You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2013/07/26 14:31:12 UTC
svn commit: r1507286 - in /cxf/trunk:
rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/
rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/
systests/rs-security/src/test/ja...
Author: sergeyb
Date: Fri Jul 26 12:31:12 2013
New Revision: 1507286
URL: http://svn.apache.org/r1507286
Log:
[CXF-5161] Fixing AbstractGrantHandler typo and updating it to correctly work in a case where a concrete implementation wants to support more than one grant type
Added:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java (with props)
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java?rev=1507286&r1=1507285&r2=1507286&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java Fri Jul 26 12:31:12 2013
@@ -21,7 +21,11 @@ package org.apache.cxf.rs.security.oauth
import java.util.Collections;
import java.util.List;
+import java.util.logging.Logger;
+import javax.ws.rs.WebApplicationException;
+
+import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
@@ -38,13 +42,21 @@ import org.apache.cxf.rs.security.oauth2
* Abstract access token grant handler
*/
public abstract class AbstractGrantHandler implements AccessTokenGrantHandler {
+ private static final Logger LOG = LogUtils.getL7dLogger(AbstractGrantHandler.class);
- private String supportedGrant;
+ private List<String> supportedGrants;
private OAuthDataProvider dataProvider;
private boolean partialMatchScopeValidation;
private boolean canSupportPublicClients;
protected AbstractGrantHandler(String grant) {
- supportedGrant = grant;
+ supportedGrants = Collections.singletonList(grant);
+ }
+
+ protected AbstractGrantHandler(List<String> grants) {
+ if (grants.isEmpty()) {
+ throw new IllegalArgumentException("The list of grant types can not be empty");
+ }
+ supportedGrants = grants;
}
public void setDataProvider(OAuthDataProvider dataProvider) {
@@ -55,13 +67,17 @@ public abstract class AbstractGrantHandl
}
public List<String> getSupportedGrantTypes() {
- return Collections.singletonList(supportedGrant);
+ return Collections.unmodifiableList(supportedGrants);
}
protected void checkIfGrantSupported(Client client) {
+ checkIfGrantSupported(client, getSingleGrantType());
+ }
+
+ protected void checkIfGrantSupported(Client client, String requestedGrant) {
if (!OAuthUtils.isGrantSupportedForClient(client,
canSupportPublicClients,
- OAuthConstants.AUTHORIZATION_CODE_GRANT)) {
+ requestedGrant)) {
throw new OAuthServiceException(OAuthConstants.UNAUTHORIZED_CLIENT);
}
}
@@ -69,13 +85,30 @@ public abstract class AbstractGrantHandl
protected ServerAccessToken doCreateAccessToken(Client client,
UserSubject subject,
List<String> requestedScope) {
+
+ return doCreateAccessToken(client, subject, getSingleGrantType(), requestedScope);
+ }
+
+ private String getSingleGrantType() {
+ if (supportedGrants.size() > 1) {
+ String errorMessage = "Request grant type must be specified";
+ LOG.warning(errorMessage);
+ throw new WebApplicationException(500);
+ }
+ return supportedGrants.get(0);
+ }
+
+ protected ServerAccessToken doCreateAccessToken(Client client,
+ UserSubject subject,
+ String requestedGrant,
+ List<String> requestedScope) {
if (!OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(),
partialMatchScopeValidation)) {
throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_SCOPE));
}
// Check if a pre-authorized token available
ServerAccessToken token = dataProvider.getPreauthorizedToken(
- client, requestedScope, subject, supportedGrant);
+ client, requestedScope, subject, requestedGrant);
if (token != null) {
return token;
}
@@ -83,7 +116,7 @@ public abstract class AbstractGrantHandl
// Delegate to the data provider to create the one
AccessTokenRegistration reg = new AccessTokenRegistration();
reg.setClient(client);
- reg.setGrantType(supportedGrant);
+ reg.setGrantType(requestedGrant);
reg.setSubject(subject);
reg.setRequestedScope(requestedScope);
Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java?rev=1507286&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java Fri Jul 26 12:31:12 2013
@@ -0,0 +1,133 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.grants;
+
+import java.util.Arrays;
+import java.util.List;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.jaxrs.impl.MetadataMap;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class TokenGrantHandlerTest extends Assert {
+
+ @Test
+ public void testSimpleGrantNotSupported() {
+ try {
+ new SimpleGrantHandler().createAccessToken(createClient("unsupported"),
+ createMap("a"));
+ fail("Unsupported Grant");
+ } catch (OAuthServiceException ex) {
+ assertEquals(OAuthConstants.UNAUTHORIZED_CLIENT, ex.getMessage());
+ }
+ }
+
+ @Test
+ public void testSimpleGrantBug() {
+ try {
+ new SimpleGrantHandler(Arrays.asList("a", "b")).createAccessToken(createClient("a"),
+ createMap("a"));
+ fail("Grant handler bug");
+ } catch (WebApplicationException ex) {
+ assertEquals(500, ex.getResponse().getStatus());
+ }
+ }
+
+ @Test
+ public void testSimpleGrantSupported() {
+ ServerAccessToken t = new SimpleGrantHandler().createAccessToken(createClient("a"),
+ createMap("a"));
+ assertTrue(t instanceof BearerAccessToken);
+ }
+
+ @Test
+ public void testComplexGrantNotSupported() {
+ try {
+ new ComplexGrantHandler(Arrays.asList("a", "b"))
+ .createAccessToken(createClient("unsupported"), createMap("a"));
+ fail("Unsupported Grant");
+ } catch (OAuthServiceException ex) {
+ assertEquals(OAuthConstants.UNAUTHORIZED_CLIENT, ex.getMessage());
+ }
+ }
+
+ @Test
+ public void testComplexGrantSupported() {
+ ServerAccessToken t = new ComplexGrantHandler(Arrays.asList("a", "b"))
+ .createAccessToken(createClient("a"), createMap("a"));
+ assertTrue(t instanceof BearerAccessToken);
+ }
+
+ private Client createClient(String... grants) {
+ Client c = new Client("alice", "password", true);
+ for (String grant : grants) {
+ c.getAllowedGrantTypes().add(grant);
+ }
+ return c;
+ }
+
+ private MultivaluedMap<String, String> createMap(String grant) {
+ MultivaluedMap<String, String> map = new MetadataMap<String, String>();
+ map.putSingle(OAuthConstants.GRANT_TYPE, grant);
+ return map;
+ }
+
+ private static class SimpleGrantHandler extends AbstractGrantHandler {
+
+ public SimpleGrantHandler() {
+ super("a");
+ }
+
+ public SimpleGrantHandler(List<String> grants) {
+ super(grants);
+ }
+
+ @Override
+ public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params)
+ throws OAuthServiceException {
+ super.checkIfGrantSupported(client);
+ return new BearerAccessToken(client, 3600L);
+ }
+
+ }
+
+ private static class ComplexGrantHandler extends AbstractGrantHandler {
+
+ public ComplexGrantHandler(List<String> grants) {
+ super(grants);
+ }
+
+ @Override
+ public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params)
+ throws OAuthServiceException {
+ super.checkIfGrantSupported(client, params.getFirst(OAuthConstants.GRANT_TYPE));
+ return new BearerAccessToken(client, 3600L);
+ }
+
+ }
+}
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java?rev=1507286&r1=1507285&r2=1507286&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/OAuthDataProviderImpl.java Fri Jul 26 12:31:12 2013
@@ -27,6 +27,7 @@ import org.apache.cxf.rs.security.oauth2
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.saml.Constants;
import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
@@ -34,7 +35,9 @@ public class OAuthDataProviderImpl imple
@Override
public Client getClient(String clientId) throws OAuthServiceException {
- return new Client("alice", "alice", true);
+ Client client = new Client("alice", "alice", true);
+ client.getAllowedGrantTypes().add(Constants.SAML2_BEARER_GRANT);
+ return client;
}
@Override
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java?rev=1507286&r1=1507285&r2=1507286&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java Fri Jul 26 12:31:12 2013
@@ -139,6 +139,7 @@ public class JAXRSXmlSecTest extends Abs
} catch (WebApplicationException ex) {
fail(ex.getMessage());
} catch (ProcessingException ex) {
+ ex.printStackTrace();
if (ex.getCause() != null && ex.getCause().getMessage() != null) {
fail(ex.getCause().getMessage());
} else {