You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/09/27 12:23:37 UTC

cxf git commit: Minor updates to the way the registration access token is checked

Repository: cxf
Updated Branches:
  refs/heads/master 728e60aa5 -> 8595d5ce7


Minor updates to the way the registration access token is checked


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8595d5ce
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8595d5ce
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8595d5ce

Branch: refs/heads/master
Commit: 8595d5ce7bdd5bf4760f9c233083ac774e38ecc6
Parents: 728e60a
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Sep 27 13:23:23 2016 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Sep 27 13:23:23 2016 +0100

----------------------------------------------------------------------
 .../services/DynamicRegistrationService.java    | 35 ++++++++++----------
 .../idp/OidcDynamicRegistrationService.java     |  4 +--
 2 files changed, 20 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/8595d5ce/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
index ab6cb46..090c84d 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
@@ -53,33 +53,35 @@ public class DynamicRegistrationService extends AbstractOAuthService {
     @POST
     @Consumes("application/json")
     @Produces("application/json")
-    public ClientRegistrationResponse register(ClientRegistration request) {
+    public Response register(ClientRegistration request) {
         checkInitialAccessToken();
         Client client = createNewClient(request);
         createRegAccessToken(client);
         clientProvider.setClient(client);
         
-        return fromClientToRegistrationResponse(client);
+        return Response.status(201).entity(fromClientToRegistrationResponse(client)).build();
     }
     
     protected void checkInitialAccessToken() {
         if (initialAccessToken != null) {
-            checkCurrentAccessToken(initialAccessToken);
+            String accessToken = getRequestAccessToken();
+            if (!initialAccessToken.equals(accessToken)) {
+                throw ExceptionUtils.toNotAuthorizedException(null, null);
+            }
         }
         
     }
 
     protected String createRegAccessToken(Client client) {
-        //TODO: Passing AccessTokenRegistration to OAuthDataProvider may be needed
         String regAccessToken = OAuthUtils.generateRandomTokenKey();
         client.getProperties().put(ClientRegistrationResponse.REG_ACCESS_TOKEN, 
                                    regAccessToken);
         return regAccessToken;
     }
-    protected void checkCurrentAccessToken(String accessToken) {
-        String[] authParts = AuthorizationUtils.getAuthorizationParts(getMessageContext(), 
-                             Collections.singleton(OAuthConstants.BEARER_AUTHORIZATION_SCHEME));
-        if (authParts.length != 2 || !authParts[1].equals(accessToken)) {
+    protected void checkRegistrationAccessToken(Client c, String accessToken) {
+        String regAccessToken = c.getProperties().get(ClientRegistrationResponse.REG_ACCESS_TOKEN);
+        
+        if (!regAccessToken.equals(accessToken)) {
             throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
     }
@@ -153,22 +155,17 @@ public class DynamicRegistrationService extends AbstractOAuthService {
     }
     
     protected Client readClient(String clientId) {
+        String accessToken = getRequestAccessToken();
+                                                 
         Client c = clientProvider.getClient(clientId);
         if (c == null) {
             throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
-        String regAccessToken = c.getProperties().get(ClientRegistrationResponse.REG_ACCESS_TOKEN);
-        // Or check OAuthDataProvider.getAccessToken
-        // if OAuthDataProvider.createAccessToken was used
-        
-        validateRegistrationAccessToken(regAccessToken);
+        checkRegistrationAccessToken(c, accessToken);
         return c;
     }
     
-    protected void validateRegistrationAccessToken(String accessToken) {
-        checkCurrentAccessToken(accessToken);
-    }
-
+    
     public String getInitialAccessToken() {
         return initialAccessToken;
     }
@@ -277,6 +274,10 @@ public class DynamicRegistrationService extends AbstractOAuthService {
                        getClientSecretSizeInBytes(request)));
     }
 
+    protected String getRequestAccessToken() {
+        return AuthorizationUtils.getAuthorizationParts(getMessageContext(), 
+                    Collections.singleton(OAuthConstants.BEARER_AUTHORIZATION_SCHEME))[1];
+    }
     protected int getClientSecretSizeInBytes(ClientRegistration request) {
         return 16;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8595d5ce/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcDynamicRegistrationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcDynamicRegistrationService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcDynamicRegistrationService.java
index e4d9840..66a2baf 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcDynamicRegistrationService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcDynamicRegistrationService.java
@@ -21,10 +21,10 @@ package org.apache.cxf.rs.security.oidc.idp;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.POST;
 import javax.ws.rs.Produces;
+import javax.ws.rs.core.Response;
 
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.services.ClientRegistration;
-import org.apache.cxf.rs.security.oauth2.services.ClientRegistrationResponse;
 import org.apache.cxf.rs.security.oauth2.services.DynamicRegistrationService;
 
 public class OidcDynamicRegistrationService extends DynamicRegistrationService {
@@ -33,7 +33,7 @@ public class OidcDynamicRegistrationService extends DynamicRegistrationService {
     @POST
     @Consumes("application/json")
     @Produces("application/json")
-    public ClientRegistrationResponse register(OidcClientRegistration request) {
+    public Response register(OidcClientRegistration request) {
         return super.register(request);
     }