diff options
7 files changed, 48 insertions, 69 deletions
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java index 7b360b2d2c4..253e82a5a30 100644 --- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java +++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java @@ -28,6 +28,7 @@ import org.apache.cxf.common.util.Base64Utility; import org.apache.cxf.jaxrs.impl.HttpHeadersImpl; import org.apache.cxf.jaxrs.utils.HttpUtils; import org.apache.cxf.message.Message; +import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation; import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils; @@ -38,7 +39,6 @@ import org.eclipse.osee.framework.jdk.core.type.BaseIdentity; import org.eclipse.osee.framework.jdk.core.type.OseePrincipal; import org.eclipse.osee.framework.jdk.core.util.Strings; import org.eclipse.osee.jaxrs.server.internal.JaxRsUtils; -import org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator.Subject; /** * @author Roberto E. Escobar @@ -125,8 +125,25 @@ public final class OAuthUtil { } } + public static SecurityContext getSecurityContext(AccessTokenValidation accessTokenV, boolean useUserSubject) { + UserSubject resourceOwnerSubject = accessTokenV.getTokenSubject(); + UserSubject clientSubject = accessTokenV.getClientSubject(); + + UserSubject subject; + if (resourceOwnerSubject != null || useUserSubject) { + subject = resourceOwnerSubject; + } else { + subject = clientSubject; + } + return OAuthUtil.newSecurityContext(subject); + } + public static SecurityContext newSecurityContext(UserSubject subject) { final OseePrincipal principal = newOseePrincipal(subject); + return newSecurityContext(principal); + } + + public static SecurityContext newSecurityContext(final OseePrincipal principal) { return new SecurityContext() { @Override public boolean isUserInRole(String role) { @@ -144,19 +161,19 @@ public final class OAuthUtil { }; } - public static final String SUBJECT_USERNAME = "username"; - public static final String SUBJECT_DISPLAY_NAME = "display.name"; - public static final String SUBJECT_EMAIL = "email"; - public static final String SUBJECT_IS_ACTIVE = "is.active"; - public static final String SUBJECT_IS_AUTHENTICATED = "is.authenticated"; + private static final String SUBJECT_USERNAME = "username"; + private static final String SUBJECT_DISPLAY_NAME = "display.name"; + private static final String SUBJECT_EMAIL = "email"; + private static final String SUBJECT_IS_ACTIVE = "is.active"; + private static final String SUBJECT_IS_AUTHENTICATED = "is.authenticated"; - public static UserSubject newUserSubject(Subject subject) { + public static UserSubject newUserSubject(OseePrincipal subject) { List<String> roles = new ArrayList<String>(); for (String role : subject.getRoles()) { roles.add(role); } UserSubject data = new UserSubject(); - data.setId(String.valueOf(subject.getId())); + data.setId(String.valueOf(subject.getGuid())); data.setLogin(subject.getUserName()); data.setRoles(roles); @@ -166,7 +183,6 @@ public final class OAuthUtil { properties.put(SUBJECT_EMAIL, subject.getEmailAddress()); properties.put(SUBJECT_IS_ACTIVE, Boolean.toString(subject.isActive())); properties.put(SUBJECT_IS_AUTHENTICATED, Boolean.toString(subject.isAuthenticated())); - data.setProperties(properties); return data; } @@ -185,7 +201,7 @@ public final class OAuthUtil { return getProperty(subject.getProperties(), SUBJECT_DISPLAY_NAME, subject.getLogin()); } - public static String getProperty(Map<String, String> props, String key, String defaultValue) { + private static String getProperty(Map<String, String> props, String key, String defaultValue) { String toReturn = props.get(key); if (toReturn == null) { toReturn = defaultValue; diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2RequestFilter.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2RequestFilter.java index 5a89bfa6d57..d0811da810e 100644 --- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2RequestFilter.java +++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2RequestFilter.java @@ -23,7 +23,6 @@ import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.message.Message; import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation; -import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.security.SecurityContext; @@ -44,16 +43,16 @@ import org.eclipse.osee.logger.Log; public class OAuth2RequestFilter extends OAuthRequestFilter { private final Log logger; - private final SubjectProvider sessionProvider; + private final SubjectProvider subjectProvider; private volatile boolean useUserSubject; private volatile URI redirectURI; private volatile boolean ignoreBasePath; - public OAuth2RequestFilter(Log logger, SubjectProvider sessionProvider) { + public OAuth2RequestFilter(Log logger, SubjectProvider subjectProvider) { super(); this.logger = logger; - this.sessionProvider = sessionProvider; + this.subjectProvider = subjectProvider; } @Override @@ -92,7 +91,7 @@ public class OAuth2RequestFilter extends OAuthRequestFilter { Message msg = JAXRSUtils.getCurrentMessage(); MessageContext mc = getMessageContext(); - SecurityContext sc = sessionProvider.getSecurityContextFromSession(mc); + SecurityContext sc = subjectProvider.getSecurityContextFromSession(mc); if (sc == null) { String authorizationHeader = context.getHeaderString(HttpHeaders.AUTHORIZATION); @@ -128,20 +127,11 @@ public class OAuth2RequestFilter extends OAuthRequestFilter { String[] basicAuthParts = OAuthUtil.decodeCredentials(header); String username = basicAuthParts[0]; String password = basicAuthParts[1]; - sessionProvider.authenticate(mc, OAuthConstants.BASIC_SCHEME, username, password); + subjectProvider.authenticate(mc, OAuthConstants.BASIC_SCHEME, username, password); } @Override protected SecurityContext createSecurityContext(HttpServletRequest request, AccessTokenValidation accessTokenV) { - UserSubject resourceOwnerSubject = accessTokenV.getTokenSubject(); - UserSubject clientSubject = accessTokenV.getClientSubject(); - - UserSubject subject; - if (resourceOwnerSubject != null || useUserSubject) { - subject = resourceOwnerSubject; - } else { - subject = clientSubject; - } - return OAuthUtil.newSecurityContext(subject); + return OAuthUtil.getSecurityContext(accessTokenV, useUserSubject); } }
\ No newline at end of file diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/SubjectProvider.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/SubjectProvider.java index 51aa63bc139..eb121eab4c4 100644 --- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/SubjectProvider.java +++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/SubjectProvider.java @@ -30,4 +30,5 @@ public interface SubjectProvider extends SessionAuthenticityTokenProvider, Subje SecurityContext getSecurityContextFromSession(MessageContext mc); UserSubject getSubjectById(long subjectId); + }
\ No newline at end of file diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/SubjectProviderImpl.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/SubjectProviderImpl.java index b5fc34348e0..f4c1b06413b 100644 --- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/SubjectProviderImpl.java +++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/SubjectProviderImpl.java @@ -20,11 +20,11 @@ import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.security.SecurityContext; +import org.eclipse.osee.framework.jdk.core.type.OseePrincipal; import org.eclipse.osee.framework.jdk.core.util.Strings; import org.eclipse.osee.jaxrs.server.internal.security.oauth2.OAuthUtil; import org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.SubjectProvider; import org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator; -import org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator.Subject; import org.eclipse.osee.jaxrs.server.security.JaxRsSessionProvider; import org.eclipse.osee.logger.Log; @@ -135,9 +135,8 @@ public class SubjectProviderImpl implements SubjectProvider { @Override public void authenticate(MessageContext mc, String scheme, String username, String password) { - UserSubject subject = authenticate(scheme, username, password); - SecurityContext securityContext = OAuthUtil.newSecurityContext(subject); - + OseePrincipal principal = authenticate(scheme, username, password); + SecurityContext securityContext = OAuthUtil.newSecurityContext(principal); if (sessionDelegate != null) { // Add security context resolution through session delegate } else { @@ -149,14 +148,13 @@ public class SubjectProviderImpl implements SubjectProvider { @Override public UserSubject createSubject(String username, String password) { - return authenticate(OAuthConstants.BASIC_SCHEME, username, password); + OseePrincipal principal = authenticate(OAuthConstants.BASIC_SCHEME, username, password); + return OAuthUtil.newUserSubject(principal); } - private UserSubject authenticate(String scheme, String username, String password) { + private OseePrincipal authenticate(String scheme, String username, String password) { logger.debug("Authenticate - scheme[%s] username[%s]", scheme, username); - - Subject user = authenticator.authenticate(scheme, username, password); - return OAuthUtil.newUserSubject(user); + return authenticator.authenticate(scheme, username, password); } private SecurityContext getSecurityContext(MessageContext mc) { @@ -191,10 +189,11 @@ public class SubjectProviderImpl implements SubjectProvider { long subjectId2 = getSubjectId(subject); if (subjectId2 != subjectId) { if (sessionDelegate != null) { - Subject user = sessionDelegate.getSubjectById(subjectId); - subject = OAuthUtil.newUserSubject(user); + OseePrincipal principal = sessionDelegate.getSubjectById(subjectId); + subject = OAuthUtil.newUserSubject(principal); } } return subject; } + }
\ No newline at end of file diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsAuthenticator.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsAuthenticator.java index ef961a67763..7f3d80defcb 100644 --- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsAuthenticator.java +++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsAuthenticator.java @@ -10,30 +10,13 @@ *******************************************************************************/ package org.eclipse.osee.jaxrs.server.security; +import org.eclipse.osee.framework.jdk.core.type.OseePrincipal; /** * @author Roberto E. Escobar */ public interface JaxRsAuthenticator { - public interface Subject { - - long getId(); - - String getDisplayName(); - - String getUserName(); - - String getEmailAddress(); - - boolean isActive(); - - Iterable<String> getRoles(); - - boolean isAuthenticated(); - - } - - Subject authenticate(String scheme, String username, String password); + OseePrincipal authenticate(String scheme, String username, String password); }
\ No newline at end of file diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsOAuthResourceServerFilter.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsOAuthResourceServerFilter.java index b4d147a428a..95feba8dcd3 100644 --- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsOAuthResourceServerFilter.java +++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsOAuthResourceServerFilter.java @@ -22,7 +22,6 @@ import javax.ws.rs.core.Form; import javax.ws.rs.ext.Provider; import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation; -import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.filters.OAuthRequestFilter; import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; @@ -177,16 +176,7 @@ public class JaxRsOAuthResourceServerFilter implements ContainerRequestFilter { @Override protected SecurityContext createSecurityContext(HttpServletRequest request, AccessTokenValidation accessTokenV) { - UserSubject resourceOwnerSubject = accessTokenV.getTokenSubject(); - UserSubject clientSubject = accessTokenV.getClientSubject(); - - UserSubject subject; - if (resourceOwnerSubject != null || useUserSubject) { - subject = resourceOwnerSubject; - } else { - subject = clientSubject; - } - return OAuthUtil.newSecurityContext(subject); + return OAuthUtil.getSecurityContext(accessTokenV, useUserSubject); } } diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsSessionProvider.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsSessionProvider.java index 43af6a4fd90..09c49771759 100644 --- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsSessionProvider.java +++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/security/JaxRsSessionProvider.java @@ -10,7 +10,7 @@ *******************************************************************************/ package org.eclipse.osee.jaxrs.server.security; -import org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator.Subject; +import org.eclipse.osee.framework.jdk.core.type.OseePrincipal; /** * @author Roberto E. Escobar @@ -23,6 +23,6 @@ public interface JaxRsSessionProvider { String getSessionToken(Long subjectId); - Subject getSubjectById(Long subjectId); + OseePrincipal getSubjectById(Long subjectId); }
\ No newline at end of file |