cxf git commit: [CXF-7263] Updating ResourceOwnerLoginHandler to accept Client

2017-03-02 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 1d9625605 -> 742cb68a9


[CXF-7263] Updating ResourceOwnerLoginHandler to accept Client


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/742cb68a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/742cb68a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/742cb68a

Branch: refs/heads/3.1.x-fixes
Commit: 742cb68a9172c968aeea5ece7146f9c3dfacde9a
Parents: 1d96256
Author: Sergey Beryozkin 
Authored: Thu Mar 2 22:26:51 2017 +
Committer: Sergey Beryozkin 
Committed: Thu Mar 2 22:29:43 2017 +

--
 .../oauth2/grants/owner/JAASResourceOwnerLoginHandler.java   | 7 ---
 .../oauth2/grants/owner/ResourceOwnerGrantHandler.java   | 2 +-
 .../oauth2/grants/owner/ResourceOwnerLoginHandler.java   | 8 +---
 3 files changed, 10 insertions(+), 7 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/742cb68a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java
index 7eb7bfc..b89ad7e 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java
@@ -22,6 +22,7 @@ import 
org.apache.cxf.configuration.security.AuthorizationPolicy;
 import org.apache.cxf.interceptor.security.JAASLoginInterceptor;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 import org.apache.cxf.security.SecurityContext;
@@ -29,9 +30,9 @@ import org.apache.cxf.security.SecurityContext;
 public class JAASResourceOwnerLoginHandler implements 
ResourceOwnerLoginHandler {
 
 private JAASLoginInterceptor jaasInterceptor = new JAASLoginInterceptor();
-
-
-public UserSubject createSubject(String name, String password) {
+
+
+public UserSubject createSubject(Client client, String name, String 
password) {
 Message message = setupMessage(name, password);
 jaasInterceptor.handleMessage(message);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/742cb68a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
index 4a5d03b..b84ca30 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
@@ -49,7 +49,7 @@ public class ResourceOwnerGrantHandler extends 
AbstractGrantHandler {
 throw new OAuthServiceException(
  new OAuthError(OAuthConstants.INVALID_REQUEST));
 }
-UserSubject subject = loginHandler.createSubject(ownerName, 
ownerPassword);
+UserSubject subject = loginHandler.createSubject(client, ownerName, 
ownerPassword);
 if (subject == null) {
 throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/742cb68a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java
index 8d63d69..aded593 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java
+++

cxf git commit: [CXF-7263] Updating ResourceOwnerLoginHandler to accept Client

2017-03-02 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/master 0252de53c -> c7d50ca23


[CXF-7263] Updating ResourceOwnerLoginHandler to accept Client


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c7d50ca2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c7d50ca2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c7d50ca2

Branch: refs/heads/master
Commit: c7d50ca238184789412737ea0f0db4b5b5503326
Parents: 0252de5
Author: Sergey Beryozkin 
Authored: Thu Mar 2 22:26:51 2017 +
Committer: Sergey Beryozkin 
Committed: Thu Mar 2 22:26:51 2017 +

--
 .../oauth2/grants/owner/JAASResourceOwnerLoginHandler.java   | 3 ++-
 .../oauth2/grants/owner/ResourceOwnerGrantHandler.java   | 2 +-
 .../oauth2/grants/owner/ResourceOwnerLoginHandler.java   | 8 +---
 3 files changed, 8 insertions(+), 5 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/c7d50ca2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java
index 480e2db..2af9212 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/JAASResourceOwnerLoginHandler.java
@@ -22,6 +22,7 @@ import 
org.apache.cxf.configuration.security.AuthorizationPolicy;
 import org.apache.cxf.interceptor.security.JAASLoginInterceptor;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 import org.apache.cxf.security.SecurityContext;
@@ -31,7 +32,7 @@ public class JAASResourceOwnerLoginHandler implements 
ResourceOwnerLoginHandler
 private JAASLoginInterceptor jaasInterceptor = new JAASLoginInterceptor();
 
 
-public UserSubject createSubject(String name, String password) {
+public UserSubject createSubject(Client client, String name, String 
password) {
 Message message = setupMessage(name, password);
 jaasInterceptor.handleMessage(message);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/c7d50ca2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
index 5aba67e..a5f4538 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
@@ -49,7 +49,7 @@ public class ResourceOwnerGrantHandler extends 
AbstractGrantHandler {
 throw new OAuthServiceException(
  new OAuthError(OAuthConstants.INVALID_REQUEST));
 }
-UserSubject subject = loginHandler.createSubject(ownerName, 
ownerPassword);
+UserSubject subject = loginHandler.createSubject(client, ownerName, 
ownerPassword);
 if (subject == null) {
 throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/c7d50ca2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java
index 937ed8b..dda599e 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerLoginHandler.java
@@

cxf-fediz git commit: Introducing ProviderAuthenticationStrategy to make it easier to encapsulate alternative approaches for authenticating at the provider level

2017-03-02 Thread sergeyb 
Repository: cxf-fediz
Updated Branches:
  refs/heads/master fac4db415 -> 3ba499aef


Introducing ProviderAuthenticationStrategy to make it easier to encapsulate 
alternative approaches for authenticating at the provider level


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3ba499ae
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3ba499ae
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3ba499ae

Branch: refs/heads/master
Commit: 3ba499aeffb16c84895022e953a117f922abc4c4
Parents: fac4db4
Author: Sergey Beryozkin 
Authored: Thu Mar 2 22:03:34 2017 +
Committer: Sergey Beryozkin 
Committed: Thu Mar 2 22:03:34 2017 +

--
 .../service/oidc/OAuthDataProviderImpl.java | 79 +---
 .../src/test/resources/oidc/data-manager.xml|  8 +-
 2 files changed, 41 insertions(+), 46 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3ba499ae/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
--
diff --git 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
index 1882e0a..c265cef 100644
--- 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
+++ 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
@@ -18,19 +18,12 @@
  */
 package org.apache.cxf.fediz.service.oidc;
 
+import java.lang.reflect.Method;
 import java.security.Principal;
 import java.util.Collections;
 import java.util.List;
-import java.util.logging.Level;
-import java.util.logging.Logger;
 
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.Configuration;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
+import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
 import 
org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider;
@@ -40,23 +33,18 @@ import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
 
 public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
 
-private static final Logger LOG = 
LogUtils.getL7dLogger(OAuthDataProviderImpl.class);
-
 private boolean checkOnlyRegisteredClients;
 private boolean persistUnregisteredClients = true;
-private String contextName;
-private Configuration loginConfig;
-
-
+private ProviderAuthenticationStrategy authenticationStrategy;
+
 @Override
 public Client getClient(String clientId) {
-//TODO: push most of this code into the abstract class
 Client client = super.getClient(clientId);
 if (client != null || checkOnlyRegisteredClients) {
 return client;
 }
 
-String grantType = 
(String)getMessageContext().get(OAuthConstants.GRANT_TYPE);
+String grantType = getCurrentRequestedGrantType();
 if (OAuthConstants.CLIENT_CREDENTIALS_GRANT.equals(grantType)) {
 // Pre-registering the OAuth2 Client representations for
 // "client_credentials" can be difficult.
@@ -81,47 +69,32 @@ public class OAuthDataProviderImpl extends 
DefaultEHCacheCodeDataProvider {
 // (as it is now) but also client credentials/etc then the check below 
will need to be more strict
 // with the help of getMessageContext().get(OAuthConstants.GRANT_TYPE)
 if 
(!client.getAllowedGrantTypes().contains(OAuthConstants.CLIENT_CREDENTIALS_GRANT)
+&& 
!client.getAllowedGrantTypes().contains(OAuthConstants.RESOURCE_OWNER_GRANT)
 && !requestedScopes.contains(OidcUtils.OPENID_SCOPE)) {
 throw new OAuthServiceException("Required scopes are missing");
 }
 return super.convertScopeToPermissions(client, requestedScopes);
 }
 
-protected Client authenticateClient(String clientId, String clientSecret) {
-if (contextName != null) {
-try {
-// Login using JAAS
-CallbackHandler callbackHandler =
-new NamePasswordCallbackHandler(clientId, clientSecret);
-LoginContext ctx = new LoginContext(contextName, null, 
callbackHandler, loginConfig);
-ctx.login();
-Client client = createClientCredClient(clientId, clientSecret);
-ctx.logout();
-

cxf git commit: Recording .gitmergeinfo Changes

2017-03-02 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes e889b2961 -> 5268b81e0


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5268b81e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5268b81e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5268b81e

Branch: refs/heads/3.0.x-fixes
Commit: 5268b81e0af1d6391c5663f5e85e1f6eb23890df
Parents: e889b29
Author: Colm O hEigeartaigh 
Authored: Thu Mar 2 18:22:08 2017 +
Committer: Colm O hEigeartaigh 
Committed: Thu Mar 2 18:22:08 2017 +

--
 .gitmergeinfo | 4 
 1 file changed, 4 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/5268b81e/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 1b5a9a2..85f5b41 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -26,6 +26,7 @@ B 05a7ad32b06dc800d31cffbb39df5be16f847849
 B 05e838902732c879e6a9415f11624d1581b5271e
 B 062c8ac92d8a52d2913a4f128ad56cb742edd3b3
 B 0642440cd3114db0ca86ca99987617d98634697f
+B 06d2a32adda4cb32580ca25c83e6b67dfb143ae9
 B 06e74f175c476c82c773c4ac31cf656ef593d424
 B 06fbd75b77597a6b413c72ab845578ba03bf3a21
 B 07297f3c75c3d16a6d81b423d545ababd714f5b9
@@ -151,6 +152,7 @@ B 1d29dfaa8e686570c1b2ec2da4c31ba380e0b9b0
 B 1d29e0af16d1714a44d0144f4b0563d423eb16c0
 B 1d2f49e37fa341aaa56960235cc784def4b4a70a
 B 1d5577f2abcfcc36fbbae349e94d7a992ec57ba0
+B 1d962560563a96a4577db705a3264d74dbeb6f12
 B 1d9e79ef36bf14e25d7cd2cccb0d804a048aef64
 B 1da1293953e95d756406d8eab9c99a2de459c1ab
 B 1db0f0bbe8435bc0c081627857d5047ec8ee7f55
@@ -922,6 +924,7 @@ B a2e5fae3a093965b75361210ef475abb9e6abf56
 B a2ef32eee8f2a91706801c05f17b927d661baff1
 B a2f2eb7e29e3632ecae740f1edf8d4c05689f24b
 B a3347f0378b49b6db6ca6ec274098f4b52fd17cd
+B a371f7cf76e86b91dd6c8025e2882d4715568bb5
 B a3e1065d4c2a600f63585a6c892e636f5740cf73
 B a4222c930f7d69608f826c14e4bc7bc9f670097c
 B a4315cb442fa31960cbd47f11e95e81b4a71441d
@@ -1259,6 +1262,7 @@ B de9b7936156d622c284df7f055acac80b920b7d0
 B deea740143ef9b2d85c5dc2139f6918ae10ca548
 B df39a9e14be1f3ff1fdd32e93e4f95c7fab96b00
 B df424f5a46f5a6e7be339308d85799865fb84573
+B df54745da1a568ea652762a3f0840771551b8d27
 B df947cb1ca2b9e375f99e199ec65b1afece1c963
 B dfa36ecb161fc0e7121aff68ad41ed969307d4f0
 B dfa59762b50f26263716bae769bc4078d4059c37

[3/3] cxf git commit: Fixing merge

2017-03-02 Thread coheigea 
Fixing merge


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1d962560
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1d962560
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1d962560

Branch: refs/heads/3.1.x-fixes
Commit: 1d962560563a96a4577db705a3264d74dbeb6f12
Parents: df54745
Author: Colm O hEigeartaigh 
Authored: Thu Mar 2 18:21:23 2017 +
Committer: Colm O hEigeartaigh 
Committed: Thu Mar 2 18:21:23 2017 +

--
 .../cxf/transport/http/MessageTrustDecider.java   |  6 --
 .../interceptors/HttpsTokenInterceptorProvider.java   | 14 --
 .../apache/cxf/systest/ws/https/HttpsTokenTest.java   |  3 ---
 3 files changed, 23 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/1d962560/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
--
diff --git 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
index 923b5e5..6360570 100644
--- 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
+++ 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
@@ -29,15 +29,9 @@ import org.apache.cxf.message.Message;
  * java.net.URLConnection implementations. 
  * 
  * The HttpURLConnection will be set up and connected, but no data
-<<< HEAD
- * yet sent (at least according to the JDK 1.5 default implemenation), 
- * and in the case of an HttpsURLConnection (again with caveat on
- * particular java.net.HttpsURLConnection implemenation), the TLS handshake 
-===
  * yet sent (at least according to the JDK 1.5 default implementation),
  * and in the case of an HttpsURLConnection (again with caveat on
  * particular java.net.HttpsURLConnection implementation), the TLS handshake
->>> 0252de5... [CXF-5525] - Adding a JAX-WS property to disable client 
cert verification policy check + tests
  * will be completed and certain TLS artifacts will be available.
  * 
  * Each MessageTrustDecider has a "logical" name that may be used in logging

http://git-wip-us.apache.org/repos/asf/cxf/blob/1d962560/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
--
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
index 537c8c5..8857811 100644
--- 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
+++ 
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
@@ -146,23 +146,9 @@ public class HttpsTokenInterceptorProvider extends 
AbstractPolicyInterceptorProv
 + " the server set to ask for 
client authorization?");
 }
 }
-<<< HEAD
-HttpsURLConnectionInfo info = 
(HttpsURLConnectionInfo)connectionInfo;
-if (info.getLocalCertificates() == null 
-|| info.getLocalCertificates().length == 
0) {
-throw new 
UntrustedURLConnectionIOException(
-"RequireClientCertificate is set, "
-+ "but no local certificates were 
negotiated.  Is"
-+ " the server set to ask for client 
authorization?");
-}
-}
-};
-message.put(MessageTrustDecider.class, trust);
-===
 };
 message.put(MessageTrustDecider.class, trust);
 }
->>> 0252de5... [CXF-5525] - Adding a JAX-WS property to disable client 
cert verification policy check + tests
 PolicyUtils.assertPolicy(aim, new 
QName(token.getName().getNamespaceURI(),
 
SPConstants.REQUIRE_CLIENT_CERTIFICATE));
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/1d962560/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
--
diff --git

[1/3] cxf git commit: Recording .gitmergeinfo Changes

2017-03-02 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 963a541fe -> 1d9625605


Recording .gitmergeinfo Changes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/df54745d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/df54745d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/df54745d

Branch: refs/heads/3.1.x-fixes
Commit: df54745da1a568ea652762a3f0840771551b8d27
Parents: a371f7c
Author: Colm O hEigeartaigh 
Authored: Thu Mar 2 18:20:06 2017 +
Committer: Colm O hEigeartaigh 
Committed: Thu Mar 2 18:20:06 2017 +

--
 .gitmergeinfo | 1 +
 1 file changed, 1 insertion(+)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/df54745d/.gitmergeinfo
--
diff --git a/.gitmergeinfo b/.gitmergeinfo
index e50b89e..fbb4723 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -280,6 +280,7 @@ M 01cd14ce923f1f2cd044746e272b2d525c46f9a6
 M 01d06cee06203b0ba616ca1924f1878aecc1a791
 M 01fdc40526185ee89202692088fd5367f0690af0
 M 0222768baf6b60742c4a8332308edf2be0f4a2e4
+M 0252de53c8b2bd230544e7c9cffc9355741dc2f1
 M 0344b6bc0d1e61a3d3b5194f5ae3ebcdf62e8d56
 M 03987585902ef5db3c265a353e483f20e31b2c18
 M 04720d55a297aa4778a8194a766d9159ba662d33

[2/3] cxf git commit: [CXF-5525] - Adding a JAX-WS property to disable client cert verification policy check + tests

2017-03-02 Thread coheigea 
[CXF-5525] - Adding a JAX-WS property to disable client cert verification 
policy check + tests

# Conflicts:
#   
rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
#   
rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
#   
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
#   
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a371f7cf
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a371f7cf
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a371f7cf

Branch: refs/heads/3.1.x-fixes
Commit: a371f7cf76e86b91dd6c8025e2882d4715568bb5
Parents: 963a541
Author: Colm O hEigeartaigh 
Authored: Thu Mar 2 18:17:05 2017 +
Committer: Colm O hEigeartaigh 
Committed: Thu Mar 2 18:20:06 2017 +

--
 .../apache/cxf/transport/http/HTTPConduit.java  |  7 ++-
 .../cxf/transport/http/MessageTrustDecider.java | 13 ++
 .../cxf/ws/security/SecurityConstants.java  | 11 -
 .../HttpsTokenInterceptorProvider.java  | 38 
 .../cxf/systest/ws/https/HttpsTokenTest.java| 47 
 .../cxf/systest/ws/https/DoubleItHttps.wsdl |  6 +++
 .../org/apache/cxf/systest/ws/https/client.xml  | 26 +++
 .../org/apache/cxf/systest/ws/https/server.xml  | 14 ++
 .../apache/cxf/systest/ws/https/stax-server.xml | 20 +
 9 files changed, 169 insertions(+), 13 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/a371f7cf/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
--
diff --git 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
index e896461..51daa38 100644
--- 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
+++ 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
@@ -1762,10 +1762,9 @@ public abstract class HTTPConduit
 // already connected.
 HttpsURLConnectionInfo info = getHttpsURLConnectionInfo();
 if (trustDecider != null) {
-trustDecider.establishTrust(
-conduitName, 
-info,
-outMessage);
+trustDecider.establishTrust(conduitName,
+info,
+outMessage);
 if (LOG.isLoggable(Level.FINE)) {
 LOG.log(Level.FINE, "Trust Decider "
 + trustDecider.getLogicalName()

http://git-wip-us.apache.org/repos/asf/cxf/blob/a371f7cf/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
--
diff --git 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
index c9c2f1e..923b5e5 100644
--- 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
+++ 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
@@ -29,9 +29,15 @@ import org.apache.cxf.message.Message;
  * java.net.URLConnection implementations. 
  * 
  * The HttpURLConnection will be set up and connected, but no data
+<<< HEAD
  * yet sent (at least according to the JDK 1.5 default implemenation), 
  * and in the case of an HttpsURLConnection (again with caveat on
  * particular java.net.HttpsURLConnection implemenation), the TLS handshake 
+===
+ * yet sent (at least according to the JDK 1.5 default implementation),
+ * and in the case of an HttpsURLConnection (again with caveat on
+ * particular java.net.HttpsURLConnection implementation), the TLS handshake
+>>> 0252de5... [CXF-5525] - Adding a JAX-WS property to disable client 
cert verification policy check + tests
  * will be completed and certain TLS artifacts will be available.
  * 
  * Each MessageTrustDecider has a "logical" name that may be used in logging
@@ -88,10 +94,17 @@ public abstract class MessageTrustDecider {
  * 
  * The HTTPConduit calls this message on every redirect, however, it is
  * impossible to tell where it has been redirected from.
+<<< HEAD
  * 
  * TODO: What are the exising

cxf git commit: [CXF-5525] - Adding a JAX-WS property to disable client cert verification policy check + tests

2017-03-02 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/master 13d33c9ed -> 0252de53c


[CXF-5525] - Adding a JAX-WS property to disable client cert verification 
policy check + tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0252de53
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0252de53
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0252de53

Branch: refs/heads/master
Commit: 0252de53c8b2bd230544e7c9cffc9355741dc2f1
Parents: 13d33c9
Author: Colm O hEigeartaigh 
Authored: Thu Mar 2 18:17:05 2017 +
Committer: Colm O hEigeartaigh 
Committed: Thu Mar 2 18:17:54 2017 +

--
 .../apache/cxf/transport/http/HTTPConduit.java  |  7 ++-
 .../cxf/transport/http/MessageTrustDecider.java |  6 +--
 .../cxf/ws/security/SecurityConstants.java  | 11 -
 .../HttpsTokenInterceptorProvider.java  | 46 
 .../cxf/systest/ws/https/HttpsTokenTest.java| 44 +++
 .../cxf/systest/ws/https/DoubleItHttps.wsdl |  6 +++
 .../org/apache/cxf/systest/ws/https/client.xml  | 26 +++
 .../org/apache/cxf/systest/ws/https/server.xml  | 14 ++
 .../apache/cxf/systest/ws/https/stax-server.xml | 20 +
 9 files changed, 153 insertions(+), 27 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/0252de53/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
--
diff --git 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
index 8314c14..30798f7 100644
--- 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
+++ 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
@@ -1762,10 +1762,9 @@ public abstract class HTTPConduit
 // already connected.
 HttpsURLConnectionInfo info = getHttpsURLConnectionInfo();
 if (trustDecider != null) {
-trustDecider.establishTrust(
-conduitName,
-info,
-outMessage);
+trustDecider.establishTrust(conduitName,
+info,
+outMessage);
 if (LOG.isLoggable(Level.FINE)) {
 LOG.log(Level.FINE, "Trust Decider "
 + trustDecider.getLogicalName()

http://git-wip-us.apache.org/repos/asf/cxf/blob/0252de53/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
--
diff --git 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
index ac3efb8..8cd2fff 100644
--- 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
+++ 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
@@ -29,9 +29,9 @@ import org.apache.cxf.message.Message;
  * java.net.URLConnection implementations.
  *
  * The HttpURLConnection will be set up and connected, but no data
- * yet sent (at least according to the JDK 1.5 default implemenation),
+ * yet sent (at least according to the JDK 1.5 default implementation),
  * and in the case of an HttpsURLConnection (again with caveat on
- * particular java.net.HttpsURLConnection implemenation), the TLS handshake
+ * particular java.net.HttpsURLConnection implementation), the TLS handshake
  * will be completed and certain TLS artifacts will be available.
  * 
  * Each MessageTrustDecider has a "logical" name that may be used in logging
@@ -89,7 +89,7 @@ public abstract class MessageTrustDecider {
  * The HTTPConduit calls this message on every redirect, however, it is
  * impossible to tell where it has been redirected from.
  *
- * TODO: What are the exising Message Properties at the point of this call?
+ * TODO: What are the existing Message Properties at the point of this 
call?
  *
  * @param conduitNameThis parameter contains the logical name
  *   for the conduit that this trust decider

http://git-wip-us.apache.org/repos/asf/cxf/blob/0252de53/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
--
diff --git 
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java

cxf git commit: Injecting MessageContext into ResourceOwner handler too

2017-03-02 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 06d2a32ad -> 963a541fe


Injecting MessageContext into ResourceOwner handler too


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/963a541f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/963a541f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/963a541f

Branch: refs/heads/3.1.x-fixes
Commit: 963a541fe53a4d3f0481472c75fe6b7310c929c7
Parents: 06d2a32
Author: Sergey Beryozkin 
Authored: Thu Mar 2 17:38:53 2017 +
Committer: Sergey Beryozkin 
Committed: Thu Mar 2 17:52:20 2017 +

--
 .../grants/owner/ResourceOwnerGrantHandler.java | 11 ++--
 .../provider/AbstractOAuthDataProvider.java |  8 ++
 .../oauth2/services/AbstractOAuthService.java   | 28 
 .../oauth2/services/AccessTokenService.java | 13 +++--
 .../security/oauth2/utils/OAuthConstants.java   |  1 +
 .../rs/security/oauth2/utils/OAuthUtils.java| 18 +
 6 files changed, 58 insertions(+), 21 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/963a541f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
index 19e0f6b..4a5d03b 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
@@ -20,6 +20,7 @@ package org.apache.cxf.rs.security.oauth2.grants.owner;
 
 import javax.ws.rs.core.MultivaluedMap;
 
+import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthError;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
@@ -27,6 +28,7 @@ import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 
 /**
  * The "resource owner" grant handler
@@ -37,7 +39,7 @@ public class ResourceOwnerGrantHandler extends 
AbstractGrantHandler {
 public ResourceOwnerGrantHandler() {
 super(OAuthConstants.RESOURCE_OWNER_GRANT);
 }
-
+
 public ServerAccessToken createAccessToken(Client client, 
MultivaluedMap params)
 throws OAuthServiceException {
 
@@ -62,5 +64,10 @@ public class ResourceOwnerGrantHandler extends 
AbstractGrantHandler {
 this.loginHandler = loginHandler;
 }
 
-
+public void setMessageContext(MessageContext context) {
+if (loginHandler != null) {
+OAuthUtils.injectContextIntoOAuthProvider(context, loginHandler);
+}
+}
+
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/963a541f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index e39c9be..e5a8eba 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -25,6 +25,8 @@ import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 
+import javax.ws.rs.core.MultivaluedMap;
+
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
@@ -311,6 +313,12 @@ public abstract class AbstractOAuthDataProvider implements 
OAuthDataProvider, Cl
 protected String getCurrentClientSecret() {
 return (String)messageContext.get(OAuthConstants.CLIENT_SECRET);
 }
+protected MultivaluedMap getCurrentRequestParams() {
+@SuppressWarnings("unchecked")
+

cxf git commit: Injecting MessageContext into ResourceOwner handler too

2017-03-02 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/master afdf9361f -> 13d33c9ed


Injecting MessageContext into ResourceOwner handler too


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/13d33c9e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/13d33c9e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/13d33c9e

Branch: refs/heads/master
Commit: 13d33c9ed261e06e44706cffa1671d67d31096a7
Parents: afdf936
Author: Sergey Beryozkin 
Authored: Thu Mar 2 17:38:53 2017 +
Committer: Sergey Beryozkin 
Committed: Thu Mar 2 17:38:53 2017 +

--
 .../grants/owner/ResourceOwnerGrantHandler.java | 11 ++--
 .../provider/AbstractOAuthDataProvider.java |  8 ++
 .../oauth2/services/AbstractOAuthService.java   | 28 
 .../oauth2/services/AccessTokenService.java | 11 +++-
 .../security/oauth2/utils/OAuthConstants.java   |  1 +
 .../rs/security/oauth2/utils/OAuthUtils.java| 18 +
 6 files changed, 57 insertions(+), 20 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/13d33c9e/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
index ea39634..5aba67e 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
@@ -20,6 +20,7 @@ package org.apache.cxf.rs.security.oauth2.grants.owner;
 
 import javax.ws.rs.core.MultivaluedMap;
 
+import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthError;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
@@ -27,6 +28,7 @@ import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 
 /**
  * The "resource owner" grant handler
@@ -37,7 +39,7 @@ public class ResourceOwnerGrantHandler extends 
AbstractGrantHandler {
 public ResourceOwnerGrantHandler() {
 super(OAuthConstants.RESOURCE_OWNER_GRANT);
 }
-
+
 public ServerAccessToken createAccessToken(Client client, 
MultivaluedMap params)
 throws OAuthServiceException {
 
@@ -62,5 +64,10 @@ public class ResourceOwnerGrantHandler extends 
AbstractGrantHandler {
 this.loginHandler = loginHandler;
 }
 
-
+public void setMessageContext(MessageContext context) {
+if (loginHandler != null) {
+OAuthUtils.injectContextIntoOAuthProvider(context, loginHandler);
+}
+}
+
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/13d33c9e/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 298835e..95ab72f 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -25,6 +25,8 @@ import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 
+import javax.ws.rs.core.MultivaluedMap;
+
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
@@ -306,6 +308,12 @@ public abstract class AbstractOAuthDataProvider implements 
OAuthDataProvider, Cl
 protected String getCurrentClientSecret() {
 return (String)messageContext.get(OAuthConstants.CLIENT_SECRET);
 }
+protected MultivaluedMap getCurrentRequestParams() {
+@SuppressWarnings("unchecked")
+MultivaluedMap