You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/12/05 14:02:08 UTC
svn commit: r1417399 - in
/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2:
grants/ grants/refresh/ provider/ services/
Author: sergeyb
Date: Wed Dec 5 13:02:07 2012
New Revision: 1417399
URL: http://svn.apache.org/viewvc?rev=1417399&view=rev
Log:
[CXF-4673] Updating OAuthDataProvider to accept requested scopes for refreshing tokens and getting pre-authorized tokens
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java?rev=1417399&r1=1417398&r2=1417399&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java Wed Dec 5 13:02:07 2012
@@ -68,7 +68,7 @@ public abstract class AbstractGrantHandl
List<String> requestedScope) {
// Check if a pre-authorized token available
ServerAccessToken token = dataProvider.getPreauthorizedToken(
- client, subject, supportedGrant);
+ client, requestedScope, subject, supportedGrant);
if (token != null) {
return token;
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java?rev=1417399&r1=1417398&r2=1417399&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java Wed Dec 5 13:02:07 2012
@@ -49,20 +49,20 @@ public class RefreshTokenGrantHandler im
throw new OAuthServiceException(OAuthConstants.UNAUTHORIZED_CLIENT);
}
String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN);
+ List<String> requestedScopes = OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE));
- ServerAccessToken token = dataProvider.refreshAccessToken(client.getClientId(),
- refreshToken);
+ ServerAccessToken token = dataProvider.refreshAccessToken(client,
+ refreshToken,
+ requestedScopes);
if (token == null) {
return null;
}
- String scope = params.getFirst(OAuthConstants.SCOPE);
- if (scope != null) {
- List<String> tokenScopes = OAuthUtils.convertPermissionsToScopeList(token.getScopes());
- if (!tokenScopes.containsAll(OAuthUtils.parseScope(scope))) {
- throw new OAuthServiceException(OAuthConstants.INVALID_SCOPE);
- }
+ List<String> tokenScopes = OAuthUtils.convertPermissionsToScopeList(token.getScopes());
+ if (!tokenScopes.containsAll(requestedScopes)) {
+ throw new OAuthServiceException(OAuthConstants.INVALID_SCOPE);
}
+
return token;
}
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java?rev=1417399&r1=1417398&r2=1417399&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java Wed Dec 5 13:02:07 2012
@@ -61,21 +61,29 @@ public interface OAuthDataProvider {
/**
* Get preauthorized access token
* @param client Client
+ * @param requestedScopes the scopes requested by the client
* @param subject End User subject
* @return AccessToken access token
* @throws OAuthServiceException
*/
- ServerAccessToken getPreauthorizedToken(Client client, UserSubject subject, String grantType)
+ ServerAccessToken getPreauthorizedToken(Client client,
+ List<String> requestedScopes,
+ UserSubject subject,
+ String grantType)
throws OAuthServiceException;
/**
* Refresh access token
- * @param clientId the client id
+ * @param client the client
* @param refreshToken refresh token key
+ * @param requestedScopes the scopes requested by the client
* @return AccessToken
* @throws OAuthServiceException
*/
- ServerAccessToken refreshAccessToken(String clientId, String refreshToken) throws OAuthServiceException;
+ ServerAccessToken refreshAccessToken(Client client,
+ String refreshToken,
+ List<String> requestedScopes)
+ throws OAuthServiceException;
/**
* Removes the token
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java?rev=1417399&r1=1417398&r2=1417399&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java Wed Dec 5 13:02:07 2012
@@ -134,7 +134,7 @@ public abstract class RedirectionBasedGr
// Request a new grant only if no pre-authorized token is available
ServerAccessToken preauthorizedToken = getDataProvider().getPreauthorizedToken(
- client, userSubject, supportedGrantType);
+ client, requestedScope, userSubject, supportedGrantType);
if (preauthorizedToken != null) {
return createGrant(params,
client,