You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/12/28 17:31:11 UTC

cxf git commit: Minor update to AbstractOAuthProvider to revoke expired refresh tokens if needed

Repository: cxf
Updated Branches:
  refs/heads/master 52ff49dd2 -> f8befff00


Minor update to AbstractOAuthProvider to revoke expired refresh tokens if needed


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f8befff0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f8befff0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f8befff0

Branch: refs/heads/master
Commit: f8befff0069769ee9c71ebf845f6c0ec6e801a38
Parents: 52ff49d
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Dec 28 16:30:54 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Dec 28 16:30:54 2015 +0000

----------------------------------------------------------------------
 .../security/oauth2/provider/AbstractOAuthDataProvider.java | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f8befff0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 367997f..edfabb6 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -81,8 +81,13 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, Cl
                                                 List<String> restrictedScopes) throws OAuthServiceException {
         RefreshToken currentRefreshToken = recycleRefreshTokens 
             ? revokeRefreshToken(refreshTokenKey) : getRefreshToken(refreshTokenKey);
-        if (currentRefreshToken == null 
-            || OAuthUtils.isExpired(currentRefreshToken.getIssuedAt(), currentRefreshToken.getExpiresIn())) {
+        if (currentRefreshToken == null) { 
+            throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
+        }
+        if (OAuthUtils.isExpired(currentRefreshToken.getIssuedAt(), currentRefreshToken.getExpiresIn())) {
+            if (!recycleRefreshTokens) {
+                revokeRefreshToken(refreshTokenKey);
+            }
             throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
         }
         if (recycleRefreshTokens) {