You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2011/10/18 14:23:33 UTC
svn commit: r1185620 - in /cxf/trunk:
distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/
rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/
rt/rs/security/oauth-paren...
Author: sergeyb
Date: Tue Oct 18 12:23:33 2011
New Revision: 1185620
URL: http://svn.apache.org/viewvc?rev=1185620&view=rev
Log:
[CXF-2759] Minor changes to do with deleting the tokens
Modified:
cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java
cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java Tue Oct 18 12:23:33 2011
@@ -122,8 +122,8 @@ new Client(consumerKey, secretKey, clien
@RequestMapping("/revokeAccess")
public ModelAndView revokeAccess(HttpServletRequest request) {
String consumerKey = request.getParameter("consumerKey");
-
- oauthDataProvider.removeTokens(consumerKey);
+
+ clientManager.removeAllTokens(consumerKey);
ModelAndView modelAndView = new ModelAndView(new RedirectView("/app/listAuthorizedClients"));
return modelAndView;
Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java Tue Oct 18 12:23:33 2011
@@ -36,7 +36,6 @@ import org.apache.cxf.rs.security.oauth.
import org.apache.cxf.rs.security.oauth.data.RequestToken;
import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
import org.apache.cxf.rs.security.oauth.data.Token;
-import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
import org.apache.cxf.rs.security.oauth.provider.MD5SequenceGenerator;
import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
@@ -69,8 +68,6 @@ public class MemoryOAuthDataProvider imp
protected MD5SequenceGenerator tokenGenerator = new MD5SequenceGenerator();
- protected DefaultOAuthValidator validator = new DefaultOAuthValidator();
-
public MemoryOAuthDataProvider() {
Client client = new Client(CLIENT_ID, CLIENT_SECRET, APPLICATION_NAME, CALLBACK);
clientAuthInfo.put(CLIENT_ID, client);
@@ -95,7 +92,7 @@ public class MemoryOAuthDataProvider imp
String tokenSecret = generateToken();
RequestToken reqToken = new RequestToken(reg.getClient(), token, tokenSecret,
- reg.getLifetime());
+ reg.getLifetime(), reg.getIssuedAt());
reqToken.setScopes(reg.getScopes());
reqToken.setUris(reg.getUris());
reqToken.setCallback(reg.getCallback());
@@ -109,18 +106,7 @@ public class MemoryOAuthDataProvider imp
if (token == null || (!RequestToken.class.isAssignableFrom(token.getClass()))) {
throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED));
}
- RequestToken requestToken = (RequestToken) token;
-
- Client c = token.getClient();
- if (c == null) {
- throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN));
- }
- try {
- validator.validateToken(requestToken);
- } catch (OAuthProblemException ex) {
- throw new OAuthServiceException(ex);
- }
- return requestToken;
+ return (RequestToken) token;
}
public String setRequestTokenVerifier(RequestToken requestToken) throws
@@ -138,7 +124,7 @@ public class MemoryOAuthDataProvider imp
String accessTokenString = generateToken();
String tokenSecretString = generateToken();
- AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString, 3600);
+ AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString, 3600, System.currentTimeMillis()/1000);
accessToken.setScopes(requestToken.getScopes());
accessToken.setUris(requestToken.getUris());
@@ -156,33 +142,23 @@ public class MemoryOAuthDataProvider imp
public AccessToken getAccessToken(String accessToken) throws OAuthServiceException
{
- Token token = oauthTokens.get(accessToken);
- if (token == null || !AccessToken.class.isAssignableFrom(token.getClass())) {
- throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED));
- }
- try {
- validator.validateToken(token);
- } catch (OAuthProblemException ex) {
- throw new OAuthServiceException(ex);
- }
- return (AccessToken) token;
+ return (AccessToken) oauthTokens.get(accessToken);
}
-
+ public void removeAllTokens(String consumerKey) {
+ //TODO: implement
+ }
- public void removeTokens(String consumerKey) {
- if (!StringUtils.isEmpty(consumerKey)) {
- List<String> registeredApps = this.userAuthorizedClients.get(consumerKey);
- if (registeredApps != null) {
- registeredApps.remove(consumerKey);
- }
- for (Token token : oauthTokens.values()) {
- Client authNInfo = token.getClient();
- if (consumerKey.equals(authNInfo.getConsumerKey())) {
- oauthTokens.remove(token.getTokenKey());
- }
+ public void removeToken(Token t) {
+
+ for (Token token : oauthTokens.values()) {
+ Client authNInfo = token.getClient();
+ if (t.getClient().getConsumerKey().equals(authNInfo.getConsumerKey())) {
+ oauthTokens.remove(token.getTokenKey());
+ break;
}
}
+
}
protected String generateToken() throws OAuthServiceException {
Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java Tue Oct 18 12:23:33 2011
@@ -32,4 +32,5 @@ public interface OAuthClientManager {
void removeRegisteredClient(String consumerKey);
+ void removeAllTokens(String consumerKey);
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java Tue Oct 18 12:23:33 2011
@@ -25,10 +25,6 @@ import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
-import net.oauth.OAuth;
-import net.oauth.OAuthProblemException;
-
-import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.rs.security.oauth.data.AccessToken;
import org.apache.cxf.rs.security.oauth.data.Client;
@@ -36,7 +32,6 @@ import org.apache.cxf.rs.security.oauth.
import org.apache.cxf.rs.security.oauth.data.RequestToken;
import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
import org.apache.cxf.rs.security.oauth.data.Token;
-import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
import org.apache.cxf.rs.security.oauth.provider.MD5SequenceGenerator;
import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
@@ -65,8 +60,6 @@ public class MemoryOAuthDataProvider imp
protected MD5SequenceGenerator tokenGenerator =
new MD5SequenceGenerator();
- protected DefaultOAuthValidator validator = new DefaultOAuthValidator();
-
public MemoryOAuthDataProvider() {
Client client = new Client(OAuthTestUtils.CLIENT_ID,
OAuthTestUtils.CLIENT_SECRET,
@@ -94,7 +87,7 @@ public class MemoryOAuthDataProvider imp
String tokenSecret = generateToken();
RequestToken reqToken = new RequestToken(reg.getClient(), token, tokenSecret,
- reg.getLifetime());
+ reg.getLifetime(), reg.getIssuedAt());
reqToken.setScopes(reg.getScopes());
reqToken.setUris(reg.getUris());
@@ -104,22 +97,7 @@ public class MemoryOAuthDataProvider imp
public RequestToken getRequestToken(String tokenString) throws OAuthServiceException {
- Token token = oauthTokens.get(tokenString);
- if (token == null || (!RequestToken.class.isAssignableFrom(token.getClass()))) {
- throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED));
- }
- RequestToken requestToken = (RequestToken) token;
-
- Client c = token.getClient();
- if (c == null) {
- throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN));
- }
- try {
- validator.validateToken(requestToken);
- } catch (OAuthProblemException ex) {
- throw new OAuthServiceException(ex);
- }
- return requestToken;
+ return (RequestToken)oauthTokens.get(tokenString);
}
public String setRequestTokenVerifier(RequestToken requestToken) throws
@@ -137,7 +115,8 @@ public class MemoryOAuthDataProvider imp
String accessTokenString = generateToken();
String tokenSecretString = generateToken();
- AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString, 3600);
+ AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString,
+ 3600, System.currentTimeMillis() / 1000);
accessToken.setScopes(requestToken.getScopes());
accessToken.setUris(requestToken.getUris());
@@ -153,35 +132,20 @@ public class MemoryOAuthDataProvider imp
return accessToken;
}
- public AccessToken getAccessToken(String accessToken) throws OAuthServiceException
- {
- Token token = oauthTokens.get(accessToken);
- if (token == null || !AccessToken.class.isAssignableFrom(token.getClass())) {
- throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED));
- }
- try {
- validator.validateToken(token);
- } catch (OAuthProblemException ex) {
- throw new OAuthServiceException(ex);
- }
- return (AccessToken) token;
+ public AccessToken getAccessToken(String accessToken) throws OAuthServiceException {
+ return (AccessToken)oauthTokens.get(accessToken);
}
-
-
- public void removeTokens(String consumerKey) {
- if (!StringUtils.isEmpty(consumerKey)) {
- List<String> registeredApps = this.userAuthorizedClients.get(consumerKey);
- if (registeredApps != null) {
- registeredApps.remove(consumerKey);
- }
- for (Token token : oauthTokens.values()) {
- Client authNInfo = token.getClient();
- if (consumerKey.equals(authNInfo.getConsumerKey())) {
- oauthTokens.remove(token.getTokenKey());
- }
+ public void removeToken(Token t) {
+
+ for (Token token : oauthTokens.values()) {
+ Client authNInfo = token.getClient();
+ if (t.getClient().getConsumerKey().equals(authNInfo.getConsumerKey())) {
+ oauthTokens.remove(token.getTokenKey());
+ break;
}
}
+
}
protected String generateToken() throws OAuthServiceException {
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java Tue Oct 18 12:23:33 2011
@@ -24,11 +24,12 @@ package org.apache.cxf.rs.security.oauth
public class AccessToken extends Token {
public AccessToken(Client client, String tokenString,
String tokenSecret) {
- super(client, tokenString, tokenSecret, -1L);
+ this(client, tokenString, tokenSecret, -1L,
+ System.currentTimeMillis() / 1000);
}
public AccessToken(Client client, String tokenString,
- String tokenSecret, long lifeTime) {
- super(client, tokenString, tokenSecret, lifeTime);
+ String tokenSecret, long lifetime, long issuedAt) {
+ super(client, tokenString, tokenSecret, lifetime, issuedAt);
}
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java Tue Oct 18 12:23:33 2011
@@ -27,14 +27,16 @@ public class RequestToken extends Token
private String callback;
private String state;
- public RequestToken(Client client, String tokenString,
+ public RequestToken(Client client,
+ String tokenString,
String tokenSecret) {
- this(client, tokenString, tokenSecret, -1L);
+ this(client, tokenString, tokenSecret, -1L,
+ System.currentTimeMillis() / 1000);
}
public RequestToken(Client client, String tokenString,
- String tokenSecret, Long lifetime) {
- super(client, tokenString, tokenSecret, lifetime);
+ String tokenSecret, long lifetime, long issuedAt) {
+ super(client, tokenString, tokenSecret, lifetime, issuedAt);
}
/**
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java Tue Oct 18 12:23:33 2011
@@ -31,6 +31,7 @@ public class RequestTokenRegistration {
private List<String> uris;
private List<String> scopes;
private long lifetime;
+ private long issuedAt;
public void setClient(Client client) {
this.client = client;
@@ -71,4 +72,10 @@ public class RequestTokenRegistration {
public long getLifetime() {
return lifetime;
}
+ public void setIssuedAt(long issuedAt) {
+ this.issuedAt = issuedAt;
+ }
+ public long getIssuedAt() {
+ return issuedAt;
+ }
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java Tue Oct 18 12:23:33 2011
@@ -26,30 +26,21 @@ import java.util.List;
*/
public abstract class Token {
- protected String tokenString;
- protected String tokenSecret;
- protected long issuedAt = -1;
- protected long lifetime = -1;
- protected Client client;
- protected List<String> scopes = Collections.emptyList();
- protected List<String> uris = Collections.emptyList();
+ private String tokenString;
+ private String tokenSecret;
+ private long issuedAt = -1;
+ private long lifetime = -1;
+ private Client client;
+ private List<String> scopes = Collections.emptyList();
+ private List<String> uris = Collections.emptyList();
protected Token(Client client, String tokenKey,
- String tokenSecret, long lifetime) {
+ String tokenSecret, long lifetime, long issuedAt) {
this.client = client;
this.tokenString = tokenKey;
this.tokenSecret = tokenSecret;
- initTokenLifeTime(lifetime);
- }
-
- protected Token(Client client, String tokenKey,
- String tokenSecret) {
- this(client, tokenKey, tokenSecret, -1);
- }
-
- private void initTokenLifeTime(Long lifetm) {
- this.lifetime = lifetm;
- issuedAt = System.currentTimeMillis() / 1000;
+ this.lifetime = lifetime;
+ this.issuedAt = issuedAt;
}
/**
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java Tue Oct 18 12:23:33 2011
@@ -112,7 +112,7 @@ public class AbstractAuthFilter {
}
}
- OAuthUtils.validateMessage(oAuthMessage, client, accessToken);
+ OAuthUtils.validateMessage(oAuthMessage, client, accessToken, dataProvider);
//check valid URI
checkRequestURI(req, getAllUris(client, accessToken));
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java Tue Oct 18 12:23:33 2011
@@ -45,7 +45,8 @@ public class DefaultOAuthValidator exten
super.checkSingleParameters(message);
}
- public void validateToken(Token token) throws OAuthProblemException {
+ public void validateToken(Token token, OAuthDataProvider provider)
+ throws OAuthProblemException {
if (token == null) {
throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
} else {
@@ -53,6 +54,7 @@ public class DefaultOAuthValidator exten
Long lifetime = token.getLifetime();
if (lifetime != -1
&& (issuedAt + lifetime < (System.currentTimeMillis() / 1000))) {
+ provider.removeToken(token);
throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
}
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java Tue Oct 18 12:23:33 2011
@@ -26,6 +26,7 @@ import org.apache.cxf.rs.security.oauth.
import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
import org.apache.cxf.rs.security.oauth.data.RequestToken;
import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
+import org.apache.cxf.rs.security.oauth.data.Token;
/**
* OAuth provider responsible for persisting the information about
@@ -90,12 +91,12 @@ public interface OAuthDataProvider {
AccessToken getAccessToken(String accessToken) throws OAuthServiceException;
/**
- * Removes the tokens associated with a given client id
- * @param clientId the client id
+ * Removes the token
+ * @param token the token
* @throws OAuthServiceException
*/
- void removeTokens(String clientId) throws OAuthServiceException;;
-
+ void removeToken(Token token) throws OAuthServiceException;
+
/**
* Returns the list of {@link OAuthPermission} beans describing opaque
* permissions (aka scopes) such as "read_data", etc
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java Tue Oct 18 12:23:33 2011
@@ -67,7 +67,8 @@ public class AccessTokenHandler {
throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
}
- OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken);
+ OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken,
+ dataProvider);
AccessToken accessToken = dataProvider.createAccessToken(requestToken);
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java Tue Oct 18 12:23:33 2011
@@ -75,7 +75,7 @@ public class RequestTokenHandler {
throw problemEx;
}
- OAuthUtils.validateMessage(oAuthMessage, client, null);
+ OAuthUtils.validateMessage(oAuthMessage, client, null, dataProvider);
String callback = oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK);
validateCallbackURL(client, callback);
@@ -92,6 +92,7 @@ public class RequestTokenHandler {
reg.setUris(uris);
reg.setScopes(scopes);
reg.setLifetime(tokenLifetime);
+ reg.setIssuedAt(System.currentTimeMillis() / 1000);
RequestToken requestToken = dataProvider.createRequestToken(reg);
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java Tue Oct 18 12:23:33 2011
@@ -56,7 +56,10 @@ public final class OAuthUtils {
private OAuthUtils() {
}
- public static void validateMessage(OAuthMessage oAuthMessage, Client client, Token token)
+ public static void validateMessage(OAuthMessage oAuthMessage,
+ Client client,
+ Token token,
+ OAuthDataProvider provider)
throws Exception {
OAuthConsumer consumer = new OAuthConsumer(null, client.getConsumerKey(),
client.getSecretKey(), null);
@@ -73,7 +76,7 @@ public final class OAuthUtils {
DefaultOAuthValidator validator = new DefaultOAuthValidator();
validator.validateMessage(oAuthMessage, accessor);
if (token != null) {
- validator.validateToken(token);
+ validator.validateToken(token, provider);
}
}