[FEDIZ-172] Restoring Fediz-specific OAuthDataProviderImpl and supporting a case of the client_cred clients already being authenticated before the call reaches AccessTokenService
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
new file mode 100644
index 0000000..7c37cc2
--- /dev/null
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.oidc;
+
+import java.security.Principal;
+
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
+
+ private boolean checkOnlyRegisteredClients;
+
+ @Override
+ public Client getClient(String clientId) {
+ Client client = super.getClient(clientId);
+ if (client != null || checkOnlyRegisteredClients) {
+ return client;
+ }
+ String grantType = (String)getMessageContext().get(OAuthConstants.GRANT_TYPE);
+ if (OAuthConstants.CLIENT_CREDENTIALS_GRANT.equals(grantType)) {
+ // Pre-registering the OAuth2 Client representations for
+ // "client_credentials" can be difficult.
+
+ String clientSecret = (String)getMessageContext().get(OAuthConstants.CLIENT_SECRET);
+ if (clientSecret != null) {
+ // Direct authentication with the back-end storage
+ return authenticateClient(clientId, clientSecret);
+ } else {
+ Principal p = super.getMessageContext().getSecurityContext().getUserPrincipal();
+ if (clientId.equals(p.getName())) {
+ // Client was already authenticated with Servlet Security
+ // or CXF (JAAS/etc) filters
+ return new Client(clientId, null, true);
+ }
+ }
+ }
+ return null;
+ }
+
+ protected Client authenticateClient(String clientId, String clientSecret) {
+ // If the authentication is successful:
+ // return new Client(clientId, clientSecret, true)
+ return null;
+ }
+
+ public void setCheckOnlyRegisteredClients(boolean checkOnlyRegisteredClients) {
+ this.checkOnlyRegisteredClients = checkOnlyRegisteredClients;
+ }
+
+}
diff --git a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
index 6422263..5640443 100644
--- a/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/data-manager.xml
@@ -56,7 +56,7 @@
AbstractCodeDataProvider extension or implement AuthorizationCodeDataProvider directly
-->
<bean id="oauthProvider"
- class="org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider"
+ class="org.apache.cxf.fediz.service.oidc.OAuthDataProviderImpl"
init-method="init" destroy-method="close">
<!-- List of accepted scopes -->
<property name="supportedScopes" ref="supportedScopes"/>