buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4897 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
[2/2] cxf-fediz git commit: Fix broken link on error page
Fix broken link on error page Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3a723af6 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3a723af6 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3a723af6 Branch: refs/heads/master Commit: 3a723af6fa11d9f3998f92b72467b2782aa37e4a Parents: 94dc9ec Author: Jan Bernhardt Authored: Tue Jan 19 12:17:24 2016 +0100 Committer: Jan Bernhardt Committed: Wed Jan 20 06:27:33 2016 +0100 -- services/oidc/src/main/webapp/WEB-INF/views/oAuthError.jsp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3a723af6/services/oidc/src/main/webapp/WEB-INF/views/oAuthError.jsp -- diff --git a/services/oidc/src/main/webapp/WEB-INF/views/oAuthError.jsp b/services/oidc/src/main/webapp/WEB-INF/views/oAuthError.jsp index 93c96c6..51e0274 100644 --- a/services/oidc/src/main/webapp/WEB-INF/views/oAuthError.jsp +++ b/services/oidc/src/main/webapp/WEB-INF/views/oAuthError.jsp @@ -26,7 +26,7 @@ Authorization error: <%= error.getError() %> -Back to Client Registration page +Back to Client Registration page
[1/2] cxf-fediz git commit: [FEDIZ-144] Added Spring EL support for HomeRealm Discovery
Repository: cxf-fediz Updated Branches: refs/heads/master 94dc9ec91 -> 7b2f203e1 [FEDIZ-144] Added Spring EL support for HomeRealm Discovery Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/7b2f203e Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/7b2f203e Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/7b2f203e Branch: refs/heads/master Commit: 7b2f203e13aedf9fbffeaae273222b7380f7e92b Parents: 3a723af Author: Jan Bernhardt Authored: Tue Jan 19 12:19:48 2016 +0100 Committer: Jan Bernhardt Committed: Wed Jan 20 06:27:33 2016 +0100 -- .../idp/beans/ProcessHRDSExpressionAction.java | 40 ++ .../idp/src/main/resources/entities-realma.xml | 9 ++-- .../WEB-INF/flows/federation-signin-request.xml | 44 +--- 3 files changed, 48 insertions(+), 45 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7b2f203e/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java -- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java index e7a9296..088af6c 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ProcessHRDSExpressionAction.java @@ -18,10 +18,17 @@ */ package org.apache.cxf.fediz.service.idp.beans; +import javax.servlet.http.Cookie; + +import org.apache.cxf.fediz.core.FederationConstants; import org.apache.cxf.fediz.service.idp.domain.Idp; import org.apache.cxf.fediz.service.idp.util.WebUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.expression.Expression; +import org.springframework.expression.ExpressionParser; +import org.springframework.expression.spel.standard.SpelExpressionParser; import org.springframework.stereotype.Component; import org.springframework.webflow.execution.RequestContext; @@ -32,17 +39,36 @@ import org.springframework.webflow.execution.RequestContext; public class ProcessHRDSExpressionAction { private static final String IDP_CONFIG = "idpConfig"; + private static final Logger LOG = LoggerFactory.getLogger(ProcessHRDSExpressionAction.class); +@Autowired +private HomeRealmReminder homeRealmReminder; + public String submit(RequestContext context) { +// Check if home realm is known already +Cookie whrCookie = homeRealmReminder.readCookie(context); +if (whrCookie != null) { +LOG.debug("WHR Cookie set: {}", whrCookie); +return whrCookie.getValue(); +} + +// Check if custom HRDS is defined Idp idpConfig = (Idp)WebUtils.getAttributeFromFlowScope(context, IDP_CONFIG); String hrds = idpConfig.getHrds(); -//TODO -if (hrds == null) { -LOG.info("HRDS is null (Mock)."); -return ""; + +if (hrds != null) { +LOG.debug("HomeRealmDiscoveryService EL: {}", hrds); +ExpressionParser parser = new SpelExpressionParser(); +Expression exp = parser.parseExpression(hrds); +String result = exp.getValue(context, String.class); +LOG.info("Realm resolved by HomeRealmDiscoveryService: {}", result); +return result; } -LOG.info("HRDS is not null (Mock)."); -return "some-whr-value"; + +// Return whr parameter unchanged +String whr = (String)WebUtils.getAttributeFromFlowScope(context, FederationConstants.PARAM_HOME_REALM); +LOG.debug("No custom homeRealm handling, using whr parameter as provided in request: {}", whr); +return whr; } -} +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/7b2f203e/services/idp/src/main/resources/entities-realma.xml -- diff --git a/services/idp/src/main/resources/entities-realma.xml b/services/idp/src/main/resources/entities-realma.xml index a6b43d6..01969a6 100644 --- a/services/idp/src/main/resources/entities-realma.xml +++ b/services/idp/src/main/resources/entities-realma.xml @@ -38,10 +38,8 @@ -http://docs.oasis-open.org/wsfed/federation/200706 - -http://docs.oasis-open.org/ws-sx/ws-trust/200512 - + http://docs.oasis-open.org/wsfed/federation/200706 +http://docs.oas
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4894 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4892 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4888 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
cxf git commit: adding another test case for wsam-2007/05 namespace
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes c9286efa3 -> e792331d7 adding another test case for wsam-2007/05 namespace Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e792331d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e792331d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e792331d Branch: refs/heads/3.0.x-fixes Commit: e792331d75fbcebfb865f2fe2b382be817c52467 Parents: c9286ef Author: Akitoshi Yoshida Authored: Tue Jan 19 13:28:55 2016 +0100 Committer: Akitoshi Yoshida Committed: Tue Jan 19 19:05:52 2016 +0100 -- .../ws/policy/NestedAddressingPolicyTest.java | 33 +++- 1 file changed, 32 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/e792331d/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java -- diff --git a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java index dd6e63e..8890e07 100644 --- a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java +++ b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java @@ -33,6 +33,8 @@ import org.apache.cxf.interceptor.LoggingInInterceptor; import org.apache.cxf.interceptor.LoggingOutInterceptor; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; +import org.apache.cxf.ws.addressing.impl.MAPAggregatorImpl; +import org.apache.cxf.ws.addressing.soap.MAPCodec; import org.junit.BeforeClass; import org.junit.Test; @@ -82,7 +84,7 @@ public class NestedAddressingPolicyTest extends AbstractBusClientServerTestBase } @Test -public void greetMe() throws Exception { +public void greetMe() throws Exception { // use a plain client @@ -110,4 +112,33 @@ public class NestedAddressingPolicyTest extends AbstractBusClientServerTestBase } ((Closeable)greeter).close(); } + +@Test +public void greetMeWSA() throws Exception { +// use a wsa-enabled client + +SpringBusFactory bf = new SpringBusFactory(); +bus = bf.createBus(); +BusFactory.setDefaultBus(bus); + +BasicGreeterService gs = new BasicGreeterService(); +final Greeter greeter = gs.getGreeterPort(); + +updateAddressPort(greeter, PORT); +LoggingInInterceptor in = new LoggingInInterceptor(); +LoggingOutInterceptor out = new LoggingOutInterceptor(); +MAPCodec mapCodec = new MAPCodec(); +MAPAggregatorImpl mapAggregator = new MAPAggregatorImpl(); + +bus.getInInterceptors().add(in); +bus.getInInterceptors().add(mapCodec); +bus.getInInterceptors().add(mapAggregator); +bus.getOutInterceptors().add(out); +bus.getOutInterceptors().add(mapCodec); +bus.getOutInterceptors().add(mapAggregator); + +String s = greeter.greetMe("mytest"); +assertEquals("MYTEST", s); +((Closeable)greeter).close(); +} } \ No newline at end of file
cxf git commit: adding another test case for wsam-2007/05 namespace
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes f50ef4210 -> 737202fa0 adding another test case for wsam-2007/05 namespace Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/737202fa Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/737202fa Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/737202fa Branch: refs/heads/3.1.x-fixes Commit: 737202fa09b75c1bf1e8668ff40d4b2cb41ea141 Parents: f50ef42 Author: Akitoshi Yoshida Authored: Tue Jan 19 13:28:55 2016 +0100 Committer: Akitoshi Yoshida Committed: Tue Jan 19 19:05:10 2016 +0100 -- .../ws/policy/NestedAddressingPolicyTest.java | 33 +++- 1 file changed, 32 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/737202fa/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java -- diff --git a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java index dd6e63e..8890e07 100644 --- a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java +++ b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java @@ -33,6 +33,8 @@ import org.apache.cxf.interceptor.LoggingInInterceptor; import org.apache.cxf.interceptor.LoggingOutInterceptor; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; +import org.apache.cxf.ws.addressing.impl.MAPAggregatorImpl; +import org.apache.cxf.ws.addressing.soap.MAPCodec; import org.junit.BeforeClass; import org.junit.Test; @@ -82,7 +84,7 @@ public class NestedAddressingPolicyTest extends AbstractBusClientServerTestBase } @Test -public void greetMe() throws Exception { +public void greetMe() throws Exception { // use a plain client @@ -110,4 +112,33 @@ public class NestedAddressingPolicyTest extends AbstractBusClientServerTestBase } ((Closeable)greeter).close(); } + +@Test +public void greetMeWSA() throws Exception { +// use a wsa-enabled client + +SpringBusFactory bf = new SpringBusFactory(); +bus = bf.createBus(); +BusFactory.setDefaultBus(bus); + +BasicGreeterService gs = new BasicGreeterService(); +final Greeter greeter = gs.getGreeterPort(); + +updateAddressPort(greeter, PORT); +LoggingInInterceptor in = new LoggingInInterceptor(); +LoggingOutInterceptor out = new LoggingOutInterceptor(); +MAPCodec mapCodec = new MAPCodec(); +MAPAggregatorImpl mapAggregator = new MAPAggregatorImpl(); + +bus.getInInterceptors().add(in); +bus.getInInterceptors().add(mapCodec); +bus.getInInterceptors().add(mapAggregator); +bus.getOutInterceptors().add(out); +bus.getOutInterceptors().add(mapCodec); +bus.getOutInterceptors().add(mapAggregator); + +String s = greeter.greetMe("mytest"); +assertEquals("MYTEST", s); +((Closeable)greeter).close(); +} } \ No newline at end of file
cxf git commit: remove unused code for handling wsa-2007/05 namespace
Repository: cxf Updated Branches: refs/heads/master 656662827 -> b0227b307 remove unused code for handling wsa-2007/05 namespace Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b0227b30 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b0227b30 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b0227b30 Branch: refs/heads/master Commit: b0227b307c453a750215c59438a896afaccb333b Parents: 6566628 Author: Akitoshi Yoshida Authored: Tue Jan 19 19:01:54 2016 +0100 Committer: Akitoshi Yoshida Committed: Tue Jan 19 19:03:56 2016 +0100 -- .../apache/cxf/ws/addressing/impl/MAPAggregatorImpl.java | 11 ++- 1 file changed, 2 insertions(+), 9 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/b0227b30/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/MAPAggregatorImpl.java -- diff --git a/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/MAPAggregatorImpl.java b/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/MAPAggregatorImpl.java index afa174e..7e166b2 100644 --- a/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/MAPAggregatorImpl.java +++ b/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/impl/MAPAggregatorImpl.java @@ -301,12 +301,10 @@ public class MAPAggregatorImpl extends MAPAggregator { for (QName type : types) { assertAssertion(aim, type); +// ADDRESSING_ASSERTION is normalized, so check only the default namespace if (type.equals(MetadataConstants.ADDRESSING_ASSERTION_QNAME)) { assertAssertion(aim, MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME); assertAssertion(aim, MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME); -} else if (type.equals(MetadataConstants.ADDRESSING_ASSERTION_QNAME_0705)) { -assertAssertion(aim, MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME_0705); -assertAssertion(aim, MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME_0705); } } } @@ -340,18 +338,13 @@ public class MAPAggregatorImpl extends MAPAggregator { for (QName type : types) { assertAssertion(aim, type); +// ADDRESSING_ASSERTION is normalized, so check only the default namespace if (type.equals(MetadataConstants.ADDRESSING_ASSERTION_QNAME)) { if (onlyAnonymous) { assertAssertion(aim, MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME); } else if (!hasAnonymous) { assertAssertion(aim, MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME); } -} else if (type.equals(MetadataConstants.ADDRESSING_ASSERTION_QNAME_0705)) { -if (onlyAnonymous) { -assertAssertion(aim, MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME_0705); -} else if (!hasAnonymous) { -assertAssertion(aim, MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME_0705); -} } } if (!MessageUtils.isRequestor(message) && !MessageUtils.isOutbound(message)) {
cxf git commit: Fixing merge
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 70ddd1dab -> c9286efa3 Fixing merge Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c9286efa Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c9286efa Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c9286efa Branch: refs/heads/3.0.x-fixes Commit: c9286efa3645e059f1397a52f6c84dbceeac6f8f Parents: 70ddd1d Author: Colm O hEigeartaigh Authored: Tue Jan 19 17:04:08 2016 + Committer: Colm O hEigeartaigh Committed: Tue Jan 19 17:04:08 2016 + -- .../jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java | 8 1 file changed, 4 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/c9286efa/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java index 660d505..20f17a0 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuthDataProviderImpl.java @@ -57,12 +57,12 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider { return Collections.emptyList(); } -List permissions = new ArrayList<>(); +List permissions = new ArrayList(); for (String requestedScope : requestedScopes) { if ("read_book".equals(requestedScope)) { OAuthPermission permission = new OAuthPermission(); permission.setHttpVerbs(Collections.singletonList("GET")); -List uris = new ArrayList<>(); +List uris = new ArrayList(); String partnerAddress = "/secured/bookstore/books/*"; uris.add(partnerAddress); permission.setUris(uris); @@ -71,7 +71,7 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider { } else if ("create_book".equals(requestedScope)) { OAuthPermission permission = new OAuthPermission(); permission.setHttpVerbs(Collections.singletonList("POST")); -List uris = new ArrayList<>(); +List uris = new ArrayList(); String partnerAddress = "/secured/bookstore/books/*"; uris.add(partnerAddress); permission.setUris(uris); @@ -84,4 +84,4 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider { return permissions; } -} \ No newline at end of file +}
cxf git commit: Adding an initial OAuth 2.0 system test for the filters
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes e90072c74 -> 70ddd1dab Adding an initial OAuth 2.0 system test for the filters Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/70ddd1da Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/70ddd1da Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/70ddd1da Branch: refs/heads/3.0.x-fixes Commit: 70ddd1dabb781961dcc17a4c96a0f641c8b0670a Parents: e90072c Author: Colm O hEigeartaigh Authored: Tue Jan 19 16:59:14 2016 + Committer: Colm O hEigeartaigh Committed: Tue Jan 19 17:01:36 2016 + -- .../oauth2/filters/BookServerOAuth2Filters.java | 48 ++ .../oauth2/filters/BookServerOAuth2Service.java | 48 ++ .../oauth2/filters/OAuth2FiltersTest.java | 164 +++ .../oauth2/filters/OAuthDataProviderImpl.java | 87 ++ .../jaxrs/security/oauth2/filters/client.xml| 38 + .../security/oauth2/filters/filters-server.xml | 121 ++ .../security/oauth2/filters/oauth20-server.xml | 112 + 7 files changed, 618 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/70ddd1da/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java new file mode 100644 index 000..4a2cade --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java @@ -0,0 +1,48 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jaxrs.security.oauth2.filters; + +import java.net.URL; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; +import org.apache.cxf.testutil.common.TestUtil; + +public class BookServerOAuth2Filters extends AbstractBusTestServerBase { +public static final String PORT = TestUtil.getPortNumber("jaxrs-oauth2-filters"); +private static final URL SERVER_CONFIG_FILE = +BookServerOAuth2Filters.class.getResource("filters-server.xml"); + +protected void run() { +SpringBusFactory bf = new SpringBusFactory(); +Bus springBus = bf.createBus(SERVER_CONFIG_FILE); +BusFactory.setDefaultBus(springBus); +setBus(springBus); + +try { +new BookServerOAuth2Filters(); +} catch (Exception e) { +throw new RuntimeException(e); +} +} + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/70ddd1da/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java new file mode 100644 index 000..f091609 --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java @@ -0,0 +1,48 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Un
cxf git commit: Adding an initial OAuth 2.0 system test for the filters
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes cb5211ec6 -> f50ef4210 Adding an initial OAuth 2.0 system test for the filters Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f50ef421 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f50ef421 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f50ef421 Branch: refs/heads/3.1.x-fixes Commit: f50ef42100339e48cb4f9dd2c57145014498a3cb Parents: cb5211e Author: Colm O hEigeartaigh Authored: Tue Jan 19 16:59:14 2016 + Committer: Colm O hEigeartaigh Committed: Tue Jan 19 16:59:58 2016 + -- .../oauth2/filters/BookServerOAuth2Filters.java | 48 ++ .../oauth2/filters/BookServerOAuth2Service.java | 48 ++ .../oauth2/filters/OAuth2FiltersTest.java | 164 +++ .../oauth2/filters/OAuthDataProviderImpl.java | 87 ++ .../jaxrs/security/oauth2/filters/client.xml| 38 + .../security/oauth2/filters/filters-server.xml | 121 ++ .../security/oauth2/filters/oauth20-server.xml | 112 + 7 files changed, 618 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/f50ef421/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java new file mode 100644 index 000..4a2cade --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java @@ -0,0 +1,48 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jaxrs.security.oauth2.filters; + +import java.net.URL; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; +import org.apache.cxf.testutil.common.TestUtil; + +public class BookServerOAuth2Filters extends AbstractBusTestServerBase { +public static final String PORT = TestUtil.getPortNumber("jaxrs-oauth2-filters"); +private static final URL SERVER_CONFIG_FILE = +BookServerOAuth2Filters.class.getResource("filters-server.xml"); + +protected void run() { +SpringBusFactory bf = new SpringBusFactory(); +Bus springBus = bf.createBus(SERVER_CONFIG_FILE); +BusFactory.setDefaultBus(springBus); +setBus(springBus); + +try { +new BookServerOAuth2Filters(); +} catch (Exception e) { +throw new RuntimeException(e); +} +} + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/f50ef421/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java new file mode 100644 index 000..f091609 --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java @@ -0,0 +1,48 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Un
cxf git commit: Adding an initial OAuth 2.0 system test for the filters
Repository: cxf Updated Branches: refs/heads/master 0e2647c07 -> 656662827 Adding an initial OAuth 2.0 system test for the filters Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/65666282 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/65666282 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/65666282 Branch: refs/heads/master Commit: 656662827f8ff76025c7aae49fabf552192c3453 Parents: 0e2647c Author: Colm O hEigeartaigh Authored: Tue Jan 19 16:59:14 2016 + Committer: Colm O hEigeartaigh Committed: Tue Jan 19 16:59:14 2016 + -- .../oauth2/filters/BookServerOAuth2Filters.java | 48 ++ .../oauth2/filters/BookServerOAuth2Service.java | 48 ++ .../oauth2/filters/OAuth2FiltersTest.java | 164 +++ .../oauth2/filters/OAuthDataProviderImpl.java | 87 ++ .../jaxrs/security/oauth2/filters/client.xml| 38 + .../security/oauth2/filters/filters-server.xml | 121 ++ .../security/oauth2/filters/oauth20-server.xml | 112 + 7 files changed, 618 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/65666282/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java new file mode 100644 index 000..4a2cade --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Filters.java @@ -0,0 +1,48 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jaxrs.security.oauth2.filters; + +import java.net.URL; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; +import org.apache.cxf.testutil.common.TestUtil; + +public class BookServerOAuth2Filters extends AbstractBusTestServerBase { +public static final String PORT = TestUtil.getPortNumber("jaxrs-oauth2-filters"); +private static final URL SERVER_CONFIG_FILE = +BookServerOAuth2Filters.class.getResource("filters-server.xml"); + +protected void run() { +SpringBusFactory bf = new SpringBusFactory(); +Bus springBus = bf.createBus(SERVER_CONFIG_FILE); +BusFactory.setDefaultBus(springBus); +setBus(springBus); + +try { +new BookServerOAuth2Filters(); +} catch (Exception e) { +throw new RuntimeException(e); +} +} + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/65666282/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java -- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java new file mode 100644 index 000..f091609 --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/BookServerOAuth2Service.java @@ -0,0 +1,48 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless requi
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4881 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
cxf-fediz git commit: Making sure completely custom OAuth and ClientReg providers can be registered
Repository: cxf-fediz Updated Branches: refs/heads/master e4956f9ec -> 94dc9ec91 Making sure completely custom OAuth and ClientReg providers can be registered Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/94dc9ec9 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/94dc9ec9 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/94dc9ec9 Branch: refs/heads/master Commit: 94dc9ec91634436a03202a8946bbb595662eda82 Parents: e4956f9 Author: Sergey Beryozkin Authored: Tue Jan 19 15:18:31 2016 + Committer: Sergey Beryozkin Committed: Tue Jan 19 15:18:31 2016 + -- .../service/oidc/ClientRegistrationService.java | 50 +--- .../main/webapp/WEB-INF/applicationContext.xml | 1 + 2 files changed, 35 insertions(+), 16 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/94dc9ec9/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java -- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java index 66932eb..4d22ac0 100644 --- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java @@ -43,6 +43,9 @@ import org.apache.cxf.common.util.Base64UrlUtility; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.UserSubject; +import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider; +import org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider; +import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.rt.security.crypto.CryptoUtils; @@ -50,7 +53,8 @@ import org.apache.cxf.rt.security.crypto.CryptoUtils; public class ClientRegistrationService { private Map> registrations = new ConcurrentHashMap>(); -private OAuthDataManager manager; +private OAuthDataProvider dataProvider; +private ClientRegistrationProvider clientProvider; private Map homeRealms = new LinkedHashMap(); private boolean protectIdTokenWithClientSecret; private Map clientScopes; @@ -94,7 +98,7 @@ public class ClientRegistrationService { for (Iterator it = clients.iterator(); it.hasNext();) { Client c = it.next(); if (c.getClientId().equals(id)) { -manager.removeClient(id); +clientProvider.removeClient(id); it.remove(); break; } @@ -110,7 +114,7 @@ public class ClientRegistrationService { if (c.isConfidential()) { c.setClientSecret(generateClientSecret()); } -manager.setClient(c); +clientProvider.setClient(c); return c; } @@ -124,8 +128,8 @@ public class ClientRegistrationService { protected ClientTokens doGetClientIssuedTokens(Client c) { return new ClientTokens(c, - manager.getAccessTokens(c), - manager.getRefreshTokens(c)); + dataProvider.getAccessTokens(c), + dataProvider.getRefreshTokens(c)); } @POST @Consumes(MediaType.APPLICATION_FORM_URLENCODED) @@ -149,7 +153,7 @@ public class ClientRegistrationService { String tokenId, String tokenType) { Client c = getRegisteredClient(clientId); -manager.revokeToken(c, tokenId, tokenType); +dataProvider.revokeToken(c, tokenId, tokenType); return doGetClientIssuedTokens(c); } @@ -157,8 +161,11 @@ public class ClientRegistrationService { @Produces(MediaType.TEXT_HTML) @Path("/{id}/codes") public ClientCodeGrants getClientCodeGrants(@PathParam("id") String id) { -Client c = getRegisteredClient(id); -return new ClientCodeGrants(c, manager.getCodeGrants(c)); +if (dataProvider instanceof AuthorizationCodeDataProvider) { +Client c = getRegisteredClient(id); +return new ClientCodeGrants(c, ((AuthorizationCodeDataProvider)dataProvider).getCodeGrants(c)); +} +return null; } @POST @@ -167,8 +174,11 @@ public class ClientRegistrationService { @Path("/{id}/codes/{code}/revoke") public Cl
cxf-fediz git commit: Fixing some issues with the POST binding for SAML SSO
Repository: cxf-fediz Updated Branches: refs/heads/master 941e81db3 -> e4956f9ec Fixing some issues with the POST binding for SAML SSO Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e4956f9e Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e4956f9e Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e4956f9e Branch: refs/heads/master Commit: e4956f9ecf58ebc40a1fc7232d89bd3f6c15a138 Parents: 941e81d Author: Colm O hEigeartaigh Authored: Tue Jan 19 14:50:08 2016 + Committer: Colm O hEigeartaigh Committed: Tue Jan 19 14:50:54 2016 + -- .../TrustedIdpSAMLProtocolHandler.java | 24 ++-- 1 file changed, 22 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e4956f9e/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java -- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java index 47200a1..a9448cc 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java @@ -57,10 +57,12 @@ import org.apache.cxf.jaxrs.utils.ExceptionUtils; import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder; import org.apache.cxf.rs.security.saml.sso.AuthnRequestBuilder; import org.apache.cxf.rs.security.saml.sso.DefaultAuthnRequestBuilder; +import org.apache.cxf.rs.security.saml.sso.EHCacheTokenReplayCache; import org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator; import org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator; import org.apache.cxf.rs.security.saml.sso.SSOConstants; import org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse; +import org.apache.cxf.rs.security.saml.sso.TokenReplayCache; import org.apache.cxf.staxutils.StaxUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.wss4j.common.crypto.CertificateStore; @@ -116,6 +118,7 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler private static final String SAML_SSO_REQUEST_ID = "saml-sso-request-id"; private AuthnRequestBuilder authnRequestBuilder = new DefaultAuthnRequestBuilder(); +private TokenReplayCache replayCache; static { OpenSAMLUtil.initSamlEngine(); @@ -430,14 +433,20 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler isPropertyConfigured(trustedIdp, REQUIRE_SIGNED_ASSERTIONS, true)); ssoResponseValidator.setEnforceKnownIssuer( isPropertyConfigured(trustedIdp, REQUIRE_KNOWN_ISSUER, true)); + +HttpServletRequest httpServletRequest = WebUtils.getHttpServletRequest(requestContext); +boolean post = "POST".equals(httpServletRequest.getMethod()); +if (post) { +ssoResponseValidator.setReplayCache(getReplayCache()); +} -return ssoResponseValidator.validateSamlResponse(samlResponse, false); +return ssoResponseValidator.validateSamlResponse(samlResponse, post); } catch (WSSecurityException ex) { LOG.debug(ex.getMessage(), ex); throw ExceptionUtils.toBadRequestException(ex, null); } } - + // Is a property configured. Defaults to "true" if not private boolean isPropertyConfigured(TrustedIdp trustedIdp, String property, boolean defaultValue) { Map parameters = trustedIdp.getParameters(); @@ -448,4 +457,15 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler return defaultValue; } + +public void setReplayCache(TokenReplayCache replayCache) { +this.replayCache = replayCache; +} + +public TokenReplayCache getReplayCache() { +if (replayCache == null) { +replayCache = new EHCacheTokenReplayCache(); +} +return replayCache; +} }
cxf-fediz git commit: Fixing some issues with the POST binding for SAML SSO
Repository: cxf-fediz Updated Branches: refs/heads/1.2.x-fixes 7584a0c30 -> 4bea6a111 Fixing some issues with the POST binding for SAML SSO Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/4bea6a11 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/4bea6a11 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/4bea6a11 Branch: refs/heads/1.2.x-fixes Commit: 4bea6a1116112bf23bbe71689d606c9026ef9a84 Parents: 7584a0c Author: Colm O hEigeartaigh Authored: Tue Jan 19 14:50:08 2016 + Committer: Colm O hEigeartaigh Committed: Tue Jan 19 14:51:09 2016 + -- .../TrustedIdpSAMLProtocolHandler.java | 24 ++-- 1 file changed, 22 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/4bea6a11/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java -- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java index e55a372..713dccb 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/protocols/TrustedIdpSAMLProtocolHandler.java @@ -57,10 +57,12 @@ import org.apache.cxf.jaxrs.utils.ExceptionUtils; import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder; import org.apache.cxf.rs.security.saml.sso.AuthnRequestBuilder; import org.apache.cxf.rs.security.saml.sso.DefaultAuthnRequestBuilder; +import org.apache.cxf.rs.security.saml.sso.EHCacheTokenReplayCache; import org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator; import org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator; import org.apache.cxf.rs.security.saml.sso.SSOConstants; import org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse; +import org.apache.cxf.rs.security.saml.sso.TokenReplayCache; import org.apache.cxf.staxutils.StaxUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.wss4j.common.crypto.CertificateStore; @@ -116,6 +118,7 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler private static final String SAML_SSO_REQUEST_ID = "saml-sso-request-id"; private AuthnRequestBuilder authnRequestBuilder = new DefaultAuthnRequestBuilder(); +private TokenReplayCache replayCache; static { OpenSAMLUtil.initSamlEngine(); @@ -430,14 +433,20 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler isPropertyConfigured(trustedIdp, REQUIRE_SIGNED_ASSERTIONS, true)); ssoResponseValidator.setEnforceKnownIssuer( isPropertyConfigured(trustedIdp, REQUIRE_KNOWN_ISSUER, true)); + +HttpServletRequest httpServletRequest = WebUtils.getHttpServletRequest(requestContext); +boolean post = "POST".equals(httpServletRequest.getMethod()); +if (post) { +ssoResponseValidator.setReplayCache(getReplayCache()); +} -return ssoResponseValidator.validateSamlResponse(samlResponse, false); +return ssoResponseValidator.validateSamlResponse(samlResponse, post); } catch (WSSecurityException ex) { LOG.debug(ex.getMessage(), ex); throw ExceptionUtils.toBadRequestException(ex, null); } } - + // Is a property configured. Defaults to "true" if not private boolean isPropertyConfigured(TrustedIdp trustedIdp, String property, boolean defaultValue) { Map parameters = trustedIdp.getParameters(); @@ -448,4 +457,15 @@ public class TrustedIdpSAMLProtocolHandler implements TrustedIdpProtocolHandler return defaultValue; } + +public void setReplayCache(TokenReplayCache replayCache) { +this.replayCache = replayCache; +} + +public TokenReplayCache getReplayCache() { +if (replayCache == null) { +replayCache = new EHCacheTokenReplayCache(); +} +return replayCache; +} }
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4879 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
cxf-fediz git commit: Further simplifying OAuthDataManager code
Repository: cxf-fediz Updated Branches: refs/heads/master c820b5a5e -> 941e81db3 Further simplifying OAuthDataManager code Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/941e81db Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/941e81db Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/941e81db Branch: refs/heads/master Commit: 941e81db3e6577d2096578eaa294b15f5ca59a69 Parents: c820b5a Author: Sergey Beryozkin Authored: Tue Jan 19 13:24:08 2016 + Committer: Sergey Beryozkin Committed: Tue Jan 19 13:24:08 2016 + -- .../fediz/service/oidc/OAuthDataManager.java| 36 ++-- .../main/webapp/WEB-INF/applicationContext.xml | 2 +- .../src/main/webapp/WEB-INF/data-manager.xml| 13 +-- 3 files changed, 15 insertions(+), 36 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/941e81db/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java -- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java index f8d7584..3f9b955 100644 --- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataManager.java @@ -19,13 +19,10 @@ package org.apache.cxf.fediz.service.oidc; import java.security.Principal; -import java.util.List; -import java.util.Map; import org.apache.cxf.fediz.core.FedizPrincipal; import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration; import org.apache.cxf.rs.security.oauth2.common.Client; -import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration; @@ -35,7 +32,6 @@ import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.rs.security.oidc.common.IdToken; import org.apache.cxf.rs.security.oidc.idp.OidcUserSubject; -import org.apache.cxf.rs.security.oidc.utils.OidcUtils; public class OAuthDataManager extends DefaultEHCacheCodeDataProvider { private SamlTokenConverter tokenConverter = new SamlTokenConverter(); @@ -65,14 +61,6 @@ public class OAuthDataManager extends DefaultEHCacheCodeDataProvider { return token; } -@Override -public List convertScopeToPermissions(Client client, List requestedScopes) { -if (!requestedScopes.contains(OidcUtils.OPENID_SCOPE)) { -throw new OAuthServiceException("Required scope is missing"); -} -return super.convertScopeToPermissions(client, requestedScopes); -} - protected OidcUserSubject createOidcSubject(Client client, UserSubject subject) { Principal principal = getMessageContext().getSecurityContext().getUserPrincipal(); @@ -85,33 +73,15 @@ public class OAuthDataManager extends DefaultEHCacheCodeDataProvider { fedizPrincipal.getClaims(), client.getClientId()); -//TODO: Consider populating UserInfo at this point too, with UserInfo having few more claims -// from the claims collection, and setting it on OidcUserSubject - OidcUserSubject oidcSub = new OidcUserSubject(subject); oidcSub.setIdToken(idToken); +// UserInfo can be populated and set on OidcUserSubject too. + + return oidcSub; } public void setTokenConverter(SamlTokenConverter tokenConverter) { this.tokenConverter = tokenConverter; } - -@Override -public void init() { -super.init(); -Map perms = super.getPermissionMap(); -if (!perms.containsKey(OidcUtils.OPENID_SCOPE)) { -perms.put(OidcUtils.OPENID_SCOPE, -new OAuthPermission(OidcUtils.OPENID_SCOPE, "Access the authentication claims")); -} -perms.get(OidcUtils.OPENID_SCOPE).setDefault(true); - -if (!perms.containsKey(OAuthConstants.REFRESH_TOKEN_SCOPE)) { -perms.put(OAuthConstants.REFRESH_TOKEN_SCOPE, -new OAuthPermission(OAuthConstants.REFRESH_TOKEN_SCOPE, "Refresh access tokens")); -} - perms.get(OAuthConstants.REFRESH_TOKEN_SCOPE).setInvisibleToClient(true); - -} } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/941e81db/ser
[2/2] cxf-fediz git commit: Updating Spring security plugin to Spring 3.2
Updating Spring security plugin to Spring 3.2 Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/c820b5a5 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/c820b5a5 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/c820b5a5 Branch: refs/heads/master Commit: c820b5a5ef5a4cbd312b752bbfe2c6446f672fd9 Parents: 1f3ca8a Author: Colm O hEigeartaigh Authored: Tue Jan 19 12:06:58 2016 + Committer: Colm O hEigeartaigh Committed: Tue Jan 19 12:06:58 2016 + -- pom.xml| 2 +- services/idp/pom.xml | 1 + .../src/main/webapp/WEB-INF/applicationContext-security.xml| 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c820b5a5/pom.xml -- diff --git a/pom.xml b/pom.xml index bbba1aa..c4f5423 100644 --- a/pom.xml +++ b/pom.xml @@ -62,7 +62,7 @@ 2.5 1.7.13 4.1.7.RELEASE -3.1.7.RELEASE +3.2.9.RELEASE 7.0.65 8.0.30 2.1.4 http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c820b5a5/services/idp/pom.xml -- diff --git a/services/idp/pom.xml b/services/idp/pom.xml index c1fa70f..9b68184 100644 --- a/services/idp/pom.xml +++ b/services/idp/pom.xml @@ -31,6 +31,7 @@ 2.1.0 +3.1.7.RELEASE http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c820b5a5/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml -- diff --git a/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml b/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml index 76061a5..2f5a518 100644 --- a/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml +++ b/systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml @@ -23,7 +23,7 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:context="http://www.springframework.org/schema/context"; xmlns:util="http://www.springframework.org/schema/util"; -xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd +xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd";>
[1/2] cxf-fediz git commit: Updating Spring LogoutFilter to work with Spring 3.2
Repository: cxf-fediz Updated Branches: refs/heads/master 445e34089 -> c820b5a5e Updating Spring LogoutFilter to work with Spring 3.2 Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/1f3ca8a9 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/1f3ca8a9 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/1f3ca8a9 Branch: refs/heads/master Commit: 1f3ca8a96f6c6fb03fa3529ddaae98f86170de41 Parents: 445e340 Author: Colm O hEigeartaigh Authored: Tue Jan 19 12:06:43 2016 + Committer: Colm O hEigeartaigh Committed: Tue Jan 19 12:06:43 2016 + -- .../apache/cxf/fediz/spring/web/FederationLogoutFilter.java | 8 ++-- 1 file changed, 2 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/1f3ca8a9/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java -- diff --git a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java index 2e02460..f8f3f3a 100644 --- a/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java +++ b/plugins/spring/src/main/java/org/apache/cxf/fediz/spring/web/FederationLogoutFilter.java @@ -26,6 +26,7 @@ import org.springframework.beans.factory.annotation.Required; import org.springframework.security.web.authentication.logout.LogoutFilter; import org.springframework.security.web.authentication.logout.LogoutHandler; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; public class FederationLogoutFilter extends LogoutFilter { @@ -51,17 +52,12 @@ public class FederationLogoutFilter extends LogoutFilter { this.logoutUrl = federationConfig.getFedizContext(contextName).getLogoutURL(); } if (this.logoutUrl != null && !this.logoutUrl.isEmpty()) { -super.setFilterProcessesUrl(this.logoutUrl); +super.setLogoutRequestMatcher(new AntPathRequestMatcher(logoutUrl)); return super.requiresLogout(request, response); } return false; } -public void setFilterProcessesUrl(String filterProcessesUrl) { -throw new UnsupportedOperationException( -"setFilterProcessesUrl() unsupported. Use fediz config to configure logout url"); -} - protected String getFilterProcessesUrl() { return this.logoutUrl; }
cxf git commit: adding another test case for wsam-2007/05 namespace
Repository: cxf Updated Branches: refs/heads/master a494f3f4c -> 0e2647c07 adding another test case for wsam-2007/05 namespace Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0e2647c0 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0e2647c0 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0e2647c0 Branch: refs/heads/master Commit: 0e2647c078b2ee427979cb76abb63afe3fe4f939 Parents: a494f3f Author: Akitoshi Yoshida Authored: Tue Jan 19 13:28:55 2016 +0100 Committer: Akitoshi Yoshida Committed: Tue Jan 19 13:35:12 2016 +0100 -- .../ws/policy/NestedAddressingPolicyTest.java | 33 +++- 1 file changed, 32 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/0e2647c0/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java -- diff --git a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java index dd6e63e..8890e07 100644 --- a/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java +++ b/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/policy/NestedAddressingPolicyTest.java @@ -33,6 +33,8 @@ import org.apache.cxf.interceptor.LoggingInInterceptor; import org.apache.cxf.interceptor.LoggingOutInterceptor; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; +import org.apache.cxf.ws.addressing.impl.MAPAggregatorImpl; +import org.apache.cxf.ws.addressing.soap.MAPCodec; import org.junit.BeforeClass; import org.junit.Test; @@ -82,7 +84,7 @@ public class NestedAddressingPolicyTest extends AbstractBusClientServerTestBase } @Test -public void greetMe() throws Exception { +public void greetMe() throws Exception { // use a plain client @@ -110,4 +112,33 @@ public class NestedAddressingPolicyTest extends AbstractBusClientServerTestBase } ((Closeable)greeter).close(); } + +@Test +public void greetMeWSA() throws Exception { +// use a wsa-enabled client + +SpringBusFactory bf = new SpringBusFactory(); +bus = bf.createBus(); +BusFactory.setDefaultBus(bus); + +BasicGreeterService gs = new BasicGreeterService(); +final Greeter greeter = gs.getGreeterPort(); + +updateAddressPort(greeter, PORT); +LoggingInInterceptor in = new LoggingInInterceptor(); +LoggingOutInterceptor out = new LoggingOutInterceptor(); +MAPCodec mapCodec = new MAPCodec(); +MAPAggregatorImpl mapAggregator = new MAPAggregatorImpl(); + +bus.getInInterceptors().add(in); +bus.getInInterceptors().add(mapCodec); +bus.getInInterceptors().add(mapAggregator); +bus.getOutInterceptors().add(out); +bus.getOutInterceptors().add(mapCodec); +bus.getOutInterceptors().add(mapAggregator); + +String s = greeter.greetMe("mytest"); +assertEquals("MYTEST", s); +((Closeable)greeter).close(); +} } \ No newline at end of file
cxf git commit: Renaming one of oauthprovider setters
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 4d0c6df1e -> cb5211ec6 Renaming one of oauthprovider setters Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/cb5211ec Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/cb5211ec Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/cb5211ec Branch: refs/heads/3.1.x-fixes Commit: cb5211ec61d20e91b920b3c60f34b3e50f571c42 Parents: 4d0c6df Author: Sergey Beryozkin Authored: Tue Jan 19 12:28:58 2016 + Committer: Sergey Beryozkin Committed: Tue Jan 19 12:30:46 2016 + -- .../cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/cb5211ec/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java index ec607b3..88c34ac 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java @@ -274,7 +274,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl this.permissionMap = permissionMap; } -public void setScopes(Map scopes) { +public void setSupportedScopes(Map scopes) { for (Map.Entry entry : scopes.entrySet()) { OAuthPermission permission = new OAuthPermission(entry.getKey(), entry.getValue()); permissionMap.put(entry.getKey(), permission);
cxf git commit: Renaming one of oauthprovider setters
Repository: cxf Updated Branches: refs/heads/master 7198fd782 -> a494f3f4c Renaming one of oauthprovider setters Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a494f3f4 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a494f3f4 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a494f3f4 Branch: refs/heads/master Commit: a494f3f4cec6a03c6f98e4f42f6dac33f25ac7da Parents: 7198fd7 Author: Sergey Beryozkin Authored: Tue Jan 19 12:28:58 2016 + Committer: Sergey Beryozkin Committed: Tue Jan 19 12:28:58 2016 + -- .../cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a494f3f4/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java index 6dfda96..ac7a11b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java @@ -269,7 +269,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl this.permissionMap = permissionMap; } -public void setScopes(Map scopes) { +public void setSupportedScopes(Map scopes) { for (Map.Entry entry : scopes.entrySet()) { OAuthPermission permission = new OAuthPermission(entry.getKey(), entry.getValue()); permissionMap.put(entry.getKey(), permission);
cxf git commit: Minor update to the oauth2 provider
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 9f0d1b323 -> 4d0c6df1e Minor update to the oauth2 provider Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4d0c6df1 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4d0c6df1 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4d0c6df1 Branch: refs/heads/3.1.x-fixes Commit: 4d0c6df1e561f5e6d118430349a09360c9dd754f Parents: 9f0d1b3 Author: Sergey Beryozkin Authored: Tue Jan 19 11:52:34 2016 + Committer: Sergey Beryozkin Committed: Tue Jan 19 11:53:28 2016 + -- .../security/oauth2/provider/AbstractOAuthDataProvider.java | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/4d0c6df1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java index e836898..ec607b3 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java @@ -159,13 +159,12 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl @Override public List convertScopeToPermissions(Client client, List requestedScopes) { +if (requiredScopes != null && !requestedScopes.containsAll(requiredScopes)) { +throw new OAuthServiceException("Required scopes are missing"); +} if (requestedScopes.isEmpty()) { return Collections.emptyList(); } else if (!permissionMap.isEmpty()) { -if (requiredScopes != null && !requestedScopes.containsAll(requiredScopes)) { -throw new OAuthServiceException("Required scopes are missing"); -} - List list = new ArrayList(); for (String scope : requestedScopes) { OAuthPermission permission = permissionMap.get(scope);
cxf git commit: Minor update to the oauth2 provider
Repository: cxf Updated Branches: refs/heads/master f11ec01ac -> 7198fd782 Minor update to the oauth2 provider Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7198fd78 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7198fd78 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7198fd78 Branch: refs/heads/master Commit: 7198fd782e7d7a9aaf94a2d18c4ff23e9fb626b1 Parents: f11ec01 Author: Sergey Beryozkin Authored: Tue Jan 19 11:52:34 2016 + Committer: Sergey Beryozkin Committed: Tue Jan 19 11:52:34 2016 + -- .../security/oauth2/provider/AbstractOAuthDataProvider.java | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/7198fd78/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java index 38e1845..6dfda96 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java @@ -154,13 +154,12 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl @Override public List convertScopeToPermissions(Client client, List requestedScopes) { +if (requiredScopes != null && !requestedScopes.containsAll(requiredScopes)) { +throw new OAuthServiceException("Required scopes are missing"); +} if (requestedScopes.isEmpty()) { return Collections.emptyList(); } else if (!permissionMap.isEmpty()) { -if (requiredScopes != null && !requestedScopes.containsAll(requiredScopes)) { -throw new OAuthServiceException("Required scopes are missing"); -} - List list = new ArrayList(); for (String scope : requestedScopes) { OAuthPermission permission = permissionMap.get(scope);
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4877 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
cxf git commit: Fixing a typo in the code grant handler
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 12206c314 -> 9f0d1b323 Fixing a typo in the code grant handler Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9f0d1b32 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9f0d1b32 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9f0d1b32 Branch: refs/heads/3.1.x-fixes Commit: 9f0d1b3236b6b7fdb67c812360c03bda19700cc5 Parents: 12206c3 Author: Sergey Beryozkin Authored: Tue Jan 19 11:40:19 2016 + Committer: Sergey Beryozkin Committed: Tue Jan 19 11:41:36 2016 + -- .../oauth2/grants/code/AuthorizationCodeGrantHandler.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/9f0d1b32/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java index 72021f0..fb4bd5d 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java @@ -115,11 +115,11 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler { private boolean compareCodeVerifierWithChallenge(Client c, String clientCodeVerifier, String clientCodeChallenge) { -if (clientCodeChallenge == null && clientCodeChallenge == null +if (clientCodeChallenge == null && clientCodeVerifier == null && (c.isConfidential() || !expectCodeVerifierForPublicClients)) { return true; -} else if (clientCodeChallenge != null && clientCodeChallenge == null -|| clientCodeChallenge == null && clientCodeChallenge != null) { +} else if (clientCodeChallenge != null && clientCodeVerifier == null +|| clientCodeChallenge == null && clientCodeVerifier != null) { return false; } else { String transformedCodeVerifier = codeVerifierTransformer == null
cxf git commit: Fixing a typo in the code grant handler
Repository: cxf Updated Branches: refs/heads/master a9bd49ff0 -> f11ec01ac Fixing a typo in the code grant handler Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f11ec01a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f11ec01a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f11ec01a Branch: refs/heads/master Commit: f11ec01ac603a7b3919ed075afc9ac35edf48c8a Parents: a9bd49f Author: Sergey Beryozkin Authored: Tue Jan 19 11:40:19 2016 + Committer: Sergey Beryozkin Committed: Tue Jan 19 11:40:19 2016 + -- .../oauth2/grants/code/AuthorizationCodeGrantHandler.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/f11ec01a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java index 6d7fc1a..7e5aab3 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java @@ -113,11 +113,11 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler { private boolean compareCodeVerifierWithChallenge(Client c, String clientCodeVerifier, String clientCodeChallenge) { -if (clientCodeChallenge == null && clientCodeChallenge == null +if (clientCodeChallenge == null && clientCodeVerifier == null && (c.isConfidential() || !expectCodeVerifierForPublicClients)) { return true; -} else if (clientCodeChallenge != null && clientCodeChallenge == null -|| clientCodeChallenge == null && clientCodeChallenge != null) { +} else if (clientCodeChallenge != null && clientCodeVerifier == null +|| clientCodeChallenge == null && clientCodeVerifier != null) { return false; } else { String transformedCodeVerifier = codeVerifierTransformer == null
cxf git commit: Checking some scope properties in the OAuth provider to minimize the amount of custom code
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes c090a8163 -> 12206c314 Checking some scope properties in the OAuth provider to minimize the amount of custom code Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/12206c31 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/12206c31 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/12206c31 Branch: refs/heads/3.1.x-fixes Commit: 12206c314d34f2e210f7292fcb7a3e894fafd4e7 Parents: c090a81 Author: Sergey Beryozkin Authored: Tue Jan 19 10:46:16 2016 + Committer: Sergey Beryozkin Committed: Tue Jan 19 10:47:20 2016 + -- .../provider/AbstractOAuthDataProvider.java | 39 1 file changed, 39 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/12206c31/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java index edfabb6..e836898 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java @@ -41,6 +41,9 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl private boolean recycleRefreshTokens = true; private Map permissionMap = new HashMap(); private MessageContext messageContext; +private List defaultScopes; +private List requiredScopes; +private List invisibleToClientScopes; protected AbstractOAuthDataProvider() { @@ -159,6 +162,10 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl if (requestedScopes.isEmpty()) { return Collections.emptyList(); } else if (!permissionMap.isEmpty()) { +if (requiredScopes != null && !requestedScopes.containsAll(requiredScopes)) { +throw new OAuthServiceException("Required scopes are missing"); +} + List list = new ArrayList(); for (String scope : requestedScopes) { OAuthPermission permission = permissionMap.get(scope); @@ -247,6 +254,14 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl } public void init() { +for (OAuthPermission perm : permissionMap.values()) { +if (defaultScopes != null && defaultScopes.contains(perm.getPermission())) { +perm.setDefault(true); +} +if (invisibleToClientScopes != null && invisibleToClientScopes.contains(perm.getPermission())) { +perm.setInvisibleToClient(true); +} +} } public void close() { @@ -290,4 +305,28 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl protected abstract RefreshToken revokeRefreshToken(String refreshTokenKey); protected abstract RefreshToken getRefreshToken(String refreshTokenKey); +public List getDefaultScopes() { +return defaultScopes; +} + +public void setDefaultScopes(List defaultScopes) { +this.defaultScopes = defaultScopes; +} + +public List getRequiredScopes() { +return requiredScopes; +} + +public void setRequiredScopes(List requiredScopes) { +this.requiredScopes = requiredScopes; +} + +public List getInvisibleToClientScopes() { +return invisibleToClientScopes; +} + +public void setInvisibleToClientScopes(List invisibleToClientScopes) { +this.invisibleToClientScopes = invisibleToClientScopes; +} + }
buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4876 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
cxf git commit: Checking some scope properties in the OAuth provider to minimize the amount of custom code
Repository: cxf Updated Branches: refs/heads/master 7dcfe81d4 -> a9bd49ff0 Checking some scope properties in the OAuth provider to minimize the amount of custom code Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a9bd49ff Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a9bd49ff Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a9bd49ff Branch: refs/heads/master Commit: a9bd49ff0e18c4161260e91a2ff0b20ca164c221 Parents: 7dcfe81 Author: Sergey Beryozkin Authored: Tue Jan 19 10:46:16 2016 + Committer: Sergey Beryozkin Committed: Tue Jan 19 10:46:16 2016 + -- .../provider/AbstractOAuthDataProvider.java | 39 1 file changed, 39 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a9bd49ff/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java index 5bec101..38e1845 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java @@ -41,6 +41,9 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl private boolean recycleRefreshTokens = true; private Map permissionMap = new HashMap(); private MessageContext messageContext; +private List defaultScopes; +private List requiredScopes; +private List invisibleToClientScopes; protected AbstractOAuthDataProvider() { @@ -154,6 +157,10 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl if (requestedScopes.isEmpty()) { return Collections.emptyList(); } else if (!permissionMap.isEmpty()) { +if (requiredScopes != null && !requestedScopes.containsAll(requiredScopes)) { +throw new OAuthServiceException("Required scopes are missing"); +} + List list = new ArrayList(); for (String scope : requestedScopes) { OAuthPermission permission = permissionMap.get(scope); @@ -242,6 +249,14 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl } public void init() { +for (OAuthPermission perm : permissionMap.values()) { +if (defaultScopes != null && defaultScopes.contains(perm.getPermission())) { +perm.setDefault(true); +} +if (invisibleToClientScopes != null && invisibleToClientScopes.contains(perm.getPermission())) { +perm.setInvisibleToClient(true); +} +} } public void close() { @@ -285,4 +300,28 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl protected abstract RefreshToken revokeRefreshToken(String refreshTokenKey); protected abstract RefreshToken getRefreshToken(String refreshTokenKey); +public List getDefaultScopes() { +return defaultScopes; +} + +public void setDefaultScopes(List defaultScopes) { +this.defaultScopes = defaultScopes; +} + +public List getRequiredScopes() { +return requiredScopes; +} + +public void setRequiredScopes(List requiredScopes) { +this.requiredScopes = requiredScopes; +} + +public List getInvisibleToClientScopes() { +return invisibleToClientScopes; +} + +public void setInvisibleToClientScopes(List invisibleToClientScopes) { +this.invisibleToClientScopes = invisibleToClientScopes; +} + }
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4874 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot