git commit: Updating OAuth2 Redirect service to support the case where a view handler randomizes a name of the field containing a session authenticity token

[se...@apache.org]

Repository: cxf
Updated Branches:
  refs/heads/master b4909d605 -> 1cc014c39


Updating OAuth2 Redirect service to support the case where a view handler randomizes a name of the field containing a session authenticity token


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1cc014c3
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1cc014c3
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1cc014c3

Branch: refs/heads/master
Commit: 1cc014c3931d4d818dbf876bf959cd6f2c821732
Parents: b4909d6
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Fri Jun 13 12:29:30 2014 +0100
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Fri Jun 13 12:29:30 2014 +0100

----------------------------------------------------------------------
 .../security/oauth2/services/RedirectionBasedGrantService.java | 6 +++++-
 .../apache/cxf/rs/security/oauth2/utils/OAuthConstants.java    | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/1cc014c3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 461181e..67f12ea 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -221,7 +221,11 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         UserSubject userSubject = createUserSubject(securityContext);
         
         // Make sure the session is valid
-        String sessionToken = params.getFirst(OAuthConstants.SESSION_AUTHENTICITY_TOKEN);
+        String sessionTokenParamName = params.getFirst(OAuthConstants.SESSION_AUTHENTICITY_TOKEN_PARAM_NAME);
+        if (sessionTokenParamName == null) {
+            sessionTokenParamName = OAuthConstants.SESSION_AUTHENTICITY_TOKEN;
+        }
+        String sessionToken = params.getFirst(sessionTokenParamName);
         if (!compareRequestAndSessionTokens(sessionToken, params, userSubject)) {
             throw ExceptionUtils.toBadRequestException(null, null);     
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/1cc014c3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
index 25fae18..945c8a9 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
@@ -88,6 +88,7 @@ public final class OAuthConstants {
     public static final String AUTHORIZATION_CODE_VALUE = "code";
     public static final String CODE_RESPONSE_TYPE = "code";
     public static final String SESSION_AUTHENTICITY_TOKEN = "session_authenticity_token";
+    public static final String SESSION_AUTHENTICITY_TOKEN_PARAM_NAME = "session_authenticity_token_param_name";
     public static final String AUTHORIZATION_DECISION_KEY = "oauthDecision";
     public static final String AUTHORIZATION_DECISION_ALLOW = "allow";
     public static final String AUTHORIZATION_DECISION_DENY = "deny";