You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2013/07/26 17:52:12 UTC
svn commit: r1507358 - in /cxf/branches/2.6.x-fixes: ./
rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/
rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/
rt/...
Author: sergeyb
Date: Fri Jul 26 15:52:12 2013
New Revision: 1507358
URL: http://svn.apache.org/r1507358
Log:
Merged revisions 1507352 via svnmerge from
https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes
................
r1507352 | sergeyb | 2013-07-26 16:28:36 +0100 (Fri, 26 Jul 2013) | 9 lines
Merged revisions 1507319 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1507319 | sergeyb | 2013-07-26 15:20:44 +0100 (Fri, 26 Jul 2013) | 1 line
[CXF-5162] Updating AccessTokenService to validate if Clients can get the current grant supported
........
................
Modified:
cxf/branches/2.6.x-fixes/ (props changed)
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java
Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Merged /cxf/branches/2.7.x-fixes:r1507352
Merged /cxf/trunk:r1507319
Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java?rev=1507358&r1=1507357&r2=1507358&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java Fri Jul 26 15:52:12 2013
@@ -70,11 +70,12 @@ public abstract class AbstractGrantHandl
return Collections.unmodifiableList(supportedGrants);
}
+ @Deprecated
protected void checkIfGrantSupported(Client client) {
checkIfGrantSupported(client, getSingleGrantType());
}
- protected void checkIfGrantSupported(Client client, String requestedGrant) {
+ private void checkIfGrantSupported(Client client, String requestedGrant) {
if (!OAuthUtils.isGrantSupportedForClient(client,
canSupportPublicClients,
requestedGrant)) {
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java?rev=1507358&r1=1507357&r2=1507358&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java Fri Jul 26 15:52:12 2013
@@ -39,7 +39,6 @@ public class ClientCredentialsGrantHandl
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params)
throws OAuthServiceException {
- checkIfGrantSupported(client);
return doCreateAccessToken(client,
client.getSubject(),
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java?rev=1507358&r1=1507357&r2=1507358&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java Fri Jul 26 15:52:12 2013
@@ -40,7 +40,6 @@ public class AuthorizationCodeGrantHandl
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params)
throws OAuthServiceException {
- checkIfGrantSupported(client);
// Get the grant representation from the provider
String codeValue = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java?rev=1507358&r1=1507357&r2=1507358&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java Fri Jul 26 15:52:12 2013
@@ -40,7 +40,6 @@ public class ResourceOwnerGrantHandler e
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params)
throws OAuthServiceException {
- checkIfGrantSupported(client);
String ownerName = params.getFirst(OAuthConstants.RESOURCE_OWNER_NAME);
String ownerPassword = params.getFirst(OAuthConstants.RESOURCE_OWNER_PASSWORD);
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java?rev=1507358&r1=1507357&r2=1507358&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java Fri Jul 26 15:52:12 2013
@@ -35,7 +35,6 @@ public class RefreshTokenGrantHandler im
private OAuthDataProvider dataProvider;
private boolean partialMatchScopeValidation;
- private boolean canSupportPublicClients;
public void setDataProvider(OAuthDataProvider dataProvider) {
this.dataProvider = dataProvider;
@@ -47,10 +46,6 @@ public class RefreshTokenGrantHandler im
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params)
throws OAuthServiceException {
- if (!OAuthUtils.isGrantSupportedForClient(client, canSupportPublicClients,
- OAuthConstants.REFRESH_TOKEN_GRANT)) {
- throw new OAuthServiceException(OAuthConstants.UNAUTHORIZED_CLIENT);
- }
String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN);
List<String> requestedScopes = OAuthUtils.getRequestedScopes(client,
params.getFirst(OAuthConstants.SCOPE),
@@ -62,8 +57,4 @@ public class RefreshTokenGrantHandler im
public void setPartialMatchScopeValidation(boolean partialMatchScopeValidation) {
this.partialMatchScopeValidation = partialMatchScopeValidation;
}
-
- public void setCanSupportPublicClients(boolean support) {
- canSupportPublicClients = support;
- }
}
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java?rev=1507358&r1=1507357&r2=1507358&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java Fri Jul 26 15:52:12 2013
@@ -88,6 +88,13 @@ public class AccessTokenService extends
// Make sure the client is authenticated
Client client = authenticateClientIfNeeded(params);
+ if (!OAuthUtils.isGrantSupportedForClient(client,
+ isCanSupportPublicClients(),
+ params.getFirst(OAuthConstants.GRANT_TYPE))) {
+ return createErrorResponse(params, OAuthConstants.UNAUTHORIZED_CLIENT);
+ }
+
+
// Find the grant handler
AccessTokenGrantHandler handler = findGrantHandler(params);
if (handler == null) {
@@ -195,10 +202,11 @@ public class AccessTokenService extends
}
/**
- * Find the mathcing grant handler
+ * Find the matching grant handler
*/
- protected AccessTokenGrantHandler findGrantHandler(MultivaluedMap<String, String> params) {
- String grantType = params.getFirst(OAuthConstants.GRANT_TYPE);
+ protected AccessTokenGrantHandler findGrantHandler(MultivaluedMap<String, String> params) {
+ String grantType = params.getFirst(OAuthConstants.GRANT_TYPE);
+
if (grantType != null) {
for (AccessTokenGrantHandler handler : grantHandlers) {
if (handler.getSupportedGrantTypes().contains(grantType)) {
@@ -231,4 +239,10 @@ public class AccessTokenService extends
public void setCanSupportPublicClients(boolean support) {
this.canSupportPublicClients = support;
}
+
+ public boolean isCanSupportPublicClients() {
+ return canSupportPublicClients;
+ }
+
+
}
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java?rev=1507358&r1=1507357&r2=1507358&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java Fri Jul 26 15:52:12 2013
@@ -36,15 +36,14 @@ import org.junit.Test;
public class TokenGrantHandlerTest extends Assert {
+
+
@Test
- public void testSimpleGrantNotSupported() {
- try {
- new SimpleGrantHandler().createAccessToken(createClient("unsupported"),
- createMap("a"));
- fail("Unsupported Grant");
- } catch (OAuthServiceException ex) {
- assertEquals(OAuthConstants.UNAUTHORIZED_CLIENT, ex.getMessage());
- }
+ public void testSimpleGrantSupported() {
+ SimpleGrantHandler handler = new SimpleGrantHandler();
+ handler.setDataProvider(new OAuthDataProviderImpl());
+ ServerAccessToken t = handler.createAccessToken(createClient("a"), createMap("a"));
+ assertTrue(t instanceof BearerAccessToken);
}
@Test
@@ -59,27 +58,10 @@ public class TokenGrantHandlerTest exten
}
@Test
- public void testSimpleGrantSupported() {
- ServerAccessToken t = new SimpleGrantHandler().createAccessToken(createClient("a"),
- createMap("a"));
- assertTrue(t instanceof BearerAccessToken);
- }
-
- @Test
- public void testComplexGrantNotSupported() {
- try {
- new ComplexGrantHandler(Arrays.asList("a", "b"))
- .createAccessToken(createClient("unsupported"), createMap("a"));
- fail("Unsupported Grant");
- } catch (OAuthServiceException ex) {
- assertEquals(OAuthConstants.UNAUTHORIZED_CLIENT, ex.getMessage());
- }
- }
-
- @Test
public void testComplexGrantSupported() {
- ServerAccessToken t = new ComplexGrantHandler(Arrays.asList("a", "b"))
- .createAccessToken(createClient("a"), createMap("a"));
+ ComplexGrantHandler handler = new ComplexGrantHandler(Arrays.asList("a", "b"));
+ handler.setDataProvider(new OAuthDataProviderImpl());
+ ServerAccessToken t = handler.createAccessToken(createClient("a"), createMap("a"));
assertTrue(t instanceof BearerAccessToken);
}
@@ -109,8 +91,7 @@ public class TokenGrantHandlerTest exten
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params)
throws OAuthServiceException {
- super.checkIfGrantSupported(client);
- return new BearerAccessToken(client, 3600L);
+ return super.doCreateAccessToken(client, client.getSubject(), null);
}
}
@@ -123,8 +104,8 @@ public class TokenGrantHandlerTest exten
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params)
throws OAuthServiceException {
- super.checkIfGrantSupported(client, params.getFirst(OAuthConstants.GRANT_TYPE));
- return new BearerAccessToken(client, 3600L);
+ return super.doCreateAccessToken(client, client.getSubject(),
+ params.getFirst(OAuthConstants.GRANT_TYPE), null);
}
}