You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/05/21 12:19:16 UTC

svn commit: r1340958 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2: grants/refresh/ provider/ utils/

Author: sergeyb
Date: Mon May 21 10:19:16 2012
New Revision: 1340958

URL: http://svn.apache.org/viewvc?rev=1340958&view=rev
Log:
Prototyping a refresh token grant handler

Added:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java   (with props)
Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java?rev=1340958&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java Mon May 21 10:19:16 2012
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.grants.refresh;
+
+import java.util.Collections;
+import java.util.List;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+
+public class RefreshTokenGrantHandler implements AccessTokenGrantHandler {
+
+    private OAuthDataProvider dataProvider;
+    
+    public void setDataProvider(OAuthDataProvider dataProvider) {
+        this.dataProvider = dataProvider;
+    }
+    
+    public List<String> getSupportedGrantTypes() {
+        return Collections.singletonList(OAuthConstants.REFRESH_TOKEN_GRANT);
+    }
+
+    @Override
+    public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params)
+        throws OAuthServiceException {
+        if (!OAuthUtils.isGrantSupportedForClient(client, true, OAuthConstants.REFRESH_TOKEN_GRANT)) {
+            throw new OAuthServiceException(OAuthConstants.UNAUTHORIZED_CLIENT);    
+        }
+        String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN);
+        
+        ServerAccessToken token = dataProvider.refreshAccessToken(client.getClientId(), refreshToken);
+        if (token == null) {
+            return null;
+        }
+        String scope = params.getFirst(OAuthConstants.SCOPE);
+        if (scope != null) {
+            List<String> tokenScopes = OAuthUtils.convertPermissionsToScopeList(token.getScopes());
+            if (tokenScopes.containsAll(OAuthUtils.parseScope(scope))) {            
+                throw new OAuthServiceException(OAuthConstants.INVALID_SCOPE);
+            }
+        }
+        
+        return token;
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java?rev=1340958&r1=1340957&r2=1340958&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java Mon May 21 10:19:16 2012
@@ -59,10 +59,10 @@ public interface OAuthDataProvider {
     ServerAccessToken getAccessToken(String accessToken) throws OAuthServiceException;
     
     /**
-     * TODO: Consider introducing a dedicated entity representing a user pre authorization
      * Get preauthorized access token 
-     * @param accessToken the token key 
-     * @return AccessToken
+     * @param client Client
+     * @param subject End User subject 
+     * @return AccessToken access token
      * @throws OAuthServiceException
      */
     ServerAccessToken getPreauthorizedToken(Client client, UserSubject subject, String grantType) 
@@ -71,7 +71,7 @@ public interface OAuthDataProvider {
     /**
      * Refresh access token 
      * @param clientId the client id
-     * @param refreshToken the token key 
+     * @param refreshToken refresh token key 
      * @return AccessToken
      * @throws OAuthServiceException
      */

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1340958&r1=1340957&r2=1340958&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java Mon May 21 10:19:16 2012
@@ -41,6 +41,7 @@ public final class OAuthConstants {
     public static final String AUTHORIZATION_CODE_GRANT = "authorization_code";
     public static final String CLIENT_CREDENTIALS_GRANT = "client_credentials";
     public static final String IMPLICIT_GRANT = "implicit";
+    public static final String REFRESH_TOKEN_GRANT = "refresh_token";
     // etc
     
     // Well-known token types

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java?rev=1340958&r1=1340957&r2=1340958&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java Mon May 21 10:19:16 2012
@@ -50,6 +50,14 @@ public final class OAuthUtils {
         return sb.toString();
     }
     
+    public static List<String> convertPermissionsToScopeList(List<OAuthPermission> perms) {
+        List<String> list = new LinkedList<String>();
+        for (OAuthPermission perm : perms) {
+            list.add(perm.getPermission());
+        }
+        return list;
+    }
+    
     public static boolean isGrantSupportedForClient(Client client, 
                                                     boolean isConfidential, 
                                                     String grantType) {