9 +21,18 @@ package org.apache.cxf.jaxrs.swagger;
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Type;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
+import javax.validation.constraints.DecimalMax;
+import javax.validation.constraints.DecimalMin;
+import javax.validation.constraints.Max;
+import javax.validation.constraints.Min;
+import javax.validation.constraints.NotNull;
+import javax.validation.constraints.Pattern;
+import javax.validation.constraints.Size;
 import javax.ws.rs.BeanParam;
 import javax.ws.rs.MatrixParam;
 
@@ -38,6 +47,7 @@ import io.swagger.jaxrs.ext.AbstractSwaggerExtension;
 import io.swagger.jaxrs.ext.SwaggerExtension;
 import io.swagger.jaxrs.ext.SwaggerExtensions;
 import io.swagger.models.parameters.Parameter;
+import io.swagger.models.properties.AbstractNumericProperty;
 import io.swagger.models.properties.ArrayProperty;
 import io.swagger.models.properties.Property;
 import io.swagger.models.properties.RefProperty;
@@ -115,6 +125,7 @@ public class JaxRs2Extension extends 
AbstractSwaggerExtension {
 // since downstream processors won't know how to 
introspect @BeanParam, process here
 for (Parameter param : extracted) {
 if (ParameterProcessor.applyAnnotations(null, param, 
paramType, paramAnnotations) != null) {
+applyBeanValidatorAnnotations(param, 
paramAnnotations);
 parameters.add(param);
 }
 }
@@ -130,11 +141,11 @@ public class JaxRs2Extension extends 
AbstractSwaggerExtension {
 return parameters;
 }
 
-private Property createProperty(Type type) {
+private Property createProperty(final Type type) {
 return 
enforcePrimitive(ModelConverters.getInstance().readAsProperty(type), 0);
 }
 
-private Property enforcePrimitive(Property in, int level) {
+private Property enforcePrimitive(final Property in, final int level) {
 if (in instanceof RefProperty) {
 return new StringProperty();
 }
@@ -148,4 +159,78 @@ public class JaxRs2Extension extends 
AbstractSwaggerExtension {
 }
 return in;
 }
+
+/**
+ * This is essentially a duplicate of {@link 
io.swagger.jackson.ModelResolver.applyBeanValidatorAnnotations}.
+ *
+ * @param property
+ * @param annotations
+ */
+private void applyBeanValidatorAnnotations(final Parameter property, final 
List annotations) {
+Map annos = new HashMap();
+if (annotations != null) {
+for (Annotation annotation : annotations) {
+annos.put(annotation.annotationType().getName(), annotation);
+}
+}
+if (annos.containsKey(NotNull.class.getName())) {
+property.setRequired(true);
+}
+if (annos.containsKey(Min.class.getName()) && property instanceof 
AbstractNumericProperty) {
+Min min = (Min) annos.get(Min.class.getName());
+AbstractNumericProperty ap = (AbstractNumericProperty) property;
+ap.setMinimum(new Double(min.value()));
+}
+if (annos.containsKey(Max.class.getName()) && property instanceof 
AbstractNumericProperty) {
+Max max = (Max) annos.get(Max.class.getName());
+

[1/3] cxf git commit: [CXF-6695] Handling bean validation annotations for @BeanParam fields

[ilgrosso]

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes ace4d3200 -> b1ab9e914
  refs/heads/3.1.x-fixes 45e0f05ed -> d4841e0b7
  refs/heads/master 1f608e3e3 -> 70298efb5


[CXF-6695] Handling bean validation annotations for @BeanParam fields


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d4841e0b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d4841e0b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d4841e0b

Branch: refs/heads/3.1.x-fixes
Commit: d4841e0b7167685d50416317c19675fa386a53e9
Parents: 45e0f05
Author: Francesco Chicchiriccò 
Authored: Thu Dec 3 14:30:45 2015 +0100
Committer: Francesco Chicchiriccò 
Committed: Thu Dec 3 14:31:19 2015 +0100

--
 .../cxf/jaxrs/swagger/JaxRs2Extension.java  | 89 +++-
 1 file changed, 87 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/d4841e0b/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/swagger/JaxRs2Extension.java
--
diff --git 
a/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/swagger/JaxRs2Extension.java
 
b/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/swagger/JaxRs2Extension.java
index 3c8ae95..b89a5e9 100644
--- 
a/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/swagger/JaxRs2Extension.java
+++ 
b/rt/rs/description/src/main/java/org/apache/cxf/jaxrs/swagger/JaxRs2Extension.java
@@ -21,9 +21,18 @@ package org.apache.cxf.jaxrs.swagger;
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Type;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
+import javax.validation.constraints.DecimalMax;
+import javax.validation.constraints.DecimalMin;
+import javax.validation.constraints.Max;
+import javax.validation.constraints.Min;
+import javax.validation.constraints.NotNull;
+import javax.validation.constraints.Pattern;
+import javax.validation.constraints.Size;
 import javax.ws.rs.BeanParam;
 import javax.ws.rs.MatrixParam;
 
@@ -38,6 +47,7 @@ import io.swagger.jaxrs.ext.AbstractSwaggerExtension;
 import io.swagger.jaxrs.ext.SwaggerExtension;
 import io.swagger.jaxrs.ext.SwaggerExtensions;
 import io.swagger.models.parameters.Parameter;
+import io.swagger.models.properties.AbstractNumericProperty;
 import io.swagger.models.properties.ArrayProperty;
 import io.swagger.models.properties.Property;
 import io.swagger.models.properties.RefProperty;
@@ -115,6 +125,7 @@ public class JaxRs2Extension extends 
AbstractSwaggerExtension {
 // since downstream processors won't know how to 
introspect @BeanParam, process here
 for (Parameter param : extracted) {
 if (ParameterProcessor.applyAnnotations(null, param, 
paramType, paramAnnotations) != null) {
+applyBeanValidatorAnnotations(param, 
paramAnnotations);
 parameters.add(param);
 }
 }
@@ -130,11 +141,11 @@ public class JaxRs2Extension extends 
AbstractSwaggerExtension {
 return parameters;
 }
 
-private Property createProperty(Type type) {
+private Property createProperty(final Type type) {
 return 
enforcePrimitive(ModelConverters.getInstance().readAsProperty(type), 0);
 }
 
-private Property enforcePrimitive(Property in, int level) {
+private Property enforcePrimitive(final Property in, final int level) {
 if (in instanceof RefProperty) {
 return new StringProperty();
 }
@@ -148,4 +159,78 @@ public class JaxRs2Extension extends 
AbstractSwaggerExtension {
 }
 return in;
 }
+
+/**
+ * This is essentially a duplicate of {@link 
io.swagger.jackson.ModelResolver.applyBeanValidatorAnnotations}.
+ *
+ * @param property
+ * @param annotations
+ */
+private void applyBeanValidatorAnnotations(final Parameter property, final 
List annotations) {
+Map annos = new HashMap<>();
+if (annotations != null) {
+for (Annotation annotation : annotations) {
+annos.put(annotation.annotationType().getName(), annotation);
+}
+}
+if (annos.containsKey(NotNull.class.getName())) {
+property.setRequired(true);
+}
+if (annos.containsKey(Min.class.getName()) && property instanceof 
AbstractNumericProperty) {
+Min min = (Min) annos.get(Min.class.getName());
+AbstractNumericProperty ap = (AbstractNumericProperty) property;
+ap.setMinimum(new Double(min.value()));
+}
+if 

cxf git commit: Keeping IdToken and UserInfo as siblings as opposed to parent-child

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/master 06ab79005 -> c352e1c56


Keeping IdToken and UserInfo as siblings as opposed to parent-child


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c352e1c5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c352e1c5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c352e1c5

Branch: refs/heads/master
Commit: c352e1c5642a78251000cc230dc173f392fa6ffa
Parents: 06ab790
Author: Sergey Beryozkin 
Authored: Thu Dec 3 14:15:15 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 14:15:15 2015 +

--
 .../security/oidc/common/AbstractUserInfo.java  | 178 +++
 .../cxf/rs/security/oidc/common/IdToken.java|   2 +-
 .../cxf/rs/security/oidc/common/UserInfo.java   | 146 +--
 3 files changed, 180 insertions(+), 146 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/c352e1c5/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/AbstractUserInfo.java
--
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/AbstractUserInfo.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/AbstractUserInfo.java
new file mode 100644
index 000..426b1ed
--- /dev/null
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/common/AbstractUserInfo.java
@@ -0,0 +1,178 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oidc.common;
+
+import java.util.Map;
+
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
+
+public abstract class AbstractUserInfo extends JwtClaims {
+public static final String NAME_CLAIM = "name";
+public static final String GIVEN_NAME_CLAIM = "given_name";
+public static final String FAMILY_NAME_CLAIM = "family_name";
+public static final String MIDDLE_NAME_CLAIM = "middle_name";
+public static final String NICKNAME_CLAIM = "nickname";
+public static final String PREFERRED_USERNAME_CLAIM = "preferred_username";
+public static final String PROFILE_CLAIM = "profile";
+public static final String PICTURE_CLAIM = "picture";
+public static final String WEBSITE_CLAIM = "website";
+public static final String EMAIL_CLAIM = "email";
+public static final String EMAIL_VERIFIED_CLAIM = "email_verified";
+public static final String GENDER_CLAIM = "gender";
+public static final String ZONEINFO_CLAIM = "zoneinfo";
+public static final String LOCALE_CLAIM = "locale";
+public static final String BIRTHDATE_CLAIM = "birthdate";
+public static final String PHONE_CLAIM = "phone_number";
+public static final String PHONE_VERIFIED_CLAIM = "phone_number_verified";
+public static final String ADDRESS_CLAIM = "address";
+public static final String UPDATED_AT_CLAIM = "updated_at";
+public AbstractUserInfo() {
+}
+public AbstractUserInfo(JwtClaims claims) {
+this(claims.asMap());
+}
+public AbstractUserInfo(Map claims) {
+super(claims);
+}
+
+public void setName(String name) {
+setProperty(NAME_CLAIM, name);
+}
+public String getName() {
+return (String)getProperty(NAME_CLAIM);
+}
+public void setGivenName(String name) {
+setProperty(GIVEN_NAME_CLAIM, name);
+}
+public String getGivenName() {
+return (String)getProperty(GIVEN_NAME_CLAIM);
+}
+public void setFamilyName(String name) {
+setProperty(FAMILY_NAME_CLAIM, name);
+}
+public String getFamilyName() {
+return (String)getProperty(FAMILY_NAME_CLAIM);
+}
+public void setMiddleName(String name) {
+setProperty(MIDDLE_NAME_CLAIM, name);
+}
+public String getMiddleName() {
+return (String)getProperty(MIDDLE_NAME_CLAIM);
+}
+public void setNickName(String name) {
+  

[1/2] cxf git commit: Removing println

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes b1ab9e914 -> 86bbf7c99


Removing println


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/86bbf7c9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/86bbf7c9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/86bbf7c9

Branch: refs/heads/3.0.x-fixes
Commit: 86bbf7c99f05e09359072effab9dcd5de847e383
Parents: 5a01891
Author: Sergey Beryozkin 
Authored: Thu Dec 3 10:31:35 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 14:13:06 2015 +

--
 .../java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java | 2 --
 1 file changed, 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/86bbf7c9/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
index f82ce92..78d827b 100644
--- 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
+++ 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
@@ -30,7 +30,6 @@ import org.apache.cxf.message.MessageImpl;
 import org.apache.cxf.rs.security.jose.common.JoseConstants;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
-import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
 import org.apache.cxf.rs.security.jose.jwk.KeyType;
 
 import org.junit.Assert;
@@ -49,7 +48,6 @@ public class JwsUtilsTest extends Assert {
 List keys = keySet.getRsaKeys();
 assertEquals(1, keys.size());
 JsonWebKey key = keys.get(0);
-System.out.println(JwkUtils.jwkKeyToJson(key));
 assertEquals(KeyType.RSA, key.getKeyType());
 assertEquals("alice", key.getKeyId());
 assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));

[3/3] cxf git commit: Fixing merge

[coheigea]

Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/84187a30
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/84187a30
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/84187a30

Branch: refs/heads/3.0.x-fixes
Commit: 84187a3033dcba9e1be3d6ec40b8140f47ae0ef6
Parents: 8d70e69
Author: Colm O hEigeartaigh 
Authored: Thu Dec 3 14:24:13 2015 +
Committer: Colm O hEigeartaigh 
Committed: Thu Dec 3 14:24:13 2015 +

--
 .../java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java | 6 +-
 .../java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java | 6 --
 2 files changed, 1 insertion(+), 11 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/84187a30/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
index 68bcef9..1e39e68 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
@@ -112,7 +112,6 @@ public final class JwtUtils {
 }
 }
 }
-<<< HEAD
 
 public static void validateJwtTimeClaims(JwtClaims claims, int clockOffset,
  int issuedAtRange, boolean 
claimsRequired) {
@@ -137,9 +136,6 @@ public final class JwtUtils {
 validateJwtTimeClaims(claims, 0, 0, false);
 }
 
-public static void validateTokenClaims(JwtClaims claims, int timeToLive, 
int clockOffset) {
-===
-
 public static void validateJwtAudienceRestriction(JwtClaims claims, 
Message message) {
 // Get the endpoint URL
 String requestURL = null;
@@ -161,9 +157,9 @@ public final class JwtUtils {
 }
 }
 
+
 public static void validateTokenClaims(JwtClaims claims, int timeToLive, 
int clockOffset,
boolean 
validateAudienceRestriction) {
->>> 21bbc38... Adding support for validating audiences for JWT tokens as 
well as supporting multiple audiences
 // If we have no issued time then we need to have an expiry
 boolean expiredRequired = claims.getIssuedAt() == null;
 validateJwtExpiry(claims, clockOffset, expiredRequired);

http://git-wip-us.apache.org/repos/asf/cxf/blob/84187a30/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
--
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
index c46505f..7cbb392 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
@@ -40,18 +40,12 @@ public class IdTokenReader extends AbstractTokenValidator {
 OidcUtils.validateAccessTokenHash(at, jwt, requireAtHash);
 return jwt;
 }
-<<< HEAD
 public JwtToken getIdJwtToken(String idJwtToken, OAuthClientUtils.Consumer 
client) {
-JwtToken jwt = getJwtToken(idJwtToken, client.getSecret());
-validateJwtClaims(jwt.getClaims(), client.getKey(), true);
-===
-public JwtToken getIdJwtToken(String idJwtToken, Consumer client) {
 JwtToken jwt = getJwtToken(idJwtToken, client.getClientSecret());
 if (jwt.getClaims().getAudiences().size() > 1) {
 throw new SecurityException("Invalid audience");
 }
 validateJwtClaims(jwt.getClaims(), client.getClientId(), true);
->>> 21bbc38... Adding support for validating audiences for JWT tokens as 
well as supporting multiple audiences
 return jwt;
 }
 private IdToken getIdTokenFromJwt(JwtToken jwt) {

cxf git commit: add another wsdl generation test case for parameters with multiple headers

[ay]

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 725e08411 -> ace4d3200


add another wsdl generation test case for parameters with multiple headers


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ace4d320
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ace4d320
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ace4d320

Branch: refs/heads/3.0.x-fixes
Commit: ace4d320093ab7e537b456f02566133fc8ad5da0
Parents: 725e084
Author: Akitoshi Yoshida 
Authored: Thu Dec 3 12:37:26 2015 +0100
Committer: Akitoshi Yoshida 
Committed: Thu Dec 3 14:26:58 2015 +0100

--
 .../cxf/tools/fortest/headers/SomeHeaders.java  | 39 
 .../internal/jaxws/JaxwsServiceBuilderTest.java | 15 +
 .../jaxws/expected/expected_someheaders.wsdl| 63 
 3 files changed, 117 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/ace4d320/tools/javato/ws/src/test/java/org/apache/cxf/tools/fortest/headers/SomeHeaders.java
--
diff --git 
a/tools/javato/ws/src/test/java/org/apache/cxf/tools/fortest/headers/SomeHeaders.java
 
b/tools/javato/ws/src/test/java/org/apache/cxf/tools/fortest/headers/SomeHeaders.java
new file mode 100644
index 000..acf879d
--- /dev/null
+++ 
b/tools/javato/ws/src/test/java/org/apache/cxf/tools/fortest/headers/SomeHeaders.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.tools.fortest.headers;
+
+
+import javax.jws.WebMethod;
+import javax.jws.WebParam;
+import javax.jws.WebResult;
+import javax.jws.WebService;
+
+@WebService(targetNamespace = "http://apache.org/cxf/test;, name = 
"SomeHeaders")
+public interface SomeHeaders {
+
+// using four parameters where two being headers
+@WebMethod()
+@WebResult (name = "someHeadersResponse") 
+String hello(
+ @WebParam(name = "body1") String body1,
+ @WebParam(name = "body2") String body2,
+ @WebParam(header = true, name = "header1") String header1,
+ @WebParam(header = true, name = "header2") String header2);
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/ace4d320/tools/javato/ws/src/test/java/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/JaxwsServiceBuilderTest.java
--
diff --git 
a/tools/javato/ws/src/test/java/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/JaxwsServiceBuilderTest.java
 
b/tools/javato/ws/src/test/java/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/JaxwsServiceBuilderTest.java
index f49aaae..a97c3ea 100644
--- 
a/tools/javato/ws/src/test/java/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/JaxwsServiceBuilderTest.java
+++ 
b/tools/javato/ws/src/test/java/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/JaxwsServiceBuilderTest.java
@@ -259,6 +259,21 @@ public class JaxwsServiceBuilderTest extends 
ProcessorTestBase {
 assertWsdlEquals(new File(expectedFile), file);
 }
 
+@Test
+public void testMultipleHeaders() throws Exception {
+
builder.setServiceClass(org.apache.cxf.tools.fortest.headers.SomeHeaders.class);
+ServiceInfo service = builder.createService();
+
+generator.setServiceModel(service);
+File output = getOutputFile("someheaders.wsdl");
+assertNotNull(output);
+generator.generate(output);
+assertTrue(output.exists());
+
+URI expectedFile = 
this.getClass().getResource("expected/expected_someheaders.wsdl").toURI();
+assertWsdlEquals(new File(expectedFile), output);
+}
+
 // TODO: assertFileEquals
 @Test
 public void testCXF188() throws Exception {

http://git-wip-us.apache.org/repos/asf/cxf/blob/ace4d320/tools/javato/ws/src/test/resources/org/apache/cxf/tools/java2wsdl/processor/internal/jaxws/expected/expected_someheaders.wsdl

[2/2] cxf git commit: Adding a jws test for loading a publik key from JKS

[sergeyb]

Adding a jws test for loading a publik key from JKS


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5a018910
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5a018910
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5a018910

Branch: refs/heads/3.0.x-fixes
Commit: 5a0189104645bc25a65f11f5a25f07889d160bd4
Parents: b1ab9e9
Author: Sergey Beryozkin 
Authored: Thu Dec 3 10:27:59 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 14:13:06 2015 +

--
 .../cxf/rs/security/jose/jws/JwsUtilsTest.java  |  68 +++
 .../apache/cxf/rs/security/jose/jws/alice.jks   | Bin 0 -> 4125 bytes
 2 files changed, 68 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/5a018910/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
new file mode 100644
index 000..f82ce92
--- /dev/null
+++ 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.jose.jws;
+
+import java.util.List;
+import java.util.Properties;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.message.ExchangeImpl;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.rs.security.jose.common.JoseConstants;
+import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
+import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
+import org.apache.cxf.rs.security.jose.jwk.JwkUtils;
+import org.apache.cxf.rs.security.jose.jwk.KeyType;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class JwsUtilsTest extends Assert {
+@Test
+public void testLoadVerificationKeys() throws Exception {
+Properties p = new Properties();
+p.put(JoseConstants.RSSEC_KEY_STORE_FILE, 
+"org/apache/cxf/rs/security/jose/jws/alice.jks");
+p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password");
+p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice");
+JsonWebKeys keySet = 
JwsUtils.loadPublicVerificationKeys(createMessage(), p);
+assertEquals(1, keySet.asMap().size());
+List keys = keySet.getRsaKeys();
+assertEquals(1, keys.size());
+JsonWebKey key = keys.get(0);
+System.out.println(JwkUtils.jwkKeyToJson(key));
+assertEquals(KeyType.RSA, key.getKeyType());
+assertEquals("alice", key.getKeyId());
+assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));
+assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS));
+assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP));
+}
+
+private Message createMessage() {
+Message m = new MessageImpl();
+Exchange e = new ExchangeImpl();
+e.put(Bus.class, BusFactory.getThreadDefaultBus());
+m.setExchange(e);
+e.setInMessage(m);
+return m;
+}
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/5a018910/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/alice.jks
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/alice.jks
 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/alice.jks
new file mode 100644
index 000..213b26c
Binary files /dev/null and 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/alice.jks
 differ

[2/2] cxf git commit: Removing the obsolete JwtClaims.setAudience as agreed with Colm

[sergeyb]

Removing the obsolete JwtClaims.setAudience as agreed with Colm


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9fe5435f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9fe5435f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9fe5435f

Branch: refs/heads/3.1.x-fixes
Commit: 9fe5435fb607e6f0638b0fdbb10090942425d2d9
Parents: 21bbc38
Author: Sergey Beryozkin 
Authored: Thu Dec 3 13:49:38 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 14:22:41 2015 +

--
 .../cxf/rs/security/jose/jwt/JwtClaims.java | 10 ++
 .../jose/jws/JwsCompactReaderWriterTest.java|  3 +-
 .../oidc/idp/IdTokenResponseFilter.java |  4 ++-
 .../rs/security/oidc/idp/UserInfoService.java   |  4 ++-
 .../oidc/rp/AbstractTokenValidator.java |  5 +--
 .../cxf/rs/security/oidc/rp/IdTokenReader.java  |  3 --
 .../provider/jwt/DefaultJWTClaimsProvider.java  |  8 ++---
 .../security/jose/jwt/JWTAlgorithmTest.java | 34 
 .../security/jose/jwt/JWTAuthnAuthzTest.java| 16 ++---
 9 files changed, 47 insertions(+), 40 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/9fe5435f/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
index fe5b08a..a3c77b9 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
@@ -23,6 +23,7 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.jaxrs.json.basic.JsonMapObject;
 
 
@@ -53,24 +54,19 @@ public class JwtClaims extends JsonMapObject {
 return (String)getClaim(JwtConstants.CLAIM_SUBJECT);
 }
 
-public void setAudience(String audience) {
-setAudiences(Collections.singletonList(audience));
-}
-
 public void setAudiences(List audiences) {
 setClaim(JwtConstants.CLAIM_AUDIENCE, audiences);
 }
 
-@SuppressWarnings("unchecked")
 public List getAudiences() {
 Object audiences = getClaim(JwtConstants.CLAIM_AUDIENCE);
 if (audiences instanceof List) {
-return (List)audiences;
+return CastUtils.cast((List)audiences);
 } else if (audiences instanceof String) {
 return Collections.singletonList((String)audiences);
 }
 
-return Collections.emptyList();
+return null;
 }
 
 public void setExpiryTime(Long expiresIn) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/9fe5435f/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
index 9554dde..e1855ea 100644
--- 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
+++ 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
@@ -24,6 +24,7 @@ import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
 import java.security.interfaces.RSAPublicKey;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
@@ -142,7 +143,7 @@ public class JwsCompactReaderWriterTest extends Assert {
 JwtClaims claims = new JwtClaims();
 claims.setIssuer("https://jwt-idp.example.com;);
 claims.setSubject("mailto:m...@example.com;);
-claims.setAudience("https://jwt-rp.example.net;);
+
claims.setAudiences(Collections.singletonList("https://jwt-rp.example.net;));
 claims.setNotBefore(1300815780L);
 claims.setExpiryTime(1300819380L);
 claims.setClaim("http://claims.example.com/member;, true);

http://git-wip-us.apache.org/repos/asf/cxf/blob/9fe5435f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
--
diff --git 

cxf git commit: Removing the obsolete JwtClaims.setAudience as agreed with Colm

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 84187a303 -> 54aa48c0a


Removing the obsolete JwtClaims.setAudience as agreed with Colm


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/54aa48c0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/54aa48c0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/54aa48c0

Branch: refs/heads/3.0.x-fixes
Commit: 54aa48c0a1f8e6652a1ff75998ee2d95c70274f3
Parents: 84187a3
Author: Sergey Beryozkin 
Authored: Thu Dec 3 13:49:38 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 14:27:41 2015 +

--
 .../cxf/rs/security/jose/jwt/JwtClaims.java | 10 ++
 .../jose/jws/JwsCompactReaderWriterTest.java|  3 +-
 .../oidc/idp/IdTokenResponseFilter.java |  4 ++-
 .../rs/security/oidc/idp/UserInfoService.java   |  4 ++-
 .../oidc/rp/AbstractTokenValidator.java |  5 +--
 .../cxf/rs/security/oidc/rp/IdTokenReader.java  |  3 --
 .../security/jose/jwt/JWTAlgorithmTest.java | 34 
 .../security/jose/jwt/JWTAuthnAuthzTest.java| 16 ++---
 8 files changed, 45 insertions(+), 34 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/54aa48c0/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
index fe5b08a..a3c77b9 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
@@ -23,6 +23,7 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.jaxrs.json.basic.JsonMapObject;
 
 
@@ -53,24 +54,19 @@ public class JwtClaims extends JsonMapObject {
 return (String)getClaim(JwtConstants.CLAIM_SUBJECT);
 }
 
-public void setAudience(String audience) {
-setAudiences(Collections.singletonList(audience));
-}
-
 public void setAudiences(List audiences) {
 setClaim(JwtConstants.CLAIM_AUDIENCE, audiences);
 }
 
-@SuppressWarnings("unchecked")
 public List getAudiences() {
 Object audiences = getClaim(JwtConstants.CLAIM_AUDIENCE);
 if (audiences instanceof List) {
-return (List)audiences;
+return CastUtils.cast((List)audiences);
 } else if (audiences instanceof String) {
 return Collections.singletonList((String)audiences);
 }
 
-return Collections.emptyList();
+return null;
 }
 
 public void setExpiryTime(Long expiresIn) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/54aa48c0/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
index 0e6c7ba..4bc45d4 100644
--- 
a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
+++ 
b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java
@@ -24,6 +24,7 @@ import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
 import java.security.interfaces.RSAPublicKey;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
@@ -148,7 +149,7 @@ public class JwsCompactReaderWriterTest extends Assert {
 JwtClaims claims = new JwtClaims();
 claims.setIssuer("https://jwt-idp.example.com;);
 claims.setSubject("mailto:m...@example.com;);
-claims.setAudience("https://jwt-rp.example.net;);
+
claims.setAudiences(Collections.singletonList("https://jwt-rp.example.net;));
 claims.setNotBefore(1300815780L);
 claims.setExpiryTime(1300819380L);
 claims.setClaim("http://claims.example.com/member;, true);

http://git-wip-us.apache.org/repos/asf/cxf/blob/54aa48c0/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
--
diff --git 

[1/2] cxf git commit: Adding JWT tests

[coheigea]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 27cdfbd4b -> 67063873f


Adding JWT tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3ebbf578
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3ebbf578
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3ebbf578

Branch: refs/heads/3.1.x-fixes
Commit: 3ebbf578aec190ef139b6921a331d32af1362806
Parents: 27cdfbd
Author: Colm O hEigeartaigh 
Authored: Thu Dec 3 14:47:00 2015 +
Committer: Colm O hEigeartaigh 
Committed: Thu Dec 3 14:48:09 2015 +

--
 .../jose/jwt/BookServerJwtProperties.java   |  59 +++
 .../security/jose/jwt/JWTAlgorithmTest.java |  53 ++-
 .../security/jose/jwt/JWTAuthnAuthzTest.java|   7 +-
 .../security/jose/jwt/JWTPropertiesTest.java| 418 +++
 .../security/jose/jwt/properties-server.xml |  72 
 5 files changed, 601 insertions(+), 8 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/3ebbf578/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookServerJwtProperties.java
--
diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookServerJwtProperties.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookServerJwtProperties.java
new file mode 100644
index 000..b0db7ae
--- /dev/null
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookServerJwtProperties.java
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.jose.jwt;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.testutil.common.TestUtil;
+
+public class BookServerJwtProperties extends AbstractBusTestServerBase {
+public static final String PORT = 
TestUtil.getPortNumber("jaxrs-jwt-properties");
+private static final URL SERVER_CONFIG_FILE =
+BookServerJwtProperties.class.getResource("properties-server.xml");
+
+protected void run() {
+SpringBusFactory bf = new SpringBusFactory();
+Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+BusFactory.setDefaultBus(springBus);
+setBus(springBus);
+
+try {
+new BookServerJwtProperties();
+} catch (Exception e) {
+throw new RuntimeException(e);
+}
+}
+
+public static void main(String[] args) {
+try {
+BookServerJwtProperties s = new BookServerJwtProperties();
+s.start();
+} catch (Exception ex) {
+ex.printStackTrace();
+System.exit(-1);
+} finally {
+System.out.println("done!");
+}
+}
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/3ebbf578/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
--
diff --git 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
index 1af1b31..e80a2bf 100644
--- 
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
+++ 
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java
@@ -112,10 +112,6 @@ public class JWTAlgorithmTest extends 
AbstractBusClientServerTestBase {
 assertEquals(returnedBook.getId(), 123L);
 }
 
-private List toList(String address) {
-return Collections.singletonList(address);
-}
-
 @org.junit.Test
 public void 

cxf git commit: Adding support for validating audiences for JWT tokens as well as supporting multiple audiences

[coheigea]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes d4841e0b7 -> 21bbc3862


Adding support for validating audiences for JWT tokens as well as supporting 
multiple audiences


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/21bbc386
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/21bbc386
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/21bbc386

Branch: refs/heads/3.1.x-fixes
Commit: 21bbc3862a0d45ff27ee991b77ea78571c0c3789
Parents: d4841e0
Author: Colm O hEigeartaigh 
Authored: Thu Dec 3 12:30:10 2015 +
Committer: Colm O hEigeartaigh 
Committed: Thu Dec 3 14:20:18 2015 +

--
 .../jose/jaxrs/JwtAuthenticationFilter.java |  2 +-
 .../cxf/rs/security/jose/jwt/JwtClaims.java | 20 +--
 .../cxf/rs/security/jose/jwt/JwtUtils.java  | 31 -
 .../oauth2/grants/jwt/AbstractJwtHandler.java   |  5 +--
 .../oauth2/tokens/jwt/JwtAccessTokenUtils.java  | 35 +---
 .../oidc/rp/AbstractTokenValidator.java |  6 ++--
 .../cxf/rs/security/oidc/rp/IdTokenReader.java  |  3 ++
 .../cxf/rs/security/oidc/rp/UserInfoClient.java | 14 
 .../security/jose/jwt/JWTAlgorithmTest.java | 14 
 .../security/jose/jwt/JWTAuthnAuthzTest.java|  5 +++
 10 files changed, 98 insertions(+), 37 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/21bbc386/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
--
diff --git 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
index 2dc6095..97c127d 100644
--- 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
+++ 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
@@ -96,7 +96,7 @@ public class JwtAuthenticationFilter extends 
AbstractJoseJwtConsumer implements
 
 @Override
 protected void validateToken(JwtToken jwt) {
-JwtUtils.validateTokenClaims(jwt.getClaims(), ttl, clockOffset);
+JwtUtils.validateTokenClaims(jwt.getClaims(), ttl, clockOffset, true);
 }
 
 public int getClockOffset() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/21bbc386/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
index 6fcc85d..fe5b08a 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
@@ -19,6 +19,8 @@
 
 package org.apache.cxf.rs.security.jose.jwt;
 
+import java.util.Collections;
+import java.util.List;
 import java.util.Map;
 
 import org.apache.cxf.jaxrs.json.basic.JsonMapObject;
@@ -52,11 +54,23 @@ public class JwtClaims extends JsonMapObject {
 }
 
 public void setAudience(String audience) {
-setClaim(JwtConstants.CLAIM_AUDIENCE, audience);
+setAudiences(Collections.singletonList(audience));
 }
 
-public String getAudience() {
-return (String)getClaim(JwtConstants.CLAIM_AUDIENCE);
+public void setAudiences(List audiences) {
+setClaim(JwtConstants.CLAIM_AUDIENCE, audiences);
+}
+
+@SuppressWarnings("unchecked")
+public List getAudiences() {
+Object audiences = getClaim(JwtConstants.CLAIM_AUDIENCE);
+if (audiences instanceof List) {
+return (List)audiences;
+} else if (audiences instanceof String) {
+return Collections.singletonList((String)audiences);
+}
+
+return Collections.emptyList();
 }
 
 public void setExpiryTime(Long expiresIn) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/21bbc386/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
index fa6989a..f07a071 100644
--- 

[2/3] cxf git commit: Adding support for validating audiences for JWT tokens as well as supporting multiple audiences

[coheigea]

Adding support for validating audiences for JWT tokens as well as supporting 
multiple audiences

# Conflicts:
#   
rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
#   
rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d8443006
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d8443006
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d8443006

Branch: refs/heads/3.0.x-fixes
Commit: d8443006008dd859fcc1fdfe1bf700315c073704
Parents: 86bbf7c
Author: Colm O hEigeartaigh 
Authored: Thu Dec 3 12:30:10 2015 +
Committer: Colm O hEigeartaigh 
Committed: Thu Dec 3 14:20:54 2015 +

--
 .../jose/jaxrs/JwtAuthenticationFilter.java |  2 +-
 .../cxf/rs/security/jose/jwt/JwtClaims.java | 20 +--
 .../cxf/rs/security/jose/jwt/JwtUtils.java  | 34 +++
 .../oauth2/grants/jwt/AbstractJwtHandler.java   |  5 +--
 .../oauth2/tokens/jwt/JwtAccessTokenUtils.java  | 35 +---
 .../oidc/rp/AbstractTokenValidator.java |  6 ++--
 .../cxf/rs/security/oidc/rp/IdTokenReader.java  |  9 +
 .../cxf/rs/security/oidc/rp/UserInfoClient.java | 14 
 .../security/jose/jwt/JWTAlgorithmTest.java | 14 
 .../security/jose/jwt/JWTAuthnAuthzTest.java|  5 +++
 10 files changed, 108 insertions(+), 36 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/d8443006/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
--
diff --git 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
index be781b9..b1a1966 100644
--- 
a/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
+++ 
b/rt/rs/security/jose-parent/jose-jaxrs/src/main/java/org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.java
@@ -96,7 +96,7 @@ public class JwtAuthenticationFilter extends 
AbstractJoseJwtConsumer implements
 
 @Override
 protected void validateToken(JwtToken jwt) {
-JwtUtils.validateTokenClaims(jwt.getClaims(), ttl, clockOffset);
+JwtUtils.validateTokenClaims(jwt.getClaims(), ttl, clockOffset, true);
 }
 
 public int getClockOffset() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/d8443006/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
index 6fcc85d..fe5b08a 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
@@ -19,6 +19,8 @@
 
 package org.apache.cxf.rs.security.jose.jwt;
 
+import java.util.Collections;
+import java.util.List;
 import java.util.Map;
 
 import org.apache.cxf.jaxrs.json.basic.JsonMapObject;
@@ -52,11 +54,23 @@ public class JwtClaims extends JsonMapObject {
 }
 
 public void setAudience(String audience) {
-setClaim(JwtConstants.CLAIM_AUDIENCE, audience);
+setAudiences(Collections.singletonList(audience));
 }
 
-public String getAudience() {
-return (String)getClaim(JwtConstants.CLAIM_AUDIENCE);
+public void setAudiences(List audiences) {
+setClaim(JwtConstants.CLAIM_AUDIENCE, audiences);
+}
+
+@SuppressWarnings("unchecked")
+public List getAudiences() {
+Object audiences = getClaim(JwtConstants.CLAIM_AUDIENCE);
+if (audiences instanceof List) {
+return (List)audiences;
+} else if (audiences instanceof String) {
+return Collections.singletonList((String)audiences);
+}
+
+return Collections.emptyList();
 }
 
 public void setExpiryTime(Long expiresIn) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/d8443006/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtUtils.java
 

[1/3] cxf git commit: Recording .gitmergeinfo Changes

[coheigea]

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 86bbf7c99 -> 84187a303


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8d70e69b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8d70e69b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8d70e69b

Branch: refs/heads/3.0.x-fixes
Commit: 8d70e69b0c7bfaf779b57df58295ca7b83f9ce7e
Parents: d844300
Author: Colm O hEigeartaigh 
Authored: Thu Dec 3 14:20:54 2015 +
Committer: Colm O hEigeartaigh 
Committed: Thu Dec 3 14:20:54 2015 +

--
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/8d70e69b/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 277a22a..8dfb7f7 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -592,6 +592,7 @@ M 1dec7e3bd3956d5a0fba3c79a9a897e87941e9b6
 M 1e6f12f65bc490a5ba5f274b6e407abbf0a19d43
 M 20bb7bafbc74def6a609fa83fa9b2fb2dd4ba9ea
 M 218321c866c2bb96309f901ee999b21e37d89845
+M 21bbc3862a0d45ff27ee991b77ea78571c0c3789
 M 25d02a2a04b8552faf88fd0879423618f15be8ee
 M 27c1bb5a19ea70ef1befccff22d72f1656247b0d
 M 2895b7b052e6c96d192abf39d472737b54fcd9c2

[2/2] cxf git commit: NPE fix

[coheigea]

NPE fix


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/67063873
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/67063873
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/67063873

Branch: refs/heads/3.1.x-fixes
Commit: 67063873f8baf4eb75fed201167f22e639f5a98c
Parents: 3ebbf57
Author: Colm O hEigeartaigh 
Authored: Thu Dec 3 14:47:19 2015 +
Committer: Colm O hEigeartaigh 
Committed: Thu Dec 3 14:48:11 2015 +

--
 .../apache/cxf/rs/security/jose/common/KeyManagementUtils.java| 3 +++
 1 file changed, 3 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/67063873/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
index 79b1aed..4ca6ef9 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
@@ -95,6 +95,9 @@ public final class KeyManagementUtils {
 return loadX509CertificateOrChain(keyStore, alias);
 }
 private static X509Certificate[] loadX509CertificateOrChain(KeyStore 
keyStore, String alias) {
+if (alias == null) {
+throw new JoseException("No alias supplied");
+}
 try {
 Certificate[] certs = keyStore.getCertificateChain(alias);
 if (certs != null) {

cxf git commit: Letting the oauth providers block the reporting of some appproved scopes

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/master 02995d073 -> 4eede5fc4


Letting the oauth providers block the reporting of some appproved scopes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4eede5fc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4eede5fc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4eede5fc

Branch: refs/heads/master
Commit: 4eede5fc438c000432ee9772e0aee764d24277e8
Parents: 02995d0
Author: Sergey Beryozkin 
Authored: Thu Dec 3 17:02:07 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 17:02:07 2015 +

--
 .../cxf/rs/security/oauth2/common/Permission.java| 15 +++
 .../cxf/rs/security/oauth2/utils/OAuthUtils.java |  8 ++--
 2 files changed, 21 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/4eede5fc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
index 8defa96..f6d4d29 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
@@ -29,6 +29,7 @@ public class Permission implements Serializable {
 private String permission;
 private String description;
 private boolean isDefault;
+private boolean invisibleToClient;
 
 public Permission() {
 
@@ -88,4 +89,18 @@ public class Permission implements Serializable {
 public boolean isDefault() {
 return isDefault;
 }
+
+public boolean isInvisibleToClient() {
+return invisibleToClient;
+}
+
+/**
+ * Set the visibility status; by default all the scopes approved by a user 
can 
+ * be optionally reported to the client in access token responses. Some 
scopes may need
+ * to stay 'invisible' to client.
+ * @param invisibleToClient
+ */
+public void setInvisibleToClient(boolean invisibleToClient) {
+this.invisibleToClient = invisibleToClient;
+}
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/4eede5fc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index 7722d7a..65a01fa 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -129,6 +129,9 @@ public final class OAuthUtils {
 public static String convertPermissionsToScope(List 
perms) {
 StringBuilder sb = new StringBuilder();
 for (OAuthPermission perm : perms) {
+if (perm.isInvisibleToClient()) {
+continue;
+}
 if (sb.length() > 0) {
 sb.append(" ");
 }
@@ -255,8 +258,9 @@ public final class OAuthUtils {
 if (supportOptionalParams) {
 clientToken.setExpiresIn(serverToken.getExpiresIn());
 List perms = serverToken.getScopes();
-if (!perms.isEmpty()) {
-
clientToken.setApprovedScope(OAuthUtils.convertPermissionsToScope(perms));
+String scopeString = OAuthUtils.convertPermissionsToScope(perms);
+if (!StringUtils.isEmpty(scopeString)) {
+clientToken.setApprovedScope(scopeString);
 }
 clientToken.setParameters(serverToken.getParameters());
 }

cxf git commit: Letting the oauth providers block the reporting of some appproved scopes

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes c014597c2 -> 3df27048c


Letting the oauth providers block the reporting of some appproved scopes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3df27048
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3df27048
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3df27048

Branch: refs/heads/3.1.x-fixes
Commit: 3df27048c86ee9b98943973b6f0e1f96f0d59d2e
Parents: c014597
Author: Sergey Beryozkin 
Authored: Thu Dec 3 17:02:07 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 17:03:26 2015 +

--
 .../cxf/rs/security/oauth2/common/Permission.java| 15 +++
 .../cxf/rs/security/oauth2/utils/OAuthUtils.java |  8 ++--
 2 files changed, 21 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/3df27048/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
index 8defa96..f6d4d29 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
@@ -29,6 +29,7 @@ public class Permission implements Serializable {
 private String permission;
 private String description;
 private boolean isDefault;
+private boolean invisibleToClient;
 
 public Permission() {
 
@@ -88,4 +89,18 @@ public class Permission implements Serializable {
 public boolean isDefault() {
 return isDefault;
 }
+
+public boolean isInvisibleToClient() {
+return invisibleToClient;
+}
+
+/**
+ * Set the visibility status; by default all the scopes approved by a user 
can 
+ * be optionally reported to the client in access token responses. Some 
scopes may need
+ * to stay 'invisible' to client.
+ * @param invisibleToClient
+ */
+public void setInvisibleToClient(boolean invisibleToClient) {
+this.invisibleToClient = invisibleToClient;
+}
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/3df27048/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index 7722d7a..65a01fa 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -129,6 +129,9 @@ public final class OAuthUtils {
 public static String convertPermissionsToScope(List 
perms) {
 StringBuilder sb = new StringBuilder();
 for (OAuthPermission perm : perms) {
+if (perm.isInvisibleToClient()) {
+continue;
+}
 if (sb.length() > 0) {
 sb.append(" ");
 }
@@ -255,8 +258,9 @@ public final class OAuthUtils {
 if (supportOptionalParams) {
 clientToken.setExpiresIn(serverToken.getExpiresIn());
 List perms = serverToken.getScopes();
-if (!perms.isEmpty()) {
-
clientToken.setApprovedScope(OAuthUtils.convertPermissionsToScope(perms));
+String scopeString = OAuthUtils.convertPermissionsToScope(perms);
+if (!StringUtils.isEmpty(scopeString)) {
+clientToken.setApprovedScope(scopeString);
 }
 clientToken.setParameters(serverToken.getParameters());
 }

cxf git commit: Letting the oauth providers block the reporting of some appproved scopes

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 68d2a911d -> 98f176f5b


Letting the oauth providers block the reporting of some appproved scopes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/98f176f5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/98f176f5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/98f176f5

Branch: refs/heads/3.0.x-fixes
Commit: 98f176f5b4169914f2606dad7078bc57ee3298d5
Parents: 68d2a91
Author: Sergey Beryozkin 
Authored: Thu Dec 3 17:02:07 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 17:04:42 2015 +

--
 .../cxf/rs/security/oauth2/common/Permission.java| 15 +++
 .../cxf/rs/security/oauth2/utils/OAuthUtils.java |  8 ++--
 2 files changed, 21 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/98f176f5/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
index 8defa96..f6d4d29 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
@@ -29,6 +29,7 @@ public class Permission implements Serializable {
 private String permission;
 private String description;
 private boolean isDefault;
+private boolean invisibleToClient;
 
 public Permission() {
 
@@ -88,4 +89,18 @@ public class Permission implements Serializable {
 public boolean isDefault() {
 return isDefault;
 }
+
+public boolean isInvisibleToClient() {
+return invisibleToClient;
+}
+
+/**
+ * Set the visibility status; by default all the scopes approved by a user 
can 
+ * be optionally reported to the client in access token responses. Some 
scopes may need
+ * to stay 'invisible' to client.
+ * @param invisibleToClient
+ */
+public void setInvisibleToClient(boolean invisibleToClient) {
+this.invisibleToClient = invisibleToClient;
+}
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/98f176f5/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index 9a3442a..d4c5dcd 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -112,6 +112,9 @@ public final class OAuthUtils {
 public static String convertPermissionsToScope(List 
perms) {
 StringBuilder sb = new StringBuilder();
 for (OAuthPermission perm : perms) {
+if (perm.isInvisibleToClient()) {
+continue;
+}
 if (sb.length() > 0) {
 sb.append(" ");
 }
@@ -238,8 +241,9 @@ public final class OAuthUtils {
 if (supportOptionalParams) {
 clientToken.setExpiresIn(serverToken.getExpiresIn());
 List perms = serverToken.getScopes();
-if (!perms.isEmpty()) {
-
clientToken.setApprovedScope(OAuthUtils.convertPermissionsToScope(perms));
+String scopeString = OAuthUtils.convertPermissionsToScope(perms);
+if (!StringUtils.isEmpty(scopeString)) {
+clientToken.setApprovedScope(scopeString);
 }
 clientToken.setParameters(serverToken.getParameters());
 }

cxf git commit: Explicit support for serializing a single audience as String given that Google fails to recognize an array despite the spec text

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 3459edc0e -> 5dc39daa0


Explicit support for serializing a single audience as String given that Google 
fails to recognize an array despite the spec text


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5dc39daa
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5dc39daa
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5dc39daa

Branch: refs/heads/3.0.x-fixes
Commit: 5dc39daa045f4ddd1fdbc064235d69a62b08e398
Parents: 3459edc
Author: Sergey Beryozkin 
Authored: Thu Dec 3 16:34:52 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 16:39:23 2015 +

--
 .../cxf/rs/security/jose/jwt/JwtClaims.java | 31 
 1 file changed, 31 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/5dc39daa/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
index a3c77b9..b924a55 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
@@ -23,6 +23,7 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.jaxrs.json.basic.JsonMapObject;
 
@@ -54,10 +55,40 @@ public class JwtClaims extends JsonMapObject {
 return (String)getClaim(JwtConstants.CLAIM_SUBJECT);
 }
 
+/**
+ * Set a single audience value which will be serialized as a String
+ * @param audience the audience
+ */
+public void setAudience(String audience) {
+setClaim(JwtConstants.CLAIM_AUDIENCE, audience);
+}
+
+/**
+ * Get a single audience value. If the audience claim value is an array 
then the
+ * first value will be returned.
+ * @return the audience
+ */
+public String getAudience() {
+List audiences = getAudiences();
+if (!StringUtils.isEmpty(audiences)) {
+return audiences.get(0);
+} else {
+return null;
+}
+}
+
+/**
+ * Set an array of audiences
+ * @param audiences the audiences array
+ */
 public void setAudiences(List audiences) {
 setClaim(JwtConstants.CLAIM_AUDIENCE, audiences);
 }
 
+/**
+ * Get an array of audiences
+ * @return the audiences array
+ */
 public List getAudiences() {
 Object audiences = getClaim(JwtConstants.CLAIM_AUDIENCE);
 if (audiences instanceof List) {

cxf git commit: Fixing 3.0.x build

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 5dc39daa0 -> 68d2a911d


Fixing 3.0.x build


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/68d2a911
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/68d2a911
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/68d2a911

Branch: refs/heads/3.0.x-fixes
Commit: 68d2a911d1024da84b88173311b01f940fd8d12e
Parents: 5dc39da
Author: Sergey Beryozkin 
Authored: Thu Dec 3 16:49:32 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 16:49:32 2015 +

--
 .../java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java | 4 ++--
 .../org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/68d2a911/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
--
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
index 035c2dd..b5bbbf1 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/IdTokenReader.java
@@ -41,8 +41,8 @@ public class IdTokenReader extends AbstractTokenValidator {
 return jwt;
 }
 public JwtToken getIdJwtToken(String idJwtToken, OAuthClientUtils.Consumer 
client) {
-JwtToken jwt = getJwtToken(idJwtToken, client.getClientSecret());
-validateJwtClaims(jwt.getClaims(), client.getClientId(), true);
+JwtToken jwt = getJwtToken(idJwtToken, client.getSecret());
+validateJwtClaims(jwt.getClaims(), client.getKey(), true);
 return jwt;
 }
 private IdToken getIdTokenFromJwt(JwtToken jwt) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/68d2a911/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
--
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
index c329ad9..3f2f675 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/rp/UserInfoClient.java
@@ -60,7 +60,7 @@ public class UserInfoClient extends AbstractTokenValidator {
 JwtToken jwt = getUserInfoJwt(profileJwtToken, client);
 return getUserInfoFromJwt(jwt, idToken, client);
 }
-public UserInfo getUserInfoFromJwt(JwtToken jwt, IdToken idToken, Consumer 
client) {
+public UserInfo getUserInfoFromJwt(JwtToken jwt, IdToken idToken, 
OAuthClientUtils.Consumer client) {
 UserInfo profile = new UserInfo(jwt.getClaims().asMap());
 validateUserInfo(profile, idToken, client);
 return profile;
@@ -68,8 +68,8 @@ public class UserInfoClient extends AbstractTokenValidator {
 public JwtToken getUserInfoJwt(String profileJwtToken, 
OAuthClientUtils.Consumer client) {
 return getJwtToken(profileJwtToken);
 }
-public void validateUserInfo(UserInfo profile, IdToken idToken, Consumer 
client) {
-validateJwtClaims(profile, client.getClientId(), false);
+public void validateUserInfo(UserInfo profile, IdToken idToken, 
OAuthClientUtils.Consumer client) {
+validateJwtClaims(profile, client.getKey(), false);
 // validate subject
 if (!idToken.getSubject().equals(profile.getSubject())) {
 throw new SecurityException("Invalid subject");

cxf git commit: Explicit support for serializing a single audience as String given that Google fails to recognize an array despite the spec text

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/master 8ad8ea6ed -> 02995d073


Explicit support for serializing a single audience as String given that Google 
fails to recognize an array despite the spec text


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/02995d07
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/02995d07
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/02995d07

Branch: refs/heads/master
Commit: 02995d07354ff3408047146195d6269f38322a30
Parents: 8ad8ea6
Author: Sergey Beryozkin 
Authored: Thu Dec 3 16:34:52 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 16:34:52 2015 +

--
 .../java/demo/jaxrs/server/BigQueryServer.java  |  2 +-
 .../cxf/rs/security/jose/jwt/JwtClaims.java | 31 
 2 files changed, 32 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/02995d07/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
--
diff --git 
a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
 
b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
index 6c047ca..33b8d46 100644
--- 
a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
+++ 
b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
@@ -76,7 +76,7 @@ public final class BigQueryServer {
 JwsHeaders headers = new JwsHeaders(JoseType.JWT, 
SignatureAlgorithm.RS256);
 JwtClaims claims = new JwtClaims();
 claims.setIssuer(issuer);
-
claims.setAudiences(Collections.singletonList("https://www.googleapis.com/oauth2/v3/token;));
+claims.setAudience("https://www.googleapis.com/oauth2/v3/token;);
 
 long issuedAt = OAuthUtils.getIssuedAt();
 claims.setIssuedAt(issuedAt);

http://git-wip-us.apache.org/repos/asf/cxf/blob/02995d07/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
index a3c77b9..b924a55 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
@@ -23,6 +23,7 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.jaxrs.json.basic.JsonMapObject;
 
@@ -54,10 +55,40 @@ public class JwtClaims extends JsonMapObject {
 return (String)getClaim(JwtConstants.CLAIM_SUBJECT);
 }
 
+/**
+ * Set a single audience value which will be serialized as a String
+ * @param audience the audience
+ */
+public void setAudience(String audience) {
+setClaim(JwtConstants.CLAIM_AUDIENCE, audience);
+}
+
+/**
+ * Get a single audience value. If the audience claim value is an array 
then the
+ * first value will be returned.
+ * @return the audience
+ */
+public String getAudience() {
+List audiences = getAudiences();
+if (!StringUtils.isEmpty(audiences)) {
+return audiences.get(0);
+} else {
+return null;
+}
+}
+
+/**
+ * Set an array of audiences
+ * @param audiences the audiences array
+ */
 public void setAudiences(List audiences) {
 setClaim(JwtConstants.CLAIM_AUDIENCE, audiences);
 }
 
+/**
+ * Get an array of audiences
+ * @return the audiences array
+ */
 public List getAudiences() {
 Object audiences = getClaim(JwtConstants.CLAIM_AUDIENCE);
 if (audiences instanceof List) {

cxf git commit: Explicit support for serializing a single audience as String given that Google fails to recognize an array despite the spec text

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 44316035a -> c014597c2


Explicit support for serializing a single audience as String given that Google 
fails to recognize an array despite the spec text


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c014597c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c014597c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c014597c

Branch: refs/heads/3.1.x-fixes
Commit: c014597c2d47243330d6119120a4a81c531cb62e
Parents: 4431603
Author: Sergey Beryozkin 
Authored: Thu Dec 3 16:34:52 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 16:37:30 2015 +

--
 .../java/demo/jaxrs/server/BigQueryServer.java  |  2 +-
 .../cxf/rs/security/jose/jwt/JwtClaims.java | 31 
 2 files changed, 32 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/c014597c/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
--
diff --git 
a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
 
b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
index 6c047ca..33b8d46 100644
--- 
a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
+++ 
b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
@@ -76,7 +76,7 @@ public final class BigQueryServer {
 JwsHeaders headers = new JwsHeaders(JoseType.JWT, 
SignatureAlgorithm.RS256);
 JwtClaims claims = new JwtClaims();
 claims.setIssuer(issuer);
-
claims.setAudiences(Collections.singletonList("https://www.googleapis.com/oauth2/v3/token;));
+claims.setAudience("https://www.googleapis.com/oauth2/v3/token;);
 
 long issuedAt = OAuthUtils.getIssuedAt();
 claims.setIssuedAt(issuedAt);

http://git-wip-us.apache.org/repos/asf/cxf/blob/c014597c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
index a3c77b9..b924a55 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwt/JwtClaims.java
@@ -23,6 +23,7 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.jaxrs.json.basic.JsonMapObject;
 
@@ -54,10 +55,40 @@ public class JwtClaims extends JsonMapObject {
 return (String)getClaim(JwtConstants.CLAIM_SUBJECT);
 }
 
+/**
+ * Set a single audience value which will be serialized as a String
+ * @param audience the audience
+ */
+public void setAudience(String audience) {
+setClaim(JwtConstants.CLAIM_AUDIENCE, audience);
+}
+
+/**
+ * Get a single audience value. If the audience claim value is an array 
then the
+ * first value will be returned.
+ * @return the audience
+ */
+public String getAudience() {
+List audiences = getAudiences();
+if (!StringUtils.isEmpty(audiences)) {
+return audiences.get(0);
+} else {
+return null;
+}
+}
+
+/**
+ * Set an array of audiences
+ * @param audiences the audiences array
+ */
 public void setAudiences(List audiences) {
 setClaim(JwtConstants.CLAIM_AUDIENCE, audiences);
 }
 
+/**
+ * Get an array of audiences
+ * @return the audiences array
+ */
 public List getAudiences() {
 Object audiences = getClaim(JwtConstants.CLAIM_AUDIENCE);
 if (audiences instanceof List) {

[3/3] cxf git commit: Recording .gitmergeinfo Changes

[coheigea]

Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/127fbc3c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/127fbc3c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/127fbc3c

Branch: refs/heads/3.0.x-fixes
Commit: 127fbc3c54aa80fb125df2aa80cbc71fdf46be06
Parents: b532444
Author: Colm O hEigeartaigh 
Authored: Thu Dec 3 15:04:31 2015 +
Committer: Colm O hEigeartaigh 
Committed: Thu Dec 3 15:04:31 2015 +

--
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/127fbc3c/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 8dfb7f7..f9a8106 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -494,6 +494,7 @@ B e5637ffcc3a56923982c4254cffe54cc62130ee9
 B e5d98fd24b545920f2453e94a56cd9690582af59
 B e6085587cd0380b0e64346af53ac07e49734c8db
 B e652e672f718f5b361801a623731950ae90988e1
+B e6db5c58964c1c93bd65e8cc9dab24fe2cb25fc5
 B e6fc7e50266d45c8b5afb002abdc44b69585cc69
 B e8514ea3f5fdf33b19d9ddc0639cc1aaf57e1f62
 B e89913007c5d225615ec3dbd0775702749b28d0e

[2/3] cxf git commit: NPE fix

[coheigea]

NPE fix


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b532444c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b532444c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b532444c

Branch: refs/heads/3.0.x-fixes
Commit: b532444cba8169ee5853ae6f31b6f200fea42f6e
Parents: e9e7ff1
Author: Colm O hEigeartaigh 
Authored: Thu Dec 3 14:47:19 2015 +
Committer: Colm O hEigeartaigh 
Committed: Thu Dec 3 15:04:15 2015 +

--
 .../apache/cxf/rs/security/jose/common/KeyManagementUtils.java| 3 +++
 1 file changed, 3 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/b532444c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
index 8d399e9..5713855 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/KeyManagementUtils.java
@@ -95,6 +95,9 @@ public final class KeyManagementUtils {
 return loadX509CertificateOrChain(keyStore, alias);
 }
 private static X509Certificate[] loadX509CertificateOrChain(KeyStore 
keyStore, String alias) {
+if (alias == null) {
+throw new JoseException("No alias supplied");
+}
 try {
 Certificate[] certs = keyStore.getCertificateChain(alias);
 if (certs != null) {

cxf git commit: Minor fix

[coheigea]

Repository: cxf
Updated Branches:
  refs/heads/master 8eea789ae -> 11dce0b37


Minor fix


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/11dce0b3
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/11dce0b3
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/11dce0b3

Branch: refs/heads/master
Commit: 11dce0b377d65f6247a4ed424e942a9d4807c864
Parents: 8eea789
Author: Colm O hEigeartaigh 
Authored: Thu Dec 3 15:19:29 2015 +
Committer: Colm O hEigeartaigh 
Committed: Thu Dec 3 15:19:29 2015 +

--
 .../cxf/sts/token/validator/jwt/JWTTokenValidator.java| 10 +-
 1 file changed, 1 insertion(+), 9 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/11dce0b3/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
--
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
index 4fb9dec..d2450ff 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
@@ -177,15 +177,7 @@ public class JWTTokenValidator implements TokenValidator {
 }
 
 protected void validateToken(JwtToken jwt) {
-// If we have no issued time then we need to have an expiry
-boolean expiredRequired = jwt.getClaims().getIssuedAt() == null;
-JwtUtils.validateJwtExpiry(jwt.getClaims(), clockOffset, 
expiredRequired);
-
-JwtUtils.validateJwtNotBefore(jwt.getClaims(), clockOffset, false);
-
-// If we have no expiry then we must have an issued at
-boolean issuedAtRequired = jwt.getClaims().getExpiryTime() == null;
-JwtUtils.validateJwtIssuedAt(jwt.getClaims(), ttl, clockOffset, 
issuedAtRequired);
+JwtUtils.validateTokenClaims(jwt.getClaims(), ttl, clockOffset, false);
 }
 
 public int getClockOffset() {

cxf git commit: Minor fix

[coheigea]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes e6db5c589 -> a67a0a692


Minor fix


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a67a0a69
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a67a0a69
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a67a0a69

Branch: refs/heads/3.1.x-fixes
Commit: a67a0a69214717c7c92baa27f74000d5af895c83
Parents: e6db5c5
Author: Colm O hEigeartaigh 
Authored: Thu Dec 3 15:19:29 2015 +
Committer: Colm O hEigeartaigh 
Committed: Thu Dec 3 15:20:13 2015 +

--
 .../cxf/sts/token/validator/jwt/JWTTokenValidator.java| 10 +-
 1 file changed, 1 insertion(+), 9 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/a67a0a69/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
--
diff --git 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
index 4fb9dec..d2450ff 100644
--- 
a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
+++ 
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/validator/jwt/JWTTokenValidator.java
@@ -177,15 +177,7 @@ public class JWTTokenValidator implements TokenValidator {
 }
 
 protected void validateToken(JwtToken jwt) {
-// If we have no issued time then we need to have an expiry
-boolean expiredRequired = jwt.getClaims().getIssuedAt() == null;
-JwtUtils.validateJwtExpiry(jwt.getClaims(), clockOffset, 
expiredRequired);
-
-JwtUtils.validateJwtNotBefore(jwt.getClaims(), clockOffset, false);
-
-// If we have no expiry then we must have an issued at
-boolean issuedAtRequired = jwt.getClaims().getExpiryTime() == null;
-JwtUtils.validateJwtIssuedAt(jwt.getClaims(), ttl, clockOffset, 
issuedAtRequired);
+JwtUtils.validateTokenClaims(jwt.getClaims(), ttl, clockOffset, false);
 }
 
 public int getClockOffset() {

cxf git commit: Fixing demo

[coheigea]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 67063873f -> e6db5c589


Fixing demo


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e6db5c58
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e6db5c58
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e6db5c58

Branch: refs/heads/3.1.x-fixes
Commit: e6db5c58964c1c93bd65e8cc9dab24fe2cb25fc5
Parents: 6706387
Author: Colm O hEigeartaigh 
Authored: Thu Dec 3 15:00:37 2015 +
Committer: Colm O hEigeartaigh 
Committed: Thu Dec 3 15:01:10 2015 +

--
 .../big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/e6db5c58/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
--
diff --git 
a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
 
b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
index 33b8d46..6c047ca 100644
--- 
a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
+++ 
b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
@@ -76,7 +76,7 @@ public final class BigQueryServer {
 JwsHeaders headers = new JwsHeaders(JoseType.JWT, 
SignatureAlgorithm.RS256);
 JwtClaims claims = new JwtClaims();
 claims.setIssuer(issuer);
-claims.setAudience("https://www.googleapis.com/oauth2/v3/token;);
+
claims.setAudiences(Collections.singletonList("https://www.googleapis.com/oauth2/v3/token;));
 
 long issuedAt = OAuthUtils.getIssuedAt();
 claims.setIssuedAt(issuedAt);

cxf git commit: Fixing demo

[coheigea]

Repository: cxf
Updated Branches:
  refs/heads/master a056d558c -> 8eea789ae


Fixing demo


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8eea789a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8eea789a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8eea789a

Branch: refs/heads/master
Commit: 8eea789ae16f6a378fd4cb804e34097f427d9e9a
Parents: a056d55
Author: Colm O hEigeartaigh 
Authored: Thu Dec 3 15:00:37 2015 +
Committer: Colm O hEigeartaigh 
Committed: Thu Dec 3 15:00:37 2015 +

--
 .../big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/8eea789a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
--
diff --git 
a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
 
b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
index 33b8d46..6c047ca 100644
--- 
a/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
+++ 
b/distribution/src/main/release/samples/jax_rs/big_query/src/main/java/demo/jaxrs/server/BigQueryServer.java
@@ -76,7 +76,7 @@ public final class BigQueryServer {
 JwsHeaders headers = new JwsHeaders(JoseType.JWT, 
SignatureAlgorithm.RS256);
 JwtClaims claims = new JwtClaims();
 claims.setIssuer(issuer);
-claims.setAudience("https://www.googleapis.com/oauth2/v3/token;);
+
claims.setAudiences(Collections.singletonList("https://www.googleapis.com/oauth2/v3/token;));
 
 long issuedAt = OAuthUtils.getIssuedAt();
 claims.setIssuedAt(issuedAt);

cxf git commit: Recording .gitmergeinfo Changes

[coheigea]

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 127fbc3c5 -> 3aca88243


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3aca8824
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3aca8824
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3aca8824

Branch: refs/heads/3.0.x-fixes
Commit: 3aca8824360fe53fbaae9b562d7726debc2e7525
Parents: 127fbc3
Author: Colm O hEigeartaigh 
Authored: Thu Dec 3 15:21:50 2015 +
Committer: Colm O hEigeartaigh 
Committed: Thu Dec 3 15:21:50 2015 +

--
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/3aca8824/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index f9a8106..16b12ad 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -361,6 +361,7 @@ B a493fc41c1bdd5d282dac7fec57db9d01987af21
 B a5aff3e7a43274b3d47cda706aaf8108bd7a9b07
 B a5f8a4dd4d9ecbfc1f8a1a8e5bcb4af17f561cc5
 B a602c9df3e2e09855410f0e75af9b108620b7794
+B a67a0a69214717c7c92baa27f74000d5af895c83
 B a77c05fcbef3f8a0d963dd196fa1f142a975f6cd
 B a79bb058aaf71e85dcb5c90e7b2f6e4ab8e63cba
 B a7b79ea692add4f9da0f1232e3bfb338099f4147

cxf git commit: [CXF-6701] Checking field annotations on super classes

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 3aca88243 -> 3459edc0e


[CXF-6701] Checking field annotations on super classes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3459edc0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3459edc0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3459edc0

Branch: refs/heads/3.0.x-fixes
Commit: 3459edc0e80780eb501b02d162a18f2f50c4ab51
Parents: 3aca882
Author: Sergey Beryozkin 
Authored: Thu Dec 3 15:40:13 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 15:42:12 2015 +

--
 .../cxf/jaxrs/client/ClientProxyImpl.java   | 13 ++-
 .../org/apache/cxf/systest/jaxrs/BookStore.java | 24 
 2 files changed, 26 insertions(+), 11 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/3459edc0/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ClientProxyImpl.java
--
diff --git 
a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ClientProxyImpl.java 
b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ClientProxyImpl.java
index 0049f51..3a2dd9c 100644
--- 
a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ClientProxyImpl.java
+++ 
b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ClientProxyImpl.java
@@ -537,7 +537,7 @@ public class ClientProxyImpl extends AbstractClient 
implements
 }
 } else {
 String fieldName = 
StringUtils.uncapitalize(propertyName);
-Field f = 
ReflectionUtil.getDeclaredField(bean.getClass(), fieldName);
+Field f = getDeclaredField(bean.getClass(), fieldName);
 if (f == null) {
 continue;
 }
@@ -563,6 +563,17 @@ public class ClientProxyImpl extends AbstractClient 
implements
 return values;
 }
 
+private static Field getDeclaredField(Class cls, String fieldName) {
+if (cls == null || cls == Object.class) {
+return null;
+}
+Field f = ReflectionUtil.getDeclaredField(cls, fieldName);
+if (f != null) {
+return f;
+}
+return getDeclaredField(cls.getSuperclass(), fieldName);
+}
+
 private void handleMatrixes(Method m,
 Object[] params,
 MultivaluedMap map,

http://git-wip-us.apache.org/repos/asf/cxf/blob/3459edc0/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java
--
diff --git 
a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java 
b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java
index b122546..60a7341 100644
--- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java
+++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java
@@ -1775,10 +1775,22 @@ public class BookStore {
 handler);
 }
 
-public static class BookBean {
-private long id;
+public abstract static class AbstractBookBean {
 @QueryParam("id_2")
 private long id2;
+public long getId2() {
+return id2;
+}
+
+public void setId2(long id2) {
+this.id2 = id2;
+}
+}
+
+public static class BookBean extends AbstractBookBean {
+private long id;
+
+
 private long id3;
 private BookBeanNested nested;
 
@@ -1791,14 +1803,6 @@ public class BookStore {
 this.id = id;
 }
 
-public long getId2() {
-return id2;
-}
-
-public void setId2(long id2) {
-this.id2 = id2;
-}
-
 @Context
 public void setUriInfo(UriInfo ui) {
 String id3Value = ui.getQueryParameters().getFirst("id3");

cxf git commit: [CXF-6701] Checking field annotations on super classes

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/master 11dce0b37 -> 8ad8ea6ed


[CXF-6701] Checking field annotations on super classes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8ad8ea6e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8ad8ea6e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8ad8ea6e

Branch: refs/heads/master
Commit: 8ad8ea6ed5a2b722a306fb44b60e71aecc0aec14
Parents: 11dce0b
Author: Sergey Beryozkin 
Authored: Thu Dec 3 15:40:13 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 15:40:13 2015 +

--
 .../cxf/jaxrs/client/ClientProxyImpl.java   | 13 ++-
 .../org/apache/cxf/systest/jaxrs/BookStore.java | 24 
 2 files changed, 26 insertions(+), 11 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/8ad8ea6e/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ClientProxyImpl.java
--
diff --git 
a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ClientProxyImpl.java 
b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ClientProxyImpl.java
index 37b798f..4f25895 100644
--- 
a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ClientProxyImpl.java
+++ 
b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ClientProxyImpl.java
@@ -534,7 +534,7 @@ public class ClientProxyImpl extends AbstractClient 
implements
 }
 } else {
 String fieldName = 
StringUtils.uncapitalize(propertyName);
-Field f = 
ReflectionUtil.getDeclaredField(bean.getClass(), fieldName);
+Field f = getDeclaredField(bean.getClass(), fieldName);
 if (f == null) {
 continue;
 }
@@ -560,6 +560,17 @@ public class ClientProxyImpl extends AbstractClient 
implements
 return values;
 }
 
+private static Field getDeclaredField(Class cls, String fieldName) {
+if (cls == null || cls == Object.class) {
+return null;
+}
+Field f = ReflectionUtil.getDeclaredField(cls, fieldName);
+if (f != null) {
+return f;
+}
+return getDeclaredField(cls.getSuperclass(), fieldName);
+}
+
 private void handleMatrixes(Method m,
 Object[] params,
 MultivaluedMap map,

http://git-wip-us.apache.org/repos/asf/cxf/blob/8ad8ea6e/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java
--
diff --git 
a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java 
b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java
index a0d506b..4192ee1 100644
--- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java
+++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java
@@ -1775,10 +1775,22 @@ public class BookStore {
 handler);
 }
 
-public static class BookBean {
-private long id;
+public abstract static class AbstractBookBean {
 @QueryParam("id_2")
 private long id2;
+public long getId2() {
+return id2;
+}
+
+public void setId2(long id2) {
+this.id2 = id2;
+}
+}
+
+public static class BookBean extends AbstractBookBean {
+private long id;
+
+
 private long id3;
 private BookBeanNested nested;
 
@@ -1791,14 +1803,6 @@ public class BookStore {
 this.id = id;
 }
 
-public long getId2() {
-return id2;
-}
-
-public void setId2(long id2) {
-this.id2 = id2;
-}
-
 @Context
 public void setUriInfo(UriInfo ui) {
 String id3Value = ui.getQueryParameters().getFirst("id3");

cxf git commit: [CXF-6701] Checking field annotations on super classes

[sergeyb]

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes a67a0a692 -> 44316035a


[CXF-6701] Checking field annotations on super classes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/44316035
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/44316035
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/44316035

Branch: refs/heads/3.1.x-fixes
Commit: 44316035a065b648b65737e4597050dd7bff24ae
Parents: a67a0a6
Author: Sergey Beryozkin 
Authored: Thu Dec 3 15:40:13 2015 +
Committer: Sergey Beryozkin 
Committed: Thu Dec 3 15:40:55 2015 +

--
 .../cxf/jaxrs/client/ClientProxyImpl.java   | 13 ++-
 .../org/apache/cxf/systest/jaxrs/BookStore.java | 24 
 2 files changed, 26 insertions(+), 11 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/44316035/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ClientProxyImpl.java
--
diff --git 
a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ClientProxyImpl.java 
b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ClientProxyImpl.java
index 37b798f..4f25895 100644
--- 
a/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ClientProxyImpl.java
+++ 
b/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/ClientProxyImpl.java
@@ -534,7 +534,7 @@ public class ClientProxyImpl extends AbstractClient 
implements
 }
 } else {
 String fieldName = 
StringUtils.uncapitalize(propertyName);
-Field f = 
ReflectionUtil.getDeclaredField(bean.getClass(), fieldName);
+Field f = getDeclaredField(bean.getClass(), fieldName);
 if (f == null) {
 continue;
 }
@@ -560,6 +560,17 @@ public class ClientProxyImpl extends AbstractClient 
implements
 return values;
 }
 
+private static Field getDeclaredField(Class cls, String fieldName) {
+if (cls == null || cls == Object.class) {
+return null;
+}
+Field f = ReflectionUtil.getDeclaredField(cls, fieldName);
+if (f != null) {
+return f;
+}
+return getDeclaredField(cls.getSuperclass(), fieldName);
+}
+
 private void handleMatrixes(Method m,
 Object[] params,
 MultivaluedMap map,

http://git-wip-us.apache.org/repos/asf/cxf/blob/44316035/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java
--
diff --git 
a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java 
b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java
index a0d506b..4192ee1 100644
--- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java
+++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/BookStore.java
@@ -1775,10 +1775,22 @@ public class BookStore {
 handler);
 }
 
-public static class BookBean {
-private long id;
+public abstract static class AbstractBookBean {
 @QueryParam("id_2")
 private long id2;
+public long getId2() {
+return id2;
+}
+
+public void setId2(long id2) {
+this.id2 = id2;
+}
+}
+
+public static class BookBean extends AbstractBookBean {
+private long id;
+
+
 private long id3;
 private BookBeanNested nested;
 
@@ -1791,14 +1803,6 @@ public class BookStore {
 this.id = id;
 }
 
-public long getId2() {
-return id2;
-}
-
-public void setId2(long id2) {
-this.id2 = id2;
-}
-
 @Context
 public void setUriInfo(UriInfo ui) {
 String id3Value = ui.getQueryParameters().getFirst("id3");