You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/01/30 11:48:40 UTC
svn commit: r1562773 -
/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
Author: sergeyb
Date: Thu Jan 30 10:48:40 2014
New Revision: 1562773
URL: http://svn.apache.org/r1562773
Log:
[CXF-5530] Reporting invalid_request if client id is null, invalid_client - if the id doee not identify a valid client
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java?rev=1562773&r1=1562772&r2=1562773&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java Thu Jan 30 10:48:40 2014
@@ -22,8 +22,10 @@ package org.apache.cxf.rs.security.oauth
import java.security.Principal;
import javax.ws.rs.NotAuthorizedException;
+import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
import javax.ws.rs.core.SecurityContext;
import org.apache.cxf.rs.security.oauth2.common.Client;
@@ -78,7 +80,7 @@ public class AbstractTokenService extend
}
if (client == null) {
- throw new NotAuthorizedException(Response.status(401).build());
+ reportInvalidClient();
}
return client;
}
@@ -125,20 +127,32 @@ public class AbstractTokenService extend
* @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found
*/
protected Client getClient(String clientId) {
+ if (clientId == null) {
+ reportInvalidRequestError("Client ID is null");
+ return null;
+ }
Client client = null;
try {
client = getValidClient(clientId);
} catch (OAuthServiceException ex) {
if (ex.getError() != null) {
- reportInvalidRequestError(ex.getError());
+ reportInvalidClient(ex.getError());
return null;
}
}
if (client == null) {
- reportInvalidRequestError("Client ID is invalid");
+ reportInvalidClient();
}
return client;
-
+ }
+
+ protected void reportInvalidClient() {
+ reportInvalidClient(new OAuthError(OAuthConstants.INVALID_CLIENT));
+ }
+
+ protected void reportInvalidClient(OAuthError error) {
+ ResponseBuilder rb = Response.status(401);
+ throw new NotAuthorizedException(rb.type(MediaType.APPLICATION_JSON_TYPE).entity(error).build());
}
public void setCanSupportPublicClients(boolean support) {