You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/12/05 14:02:08 UTC

svn commit: r1417399 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2: grants/ grants/refresh/ provider/ services/

Author: sergeyb
Date: Wed Dec  5 13:02:07 2012
New Revision: 1417399

URL: http://svn.apache.org/viewvc?rev=1417399&view=rev
Log:
[CXF-4673] Updating OAuthDataProvider to accept requested scopes for refreshing tokens and getting pre-authorized tokens

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java?rev=1417399&r1=1417398&r2=1417399&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java Wed Dec  5 13:02:07 2012
@@ -68,7 +68,7 @@ public abstract class AbstractGrantHandl
                                                     List<String> requestedScope) {
         // Check if a pre-authorized  token available
         ServerAccessToken token = dataProvider.getPreauthorizedToken(
-                                     client, subject, supportedGrant);
+                                     client, requestedScope, subject, supportedGrant);
         if (token != null) {
             return token;
         }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java?rev=1417399&r1=1417398&r2=1417399&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java Wed Dec  5 13:02:07 2012
@@ -49,20 +49,20 @@ public class RefreshTokenGrantHandler im
             throw new OAuthServiceException(OAuthConstants.UNAUTHORIZED_CLIENT);    
         }
         String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN);
+        List<String> requestedScopes = OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE));
         
-        ServerAccessToken token = dataProvider.refreshAccessToken(client.getClientId(), 
-                                                                  refreshToken);
+        ServerAccessToken token = dataProvider.refreshAccessToken(client, 
+                                                                  refreshToken,
+                                                                  requestedScopes);
         if (token == null) {
             return null;
         }
-        String scope = params.getFirst(OAuthConstants.SCOPE);
-        if (scope != null) {
-            List<String> tokenScopes = OAuthUtils.convertPermissionsToScopeList(token.getScopes());
-            if (!tokenScopes.containsAll(OAuthUtils.parseScope(scope))) {            
-                throw new OAuthServiceException(OAuthConstants.INVALID_SCOPE);
-            }
+        List<String> tokenScopes = OAuthUtils.convertPermissionsToScopeList(token.getScopes());
+        if (!tokenScopes.containsAll(requestedScopes)) {            
+            throw new OAuthServiceException(OAuthConstants.INVALID_SCOPE);
         }
         
+        
         return token;
     }
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java?rev=1417399&r1=1417398&r2=1417399&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java Wed Dec  5 13:02:07 2012
@@ -61,21 +61,29 @@ public interface OAuthDataProvider {
     /**
      * Get preauthorized access token 
      * @param client Client
+     * @param requestedScopes the scopes requested by the client
      * @param subject End User subject 
      * @return AccessToken access token
      * @throws OAuthServiceException
      */
-    ServerAccessToken getPreauthorizedToken(Client client, UserSubject subject, String grantType) 
+    ServerAccessToken getPreauthorizedToken(Client client,
+                                            List<String> requestedScopes,
+                                            UserSubject subject, 
+                                            String grantType) 
         throws OAuthServiceException;
     
     /**
      * Refresh access token 
-     * @param clientId the client id
+     * @param client the client
      * @param refreshToken refresh token key 
+     * @param requestedScopes the scopes requested by the client  
      * @return AccessToken
      * @throws OAuthServiceException
      */
-    ServerAccessToken refreshAccessToken(String clientId, String refreshToken) throws OAuthServiceException;
+    ServerAccessToken refreshAccessToken(Client client, 
+                                         String refreshToken, 
+                                         List<String> requestedScopes) 
+        throws OAuthServiceException;
 
     /**
      * Removes the token

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java?rev=1417399&r1=1417398&r2=1417399&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java Wed Dec  5 13:02:07 2012
@@ -134,7 +134,7 @@ public abstract class RedirectionBasedGr
         
         // Request a new grant only if no pre-authorized token is available
         ServerAccessToken preauthorizedToken = getDataProvider().getPreauthorizedToken(
-            client, userSubject, supportedGrantType);
+            client, requestedScope, userSubject, supportedGrantType);
         if (preauthorizedToken != null) {
             return createGrant(params,
                                client,