buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4897 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
[2/2] cxf-fediz git commit: Fix broken link on error page
Fix broken link on error page Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3a723af6 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3a723af6 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3a723af6 Branch: refs/heads/master Commit: 3a723af6fa11d9f3998f92b72467b2782aa37e4a Parents: 94dc9ec Author: Jan Bernhardt Authored: Tue Jan 19 12:17:24 2016 +0100 Committer: Jan Bernhardt Committed: Wed Jan 20 06:27:33 2016 +0100 -- services/oidc/src/main/webapp/WEB-INF/views/oAuthError.jsp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3a723af6/services/oidc/src/main/webapp/WEB-INF/views/oAuthError.jsp -- diff --git a/services/oidc/src/main/webapp/WEB-INF/views/oAuthError.jsp b/services/oidc/src/main/webapp/WEB-INF/views/oAuthError.jsp index 93c96c6..51e0274 100644 --- a/services/oidc/src/main/webapp/WEB-INF/views/oAuthError.jsp +++ b/services/oidc/src/main/webapp/WEB-INF/views/oAuthError.jsp @@ -26,7 +26,7 @@ Authorization error: <%= error.getError() %> -Back to Client Registration page +Back to Client Registration page
[1/2] cxf-fediz git commit: [FEDIZ-144] Added Spring EL support for HomeRealm Discovery
Repository: cxf-fediz
Updated Branches:
refs/heads/master 94dc9ec91 -> 7b2f203e1
[FEDIZ-144] Added Spring EL support for HomeRealm Discovery
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/7b2f203e
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/7b2f203e
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/7b2f203e
Branch: refs/heads/master
Commit: 7b2f203e13aedf9fbffeaae273222b7380f7e92b
Parents: 3a723af
Author: Jan Bernhardt
Authored: Tue Jan 19 12:19:48 2016 +0100
Committer: Jan Bernhardt
Committed: Wed Jan 20 06:27:33 2016 +0100
--
.../idp/beans/ProcessHRDSExpressionAction.java | 40 ++
.../idp/src/main/resources/entities-realma.xml | 9 ++--
.../WEB-INF/flows/federation-signin-request.xml | 44 +---
3 files changed, 48 insertions(+), 45 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7b2f203e/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java
--
diff --git
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java
index e7a9296..088af6c 100644
---
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java
+++
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java
@@ -18,10 +18,17 @@
*/
package org.apache.cxf.fediz.service.idp.beans;
+import javax.servlet.http.Cookie;
+
+import org.apache.cxf.fediz.core.FederationConstants;
import org.apache.cxf.fediz.service.idp.domain.Idp;
import org.apache.cxf.fediz.service.idp.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.expression.Expression;
+import org.springframework.expression.ExpressionParser;
+import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.stereotype.Component;
import org.springframework.webflow.execution.RequestContext;
@@ -32,17 +39,36 @@ import org.springframework.webflow.execution.RequestContext;
public class ProcessHRDSExpressionAction {
private static final String IDP_CONFIG = "idpConfig";
+
private static final Logger LOG =
LoggerFactory.getLogger(ProcessHRDSExpressionAction.class);
+@Autowired
+private HomeRealmReminder homeRealmReminder;
+
public String submit(RequestContext context) {
+// Check if home realm is known already
+Cookie whrCookie = homeRealmReminder.readCookie(context);
+if (whrCookie != null) {
+LOG.debug("WHR Cookie set: {}", whrCookie);
+return whrCookie.getValue();
+}
+
+// Check if custom HRDS is defined
Idp idpConfig = (Idp)WebUtils.getAttributeFromFlowScope(context,
IDP_CONFIG);
String hrds = idpConfig.getHrds();
-//TODO
-if (hrds == null) {
-LOG.info("HRDS is null (Mock).");
-return "";
+
+if (hrds != null) {
+LOG.debug("HomeRealmDiscoveryService EL: {}", hrds);
+ExpressionParser parser = new SpelExpressionParser();
+Expression exp = parser.parseExpression(hrds);
+String result = exp.getValue(context, String.class);
+LOG.info("Realm resolved by HomeRealmDiscoveryService: {}",
result);
+return result;
}
-LOG.info("HRDS is not null (Mock).");
-return "some-whr-value";
+
+// Return whr parameter unchanged
+String whr = (String)WebUtils.getAttributeFromFlowScope(context,
FederationConstants.PARAM_HOME_REALM);
+LOG.debug("No custom homeRealm handling, using whr parameter as
provided in request: {}", whr);
+return whr;
}
-}
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7b2f203e/services/idp/src/main/resources/entities-realma.xml
--
diff --git a/services/idp/src/main/resources/entities-realma.xml
b/services/idp/src/main/resources/entities-realma.xml
index a6b43d6..01969a6 100644
--- a/services/idp/src/main/resources/entities-realma.xml
+++ b/services/idp/src/main/resources/entities-realma.xml
@@ -38,10 +38,8 @@
-http://docs.oasis-open.org/wsfed/federation/200706
-
-http://docs.oasis-open.org/ws-sx/ws-trust/200512
-
+
http://docs.oasis-open.org/wsfed/federation/200706
+http://docs.oas
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4894 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4892 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4888 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
cxf git commit: adding another test case for wsam-2007/05 namespace
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes c9286efa3 -> e792331d7
adding another test case for wsam-2007/05 namespace
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e792331d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e792331d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e792331d
Branch: refs/heads/3.0.x-fixes
Commit: e792331d75fbcebfb865f2fe2b382be817c52467
Parents: c9286ef
Author: Akitoshi Yoshida
Authored: Tue Jan 19 13:28:55 2016 +0100
Committer: Akitoshi Yoshida
Committed: Tue Jan 19 19:05:52 2016 +0100
--
.../ws/policy/NestedAddressingPolicyTest.java | 33 +++-
1 file changed, 32 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/e792331d/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java
--
diff --git
a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java
b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java
index dd6e63e..8890e07 100644
---
a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java
+++
b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java
@@ -33,6 +33,8 @@ import org.apache.cxf.interceptor.LoggingInInterceptor;
import org.apache.cxf.interceptor.LoggingOutInterceptor;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.ws.addressing.impl.MAPAggregatorImpl;
+import org.apache.cxf.ws.addressing.soap.MAPCodec;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -82,7 +84,7 @@ public class NestedAddressingPolicyTest extends
AbstractBusClientServerTestBase
}
@Test
-public void greetMe() throws Exception {
+public void greetMe() throws Exception {
// use a plain client
@@ -110,4 +112,33 @@ public class NestedAddressingPolicyTest extends
AbstractBusClientServerTestBase
}
((Closeable)greeter).close();
}
+
+@Test
+public void greetMeWSA() throws Exception {
+// use a wsa-enabled client
+
+SpringBusFactory bf = new SpringBusFactory();
+bus = bf.createBus();
+BusFactory.setDefaultBus(bus);
+
+BasicGreeterService gs = new BasicGreeterService();
+final Greeter greeter = gs.getGreeterPort();
+
+updateAddressPort(greeter, PORT);
+LoggingInInterceptor in = new LoggingInInterceptor();
+LoggingOutInterceptor out = new LoggingOutInterceptor();
+MAPCodec mapCodec = new MAPCodec();
+MAPAggregatorImpl mapAggregator = new MAPAggregatorImpl();
+
+bus.getInInterceptors().add(in);
+bus.getInInterceptors().add(mapCodec);
+bus.getInInterceptors().add(mapAggregator);
+bus.getOutInterceptors().add(out);
+bus.getOutInterceptors().add(mapCodec);
+bus.getOutInterceptors().add(mapAggregator);
+
+String s = greeter.greetMe("mytest");
+assertEquals("MYTEST", s);
+((Closeable)greeter).close();
+}
}
\ No newline at end of file
cxf git commit: adding another test case for wsam-2007/05 namespace
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes f50ef4210 -> 737202fa0
adding another test case for wsam-2007/05 namespace
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/737202fa
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/737202fa
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/737202fa
Branch: refs/heads/3.1.x-fixes
Commit: 737202fa09b75c1bf1e8668ff40d4b2cb41ea141
Parents: f50ef42
Author: Akitoshi Yoshida
Authored: Tue Jan 19 13:28:55 2016 +0100
Committer: Akitoshi Yoshida
Committed: Tue Jan 19 19:05:10 2016 +0100
--
.../ws/policy/NestedAddressingPolicyTest.java | 33 +++-
1 file changed, 32 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/737202fa/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java
--
diff --git
a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java
b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java
index dd6e63e..8890e07 100644
---
a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java
+++
b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java
@@ -33,6 +33,8 @@ import org.apache.cxf.interceptor.LoggingInInterceptor;
import org.apache.cxf.interceptor.LoggingOutInterceptor;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.ws.addressing.impl.MAPAggregatorImpl;
+import org.apache.cxf.ws.addressing.soap.MAPCodec;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -82,7 +84,7 @@ public class NestedAddressingPolicyTest extends
AbstractBusClientServerTestBase
}
@Test
-public void greetMe() throws Exception {
+public void greetMe() throws Exception {
// use a plain client
@@ -110,4 +112,33 @@ public class NestedAddressingPolicyTest extends
AbstractBusClientServerTestBase
}
((Closeable)greeter).close();
}
+
+@Test
+public void greetMeWSA() throws Exception {
+// use a wsa-enabled client
+
+SpringBusFactory bf = new SpringBusFactory();
+bus = bf.createBus();
+BusFactory.setDefaultBus(bus);
+
+BasicGreeterService gs = new BasicGreeterService();
+final Greeter greeter = gs.getGreeterPort();
+
+updateAddressPort(greeter, PORT);
+LoggingInInterceptor in = new LoggingInInterceptor();
+LoggingOutInterceptor out = new LoggingOutInterceptor();
+MAPCodec mapCodec = new MAPCodec();
+MAPAggregatorImpl mapAggregator = new MAPAggregatorImpl();
+
+bus.getInInterceptors().add(in);
+bus.getInInterceptors().add(mapCodec);
+bus.getInInterceptors().add(mapAggregator);
+bus.getOutInterceptors().add(out);
+bus.getOutInterceptors().add(mapCodec);
+bus.getOutInterceptors().add(mapAggregator);
+
+String s = greeter.greetMe("mytest");
+assertEquals("MYTEST", s);
+((Closeable)greeter).close();
+}
}
\ No newline at end of file
cxf git commit: remove unused code for handling wsa-2007/05 namespace
Repository: cxf
Updated Branches:
refs/heads/master 656662827 -> b0227b307
remove unused code for handling wsa-2007/05 namespace
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b0227b30
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b0227b30
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b0227b30
Branch: refs/heads/master
Commit: b0227b307c453a750215c59438a896afaccb333b
Parents: 6566628
Author: Akitoshi Yoshida
Authored: Tue Jan 19 19:01:54 2016 +0100
Committer: Akitoshi Yoshida
Committed: Tue Jan 19 19:03:56 2016 +0100
--
.../apache/cxf/ws/addressing/impl/MAPAggregatorImpl.java | 11 ++-
1 file changed, 2 insertions(+), 9 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/b0227b30/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/MAPAggregatorImpl.java
--
diff --git
a/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/MAPAggregatorImpl.java
b/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/MAPAggregatorImpl.java
index afa174e..7e166b2 100644
---
a/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/MAPAggregatorImpl.java
+++
b/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/MAPAggregatorImpl.java
@@ -301,12 +301,10 @@ public class MAPAggregatorImpl extends MAPAggregator {
for (QName type : types) {
assertAssertion(aim, type);
+// ADDRESSING_ASSERTION is normalized, so check only the default
namespace
if (type.equals(MetadataConstants.ADDRESSING_ASSERTION_QNAME)) {
assertAssertion(aim,
MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME);
assertAssertion(aim,
MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME);
-} else if
(type.equals(MetadataConstants.ADDRESSING_ASSERTION_QNAME_0705)) {
-assertAssertion(aim,
MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME_0705);
-assertAssertion(aim,
MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME_0705);
}
}
}
@@ -340,18 +338,13 @@ public class MAPAggregatorImpl extends MAPAggregator {
for (QName type : types) {
assertAssertion(aim, type);
+// ADDRESSING_ASSERTION is normalized, so check only the default
namespace
if (type.equals(MetadataConstants.ADDRESSING_ASSERTION_QNAME)) {
if (onlyAnonymous) {
assertAssertion(aim,
MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME);
} else if (!hasAnonymous) {
assertAssertion(aim,
MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME);
}
-} else if
(type.equals(MetadataConstants.ADDRESSING_ASSERTION_QNAME_0705)) {
-if (onlyAnonymous) {
-assertAssertion(aim,
MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME_0705);
-} else if (!hasAnonymous) {
-assertAssertion(aim,
MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME_0705);
-}
}
}
if (!MessageUtils.isRequestor(message) &&
!MessageUtils.isOutbound(message)) {
cxf git commit: Fixing merge
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes 70ddd1dab -> c9286efa3
Fixing merge
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c9286efa
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c9286efa
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c9286efa
Branch: refs/heads/3.0.x-fixes
Commit: c9286efa3645e059f1397a52f6c84dbceeac6f8f
Parents: 70ddd1d
Author: Colm O hEigeartaigh
Authored: Tue Jan 19 17:04:08 2016 +
Committer: Colm O hEigeartaigh
Committed: Tue Jan 19 17:04:08 2016 +
--
.../jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java | 8
1 file changed, 4 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/c9286efa/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java
--
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java
index 660d505..20f17a0 100644
---
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java
@@ -57,12 +57,12 @@ public class OAuthDataProviderImpl extends
DefaultEHCacheCodeDataProvider {
return Collections.emptyList();
}
-List permissions = new ArrayList<>();
+List permissions = new ArrayList();
for (String requestedScope : requestedScopes) {
if ("read_book".equals(requestedScope)) {
OAuthPermission permission = new OAuthPermission();
permission.setHttpVerbs(Collections.singletonList("GET"));
-List uris = new ArrayList<>();
+List uris = new ArrayList();
String partnerAddress = "/secured/bookstore/books/*";
uris.add(partnerAddress);
permission.setUris(uris);
@@ -71,7 +71,7 @@ public class OAuthDataProviderImpl extends
DefaultEHCacheCodeDataProvider {
} else if ("create_book".equals(requestedScope)) {
OAuthPermission permission = new OAuthPermission();
permission.setHttpVerbs(Collections.singletonList("POST"));
-List uris = new ArrayList<>();
+List uris = new ArrayList();
String partnerAddress = "/secured/bookstore/books/*";
uris.add(partnerAddress);
permission.setUris(uris);
@@ -84,4 +84,4 @@ public class OAuthDataProviderImpl extends
DefaultEHCacheCodeDataProvider {
return permissions;
}
-}
\ No newline at end of file
+}
cxf git commit: Adding an initial OAuth 2.0 system test for the filters
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes e90072c74 -> 70ddd1dab
Adding an initial OAuth 2.0 system test for the filters
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/70ddd1da
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/70ddd1da
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/70ddd1da
Branch: refs/heads/3.0.x-fixes
Commit: 70ddd1dabb781961dcc17a4c96a0f641c8b0670a
Parents: e90072c
Author: Colm O hEigeartaigh
Authored: Tue Jan 19 16:59:14 2016 +
Committer: Colm O hEigeartaigh
Committed: Tue Jan 19 17:01:36 2016 +
--
.../oauth2/filters/BookServerOAuth2Filters.java | 48 ++
.../oauth2/filters/BookServerOAuth2Service.java | 48 ++
.../oauth2/filters/OAuth2FiltersTest.java | 164 +++
.../oauth2/filters/OAuthDataProviderImpl.java | 87 ++
.../jaxrs/security/oauth2/filters/client.xml| 38 +
.../security/oauth2/filters/filters-server.xml | 121 ++
.../security/oauth2/filters/oauth20-server.xml | 112 +
7 files changed, 618 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/70ddd1da/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java
--
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java
new file mode 100644
index 000..4a2cade
--- /dev/null
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.oauth2.filters;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.testutil.common.TestUtil;
+
+public class BookServerOAuth2Filters extends AbstractBusTestServerBase {
+public static final String PORT =
TestUtil.getPortNumber("jaxrs-oauth2-filters");
+private static final URL SERVER_CONFIG_FILE =
+BookServerOAuth2Filters.class.getResource("filters-server.xml");
+
+protected void run() {
+SpringBusFactory bf = new SpringBusFactory();
+Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+BusFactory.setDefaultBus(springBus);
+setBus(springBus);
+
+try {
+new BookServerOAuth2Filters();
+} catch (Exception e) {
+throw new RuntimeException(e);
+}
+}
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/70ddd1da/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java
--
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java
new file mode 100644
index 000..f091609
--- /dev/null
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Un
cxf git commit: Adding an initial OAuth 2.0 system test for the filters
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes cb5211ec6 -> f50ef4210
Adding an initial OAuth 2.0 system test for the filters
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f50ef421
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f50ef421
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f50ef421
Branch: refs/heads/3.1.x-fixes
Commit: f50ef42100339e48cb4f9dd2c57145014498a3cb
Parents: cb5211e
Author: Colm O hEigeartaigh
Authored: Tue Jan 19 16:59:14 2016 +
Committer: Colm O hEigeartaigh
Committed: Tue Jan 19 16:59:58 2016 +
--
.../oauth2/filters/BookServerOAuth2Filters.java | 48 ++
.../oauth2/filters/BookServerOAuth2Service.java | 48 ++
.../oauth2/filters/OAuth2FiltersTest.java | 164 +++
.../oauth2/filters/OAuthDataProviderImpl.java | 87 ++
.../jaxrs/security/oauth2/filters/client.xml| 38 +
.../security/oauth2/filters/filters-server.xml | 121 ++
.../security/oauth2/filters/oauth20-server.xml | 112 +
7 files changed, 618 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/f50ef421/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java
--
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java
new file mode 100644
index 000..4a2cade
--- /dev/null
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.oauth2.filters;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.testutil.common.TestUtil;
+
+public class BookServerOAuth2Filters extends AbstractBusTestServerBase {
+public static final String PORT =
TestUtil.getPortNumber("jaxrs-oauth2-filters");
+private static final URL SERVER_CONFIG_FILE =
+BookServerOAuth2Filters.class.getResource("filters-server.xml");
+
+protected void run() {
+SpringBusFactory bf = new SpringBusFactory();
+Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+BusFactory.setDefaultBus(springBus);
+setBus(springBus);
+
+try {
+new BookServerOAuth2Filters();
+} catch (Exception e) {
+throw new RuntimeException(e);
+}
+}
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/f50ef421/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java
--
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java
new file mode 100644
index 000..f091609
--- /dev/null
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Un
cxf git commit: Adding an initial OAuth 2.0 system test for the filters
Repository: cxf
Updated Branches:
refs/heads/master 0e2647c07 -> 656662827
Adding an initial OAuth 2.0 system test for the filters
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/65666282
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/65666282
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/65666282
Branch: refs/heads/master
Commit: 656662827f8ff76025c7aae49fabf552192c3453
Parents: 0e2647c
Author: Colm O hEigeartaigh
Authored: Tue Jan 19 16:59:14 2016 +
Committer: Colm O hEigeartaigh
Committed: Tue Jan 19 16:59:14 2016 +
--
.../oauth2/filters/BookServerOAuth2Filters.java | 48 ++
.../oauth2/filters/BookServerOAuth2Service.java | 48 ++
.../oauth2/filters/OAuth2FiltersTest.java | 164 +++
.../oauth2/filters/OAuthDataProviderImpl.java | 87 ++
.../jaxrs/security/oauth2/filters/client.xml| 38 +
.../security/oauth2/filters/filters-server.xml | 121 ++
.../security/oauth2/filters/oauth20-server.xml | 112 +
7 files changed, 618 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/65666282/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java
--
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java
new file mode 100644
index 000..4a2cade
--- /dev/null
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.oauth2.filters;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.testutil.common.TestUtil;
+
+public class BookServerOAuth2Filters extends AbstractBusTestServerBase {
+public static final String PORT =
TestUtil.getPortNumber("jaxrs-oauth2-filters");
+private static final URL SERVER_CONFIG_FILE =
+BookServerOAuth2Filters.class.getResource("filters-server.xml");
+
+protected void run() {
+SpringBusFactory bf = new SpringBusFactory();
+Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+BusFactory.setDefaultBus(springBus);
+setBus(springBus);
+
+try {
+new BookServerOAuth2Filters();
+} catch (Exception e) {
+throw new RuntimeException(e);
+}
+}
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/65666282/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java
--
diff --git
a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java
new file mode 100644
index 000..f091609
--- /dev/null
+++
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless requi
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4881 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
cxf-fediz git commit: Making sure completely custom OAuth and ClientReg providers can be registered
Repository: cxf-fediz
Updated Branches:
refs/heads/master e4956f9ec -> 94dc9ec91
Making sure completely custom OAuth and ClientReg providers can be registered
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/94dc9ec9
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/94dc9ec9
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/94dc9ec9
Branch: refs/heads/master
Commit: 94dc9ec91634436a03202a8946bbb595662eda82
Parents: e4956f9
Author: Sergey Beryozkin
Authored: Tue Jan 19 15:18:31 2016 +
Committer: Sergey Beryozkin
Committed: Tue Jan 19 15:18:31 2016 +
--
.../service/oidc/ClientRegistrationService.java | 50 +---
.../main/webapp/WEB-INF/applicationContext.xml | 1 +
2 files changed, 35 insertions(+), 16 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/94dc9ec9/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
--
diff --git
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
index 66932eb..4d22ac0 100644
---
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
+++
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
@@ -43,6 +43,9 @@ import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import
org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rt.security.crypto.CryptoUtils;
@@ -50,7 +53,8 @@ import org.apache.cxf.rt.security.crypto.CryptoUtils;
public class ClientRegistrationService {
private Map> registrations = new
ConcurrentHashMap>();
-private OAuthDataManager manager;
+private OAuthDataProvider dataProvider;
+private ClientRegistrationProvider clientProvider;
private Map homeRealms = new LinkedHashMap();
private boolean protectIdTokenWithClientSecret;
private Map clientScopes;
@@ -94,7 +98,7 @@ public class ClientRegistrationService {
for (Iterator it = clients.iterator(); it.hasNext();) {
Client c = it.next();
if (c.getClientId().equals(id)) {
-manager.removeClient(id);
+clientProvider.removeClient(id);
it.remove();
break;
}
@@ -110,7 +114,7 @@ public class ClientRegistrationService {
if (c.isConfidential()) {
c.setClientSecret(generateClientSecret());
}
-manager.setClient(c);
+clientProvider.setClient(c);
return c;
}
@@ -124,8 +128,8 @@ public class ClientRegistrationService {
protected ClientTokens doGetClientIssuedTokens(Client c) {
return new ClientTokens(c,
- manager.getAccessTokens(c),
- manager.getRefreshTokens(c));
+ dataProvider.getAccessTokens(c),
+ dataProvider.getRefreshTokens(c));
}
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@@ -149,7 +153,7 @@ public class ClientRegistrationService {
String tokenId,
String tokenType) {
Client c = getRegisteredClient(clientId);
-manager.revokeToken(c, tokenId, tokenType);
+dataProvider.revokeToken(c, tokenId, tokenType);
return doGetClientIssuedTokens(c);
}
@@ -157,8 +161,11 @@ public class ClientRegistrationService {
@Produces(MediaType.TEXT_HTML)
@Path("/{id}/codes")
public ClientCodeGrants getClientCodeGrants(@PathParam("id") String id) {
-Client c = getRegisteredClient(id);
-return new ClientCodeGrants(c, manager.getCodeGrants(c));
+if (dataProvider instanceof AuthorizationCodeDataProvider) {
+Client c = getRegisteredClient(id);
+return new ClientCodeGrants(c,
((AuthorizationCodeDataProvider)dataProvider).getCodeGrants(c));
+}
+return null;
}
@POST
@@ -167,8 +174,11 @@ public class ClientRegistrationService {
@Path("/{id}/codes/{code}/revoke")
public Cl
cxf-fediz git commit: Fixing some issues with the POST binding for SAML SSO
Repository: cxf-fediz
Updated Branches:
refs/heads/master 941e81db3 -> e4956f9ec
Fixing some issues with the POST binding for SAML SSO
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e4956f9e
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e4956f9e
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e4956f9e
Branch: refs/heads/master
Commit: e4956f9ecf58ebc40a1fc7232d89bd3f6c15a138
Parents: 941e81d
Author: Colm O hEigeartaigh
Authored: Tue Jan 19 14:50:08 2016 +
Committer: Colm O hEigeartaigh
Committed: Tue Jan 19 14:50:54 2016 +
--
.../TrustedIdpSAMLProtocolHandler.java | 24 ++--
1 file changed, 22 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e4956f9e/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
--
diff --git
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index 47200a1..a9448cc 100644
---
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -57,10 +57,12 @@ import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
import org.apache.cxf.rs.security.saml.sso.AuthnRequestBuilder;
import org.apache.cxf.rs.security.saml.sso.DefaultAuthnRequestBuilder;
+import org.apache.cxf.rs.security.saml.sso.EHCacheTokenReplayCache;
import org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator;
import org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator;
import org.apache.cxf.rs.security.saml.sso.SSOConstants;
import org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse;
+import org.apache.cxf.rs.security.saml.sso.TokenReplayCache;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.wss4j.common.crypto.CertificateStore;
@@ -116,6 +118,7 @@ public class TrustedIdpSAMLProtocolHandler implements
TrustedIdpProtocolHandler
private static final String SAML_SSO_REQUEST_ID = "saml-sso-request-id";
private AuthnRequestBuilder authnRequestBuilder = new
DefaultAuthnRequestBuilder();
+private TokenReplayCache replayCache;
static {
OpenSAMLUtil.initSamlEngine();
@@ -430,14 +433,20 @@ public class TrustedIdpSAMLProtocolHandler implements
TrustedIdpProtocolHandler
isPropertyConfigured(trustedIdp, REQUIRE_SIGNED_ASSERTIONS,
true));
ssoResponseValidator.setEnforceKnownIssuer(
isPropertyConfigured(trustedIdp, REQUIRE_KNOWN_ISSUER, true));
+
+HttpServletRequest httpServletRequest =
WebUtils.getHttpServletRequest(requestContext);
+boolean post = "POST".equals(httpServletRequest.getMethod());
+if (post) {
+ssoResponseValidator.setReplayCache(getReplayCache());
+}
-return ssoResponseValidator.validateSamlResponse(samlResponse,
false);
+return ssoResponseValidator.validateSamlResponse(samlResponse,
post);
} catch (WSSecurityException ex) {
LOG.debug(ex.getMessage(), ex);
throw ExceptionUtils.toBadRequestException(ex, null);
}
}
-
+
// Is a property configured. Defaults to "true" if not
private boolean isPropertyConfigured(TrustedIdp trustedIdp, String
property, boolean defaultValue) {
Map parameters = trustedIdp.getParameters();
@@ -448,4 +457,15 @@ public class TrustedIdpSAMLProtocolHandler implements
TrustedIdpProtocolHandler
return defaultValue;
}
+
+public void setReplayCache(TokenReplayCache replayCache) {
+this.replayCache = replayCache;
+}
+
+public TokenReplayCache getReplayCache() {
+if (replayCache == null) {
+replayCache = new EHCacheTokenReplayCache();
+}
+return replayCache;
+}
}
cxf-fediz git commit: Fixing some issues with the POST binding for SAML SSO
Repository: cxf-fediz
Updated Branches:
refs/heads/1.2.x-fixes 7584a0c30 -> 4bea6a111
Fixing some issues with the POST binding for SAML SSO
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/4bea6a11
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/4bea6a11
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/4bea6a11
Branch: refs/heads/1.2.x-fixes
Commit: 4bea6a1116112bf23bbe71689d606c9026ef9a84
Parents: 7584a0c
Author: Colm O hEigeartaigh
Authored: Tue Jan 19 14:50:08 2016 +
Committer: Colm O hEigeartaigh
Committed: Tue Jan 19 14:51:09 2016 +
--
.../TrustedIdpSAMLProtocolHandler.java | 24 ++--
1 file changed, 22 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4bea6a11/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
--
diff --git
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
index e55a372..713dccb 100644
---
a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
+++
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java
@@ -57,10 +57,12 @@ import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
import org.apache.cxf.rs.security.saml.sso.AuthnRequestBuilder;
import org.apache.cxf.rs.security.saml.sso.DefaultAuthnRequestBuilder;
+import org.apache.cxf.rs.security.saml.sso.EHCacheTokenReplayCache;
import org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator;
import org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator;
import org.apache.cxf.rs.security.saml.sso.SSOConstants;
import org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse;
+import org.apache.cxf.rs.security.saml.sso.TokenReplayCache;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.wss4j.common.crypto.CertificateStore;
@@ -116,6 +118,7 @@ public class TrustedIdpSAMLProtocolHandler implements
TrustedIdpProtocolHandler
private static final String SAML_SSO_REQUEST_ID = "saml-sso-request-id";
private AuthnRequestBuilder authnRequestBuilder = new
DefaultAuthnRequestBuilder();
+private TokenReplayCache replayCache;
static {
OpenSAMLUtil.initSamlEngine();
@@ -430,14 +433,20 @@ public class TrustedIdpSAMLProtocolHandler implements
TrustedIdpProtocolHandler
isPropertyConfigured(trustedIdp, REQUIRE_SIGNED_ASSERTIONS,
true));
ssoResponseValidator.setEnforceKnownIssuer(
isPropertyConfigured(trustedIdp, REQUIRE_KNOWN_ISSUER, true));
+
+HttpServletRequest httpServletRequest =
WebUtils.getHttpServletRequest(requestContext);
+boolean post = "POST".equals(httpServletRequest.getMethod());
+if (post) {
+ssoResponseValidator.setReplayCache(getReplayCache());
+}
-return ssoResponseValidator.validateSamlResponse(samlResponse,
false);
+return ssoResponseValidator.validateSamlResponse(samlResponse,
post);
} catch (WSSecurityException ex) {
LOG.debug(ex.getMessage(), ex);
throw ExceptionUtils.toBadRequestException(ex, null);
}
}
-
+
// Is a property configured. Defaults to "true" if not
private boolean isPropertyConfigured(TrustedIdp trustedIdp, String
property, boolean defaultValue) {
Map parameters = trustedIdp.getParameters();
@@ -448,4 +457,15 @@ public class TrustedIdpSAMLProtocolHandler implements
TrustedIdpProtocolHandler
return defaultValue;
}
+
+public void setReplayCache(TokenReplayCache replayCache) {
+this.replayCache = replayCache;
+}
+
+public TokenReplayCache getReplayCache() {
+if (replayCache == null) {
+replayCache = new EHCacheTokenReplayCache();
+}
+return replayCache;
+}
}
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4879 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
cxf-fediz git commit: Further simplifying OAuthDataManager code
Repository: cxf-fediz
Updated Branches:
refs/heads/master c820b5a5e -> 941e81db3
Further simplifying OAuthDataManager code
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/941e81db
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/941e81db
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/941e81db
Branch: refs/heads/master
Commit: 941e81db3e6577d2096578eaa294b15f5ca59a69
Parents: c820b5a
Author: Sergey Beryozkin
Authored: Tue Jan 19 13:24:08 2016 +
Committer: Sergey Beryozkin
Committed: Tue Jan 19 13:24:08 2016 +
--
.../fediz/service/oidc/OAuthDataManager.java| 36 ++--
.../main/webapp/WEB-INF/applicationContext.xml | 2 +-
.../src/main/webapp/WEB-INF/data-manager.xml| 13 +--
3 files changed, 15 insertions(+), 36 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/941e81db/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
--
diff --git
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
index f8d7584..3f9b955 100644
---
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
+++
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java
@@ -19,13 +19,10 @@
package org.apache.cxf.fediz.service.oidc;
import java.security.Principal;
-import java.util.List;
-import java.util.Map;
import org.apache.cxf.fediz.core.FedizPrincipal;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import
org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
@@ -35,7 +32,6 @@ import
org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oidc.common.IdToken;
import org.apache.cxf.rs.security.oidc.idp.OidcUserSubject;
-import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
public class OAuthDataManager extends DefaultEHCacheCodeDataProvider {
private SamlTokenConverter tokenConverter = new SamlTokenConverter();
@@ -65,14 +61,6 @@ public class OAuthDataManager extends
DefaultEHCacheCodeDataProvider {
return token;
}
-@Override
-public List convertScopeToPermissions(Client client,
List requestedScopes) {
-if (!requestedScopes.contains(OidcUtils.OPENID_SCOPE)) {
-throw new OAuthServiceException("Required scope is missing");
-}
-return super.convertScopeToPermissions(client, requestedScopes);
-}
-
protected OidcUserSubject createOidcSubject(Client client, UserSubject
subject) {
Principal principal =
getMessageContext().getSecurityContext().getUserPrincipal();
@@ -85,33 +73,15 @@ public class OAuthDataManager extends
DefaultEHCacheCodeDataProvider {
fedizPrincipal.getClaims(),
client.getClientId());
-//TODO: Consider populating UserInfo at this point too, with UserInfo
having few more claims
-// from the claims collection, and setting it on OidcUserSubject
-
OidcUserSubject oidcSub = new OidcUserSubject(subject);
oidcSub.setIdToken(idToken);
+// UserInfo can be populated and set on OidcUserSubject too.
+
+
return oidcSub;
}
public void setTokenConverter(SamlTokenConverter tokenConverter) {
this.tokenConverter = tokenConverter;
}
-
-@Override
-public void init() {
-super.init();
-Map perms = super.getPermissionMap();
-if (!perms.containsKey(OidcUtils.OPENID_SCOPE)) {
-perms.put(OidcUtils.OPENID_SCOPE,
-new OAuthPermission(OidcUtils.OPENID_SCOPE, "Access the
authentication claims"));
-}
-perms.get(OidcUtils.OPENID_SCOPE).setDefault(true);
-
-if (!perms.containsKey(OAuthConstants.REFRESH_TOKEN_SCOPE)) {
-perms.put(OAuthConstants.REFRESH_TOKEN_SCOPE,
-new OAuthPermission(OAuthConstants.REFRESH_TOKEN_SCOPE,
"Refresh access tokens"));
-}
-
perms.get(OAuthConstants.REFRESH_TOKEN_SCOPE).setInvisibleToClient(true);
-
-}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/941e81db/ser
[2/2] cxf-fediz git commit: Updating Spring security plugin to Spring 3.2
Updating Spring security plugin to Spring 3.2 Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/c820b5a5 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/c820b5a5 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/c820b5a5 Branch: refs/heads/master Commit: c820b5a5ef5a4cbd312b752bbfe2c6446f672fd9 Parents: 1f3ca8a Author: Colm O hEigeartaigh Authored: Tue Jan 19 12:06:58 2016 + Committer: Colm O hEigeartaigh Committed: Tue Jan 19 12:06:58 2016 + -- pom.xml| 2 +- services/idp/pom.xml | 1 + .../src/main/webapp/WEB-INF/applicationContext-security.xml| 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c820b5a5/pom.xml -- diff --git a/pom.xml b/pom.xml index bbba1aa..c4f5423 100644 --- a/pom.xml +++ b/pom.xml @@ -62,7 +62,7 @@ 2.5 1.7.13 4.1.7.RELEASE -3.1.7.RELEASE +3.2.9.RELEASE 7.0.65 8.0.30 2.1.4 http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c820b5a5/services/idp/pom.xml -- diff --git a/services/idp/pom.xml b/services/idp/pom.xml index c1fa70f..9b68184 100644 --- a/services/idp/pom.xml +++ b/services/idp/pom.xml @@ -31,6 +31,7 @@ 2.1.0 +3.1.7.RELEASE http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c820b5a5/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml -- diff --git a/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml b/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml index 76061a5..2f5a518 100644 --- a/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml +++ b/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml @@ -23,7 +23,7 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:context="http://www.springframework.org/schema/context"; xmlns:util="http://www.springframework.org/schema/util"; -xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd +xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd";>
[1/2] cxf-fediz git commit: Updating Spring LogoutFilter to work with Spring 3.2
Repository: cxf-fediz
Updated Branches:
refs/heads/master 445e34089 -> c820b5a5e
Updating Spring LogoutFilter to work with Spring 3.2
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/1f3ca8a9
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/1f3ca8a9
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/1f3ca8a9
Branch: refs/heads/master
Commit: 1f3ca8a96f6c6fb03fa3529ddaae98f86170de41
Parents: 445e340
Author: Colm O hEigeartaigh
Authored: Tue Jan 19 12:06:43 2016 +
Committer: Colm O hEigeartaigh
Committed: Tue Jan 19 12:06:43 2016 +
--
.../apache/cxf/fediz/spring/web/FederationLogoutFilter.java | 8 ++--
1 file changed, 2 insertions(+), 6 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1f3ca8a9/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
--
diff --git
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
index 2e02460..f8f3f3a 100644
---
a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
+++
b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java
@@ -26,6 +26,7 @@ import org.springframework.beans.factory.annotation.Required;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import
org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
public class FederationLogoutFilter extends LogoutFilter {
@@ -51,17 +52,12 @@ public class FederationLogoutFilter extends LogoutFilter {
this.logoutUrl =
federationConfig.getFedizContext(contextName).getLogoutURL();
}
if (this.logoutUrl != null && !this.logoutUrl.isEmpty()) {
-super.setFilterProcessesUrl(this.logoutUrl);
+super.setLogoutRequestMatcher(new
AntPathRequestMatcher(logoutUrl));
return super.requiresLogout(request, response);
}
return false;
}
-public void setFilterProcessesUrl(String filterProcessesUrl) {
-throw new UnsupportedOperationException(
-"setFilterProcessesUrl() unsupported. Use fediz config to
configure logout url");
-}
-
protected String getFilterProcessesUrl() {
return this.logoutUrl;
}
cxf git commit: adding another test case for wsam-2007/05 namespace
Repository: cxf
Updated Branches:
refs/heads/master a494f3f4c -> 0e2647c07
adding another test case for wsam-2007/05 namespace
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0e2647c0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0e2647c0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0e2647c0
Branch: refs/heads/master
Commit: 0e2647c078b2ee427979cb76abb63afe3fe4f939
Parents: a494f3f
Author: Akitoshi Yoshida
Authored: Tue Jan 19 13:28:55 2016 +0100
Committer: Akitoshi Yoshida
Committed: Tue Jan 19 13:35:12 2016 +0100
--
.../ws/policy/NestedAddressingPolicyTest.java | 33 +++-
1 file changed, 32 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/0e2647c0/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java
--
diff --git
a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java
b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java
index dd6e63e..8890e07 100644
---
a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java
+++
b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java
@@ -33,6 +33,8 @@ import org.apache.cxf.interceptor.LoggingInInterceptor;
import org.apache.cxf.interceptor.LoggingOutInterceptor;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.ws.addressing.impl.MAPAggregatorImpl;
+import org.apache.cxf.ws.addressing.soap.MAPCodec;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -82,7 +84,7 @@ public class NestedAddressingPolicyTest extends
AbstractBusClientServerTestBase
}
@Test
-public void greetMe() throws Exception {
+public void greetMe() throws Exception {
// use a plain client
@@ -110,4 +112,33 @@ public class NestedAddressingPolicyTest extends
AbstractBusClientServerTestBase
}
((Closeable)greeter).close();
}
+
+@Test
+public void greetMeWSA() throws Exception {
+// use a wsa-enabled client
+
+SpringBusFactory bf = new SpringBusFactory();
+bus = bf.createBus();
+BusFactory.setDefaultBus(bus);
+
+BasicGreeterService gs = new BasicGreeterService();
+final Greeter greeter = gs.getGreeterPort();
+
+updateAddressPort(greeter, PORT);
+LoggingInInterceptor in = new LoggingInInterceptor();
+LoggingOutInterceptor out = new LoggingOutInterceptor();
+MAPCodec mapCodec = new MAPCodec();
+MAPAggregatorImpl mapAggregator = new MAPAggregatorImpl();
+
+bus.getInInterceptors().add(in);
+bus.getInInterceptors().add(mapCodec);
+bus.getInInterceptors().add(mapAggregator);
+bus.getOutInterceptors().add(out);
+bus.getOutInterceptors().add(mapCodec);
+bus.getOutInterceptors().add(mapAggregator);
+
+String s = greeter.greetMe("mytest");
+assertEquals("MYTEST", s);
+((Closeable)greeter).close();
+}
}
\ No newline at end of file
cxf git commit: Renaming one of oauthprovider setters
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes 4d0c6df1e -> cb5211ec6
Renaming one of oauthprovider setters
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/cb5211ec
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/cb5211ec
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/cb5211ec
Branch: refs/heads/3.1.x-fixes
Commit: cb5211ec61d20e91b920b3c60f34b3e50f571c42
Parents: 4d0c6df
Author: Sergey Beryozkin
Authored: Tue Jan 19 12:28:58 2016 +
Committer: Sergey Beryozkin
Committed: Tue Jan 19 12:30:46 2016 +
--
.../cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/cb5211ec/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index ec607b3..88c34ac 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -274,7 +274,7 @@ public abstract class AbstractOAuthDataProvider implements
OAuthDataProvider, Cl
this.permissionMap = permissionMap;
}
-public void setScopes(Map scopes) {
+public void setSupportedScopes(Map scopes) {
for (Map.Entry entry : scopes.entrySet()) {
OAuthPermission permission = new OAuthPermission(entry.getKey(),
entry.getValue());
permissionMap.put(entry.getKey(), permission);
cxf git commit: Renaming one of oauthprovider setters
Repository: cxf
Updated Branches:
refs/heads/master 7198fd782 -> a494f3f4c
Renaming one of oauthprovider setters
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a494f3f4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a494f3f4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a494f3f4
Branch: refs/heads/master
Commit: a494f3f4cec6a03c6f98e4f42f6dac33f25ac7da
Parents: 7198fd7
Author: Sergey Beryozkin
Authored: Tue Jan 19 12:28:58 2016 +
Committer: Sergey Beryozkin
Committed: Tue Jan 19 12:28:58 2016 +
--
.../cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/a494f3f4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 6dfda96..ac7a11b 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -269,7 +269,7 @@ public abstract class AbstractOAuthDataProvider implements
OAuthDataProvider, Cl
this.permissionMap = permissionMap;
}
-public void setScopes(Map scopes) {
+public void setSupportedScopes(Map scopes) {
for (Map.Entry entry : scopes.entrySet()) {
OAuthPermission permission = new OAuthPermission(entry.getKey(),
entry.getValue());
permissionMap.put(entry.getKey(), permission);
cxf git commit: Minor update to the oauth2 provider
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes 9f0d1b323 -> 4d0c6df1e
Minor update to the oauth2 provider
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4d0c6df1
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4d0c6df1
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4d0c6df1
Branch: refs/heads/3.1.x-fixes
Commit: 4d0c6df1e561f5e6d118430349a09360c9dd754f
Parents: 9f0d1b3
Author: Sergey Beryozkin
Authored: Tue Jan 19 11:52:34 2016 +
Committer: Sergey Beryozkin
Committed: Tue Jan 19 11:53:28 2016 +
--
.../security/oauth2/provider/AbstractOAuthDataProvider.java | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/4d0c6df1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index e836898..ec607b3 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -159,13 +159,12 @@ public abstract class AbstractOAuthDataProvider
implements OAuthDataProvider, Cl
@Override
public List convertScopeToPermissions(Client client,
List requestedScopes) {
+if (requiredScopes != null &&
!requestedScopes.containsAll(requiredScopes)) {
+throw new OAuthServiceException("Required scopes are missing");
+}
if (requestedScopes.isEmpty()) {
return Collections.emptyList();
} else if (!permissionMap.isEmpty()) {
-if (requiredScopes != null &&
!requestedScopes.containsAll(requiredScopes)) {
-throw new OAuthServiceException("Required scopes are missing");
-}
-
List list = new ArrayList();
for (String scope : requestedScopes) {
OAuthPermission permission = permissionMap.get(scope);
cxf git commit: Minor update to the oauth2 provider
Repository: cxf
Updated Branches:
refs/heads/master f11ec01ac -> 7198fd782
Minor update to the oauth2 provider
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7198fd78
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7198fd78
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7198fd78
Branch: refs/heads/master
Commit: 7198fd782e7d7a9aaf94a2d18c4ff23e9fb626b1
Parents: f11ec01
Author: Sergey Beryozkin
Authored: Tue Jan 19 11:52:34 2016 +
Committer: Sergey Beryozkin
Committed: Tue Jan 19 11:52:34 2016 +
--
.../security/oauth2/provider/AbstractOAuthDataProvider.java | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/7198fd78/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 38e1845..6dfda96 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -154,13 +154,12 @@ public abstract class AbstractOAuthDataProvider
implements OAuthDataProvider, Cl
@Override
public List convertScopeToPermissions(Client client,
List requestedScopes) {
+if (requiredScopes != null &&
!requestedScopes.containsAll(requiredScopes)) {
+throw new OAuthServiceException("Required scopes are missing");
+}
if (requestedScopes.isEmpty()) {
return Collections.emptyList();
} else if (!permissionMap.isEmpty()) {
-if (requiredScopes != null &&
!requestedScopes.containsAll(requiredScopes)) {
-throw new OAuthServiceException("Required scopes are missing");
-}
-
List list = new ArrayList();
for (String scope : requestedScopes) {
OAuthPermission permission = permissionMap.get(scope);
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4877 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
cxf git commit: Fixing a typo in the code grant handler
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes 12206c314 -> 9f0d1b323
Fixing a typo in the code grant handler
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9f0d1b32
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9f0d1b32
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9f0d1b32
Branch: refs/heads/3.1.x-fixes
Commit: 9f0d1b3236b6b7fdb67c812360c03bda19700cc5
Parents: 12206c3
Author: Sergey Beryozkin
Authored: Tue Jan 19 11:40:19 2016 +
Committer: Sergey Beryozkin
Committed: Tue Jan 19 11:41:36 2016 +
--
.../oauth2/grants/code/AuthorizationCodeGrantHandler.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/9f0d1b32/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index 72021f0..fb4bd5d 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -115,11 +115,11 @@ public class AuthorizationCodeGrantHandler extends
AbstractGrantHandler {
private boolean compareCodeVerifierWithChallenge(Client c, String
clientCodeVerifier,
String
clientCodeChallenge) {
-if (clientCodeChallenge == null && clientCodeChallenge == null
+if (clientCodeChallenge == null && clientCodeVerifier == null
&& (c.isConfidential() || !expectCodeVerifierForPublicClients)) {
return true;
-} else if (clientCodeChallenge != null && clientCodeChallenge == null
-|| clientCodeChallenge == null && clientCodeChallenge != null) {
+} else if (clientCodeChallenge != null && clientCodeVerifier == null
+|| clientCodeChallenge == null && clientCodeVerifier != null) {
return false;
} else {
String transformedCodeVerifier = codeVerifierTransformer == null
cxf git commit: Fixing a typo in the code grant handler
Repository: cxf
Updated Branches:
refs/heads/master a9bd49ff0 -> f11ec01ac
Fixing a typo in the code grant handler
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f11ec01a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f11ec01a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f11ec01a
Branch: refs/heads/master
Commit: f11ec01ac603a7b3919ed075afc9ac35edf48c8a
Parents: a9bd49f
Author: Sergey Beryozkin
Authored: Tue Jan 19 11:40:19 2016 +
Committer: Sergey Beryozkin
Committed: Tue Jan 19 11:40:19 2016 +
--
.../oauth2/grants/code/AuthorizationCodeGrantHandler.java | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/f11ec01a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index 6d7fc1a..7e5aab3 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -113,11 +113,11 @@ public class AuthorizationCodeGrantHandler extends
AbstractGrantHandler {
private boolean compareCodeVerifierWithChallenge(Client c, String
clientCodeVerifier,
String
clientCodeChallenge) {
-if (clientCodeChallenge == null && clientCodeChallenge == null
+if (clientCodeChallenge == null && clientCodeVerifier == null
&& (c.isConfidential() || !expectCodeVerifierForPublicClients)) {
return true;
-} else if (clientCodeChallenge != null && clientCodeChallenge == null
-|| clientCodeChallenge == null && clientCodeChallenge != null) {
+} else if (clientCodeChallenge != null && clientCodeVerifier == null
+|| clientCodeChallenge == null && clientCodeVerifier != null) {
return false;
} else {
String transformedCodeVerifier = codeVerifierTransformer == null
cxf git commit: Checking some scope properties in the OAuth provider to minimize the amount of custom code
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes c090a8163 -> 12206c314
Checking some scope properties in the OAuth provider to minimize the amount of
custom code
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/12206c31
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/12206c31
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/12206c31
Branch: refs/heads/3.1.x-fixes
Commit: 12206c314d34f2e210f7292fcb7a3e894fafd4e7
Parents: c090a81
Author: Sergey Beryozkin
Authored: Tue Jan 19 10:46:16 2016 +
Committer: Sergey Beryozkin
Committed: Tue Jan 19 10:47:20 2016 +
--
.../provider/AbstractOAuthDataProvider.java | 39
1 file changed, 39 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/12206c31/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index edfabb6..e836898 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -41,6 +41,9 @@ public abstract class AbstractOAuthDataProvider implements
OAuthDataProvider, Cl
private boolean recycleRefreshTokens = true;
private Map permissionMap = new HashMap();
private MessageContext messageContext;
+private List defaultScopes;
+private List requiredScopes;
+private List invisibleToClientScopes;
protected AbstractOAuthDataProvider() {
@@ -159,6 +162,10 @@ public abstract class AbstractOAuthDataProvider implements
OAuthDataProvider, Cl
if (requestedScopes.isEmpty()) {
return Collections.emptyList();
} else if (!permissionMap.isEmpty()) {
+if (requiredScopes != null &&
!requestedScopes.containsAll(requiredScopes)) {
+throw new OAuthServiceException("Required scopes are missing");
+}
+
List list = new ArrayList();
for (String scope : requestedScopes) {
OAuthPermission permission = permissionMap.get(scope);
@@ -247,6 +254,14 @@ public abstract class AbstractOAuthDataProvider implements
OAuthDataProvider, Cl
}
public void init() {
+for (OAuthPermission perm : permissionMap.values()) {
+if (defaultScopes != null &&
defaultScopes.contains(perm.getPermission())) {
+perm.setDefault(true);
+}
+if (invisibleToClientScopes != null &&
invisibleToClientScopes.contains(perm.getPermission())) {
+perm.setInvisibleToClient(true);
+}
+}
}
public void close() {
@@ -290,4 +305,28 @@ public abstract class AbstractOAuthDataProvider implements
OAuthDataProvider, Cl
protected abstract RefreshToken revokeRefreshToken(String refreshTokenKey);
protected abstract RefreshToken getRefreshToken(String refreshTokenKey);
+public List getDefaultScopes() {
+return defaultScopes;
+}
+
+public void setDefaultScopes(List defaultScopes) {
+this.defaultScopes = defaultScopes;
+}
+
+public List getRequiredScopes() {
+return requiredScopes;
+}
+
+public void setRequiredScopes(List requiredScopes) {
+this.requiredScopes = requiredScopes;
+}
+
+public List getInvisibleToClientScopes() {
+return invisibleToClientScopes;
+}
+
+public void setInvisibleToClientScopes(List
invisibleToClientScopes) {
+this.invisibleToClientScopes = invisibleToClientScopes;
+}
+
}
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4876 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
cxf git commit: Checking some scope properties in the OAuth provider to minimize the amount of custom code
Repository: cxf
Updated Branches:
refs/heads/master 7dcfe81d4 -> a9bd49ff0
Checking some scope properties in the OAuth provider to minimize the amount of
custom code
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a9bd49ff
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a9bd49ff
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a9bd49ff
Branch: refs/heads/master
Commit: a9bd49ff0e18c4161260e91a2ff0b20ca164c221
Parents: 7dcfe81
Author: Sergey Beryozkin
Authored: Tue Jan 19 10:46:16 2016 +
Committer: Sergey Beryozkin
Committed: Tue Jan 19 10:46:16 2016 +
--
.../provider/AbstractOAuthDataProvider.java | 39
1 file changed, 39 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/a9bd49ff/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
--
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 5bec101..38e1845 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -41,6 +41,9 @@ public abstract class AbstractOAuthDataProvider implements
OAuthDataProvider, Cl
private boolean recycleRefreshTokens = true;
private Map permissionMap = new HashMap();
private MessageContext messageContext;
+private List defaultScopes;
+private List requiredScopes;
+private List invisibleToClientScopes;
protected AbstractOAuthDataProvider() {
@@ -154,6 +157,10 @@ public abstract class AbstractOAuthDataProvider implements
OAuthDataProvider, Cl
if (requestedScopes.isEmpty()) {
return Collections.emptyList();
} else if (!permissionMap.isEmpty()) {
+if (requiredScopes != null &&
!requestedScopes.containsAll(requiredScopes)) {
+throw new OAuthServiceException("Required scopes are missing");
+}
+
List list = new ArrayList();
for (String scope : requestedScopes) {
OAuthPermission permission = permissionMap.get(scope);
@@ -242,6 +249,14 @@ public abstract class AbstractOAuthDataProvider implements
OAuthDataProvider, Cl
}
public void init() {
+for (OAuthPermission perm : permissionMap.values()) {
+if (defaultScopes != null &&
defaultScopes.contains(perm.getPermission())) {
+perm.setDefault(true);
+}
+if (invisibleToClientScopes != null &&
invisibleToClientScopes.contains(perm.getPermission())) {
+perm.setInvisibleToClient(true);
+}
+}
}
public void close() {
@@ -285,4 +300,28 @@ public abstract class AbstractOAuthDataProvider implements
OAuthDataProvider, Cl
protected abstract RefreshToken revokeRefreshToken(String refreshTokenKey);
protected abstract RefreshToken getRefreshToken(String refreshTokenKey);
+public List getDefaultScopes() {
+return defaultScopes;
+}
+
+public void setDefaultScopes(List defaultScopes) {
+this.defaultScopes = defaultScopes;
+}
+
+public List getRequiredScopes() {
+return requiredScopes;
+}
+
+public void setRequiredScopes(List requiredScopes) {
+this.requiredScopes = requiredScopes;
+}
+
+public List getInvisibleToClientScopes() {
+return invisibleToClientScopes;
+}
+
+public void setInvisibleToClientScopes(List
invisibleToClientScopes) {
+this.invisibleToClientScopes = invisibleToClientScopes;
+}
+
}
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4874 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
