You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2013/08/15 15:28:37 UTC
svn commit: r1514260 - in /cxf/branches/2.7.x-fixes: ./
rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/
rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/
rt/rs/securit...
Author: sergeyb
Date: Thu Aug 15 13:28:37 2013
New Revision: 1514260
URL: http://svn.apache.org/r1514260
Log:
Merged revisions 1514227,1514249 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1514227 | sergeyb | 2013-08-15 13:30:40 +0300 (Thu, 15 Aug 2013) | 1 line
[CXF-5209] Support for OAuth2 audience parameter
........
r1514249 | sergeyb | 2013-08-15 16:03:14 +0300 (Thu, 15 Aug 2013) | 1 line
[CXF-5209] Making audience parameter visible to data providers
........
Added:
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrant.java
- copied unchanged from r1514249, cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrant.java
Modified:
cxf/branches/2.7.x-fixes/ (props changed)
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrant.java
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrant.java
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java
Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
Merged /cxf/trunk:r1514227-1514249
Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java Thu Aug 15 13:28:37 2013
@@ -30,6 +30,7 @@ public class AccessTokenRegistration {
private List<String> approvedScope = new LinkedList<String>();
private String grantType;
private UserSubject subject;
+ private String audience;
/**
* Sets the {@link Client} instance
@@ -111,5 +112,13 @@ public class AccessTokenRegistration {
public String getGrantType() {
return grantType;
}
+
+ public String getAudience() {
+ return audience;
+ }
+
+ public void setAudience(String audience) {
+ this.audience = audience;
+ }
}
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java Thu Aug 15 13:28:37 2013
@@ -44,6 +44,7 @@ public class AccessTokenValidation {
private long tokenLifetime;
private UserSubject tokenSubject;
private List<OAuthPermission> tokenScopes = new LinkedList<OAuthPermission>();
+ private String audience;
public AccessTokenValidation() {
@@ -60,7 +61,8 @@ public class AccessTokenValidation {
this.tokenLifetime = token.getExpiresIn();
this.tokenSubject = token.getSubject();
- this.tokenScopes = token.getScopes();
+ this.tokenScopes = token.getScopes();
+ this.audience = token.getAudience();
}
public String getClientId() {
@@ -119,5 +121,13 @@ public class AccessTokenValidation {
public void setTokenType(String tokenType) {
this.tokenType = tokenType;
}
+
+ public String getAudience() {
+ return audience;
+ }
+
+ public void setAudience(String audience) {
+ this.audience = audience;
+ }
}
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java Thu Aug 15 13:28:37 2013
@@ -34,6 +34,7 @@ public class OAuthContext {
private String tokenGrantType;
private String clientId;
private String tokenKey;
+ private String tokenAudience;
public OAuthContext(UserSubject resourceOwnerSubject,
UserSubject clientSubject,
@@ -109,4 +110,12 @@ public class OAuthContext {
public void setTokenKey(String tokenKey) {
this.tokenKey = tokenKey;
}
+
+ public String getTokenAudience() {
+ return tokenAudience;
+ }
+
+ public void setTokenAudience(String tokenAudience) {
+ this.tokenAudience = tokenAudience;
+ }
}
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java Thu Aug 15 13:28:37 2013
@@ -29,6 +29,7 @@ public abstract class ServerAccessToken
private Client client;
private List<OAuthPermission> scopes = new LinkedList<OAuthPermission>();
private UserSubject subject;
+ private String audience;
protected ServerAccessToken(Client client,
String tokenType,
@@ -108,4 +109,12 @@ public abstract class ServerAccessToken
return grantType;
}
+ public String getAudience() {
+ return audience;
+ }
+
+ public void setAudience(String audience) {
+ this.audience = audience;
+ }
+
}
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java Thu Aug 15 13:28:37 2013
@@ -92,6 +92,7 @@ public class OAuthRequestFilter extends
oauthContext.setClientId(accessTokenV.getClientId());
oauthContext.setTokenKey(accessTokenV.getTokenKey());
+ oauthContext.setTokenAudience(accessTokenV.getAudience());
m.setContent(OAuthContext.class, oauthContext);
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java Thu Aug 15 13:28:37 2013
@@ -24,6 +24,7 @@ import java.util.List;
import java.util.logging.Logger;
import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
@@ -83,13 +84,6 @@ public abstract class AbstractGrantHandl
}
}
- protected ServerAccessToken doCreateAccessToken(Client client,
- UserSubject subject,
- List<String> requestedScope) {
-
- return doCreateAccessToken(client, subject, getSingleGrantType(), requestedScope);
- }
-
private String getSingleGrantType() {
if (supportedGrants.size() > 1) {
String errorMessage = "Request grant type must be specified";
@@ -101,8 +95,41 @@ public abstract class AbstractGrantHandl
protected ServerAccessToken doCreateAccessToken(Client client,
UserSubject subject,
+ MultivaluedMap<String, String> params) {
+
+ return doCreateAccessToken(client,
+ subject,
+ OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)),
+ params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
+ }
+
+ protected ServerAccessToken doCreateAccessToken(Client client,
+ UserSubject subject,
+ List<String> requestedScope) {
+
+ return doCreateAccessToken(client, subject, getSingleGrantType(), requestedScope, null);
+ }
+
+ protected ServerAccessToken doCreateAccessToken(Client client,
+ UserSubject subject,
+ List<String> requestedScope,
+ String audience) {
+
+ return doCreateAccessToken(client, subject, getSingleGrantType(), requestedScope, audience);
+ }
+
+ protected ServerAccessToken doCreateAccessToken(Client client,
+ UserSubject subject,
String requestedGrant,
List<String> requestedScope) {
+ return doCreateAccessToken(client, subject, requestedGrant, requestedScope, null);
+ }
+
+ protected ServerAccessToken doCreateAccessToken(Client client,
+ UserSubject subject,
+ String requestedGrant,
+ List<String> requestedScope,
+ String audience) {
if (!OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(),
partialMatchScopeValidation)) {
throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_SCOPE));
@@ -120,6 +147,7 @@ public abstract class AbstractGrantHandl
reg.setGrantType(requestedGrant);
reg.setSubject(subject);
reg.setRequestedScope(requestedScope);
+ reg.setAudience(audience);
return dataProvider.createAccessToken(reg);
}
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrant.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrant.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrant.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrant.java Thu Aug 15 13:28:37 2013
@@ -18,33 +18,20 @@
*/
package org.apache.cxf.rs.security.oauth2.grants.clientcred;
-import javax.ws.rs.core.MultivaluedMap;
-
-import org.apache.cxf.jaxrs.impl.MetadataMap;
-import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
+import org.apache.cxf.rs.security.oauth2.grants.AbstractGrant;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-public class ClientCredentialsGrant implements AccessTokenGrant {
- private String scope;
+public class ClientCredentialsGrant extends AbstractGrant {
public ClientCredentialsGrant() {
+ this(null);
}
public ClientCredentialsGrant(String scope) {
- this.scope = scope;
+ this(scope, null);
}
-
- public String getType() {
- return OAuthConstants.CLIENT_CREDENTIALS_GRANT;
+
+ public ClientCredentialsGrant(String scope, String audience) {
+ super(OAuthConstants.CLIENT_CREDENTIALS_GRANT, scope, audience);
}
-
- public MultivaluedMap<String, String> toMap() {
- MultivaluedMap<String, String> map = new MetadataMap<String, String>();
- map.putSingle(OAuthConstants.GRANT_TYPE, OAuthConstants.CLIENT_CREDENTIALS_GRANT);
- if (scope != null) {
- map.putSingle(OAuthConstants.SCOPE, scope);
- }
- return map;
- }
-
}
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java Thu Aug 15 13:28:37 2013
@@ -25,7 +25,6 @@ import org.apache.cxf.rs.security.oauth2
import org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
/**
* The "client_credentials" grant handler
@@ -42,7 +41,7 @@ public class ClientCredentialsGrantHandl
return doCreateAccessToken(client,
client.getSubject(),
- OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)));
+ params);
}
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java Thu Aug 15 13:28:37 2013
@@ -68,7 +68,10 @@ public class AuthorizationCodeGrantHandl
|| !client.getRedirectUris().contains(expectedRedirectUri))) {
throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
}
- return doCreateAccessToken(client, grant.getSubject(), grant.getApprovedScopes());
+ return doCreateAccessToken(client,
+ grant.getSubject(),
+ grant.getApprovedScopes(),
+ params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
}
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrant.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrant.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrant.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrant.java Thu Aug 15 13:28:37 2013
@@ -20,37 +20,33 @@ package org.apache.cxf.rs.security.oauth
import javax.ws.rs.core.MultivaluedMap;
-import org.apache.cxf.jaxrs.impl.MetadataMap;
-import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
+import org.apache.cxf.rs.security.oauth2.grants.AbstractGrant;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-public class ResourceOwnerGrant implements AccessTokenGrant {
+public class ResourceOwnerGrant extends AbstractGrant {
private String ownerName;
private String ownerPassword;
- private String scope;
public ResourceOwnerGrant(String name, String password) {
this(name, password, null);
}
public ResourceOwnerGrant(String name, String password, String scope) {
+ this(name, password, scope, null);
+ }
+
+ public ResourceOwnerGrant(String name, String password,
+ String scope, String audience) {
+ super(OAuthConstants.RESOURCE_OWNER_GRANT, scope, audience);
this.ownerName = name;
this.ownerPassword = password;
- this.scope = scope;
}
- public String getType() {
- return OAuthConstants.RESOURCE_OWNER_GRANT;
- }
-
public MultivaluedMap<String, String> toMap() {
- MultivaluedMap<String, String> map = new MetadataMap<String, String>();
- map.putSingle(OAuthConstants.GRANT_TYPE, OAuthConstants.RESOURCE_OWNER_GRANT);
+ MultivaluedMap<String, String> map = super.toMap();
map.putSingle(OAuthConstants.RESOURCE_OWNER_NAME, ownerName);
map.putSingle(OAuthConstants.RESOURCE_OWNER_PASSWORD, ownerPassword);
- if (scope != null) {
- map.putSingle(OAuthConstants.SCOPE, scope);
- }
+
return map;
}
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java Thu Aug 15 13:28:37 2013
@@ -26,7 +26,6 @@ import org.apache.cxf.rs.security.oauth2
import org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
/**
* The "resource owner" grant handler
@@ -55,8 +54,8 @@ public class ResourceOwnerGrantHandler e
}
return doCreateAccessToken(client,
- subject,
- OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)));
+ subject,
+ params);
}
public void setLoginHandler(ResourceOwnerLoginHandler loginHandler) {
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java Thu Aug 15 13:28:37 2013
@@ -20,6 +20,7 @@ package org.apache.cxf.rs.security.oauth
import java.util.Collections;
import java.util.HashSet;
+import java.util.LinkedList;
import java.util.List;
import java.util.Set;
@@ -44,7 +45,10 @@ public abstract class AbstractAccessToke
private MessageContext mc;
private List<AccessTokenValidator> tokenHandlers = Collections.emptyList();
+ private List<String> audiences = new LinkedList<String>();
+
private Set<String> supportedSchemes = new HashSet<String>();
+
private OAuthDataProvider dataProvider;
private String realm;
@@ -134,12 +138,28 @@ public abstract class AbstractAccessToke
}
AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
}
+
+ // Check audiences
+ if (accessTokenV.getAudience() != null
+ && !audiences.isEmpty()
+ && !audiences.contains(accessTokenV.getAudience())) {
+ AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
+ }
+
return accessTokenV;
}
public void setRealm(String realm) {
this.realm = realm;
}
+
+ public List<String> getAudiences() {
+ return audiences;
+ }
+
+ public void setAudiences(List<String> audiences) {
+ this.audiences = audiences;
+ }
}
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java Thu Aug 15 13:28:37 2013
@@ -19,6 +19,8 @@
package org.apache.cxf.rs.security.oauth2.services;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.security.Principal;
import java.util.LinkedList;
import java.util.List;
@@ -52,6 +54,7 @@ import org.apache.cxf.rs.security.oauth2
@Path("/token")
public class AccessTokenService extends AbstractOAuthService {
private List<AccessTokenGrantHandler> grantHandlers = new LinkedList<AccessTokenGrantHandler>();
+ private List<String> audiences = new LinkedList<String>();
private boolean writeCustomErrors;
private boolean canSupportPublicClients;
@@ -94,7 +97,12 @@ public class AccessTokenService extends
return createErrorResponse(params, OAuthConstants.UNAUTHORIZED_CLIENT);
}
-
+ try {
+ checkAudience(params);
+ } catch (OAuthServiceException ex) {
+ return createErrorResponseFromBean(ex.getError());
+ }
+
// Find the grant handler
AccessTokenGrantHandler handler = findGrantHandler(params);
if (handler == null) {
@@ -201,6 +209,28 @@ public class AccessTokenService extends
return client;
}
+ protected void checkAudience(MultivaluedMap<String, String> params) {
+ if (audiences.isEmpty()) {
+ return;
+ }
+
+ String audienceParam = params.getFirst(OAuthConstants.CLIENT_AUDIENCE);
+ if (audienceParam == null) {
+ throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
+ }
+ // must be URL
+ try {
+ new URL(audienceParam);
+ } catch (MalformedURLException ex) {
+ throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
+ }
+
+ if (!audiences.contains(audienceParam)) {
+ throw new OAuthServiceException(new OAuthError(OAuthConstants.ACCESS_DENIED));
+ }
+
+ }
+
/**
* Find the matching grant handler
*/
@@ -264,5 +294,11 @@ public class AccessTokenService extends
return canSupportPublicClients;
}
-
+ public List<String> getAudiences() {
+ return audiences;
+ }
+
+ public void setAudiences(List<String> audiences) {
+ this.audiences = audiences;
+ }
}
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java Thu Aug 15 13:28:37 2013
@@ -26,6 +26,7 @@ public final class OAuthConstants {
// Common OAuth2 constants
public static final String CLIENT_ID = "client_id";
public static final String CLIENT_SECRET = "client_secret";
+ public static final String CLIENT_AUDIENCE = "audience";
public static final String REDIRECT_URI = "redirect_uri";
public static final String SCOPE = "scope";
public static final String STATE = "state";
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java Thu Aug 15 13:28:37 2013
@@ -92,7 +92,7 @@ public class TokenGrantHandlerTest exten
@Override
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params)
throws OAuthServiceException {
- return super.doCreateAccessToken(client, client.getSubject(), null);
+ return super.doCreateAccessToken(client, client.getSubject(), params);
}
}