You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/04/08 18:24:59 UTC
[2/3] cxf git commit: Prototyping an oauth2 code auth supplier
Prototyping an oauth2 code auth supplier
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e2782f77
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e2782f77
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e2782f77
Branch: refs/heads/3.0.x-fixes
Commit: e2782f7738f20af922cc7b11a582ed79ef17b1c6
Parents: 90bd0ea
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Wed Apr 8 17:17:01 2015 +0100
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Wed Apr 8 17:19:54 2015 +0100
----------------------------------------------------------------------
.../oauth2/client/AbstractAuthSupplier.java | 8 +++++++-
.../oauth2/client/BearerAuthSupplier.java | 19 +++++++++++--------
2 files changed, 18 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e2782f77/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AbstractAuthSupplier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AbstractAuthSupplier.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AbstractAuthSupplier.java
index 5932f28..aecc472 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AbstractAuthSupplier.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AbstractAuthSupplier.java
@@ -22,7 +22,7 @@ package org.apache.cxf.rs.security.oauth2.client;
import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
public abstract class AbstractAuthSupplier {
- protected ClientAccessToken clientAccessToken = new ClientAccessToken();
+ private ClientAccessToken clientAccessToken = new ClientAccessToken();
protected AbstractAuthSupplier(String type) {
clientAccessToken = new ClientAccessToken();
clientAccessToken.setTokenType(type);
@@ -33,5 +33,11 @@ public abstract class AbstractAuthSupplier {
protected String createAuthorizationHeader() {
return clientAccessToken.getTokenType() + " " + clientAccessToken.getTokenKey();
}
+ protected ClientAccessToken getClientAccessToken() {
+ return clientAccessToken;
+ }
+ protected void setClientAccessToken(ClientAccessToken clientAccessToken) {
+ this.clientAccessToken = clientAccessToken;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e2782f77/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java
index 04c94ab..1ad0722 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/BearerAuthSupplier.java
@@ -25,6 +25,7 @@ import java.util.Collections;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
import org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
@@ -46,7 +47,7 @@ public class BearerAuthSupplier extends AbstractAuthSupplier implements HttpAuth
URI currentURI,
Message message,
String fullHeader) {
- if (clientAccessToken.getTokenKey() == null) {
+ if (getClientAccessToken().getTokenKey() == null) {
return null;
}
@@ -67,9 +68,10 @@ public class BearerAuthSupplier extends AbstractAuthSupplier implements HttpAuth
}
}
private void refreshAccessTokenIfExpired(AuthorizationPolicy authPolicy) {
- if (clientAccessToken.getExpiresIn() != -1
- && OAuthUtils.isExpired(clientAccessToken.getIssuedAt(),
- clientAccessToken.getExpiresIn())) {
+ ClientAccessToken at = getClientAccessToken();
+ if (at.getExpiresIn() != -1
+ && OAuthUtils.isExpired(at.getIssuedAt(),
+ at.getExpiresIn())) {
refreshAccessToken(authPolicy);
}
@@ -77,7 +79,8 @@ public class BearerAuthSupplier extends AbstractAuthSupplier implements HttpAuth
private boolean refreshAccessToken(AuthorizationPolicy authPolicy) {
- if (clientAccessToken.getRefreshToken() == null) {
+ ClientAccessToken at = getClientAccessToken();
+ if (at.getRefreshToken() == null) {
return false;
}
// Client id and secret are needed to refresh the tokens
@@ -100,16 +103,16 @@ public class BearerAuthSupplier extends AbstractAuthSupplier implements HttpAuth
// not be done on every request the current approach is quite reasonable
WebClient accessTokenService = createAccessTokenServiceClient();
- clientAccessToken = OAuthClientUtils.refreshAccessToken(accessTokenService, theConsumer, clientAccessToken);
+ setClientAccessToken(OAuthClientUtils.refreshAccessToken(accessTokenService, theConsumer, at));
return true;
}
- private WebClient createAccessTokenServiceClient() {
+ WebClient createAccessTokenServiceClient() {
return WebClient.create(accessTokenServiceUri, Collections.singletonList(new OAuthJSONProvider()));
}
public void setRefreshToken(String refreshToken) {
- clientAccessToken.setRefreshToken(refreshToken);
+ getClientAccessToken().setRefreshToken(refreshToken);
}
public void setAccessTokenServiceUri(String uri) {