You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/03/18 14:17:10 UTC
cxf git commit: Minor updates to OAuth2 Redirection service
Repository: cxf
Updated Branches:
refs/heads/master 7e8d0b4b1 -> 1dec7e3bd
Minor updates to OAuth2 Redirection service
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1dec7e3b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1dec7e3b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1dec7e3b
Branch: refs/heads/master
Commit: 1dec7e3bd3956d5a0fba3c79a9a897e87941e9b6
Parents: 7e8d0b4
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Wed Mar 18 13:16:48 2015 +0000
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Wed Mar 18 13:16:48 2015 +0000
----------------------------------------------------------------------
.../rs/security/oauth2/services/AbstractOAuthService.java | 2 +-
.../oauth2/services/AuthorizationCodeGrantService.java | 4 ++++
.../oauth2/services/RedirectionBasedGrantService.java | 10 ++++++++++
3 files changed, 15 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/1dec7e3b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
index c0a4207..994f0d7 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
@@ -40,7 +40,7 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
* Abstract OAuth service
*/
public abstract class AbstractOAuthService {
- private static final Logger LOG = LogUtils.getL7dLogger(AbstractOAuthService.class);
+ protected static final Logger LOG = LogUtils.getL7dLogger(AbstractOAuthService.class);
private MessageContext mc;
private OAuthDataProvider dataProvider;
private boolean blockUnsecureRequests;
http://git-wip-us.apache.org/repos/asf/cxf/blob/1dec7e3b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index 185cb0f..4747f5a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -53,6 +53,7 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
*/
@Path("/authorize")
public class AuthorizationCodeGrantService extends RedirectionBasedGrantService {
+ private static final Integer RECOMMENDED_CODE_EXPIRY_TIME_MINS = 10;
private boolean canSupportPublicClients;
private OOBResponseDeliverer oobDeliverer;
private AuthorizationCodeRequestFilter codeRequestFilter;
@@ -112,6 +113,9 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
} catch (OAuthServiceException ex) {
return createErrorResponse(state.getState(), state.getRedirectUri(), OAuthConstants.ACCESS_DENIED);
}
+ if (grant.getExpiresIn() / 60 > RECOMMENDED_CODE_EXPIRY_TIME_MINS) {
+ LOG.warning("Code expiry time exceeds 10 minutes");
+ }
String grantCode = processCodeGrant(client, grant.getCode(), grant.getSubject());
if (state.getRedirectUri() == null) {
OOBAuthorizationResponse oobResponse = new OOBAuthorizationResponse();
http://git-wip-us.apache.org/repos/asf/cxf/blob/1dec7e3b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index e680bc3..30bbdae 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -62,6 +62,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
private SubjectCreator subjectCreator;
private ResourceOwnerNameProvider resourceOwnerNameProvider;
private int maxDefaultSessionInterval;
+ private boolean matchRedirectUriWithApplicationUri;
protected RedirectionBasedGrantService(String supportedResponseType,
String supportedGrantType) {
@@ -360,6 +361,11 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
if (redirectUri == null && uris.size() == 0 && !canRedirectUriBeEmpty(client)) {
reportInvalidRequestError("Client Redirect Uri is invalid");
}
+ if (redirectUri != null && matchRedirectUriWithApplicationUri
+ && client.getApplicationWebUri() != null
+ && !redirectUri.startsWith(client.getApplicationWebUri())) {
+ reportInvalidRequestError("Client Redirect Uri is invalid");
+ }
return redirectUri;
}
@@ -448,4 +454,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
public void setMaxDefaultSessionInterval(int maxDefaultSessionInterval) {
this.maxDefaultSessionInterval = maxDefaultSessionInterval;
}
+
+ public void setMatchRedirectUriWithApplicationUri(boolean matchRedirectUriWithApplicationUri) {
+ this.matchRedirectUriWithApplicationUri = matchRedirectUriWithApplicationUri;
+ }
}