You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2011/10/12 22:07:33 UTC
svn commit: r1182563 - in /cxf/trunk:
distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/
rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/
rt/rs/security/oauth-parent/oauth/src/main/java/org...
Author: sergeyb
Date: Wed Oct 12 20:07:33 2011
New Revision: 1182563
URL: http://svn.apache.org/viewvc?rev=1182563&view=rev
Log:
[CXF-2759] Updating authorization handler mappings plus few more minor updates
Modified:
cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java
Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml?rev=1182563&r1=1182562&r2=1182563&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml (original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml Wed Oct 12 20:07:33 2011
@@ -28,7 +28,7 @@
<beans:bean id="authenticationSuccHandler"
class="demo.oauth.server.spring.AuthenticationSuccessfullHandler">
<beans:property name="defaultTargetUrl" value="/app/newClientForm.jsp"/>
- <beans:property name="confirmationUrl" value="/auth/oauth/authorizeDecision"/>
+ <beans:property name="confirmationUrl" value="/auth/oauth/authorize/decision"/>
</beans:bean>
<beans:bean id="authenticationFailHandler"
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java?rev=1182563&r1=1182562&r2=1182563&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java Wed Oct 12 20:07:33 2011
@@ -23,6 +23,10 @@ public class Permission {
private String permission;
private String description;
+ public Permission() {
+
+ }
+
public Permission(String permission, String description) {
this.description = description;
this.permission = permission;
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1182563&r1=1182562&r2=1182563&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java Wed Oct 12 20:07:33 2011
@@ -110,7 +110,7 @@ public class AbstractAuthFilter {
matched = true;
}
}
- if (!matched) {
+ if (!matched && permissions.size() > 0) {
throw new OAuthProblemException();
}
return new OAuthInfo(authInfo, accessToken, permissions);
@@ -118,7 +118,7 @@ public class AbstractAuthFilter {
}
protected boolean checkRequestURI(HttpServletRequest request, List<String> uris) {
- if (uris == null) {
+ if (uris == null || uris.isEmpty()) {
return true;
}
String servletPath = request.getPathInfo();
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1182563&r1=1182562&r2=1182563&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java Wed Oct 12 20:07:33 2011
@@ -18,6 +18,7 @@
*/
package org.apache.cxf.rs.security.oauth.services;
+import java.io.IOException;
import java.net.URI;
import java.util.HashMap;
import java.util.Map;
@@ -66,13 +67,13 @@ public class AuthorizationRequestHandler
}
OAuthAuthorizationData secData = new OAuthAuthorizationData();
- if (!compareRequestSessionTokens(request)) {
+ if (!compareRequestSessionTokens(request, oAuthMessage)) {
addAuthenticityTokenToSession(secData, request);
return Response.ok(
addAdditionalParams(secData, dataProvider, token)).build();
}
- String decision = request.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
+ String decision = oAuthMessage.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
boolean allow = OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision);
Map<String, String> queryParams = new HashMap<String, String>();
@@ -145,9 +146,15 @@ public class AuthorizationRequestHandler
session.setAttribute(OAuthConstants.AUTHENTICITY_TOKEN, value);
}
- private boolean compareRequestSessionTokens(HttpServletRequest request) {
+ private boolean compareRequestSessionTokens(HttpServletRequest request,
+ OAuthMessage oAuthMessage) {
HttpSession session = request.getSession();
- String requestToken = request.getParameter(OAuthConstants.AUTHENTICITY_TOKEN);
+ String requestToken = null;
+ try {
+ requestToken = oAuthMessage.getParameter(OAuthConstants.AUTHENTICITY_TOKEN);
+ } catch (IOException ex) {
+ return false;
+ }
String sessionToken = (String) session.getAttribute(OAuthConstants.AUTHENTICITY_TOKEN);
if (StringUtils.isEmpty(requestToken) || StringUtils.isEmpty(sessionToken)) {
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java?rev=1182563&r1=1182562&r2=1182563&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java Wed Oct 12 20:07:33 2011
@@ -36,6 +36,7 @@ import org.apache.cxf.rs.security.oauth.
* redirect End User back to the Client, supplying
* a request token verifier (aka authorization code)
*/
+@Path("/authorize")
public class AuthorizationRequestService extends AbstractOAuthService {
private AuthorizationRequestHandler handler = new AuthorizationRequestHandler();
@@ -45,25 +46,24 @@ public class AuthorizationRequestService
}
@GET
- @Path("/authorize")
@Produces({"application/xhtml+xml", "text/html", "application/xml", "application/json" })
public Response authorize() {
Response response = handler.handle(getHttpRequest(), getDataProvider());
if (response.getEntity() instanceof OAuthAuthorizationData) {
- String replyTo = getUriInfo().getBaseUriBuilder().path("authorizeDecision").build().toString();
+ String replyTo = getUriInfo().getAbsolutePathBuilder().path("decision").build().toString();
((OAuthAuthorizationData)response.getEntity()).setReplyTo(replyTo);
}
return response;
}
@GET
- @Path("/authorizeDecision")
+ @Path("/decision")
public Response authorizeDecision() {
return authorize();
}
@POST
- @Path("/authorizeDecision")
+ @Path("/decision")
@Consumes("application/x-www-form-urlencoded")
public Response authorizeDecisionForm() {
return authorizeDecision();
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java?rev=1182563&r1=1182562&r2=1182563&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java Wed Oct 12 20:07:33 2011
@@ -85,13 +85,13 @@ public class OAuthDefaultServices {
}
@GET
- @Path("/authorizeDecision")
+ @Path("/authorize/decision")
public Response authorizeDecision() {
return authorizeService.authorizeDecision();
}
@POST
- @Path("/authorizeDecision")
+ @Path("/authorize/decision")
@Consumes("application/x-www-form-urlencoded")
public Response authorizeDecisionForm() {
return authorizeService.authorizeDecision();
Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java?rev=1182563&r1=1182562&r2=1182563&view=diff
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java (original)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java Wed Oct 12 20:07:33 2011
@@ -70,7 +70,7 @@ public class JAXRSClientServerBookTest e
@BeforeClass
public static void startServers() throws Exception {
assertTrue("server did not launch correctly",
- launchServer(BookServer.class));
+ launchServer(BookServer.class, true));
}
@Test