You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/11/27 15:40:00 UTC
cxf git commit: Minor updates to OAuth abstract provider
Repository: cxf
Updated Branches:
refs/heads/master cf10a7182 -> a6601d2eb
Minor updates to OAuth abstract provider
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a6601d2e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a6601d2e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a6601d2e
Branch: refs/heads/master
Commit: a6601d2eb5032679ff45b6be1d6f976962691656
Parents: cf10a71
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Fri Nov 27 14:39:46 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Fri Nov 27 14:39:46 2015 +0000
----------------------------------------------------------------------
.../provider/AbstractOAuthDataProvider.java | 27 ++++++++++++--------
1 file changed, 16 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/a6601d2e/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index c951c6e..7fac0b4 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -86,21 +86,17 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider {
public void revokeToken(Client client, String tokenKey, String tokenTypeHint) throws OAuthServiceException {
ServerAccessToken accessToken = revokeAccessToken(tokenKey);
if (accessToken == null) {
+ // Revoke refresh token
doRevokeRefreshAndAccessTokens(client, tokenKey, true);
} else {
+ // Revoke access token
if (accessToken.getRefreshToken() != null) {
RefreshToken rt = getRefreshToken(client, accessToken.getRefreshToken());
if (rt == null) {
return;
}
- List<String> accessTokenKeys = rt.getAccessTokens();
- for (int i = 0; i < accessTokenKeys.size(); i++) {
- if (accessTokenKeys.get(i).equals(accessToken.getTokenKey())) {
- accessTokenKeys.remove(i);
- break;
- }
- }
+ unlinkRefreshAccessToken(rt, accessToken.getTokenKey());
if (rt.getAccessTokens().isEmpty()) {
revokeRefreshToken(client, rt.getTokenKey());
} else {
@@ -109,6 +105,16 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider {
}
}
}
+ protected void unlinkRefreshAccessToken(RefreshToken rt, String tokenKey) {
+ List<String> accessTokenKeys = rt.getAccessTokens();
+ for (int i = 0; i < accessTokenKeys.size(); i++) {
+ if (accessTokenKeys.get(i).equals(tokenKey)) {
+ accessTokenKeys.remove(i);
+ break;
+ }
+ }
+ }
+
protected RefreshToken revokeRefreshAndAccessTokens(Client client, String tokenKey) {
return doRevokeRefreshAndAccessTokens(client, tokenKey, recycleRefreshTokens);
}
@@ -119,11 +125,10 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider {
|| OAuthUtils.isExpired(currentRefreshToken.getIssuedAt(), currentRefreshToken.getExpiresIn())) {
throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
}
- for (String accessTokenKey : currentRefreshToken.getAccessTokens()) {
- revokeAccessToken(accessTokenKey);
- }
if (recycle) {
- currentRefreshToken.getAccessTokens().clear();
+ for (String accessTokenKey : currentRefreshToken.getAccessTokens()) {
+ revokeAccessToken(accessTokenKey);
+ }
}
return currentRefreshToken;
}