You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/01/28 14:14:08 UTC
cxf git commit: Pass the already approved scopes/permissions, if any,
to the authorization form for the more optimal UI challenge be
possible
Repository: cxf
Updated Branches:
refs/heads/master 219d31448 -> 746914a50
Pass the already approved scopes/permissions, if any, to the authorization form for the more optimal UI challenge be possible
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/746914a5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/746914a5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/746914a5
Branch: refs/heads/master
Commit: 746914a5084f5db8d0c0f052802c7ef2217b9b6b
Parents: 219d314
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Thu Jan 28 13:13:47 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Thu Jan 28 13:13:47 2016 +0000
----------------------------------------------------------------------
.../oauth2/common/OAuthAuthorizationData.java | 51 +++++++++++++-------
.../services/AuthorizationCodeGrantService.java | 6 +--
.../oauth2/services/ImplicitGrantService.java | 6 +--
.../services/RedirectionBasedGrantService.java | 29 +++++++----
4 files changed, 59 insertions(+), 33 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/746914a5/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
index d0665e9..d234f31 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
@@ -48,13 +48,14 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
private Map<String, String> extraApplicationProperties = new HashMap<String, String>();
private boolean implicitFlow;
- private List<? extends OAuthPermission> permissions;
+ private List<OAuthPermission> permissions;
+ private List<OAuthPermission> alreadyAuthorizedPermissions;
public OAuthAuthorizationData() {
}
/**
- * Sets the client application name
+ * Get the client application name
* @return application name
*/
public String getApplicationName() {
@@ -62,7 +63,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
}
/**
- * Sets the client application name
+ * Set the client application name
* @param applicationName application name
*/
public void setApplicationName(String applicationName) {
@@ -70,24 +71,40 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
}
/**
- * Gets the list of scopes translated to {@link Permission} instances
+ * Get the list of scopes translated to {@link Permission} instances
* requested by the client application
* @return the list of scopes
*/
- public List<? extends OAuthPermission> getPermissions() {
+ public List<OAuthPermission> getPermissions() {
return permissions;
}
/**
- * Gets the list of scopes translated to {@link OAuthPermission} instances
+ * Set the list of scopes translated to {@link OAuthPermission} instances
* @return the list of scopes
**/
- public void setPermissions(List<? extends OAuthPermission> permissions) {
+ public void setPermissions(List<OAuthPermission> permissions) {
this.permissions = permissions;
}
+
+ /**
+ * Get the list of scopes already approved by a user
+ * @return the list of approved scopes
+ */
+ public List<OAuthPermission> getAlreadyAuthorizedPermissions() {
+ return alreadyAuthorizedPermissions;
+ }
+
+ /**
+ * Set the list of scopes already approved by a user
+ * @param permissions the list of approved scopes
+ */
+ public void setAlreadyAuthorizedPermissions(List<OAuthPermission> perms) {
+ this.alreadyAuthorizedPermissions = perms;
+ }
/**
- * Sets the authenticity token linking the authorization
+ * Set the authenticity token linking the authorization
* challenge to the current end user session
*
* @param authenticityToken the session authenticity token
@@ -97,7 +114,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
}
/**
- * Gets the authenticity token linking the authorization
+ * Get the authenticity token linking the authorization
* challenge to the current end user session
* @return the session authenticity token
*/
@@ -106,7 +123,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
}
/**
- * Sets the application description
+ * Set the application description
* @param applicationDescription the description
*/
public void setApplicationDescription(String applicationDescription) {
@@ -114,7 +131,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
}
/**
- * Gets the application description
+ * Get the application description
* @return the description
*/
public String getApplicationDescription() {
@@ -122,7 +139,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
}
/**
- * Sets the application web URI
+ * Set the application web URI
* @param applicationWebUri the application URI
*/
public void setApplicationWebUri(String applicationWebUri) {
@@ -130,7 +147,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
}
/**
- * Gets the application web URI
+ * Get the application web URI
* @return the application URI
*/
public String getApplicationWebUri() {
@@ -138,7 +155,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
}
/**
- * Sets the application logo URI
+ * Set the application logo URI
* @param applicationLogoUri the logo URI
*/
public void setApplicationLogoUri(String applicationLogoUri) {
@@ -146,7 +163,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
}
/**
- * Gets the application logo URI
+ * Get the application logo URI
* @return the logo URI
*/
public String getApplicationLogoUri() {
@@ -154,7 +171,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
}
/**
- * Sets the absolute URI where the authorization decision data
+ * Set the absolute URI where the authorization decision data
* will need to be sent to
* @param replyTo authorization decision handler URI
*/
@@ -163,7 +180,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser
}
/**
- * Gets the absolute URI where the authorization decision data
+ * Get the absolute URI where the authorization decision data
* will need to be sent to
* @return authorization decision handler URI
*/
http://git-wip-us.apache.org/repos/asf/cxf/blob/746914a5/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index 9a8609a..138a600 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -68,12 +68,12 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
MultivaluedMap<String, String> params,
String redirectUri,
UserSubject subject,
- List<String> requestedScopes,
- List<OAuthPermission> perms,
+ List<OAuthPermission> requestedPerms,
+ List<OAuthPermission> alreadyAuthorizedPerms,
boolean authorizationCanBeSkipped) {
OAuthAuthorizationData data =
super.createAuthorizationData(client, params, redirectUri, subject,
- requestedScopes, perms, authorizationCanBeSkipped);
+ requestedPerms, alreadyAuthorizedPerms, authorizationCanBeSkipped);
setCodeQualifier(data, params);
return data;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/746914a5/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
index bec3714..50aa491 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
@@ -55,12 +55,12 @@ public class ImplicitGrantService extends AbstractImplicitGrantService {
MultivaluedMap<String, String> params,
String redirectUri,
UserSubject subject,
- List<String> requestedScopes,
- List<OAuthPermission> perms,
+ List<OAuthPermission> requestedPerms,
+ List<OAuthPermission> alreadyAuthorizedPerms,
boolean authorizationCanBeSkipped) {
OAuthAuthorizationData data =
super.createAuthorizationData(client, params, redirectUri, subject,
- requestedScopes, perms, authorizationCanBeSkipped);
+ requestedPerms, alreadyAuthorizedPerms, authorizationCanBeSkipped);
data.setImplicitFlow(true);
return data;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/746914a5/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 6c1a743..133ce30 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -170,15 +170,23 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
// Request a new grant only if no pre-authorized token is available
ServerAccessToken preAuthorizedToken = getDataProvider().getPreauthorizedToken(
client, requestedScope, userSubject, supportedGrantType);
- final boolean preAuthorizationComplete = preAuthorizedToken != null
- && OAuthUtils.convertPermissionsToScopeList(preAuthorizedToken.getScopes()).containsAll(requestedScope);
+
+ List<OAuthPermission> alreadyAuthorizedPerms = null;
+ boolean preAuthorizationComplete = false;
+ if (preAuthorizedToken != null) {
+ alreadyAuthorizedPerms = preAuthorizedToken.getScopes();
+ preAuthorizationComplete =
+ OAuthUtils.convertPermissionsToScopeList(alreadyAuthorizedPerms).containsAll(requestedScope);
+ }
final boolean authorizationCanBeSkipped = preAuthorizationComplete
|| canAuthorizationBeSkipped(client, userSubject, requestedScope, requestedPermissions);
// Populate the authorization challenge data
OAuthAuthorizationData data =
- createAuthorizationData(client, params, redirectUri, userSubject, requestedScope,
- requestedPermissions, authorizationCanBeSkipped);
+ createAuthorizationData(client, params, redirectUri, userSubject,
+ requestedPermissions,
+ alreadyAuthorizedPerms,
+ authorizationCanBeSkipped);
if (authorizationCanBeSkipped) {
List<OAuthPermission> approvedScopes =
@@ -209,8 +217,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
MultivaluedMap<String, String> params,
String redirectUri,
UserSubject subject,
- List<String> requestedScope,
- List<OAuthPermission> perms,
+ List<OAuthPermission> requestedPerms,
+ List<OAuthPermission> alreadyAuthorizedPerms,
boolean authorizationCanBeSkipped) {
OAuthAuthorizationData secData = new OAuthAuthorizationData();
@@ -221,15 +229,16 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
secData.setNonce(params.getFirst(OAuthConstants.NONCE));
secData.setClientId(client.getClientId());
secData.setResponseType(params.getFirst(OAuthConstants.RESPONSE_TYPE));
- if (requestedScope != null && !requestedScope.isEmpty()) {
+ if (requestedPerms != null && !requestedPerms.isEmpty()) {
StringBuilder builder = new StringBuilder();
- for (String scope : requestedScope) {
- builder.append(scope + " ");
+ for (OAuthPermission perm : requestedPerms) {
+ builder.append(perm.getPermission() + " ");
}
secData.setProposedScope(builder.toString().trim());
}
if (!authorizationCanBeSkipped) {
- secData.setPermissions(perms);
+ secData.setPermissions(requestedPerms);
+ secData.setAlreadyAuthorizedPermissions(alreadyAuthorizedPerms);
secData.setApplicationName(client.getApplicationName());
secData.setApplicationWebUri(client.getApplicationWebUri());
secData.setApplicationDescription(client.getApplicationDescription());