CXF-8121 Improve STS REST interface #580
Conversation
services/sts/sts-rest/src/main/java/org/apache/cxf/sts/rest/api/BaseResponse.java
Outdated
Show resolved
Hide resolved
services/sts/sts-rest/src/main/java/org/apache/cxf/sts/rest/api/BaseResponse.java
Outdated
Show resolved
Hide resolved
services/sts/sts-rest/src/main/java/org/apache/cxf/sts/rest/api/GetTokenRequest.java
Outdated
Show resolved
Hide resolved
services/sts/sts-rest/src/main/java/org/apache/cxf/sts/rest/api/GetTokenRequest.java
Outdated
Show resolved
Hide resolved
services/sts/sts-rest/src/main/java/org/apache/cxf/sts/rest/api/RealmSecurityTokenService.java
Outdated
Show resolved
Hide resolved
...s/sts-rest/src/main/java/org/apache/cxf/sts/rest/authentication/JwtAuthenticationFilter.java
Outdated
Show resolved
Hide resolved
services/sts/sts-rest/src/main/java/org/apache/cxf/sts/rest/impl/JwkOperation.java
Outdated
Show resolved
Hide resolved
services/sts/sts-rest/src/main/java/org/apache/cxf/sts/rest/impl/JwkOperation.java
Outdated
Show resolved
Hide resolved
...ts/sts-rest/src/main/java/org/apache/cxf/sts/rest/impl/RealmSecurityConfigurationFilter.java
Outdated
Show resolved
Hide resolved
...ts/sts-rest/src/main/java/org/apache/cxf/sts/rest/impl/RealmSecurityConfigurationFilter.java
Outdated
Show resolved
Hide resolved
|
Thanks @dtsybulka, LGTM, @ashakirin anything you want to add / comment / change? |
|
@reta, please hold off on the merge for a while, there are some things I need to check first with the PR. |
|
@coheigea no objections, won't merge without your and @ashakirin approvals, thanks! |
|
@coheigea could you please tell when you could check and review the PR? Thanks in advance. |
|
@dtsybulka It's on my TODO list, but realistically it will be early in the new year before I can review it properly. |
|
Hi @coheigea, |
|
Sorry, it'll be a few weeks before I can look at it, but it is on my radar for CXF 3.4.0. |
| @@ -69,7 +69,7 @@ | |||
| public static final Map<String, String> DEFAULT_CLAIM_TYPE_MAP; | |||
| public static final Map<String, String> DEFAULT_TOKEN_TYPE_MAP; | |||
|
|
|||
| private static final Map<String, String> DEFAULT_KEY_TYPE_MAP = new HashMap<>(); | |||
| public static final Map<String, String> DEFAULT_KEY_TYPE_MAP = new HashMap<>(); | |||
There was a problem hiding this comment.
This map should be made an unmodifiable map as per the other public maps
|
|
||
| <import resource="classpath:META-INF/cxf/cxf.xml"/> | ||
|
|
||
| <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> |
There was a problem hiding this comment.
Change all instances of PropertyPlaceholderConfigurer to org.springframework.context.support.PropertySourcesPlaceholderConfigurer instead
|
|
||
| @org.junit.AfterClass | ||
| public static void cleanup() throws Exception { | ||
| SecurityTestUtil.cleanup(); |
There was a problem hiding this comment.
This method is removed in the latest codebase
| validateJWTToken(token); | ||
| } | ||
|
|
||
| @org.junit.Ignore |
There was a problem hiding this comment.
Why are these two tests Ignored?
| /** | ||
| * Some tests for the REST interface of the CXF STS. | ||
| */ | ||
| public class STSRealmRestTest extends AbstractBusClientServerTestBase { |
There was a problem hiding this comment.
There is a huge amount of duplicated code between this class and STSRESTTest. I wonder if we can't abstract the tests to a common base class, and subclass just the bits that get the tokens?
| description = "In case wrong configuration of RS security for requested realm") | ||
| } | ||
| ) | ||
| JsonWebKeys getPublicVerificationKeys(); |
There was a problem hiding this comment.
Is this method tested anywhere? I don't see it...
| final Message message = getCurrentMessage(); | ||
| final RequestSecurityTokenResponseType response = validateOperation.validate( | ||
| createValidateRequestSecurityTokenType(tokenString, "jwt"), null, | ||
| new WrappedMessageContext(message)); |
There was a problem hiding this comment.
Why WrappedMessageContext here? We can just pass through "message" and then eliminate the jaxws frontend from the pom.
| import static org.apache.cxf.jaxrs.utils.HttpUtils.getProtocolHeader; | ||
| import static org.apache.cxf.message.Message.HTTP_REQUEST_METHOD; | ||
| import static org.apache.cxf.message.Message.PROTOCOL_HEADERS; | ||
| import static org.springframework.util.CollectionUtils.isEmpty; |
There was a problem hiding this comment.
Replace this with: org.apache.cxf.common.util.StringUtils.isEmpty
services/sts/sts-rest/pom.xml
Outdated
| org.springframework.ldap*;resolution:=optional, | ||
| net.sf.ehcache*;resolution:=optional;version="[2.5, 3.0.0)", | ||
| org.opensaml*;version="${cxf.opensaml.osgi.version.range}", |
There was a problem hiding this comment.
I think these three lines can be removed.
| * specific language governing permissions and limitations | ||
| * under the License. | ||
| */ | ||
| package org.apache.cxf.sts.rest.api; |
There was a problem hiding this comment.
The package name of "org.apache.cxf.sts.rest" is a bit problematic in OSGi, as it clashes with the module in STS Core. Can we rename this to something different?
There was a problem hiding this comment.
Is org.apache.cxf.sts.rs will be OK?
|
Also, there is a merge conflict with CustomParameterTest. |
� Conflicts: � services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java
No description provided.