You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/11/02 14:21:47 UTC
cxf git commit: Minor updates to AccessTokenValidatorService
Repository: cxf
Updated Branches:
refs/heads/master a1bd8bd7f -> 133f53e74
Minor updates to AccessTokenValidatorService
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/133f53e7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/133f53e7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/133f53e7
Branch: refs/heads/master
Commit: 133f53e7498da0a9a71cfb17937ac6f004d23139
Parents: a1bd8bd
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Nov 2 13:21:33 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Nov 2 13:21:33 2015 +0000
----------------------------------------------------------------------
.../services/AccessTokenValidatorService.java | 37 ++++++++++++++++++--
1 file changed, 34 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/133f53e7/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
index 6cb4a4b..67609fa 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
@@ -18,6 +18,8 @@
*/
package org.apache.cxf.rs.security.oauth2.services;
+import java.util.logging.Logger;
+
import javax.ws.rs.Consumes;
import javax.ws.rs.Encoded;
import javax.ws.rs.POST;
@@ -25,22 +27,51 @@ import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.SecurityContext;
+import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
@Path("validate")
public class AccessTokenValidatorService extends AbstractAccessTokenValidator {
+ private static final Logger LOG = LogUtils.getL7dLogger(AccessTokenValidatorService.class);
+ private boolean blockUnsecureRequests;
+ private boolean blockUnauthorizedRequests = true;
@POST
@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public AccessTokenValidation getTokenValidationInfo(@Encoded MultivaluedMap<String, String> params) {
- if (getMessageContext().getSecurityContext().getUserPrincipal() == null) {
- AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
- }
+ checkSecurityContext();
String authScheme = params.getFirst(OAuthConstants.AUTHORIZATION_SCHEME_TYPE);
String authSchemeData = params.getFirst(OAuthConstants.AUTHORIZATION_SCHEME_DATA);
return super.getAccessTokenValidation(authScheme, authSchemeData, params);
}
+
+ private void checkSecurityContext() {
+ SecurityContext sc = getMessageContext().getSecurityContext();
+ if (!sc.isSecure() && blockUnsecureRequests) {
+ LOG.warning("Unsecure HTTP, Transport Layer Security is recommended");
+ AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
+ }
+ if (sc.getUserPrincipal() == null && blockUnauthorizedRequests) {
+ //TODO: check client certificates
+ LOG.warning("Authenticated Principal is not available");
+ AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
+ }
+
+ }
+
+ public void setBlockUnsecureRequests(boolean blockUnsecureRequests) {
+ this.blockUnsecureRequests = blockUnsecureRequests;
+ }
+
+ public boolean isBlockUnauthorizedRequests() {
+ return blockUnauthorizedRequests;
+ }
+
+ public void setBlockUnauthorizedRequests(boolean blockUnauthorizedRequests) {
+ this.blockUnauthorizedRequests = blockUnauthorizedRequests;
+ }
}