[cxf] branch 3.4.x-fixes updated: CXF-8370 - Make the principal optional for the start of the authorization flow

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[cxf] branch 3.4.x-fixes updated: CXF-8370 - Make the principal optional for the start of the authorization flow

coheigea
Administrator
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/3.4.x-fixes by this push:
     new 378af94  CXF-8370 - Make the principal optional for the start of the authorization flow
378af94 is described below

commit 378af94b087e1e8af1689a5a071e7b79bb87a705
Author: Colm O hEigeartaigh <[hidden email]>
AuthorDate: Tue Nov 17 11:30:09 2020 +0000

    CXF-8370 - Make the principal optional for the start of the authorization flow
   
    (cherry picked from commit 821471d951ad1cd16546658b086eb3f607287f99)
---
 .../oauth2/services/RedirectionBasedGrantService.java      | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 372d2f2..dafdc82 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -137,11 +137,15 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
      * Starts the authorization process
      */
     protected Response startAuthorization(MultivaluedMap<String, String> params) {
-        // Make sure the end user has authenticated, check if HTTPS is used
-        SecurityContext sc = getAndValidateSecurityContext(params);
+        UserSubject userSubject = null;
+        SecurityContext securityContext =
+                (SecurityContext)getMessageContext().get(SecurityContext.class.getName());
+        if (securityContext != null && securityContext.getUserPrincipal() != null) {
+            // Create a UserSubject representing the end user, if we have already authenticated
+            userSubject = createUserSubject(securityContext, params);
+        }
+        checkTransportSecurity();
         Client client = getClient(params.getFirst(OAuthConstants.CLIENT_ID), params);
-        // Create a UserSubject representing the end user
-        UserSubject userSubject = createUserSubject(sc, params);
 
         if (authorizationFilter != null) {
             params = authorizationFilter.process(params, userSubject, client);
@@ -340,7 +344,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         return state;
     }
     protected void personalizeData(OAuthAuthorizationData data, UserSubject userSubject) {
-        if (resourceOwnerNameProvider != null) {
+        if (resourceOwnerNameProvider != null && userSubject != null) {
             data.setEndUserName(resourceOwnerNameProvider.getName(userSubject));
         }
     }