You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/09/27 12:23:37 UTC
cxf git commit: Minor updates to the way the registration access
token is checked
Repository: cxf
Updated Branches:
refs/heads/master 728e60aa5 -> 8595d5ce7
Minor updates to the way the registration access token is checked
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8595d5ce
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8595d5ce
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8595d5ce
Branch: refs/heads/master
Commit: 8595d5ce7bdd5bf4760f9c233083ac774e38ecc6
Parents: 728e60a
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Sep 27 13:23:23 2016 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Sep 27 13:23:23 2016 +0100
----------------------------------------------------------------------
.../services/DynamicRegistrationService.java | 35 ++++++++++----------
.../idp/OidcDynamicRegistrationService.java | 4 +--
2 files changed, 20 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/8595d5ce/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
index ab6cb46..090c84d 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
@@ -53,33 +53,35 @@ public class DynamicRegistrationService extends AbstractOAuthService {
@POST
@Consumes("application/json")
@Produces("application/json")
- public ClientRegistrationResponse register(ClientRegistration request) {
+ public Response register(ClientRegistration request) {
checkInitialAccessToken();
Client client = createNewClient(request);
createRegAccessToken(client);
clientProvider.setClient(client);
- return fromClientToRegistrationResponse(client);
+ return Response.status(201).entity(fromClientToRegistrationResponse(client)).build();
}
protected void checkInitialAccessToken() {
if (initialAccessToken != null) {
- checkCurrentAccessToken(initialAccessToken);
+ String accessToken = getRequestAccessToken();
+ if (!initialAccessToken.equals(accessToken)) {
+ throw ExceptionUtils.toNotAuthorizedException(null, null);
+ }
}
}
protected String createRegAccessToken(Client client) {
- //TODO: Passing AccessTokenRegistration to OAuthDataProvider may be needed
String regAccessToken = OAuthUtils.generateRandomTokenKey();
client.getProperties().put(ClientRegistrationResponse.REG_ACCESS_TOKEN,
regAccessToken);
return regAccessToken;
}
- protected void checkCurrentAccessToken(String accessToken) {
- String[] authParts = AuthorizationUtils.getAuthorizationParts(getMessageContext(),
- Collections.singleton(OAuthConstants.BEARER_AUTHORIZATION_SCHEME));
- if (authParts.length != 2 || !authParts[1].equals(accessToken)) {
+ protected void checkRegistrationAccessToken(Client c, String accessToken) {
+ String regAccessToken = c.getProperties().get(ClientRegistrationResponse.REG_ACCESS_TOKEN);
+
+ if (!regAccessToken.equals(accessToken)) {
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
}
@@ -153,22 +155,17 @@ public class DynamicRegistrationService extends AbstractOAuthService {
}
protected Client readClient(String clientId) {
+ String accessToken = getRequestAccessToken();
+
Client c = clientProvider.getClient(clientId);
if (c == null) {
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
- String regAccessToken = c.getProperties().get(ClientRegistrationResponse.REG_ACCESS_TOKEN);
- // Or check OAuthDataProvider.getAccessToken
- // if OAuthDataProvider.createAccessToken was used
-
- validateRegistrationAccessToken(regAccessToken);
+ checkRegistrationAccessToken(c, accessToken);
return c;
}
- protected void validateRegistrationAccessToken(String accessToken) {
- checkCurrentAccessToken(accessToken);
- }
-
+
public String getInitialAccessToken() {
return initialAccessToken;
}
@@ -277,6 +274,10 @@ public class DynamicRegistrationService extends AbstractOAuthService {
getClientSecretSizeInBytes(request)));
}
+ protected String getRequestAccessToken() {
+ return AuthorizationUtils.getAuthorizationParts(getMessageContext(),
+ Collections.singleton(OAuthConstants.BEARER_AUTHORIZATION_SCHEME))[1];
+ }
protected int getClientSecretSizeInBytes(ClientRegistration request) {
return 16;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8595d5ce/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcDynamicRegistrationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcDynamicRegistrationService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcDynamicRegistrationService.java
index e4d9840..66a2baf 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcDynamicRegistrationService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcDynamicRegistrationService.java
@@ -21,10 +21,10 @@ package org.apache.cxf.rs.security.oidc.idp;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Produces;
+import javax.ws.rs.core.Response;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.services.ClientRegistration;
-import org.apache.cxf.rs.security.oauth2.services.ClientRegistrationResponse;
import org.apache.cxf.rs.security.oauth2.services.DynamicRegistrationService;
public class OidcDynamicRegistrationService extends DynamicRegistrationService {
@@ -33,7 +33,7 @@ public class OidcDynamicRegistrationService extends DynamicRegistrationService {
@POST
@Consumes("application/json")
@Produces("application/json")
- public ClientRegistrationResponse register(OidcClientRegistration request) {
+ public Response register(OidcClientRegistration request) {
return super.register(request);
}