You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/11/13 11:57:15 UTC
cxf git commit: Makaing sure the code filter can catch all code
response errors
Repository: cxf
Updated Branches:
refs/heads/master bf52c1759 -> 144ee70dc
Makaing sure the code filter can catch all code response errors
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/144ee70d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/144ee70d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/144ee70d
Branch: refs/heads/master
Commit: 144ee70dc163a1dbcfbfa891a3fed0b98b7edf21
Parents: bf52c17
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Fri Nov 13 10:56:58 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Fri Nov 13 10:56:58 2015 +0000
----------------------------------------------------------------------
.../cxf/rs/security/oauth2/client/AccessDeniedResponse.java | 8 +++++++-
.../rs/security/oauth2/client/ClientCodeRequestFilter.java | 4 ++--
.../oauth2/provider/AbstractOAuthJoseJwtProducer.java | 5 +++--
3 files changed, 12 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/144ee70d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java
index 9ec28ab..16a87bf 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java
@@ -19,5 +19,11 @@
package org.apache.cxf.rs.security.oauth2.client;
public class AccessDeniedResponse {
-
+ private String error;
+ public AccessDeniedResponse(String error) {
+ this.error = error;
+ }
+ public String getError() {
+ return error;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/144ee70d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index 3e312a3..18285a6 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -115,10 +115,10 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter {
if (sc == null || sc.getUserPrincipal() == null) {
if (codeParam == null
&& requestParams.containsKey(OAuthConstants.ERROR_KEY)
- && OAuthConstants.ACCESS_DENIED.equals(requestParams.getFirst(OAuthConstants.ERROR_KEY))
&& !faultAccessDeniedResponses) {
if (!applicationCanHandleAccessDenied) {
- rc.abortWith(Response.ok(new AccessDeniedResponse()).build());
+ String error = requestParams.getFirst(OAuthConstants.ERROR_KEY);
+ rc.abortWith(Response.ok(new AccessDeniedResponse(error)).build());
}
} else {
throw ExceptionUtils.toNotAuthorizedException(null, null);
http://git-wip-us.apache.org/repos/asf/cxf/blob/144ee70d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
index b0a7414..fec38bc 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java
@@ -22,6 +22,7 @@ import java.util.Properties;
import javax.crypto.SecretKey;
+import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils;
import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
@@ -44,7 +45,7 @@ public abstract class AbstractOAuthJoseJwtProducer extends AbstractJoseJwtProduc
}
protected JwsSignatureProvider getInitializedSignatureProvider(String clientSecret) {
- if (signWithClientSecret) {
+ if (signWithClientSecret && !StringUtils.isEmpty(clientSecret)) {
Properties props = JwsUtils.loadSignatureOutProperties(false);
SignatureAlgorithm sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.HS256);
if (AlgorithmUtils.isHmacSign(sigAlgo)) {
@@ -54,7 +55,7 @@ public abstract class AbstractOAuthJoseJwtProducer extends AbstractJoseJwtProduc
return null;
}
protected JweEncryptionProvider getInitializedEncryptionProvider(String clientSecret) {
- if (encryptWithClientSecret) {
+ if (encryptWithClientSecret && !StringUtils.isEmpty(clientSecret)) {
SecretKey key = CryptoUtils.decodeSecretKey(clientSecret);
Properties props = JweUtils.loadEncryptionOutProperties(false);
ContentAlgorithm ctAlgo = JweUtils.getContentEncryptionAlgorithm(props, ContentAlgorithm.A128GCM);