You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/01/26 13:47:04 UTC
cxf git commit: Updating the code handler to check for the
pre-authorized token only if it was recorded during the code issuance time
Repository: cxf
Updated Branches:
refs/heads/master b490940ac -> 75d475ba8
Updating the code handler to check for the pre-authorized token only if it was recorded during the code issuance time
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/75d475ba
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/75d475ba
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/75d475ba
Branch: refs/heads/master
Commit: 75d475ba8def388e6e768ef3ffb39c3e724e0e41
Parents: b490940
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Jan 26 12:46:45 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Jan 26 12:46:45 2016 +0000
----------------------------------------------------------------------
.../code/AuthorizationCodeGrantHandler.java | 26 +++++++++++---------
1 file changed, 14 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/75d475ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index 4a01328..c8e6655 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -104,18 +104,20 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler {
String requestedGrant,
String codeVerifier,
List<String> audiences) {
- ServerAccessToken token = getPreAuthorizedToken(client,
- grant.getSubject(),
- requestedGrant,
- grant.getRequestedScopes(),
- getAudiences(client, grant.getAudience()));
- if (token != null) {
- return token;
- } else if (grant.isPreauthorizedTokenAvailable()) {
- // the grant was issued based on the authorization time check confirming the
- // token was available but it has expired by now or been removed then
- // creating a completely new token can be wrong - though this needs to be reviewed
- throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
+ if (grant.isPreauthorizedTokenAvailable()) {
+ ServerAccessToken token = getPreAuthorizedToken(client,
+ grant.getSubject(),
+ requestedGrant,
+ grant.getRequestedScopes(),
+ getAudiences(client, grant.getAudience()));
+ if (token != null) {
+ return token;
+ } else {
+ // the grant was issued based on the authorization time check confirming the
+ // token was available but it has expired by now or been removed then
+ // creating a completely new token can be wrong - though this needs to be reviewed
+ throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
+ }
}
// Delegate to the data provider to create the one