You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/01/18 17:53:01 UTC
cxf git commit: Making sure the pre-registered client scopes can be
accumulated with the requested scopes
Repository: cxf
Updated Branches:
refs/heads/master 2d5bc09bd -> 6cc93fb07
Making sure the pre-registered client scopes can be accumulated with the requested scopes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6cc93fb0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6cc93fb0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6cc93fb0
Branch: refs/heads/master
Commit: 6cc93fb07362027d09967932776821352d88b62b
Parents: 2d5bc09
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Jan 18 16:52:44 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Jan 18 16:52:44 2016 +0000
----------------------------------------------------------------------
.../oauth2/grants/refresh/RefreshTokenGrantHandler.java | 6 ++++++
.../oauth2/services/DirectAuthorizationService.java | 6 ++++++
.../oauth2/services/RedirectionBasedGrantService.java | 8 +++++++-
.../apache/cxf/rs/security/oauth2/utils/OAuthUtils.java | 12 +++++++++++-
4 files changed, 30 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/6cc93fb0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
index f64394b..3553736 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
@@ -35,6 +35,7 @@ public class RefreshTokenGrantHandler implements AccessTokenGrantHandler {
private OAuthDataProvider dataProvider;
private boolean partialMatchScopeValidation;
+ private boolean useAllClientScopes;
public void setDataProvider(OAuthDataProvider dataProvider) {
this.dataProvider = dataProvider;
@@ -49,6 +50,7 @@ public class RefreshTokenGrantHandler implements AccessTokenGrantHandler {
String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN);
List<String> requestedScopes = OAuthUtils.getRequestedScopes(client,
params.getFirst(OAuthConstants.SCOPE),
+ useAllClientScopes,
partialMatchScopeValidation);
return dataProvider.refreshAccessToken(client, refreshToken, requestedScopes);
@@ -57,4 +59,8 @@ public class RefreshTokenGrantHandler implements AccessTokenGrantHandler {
public void setPartialMatchScopeValidation(boolean partialMatchScopeValidation) {
this.partialMatchScopeValidation = partialMatchScopeValidation;
}
+
+ public void setUseAllClientScopes(boolean useAllClientScopes) {
+ this.useAllClientScopes = useAllClientScopes;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/6cc93fb0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
index 26212d8..f88a85a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
@@ -45,6 +45,7 @@ import org.apache.cxf.security.SecurityContext;
public class DirectAuthorizationService extends AbstractOAuthService {
private SubjectCreator subjectCreator;
private boolean partialMatchScopeValidation;
+ private boolean useAllClientScopes;
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("text/html")
@@ -62,6 +63,7 @@ public class DirectAuthorizationService extends AbstractOAuthService {
String providedScope = params.getFirst(OAuthConstants.SCOPE);
List<String> requestedScope = OAuthUtils.getRequestedScopes(client,
providedScope,
+ useAllClientScopes,
partialMatchScopeValidation);
reg.setRequestedScope(requestedScope);
@@ -132,6 +134,10 @@ public class DirectAuthorizationService extends AbstractOAuthService {
public void setPartialMatchScopeValidation(boolean partialMatchScopeValidation) {
this.partialMatchScopeValidation = partialMatchScopeValidation;
}
+
+ public void setUseAllClientScopes(boolean useAllClientScopes) {
+ this.useAllClientScopes = useAllClientScopes;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/6cc93fb0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 85b4b44..4d24346 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -57,6 +57,7 @@ import org.apache.cxf.security.SecurityContext;
public abstract class RedirectionBasedGrantService extends AbstractOAuthService {
private Set<String> supportedResponseTypes;
private String supportedGrantType;
+ private boolean useAllClientScopes;
private boolean partialMatchScopeValidation;
private boolean useRegisteredRedirectUriIfPossible = true;
private SessionAuthenticityTokenProvider sessionAuthenticityTokenProvider;
@@ -145,7 +146,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
List<String> requestedScope = null;
try {
requestedScope = OAuthUtils.getRequestedScopes(client,
- providedScope,
+ providedScope,
+ useAllClientScopes,
partialMatchScopeValidation);
} catch (OAuthServiceException ex) {
return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
@@ -462,6 +464,10 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
public void setPartialMatchScopeValidation(boolean partialMatchScopeValidation) {
this.partialMatchScopeValidation = partialMatchScopeValidation;
}
+
+ public void setUseAllClientScopes(boolean useAllClientScopes) {
+ this.useAllClientScopes = useAllClientScopes;
+ }
/**
* If a client does not include a redirect_uri parameter but has an exactly one
* pre-registered redirect_uri then use that redirect_uri
http://git-wip-us.apache.org/repos/asf/cxf/blob/6cc93fb0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index d2ae2fa..066cec0 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -213,7 +213,9 @@ public final class OAuthUtils {
return false;
}
- public static List<String> getRequestedScopes(Client client, String scopeParameter,
+ public static List<String> getRequestedScopes(Client client,
+ String scopeParameter,
+ boolean useAllClientScopes,
boolean partialMatchScopeValidation) {
List<String> requestScopes = parseScope(scopeParameter);
List<String> registeredScopes = client.getRegisteredScopes();
@@ -224,6 +226,14 @@ public final class OAuthUtils {
if (!validateScopes(requestScopes, registeredScopes, partialMatchScopeValidation)) {
throw new OAuthServiceException("Unexpected scope");
}
+ if (useAllClientScopes) {
+ for (String registeredScope : registeredScopes) {
+ if (!requestScopes.contains(registeredScope)) {
+ requestScopes.add(registeredScope);
+ }
+ }
+ }
+
return requestScopes;
}