You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by se...@apache.org on 2016/01/26 16:45:07 UTC

cxf git commit: Moving the pre-authorized scopes check to Redirection service for the incremental auth be supported next

Repository: cxf
Updated Branches:
  refs/heads/master 7fa085a73 -> 1d93d1121


Moving the pre-authorized scopes check to Redirection service for the incremental auth be supported next


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1d93d112
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1d93d112
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1d93d112

Branch: refs/heads/master
Commit: 1d93d1121bab3bc40900a18522d8a7f64fedb1fe
Parents: 7fa085a
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Jan 26 15:44:51 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Jan 26 15:44:51 2016 +0000

----------------------------------------------------------------------
 .../rs/security/oauth2/provider/AbstractOAuthDataProvider.java   | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/1d93d112/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 5b67ca2..e27cf27 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -188,9 +188,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
         for (ServerAccessToken at : getAccessTokens(client, sub)) {
             if (at.getClient().getClientId().equals(client.getClientId())
                 && at.getGrantType().equals(grantType)
-                && (sub == null || at.getSubject().getLogin().equals(sub.getLogin()))
-                && OAuthUtils.convertPermissionsToScopeList(
-                    at.getScopes()).containsAll(requestedScopes)) {
+                && (sub == null || at.getSubject().getLogin().equals(sub.getLogin()))) {
                 token = at;
                 break;
             }