You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/03/01 18:13:46 UTC
svn commit: r1295681 - in
/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2:
common/ filters/ grants/ grants/code/ services/ utils/
Author: sergeyb
Date: Thu Mar 1 17:13:45 2012
New Revision: 1295681
URL: http://svn.apache.org/viewvc?rev=1295681&view=rev
Log:
[CXF-4112] Preparing the code to deal with multiple grant types better
Added:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java (with props)
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java?rev=1295681&r1=1295680&r2=1295681&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java Thu Mar 1 17:13:45 2012
@@ -18,6 +18,7 @@
*/
package org.apache.cxf.rs.security.oauth2.common;
+import java.util.Collections;
import java.util.Map;
/**
@@ -27,7 +28,7 @@ public abstract class AccessToken {
private String tokenKey;
private String tokenType;
- private Map<String, String> parameters;
+ private Map<String, String> parameters = Collections.emptyMap();
protected AccessToken(String tokenType, String tokenKey) {
this.tokenType = tokenType;
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java?rev=1295681&r1=1295680&r2=1295681&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java Thu Mar 1 17:13:45 2012
@@ -29,10 +29,14 @@ public class OAuthContext {
private UserSubject subject;
private List<OAuthPermission> permissions;
+ private String tokenGrantType;
- public OAuthContext(UserSubject subject, List<OAuthPermission> perms) {
+ public OAuthContext(UserSubject subject,
+ List<OAuthPermission> perms,
+ String tokenGrantType) {
this.subject = subject;
this.permissions = perms;
+ this.tokenGrantType = tokenGrantType;
}
public UserSubject getSubject() {
@@ -42,6 +46,11 @@ public class OAuthContext {
public List<OAuthPermission> getPermissions() {
return Collections.unmodifiableList(permissions);
}
+
+
+ public String getTokenGrantType() {
+ return tokenGrantType;
+ }
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java?rev=1295681&r1=1295680&r2=1295681&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java Thu Mar 1 17:13:45 2012
@@ -25,7 +25,7 @@ import java.util.List;
* Base Token representation
*/
public abstract class ServerAccessToken extends AccessToken {
-
+ private String grantType;
private long issuedAt;
private long lifetime;
private Client client;
@@ -103,4 +103,12 @@ public abstract class ServerAccessToken
return subject;
}
+ public void setGrantType(String grantType) {
+ this.grantType = grantType;
+ }
+
+ public String getGrantType() {
+ return grantType;
+ }
+
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java?rev=1295681&r1=1295680&r2=1295681&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java Thu Mar 1 17:13:45 2012
@@ -96,7 +96,7 @@ public class OAuthRequestFilter implemen
OAuthInfo info = new OAuthInfo(accessToken, matchingPermissions);
SecurityContext sc = createSecurityContext(req, info);
- m.setContent(SecurityContext.class, sc);
+ m.put(SecurityContext.class, sc);
m.setContent(OAuthContext.class, createOAuthContext(info));
return null;
@@ -196,16 +196,20 @@ public class OAuthRequestFilter implemen
UserSubject subject = info.getToken().getSubject();
final UserSubject theSubject = subject;
+ final String login = OAuthRequestFilter.this.useUserSubject
+ ? (theSubject != null ? theSubject.getLogin() : null)
+ : info.getToken().getClient().getLoginName();
+
return new SecurityContext() {
public Principal getUserPrincipal() {
- String login = OAuthRequestFilter.this.useUserSubject
- ? (theSubject != null ? theSubject.getLogin() : null)
- : info.getToken().getClient().getLoginName();
- return new SimplePrincipal(login);
+ return login != null ? new SimplePrincipal(login) : null;
}
public boolean isUserInRole(String role) {
+ if (login == null) {
+ return false;
+ }
List<String> roles = null;
if (OAuthRequestFilter.this.useUserSubject && theSubject != null) {
roles = theSubject.getRoles();
@@ -218,12 +222,10 @@ public class OAuthRequestFilter implemen
};
}
- protected OAuthContext createOAuthContext(OAuthInfo info) {
- UserSubject subject = null;
- if (info.getToken() != null) {
- subject = info.getToken().getSubject();
- }
- return new OAuthContext(subject, info.getMatchedPermissions());
+ private OAuthContext createOAuthContext(OAuthInfo info) {
+ return new OAuthContext(info.getToken().getSubject(),
+ info.getMatchedPermissions(),
+ info.getToken().getGrantType());
}
private static class OAuthInfo {
Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java?rev=1295681&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java (added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java Thu Mar 1 17:13:45 2012
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth2.grants;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.UUID;
+
+import org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.MD5SequenceGenerator;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+
+
+public abstract class AbstractGrantHandler implements AccessTokenGrantHandler {
+
+ private static final long DEFAULT_TOKEN_LIFETIME = 3600L;
+
+ private long tokenLifetime = DEFAULT_TOKEN_LIFETIME;
+ private List<String> supportedGrants;
+ private OAuthDataProvider dataProvider;
+
+ protected AbstractGrantHandler(String grant) {
+ supportedGrants = Collections.singletonList(grant);
+ }
+
+ public void setDataProvider(OAuthDataProvider dataProvider) {
+ this.dataProvider = dataProvider;
+ }
+ public OAuthDataProvider getDataProvider() {
+ return dataProvider;
+ }
+
+ public List<String> getSupportedGrantTypes() {
+ return supportedGrants;
+ }
+
+ protected static String generateRandomTokenKey() throws OAuthServiceException {
+ try {
+ byte[] bytes = UUID.randomUUID().toString().getBytes("UTF-8");
+ return new MD5SequenceGenerator().generate(bytes);
+ } catch (Exception ex) {
+ throw new OAuthServiceException(OAuthConstants.SERVER_ERROR, ex);
+ }
+ }
+
+ public void setTokenLifetime(long tokenLifetime) {
+ this.tokenLifetime = tokenLifetime;
+ }
+
+ public long getTokenLifetime() {
+ return tokenLifetime;
+ }
+
+
+}
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java?rev=1295681&r1=1295680&r2=1295681&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java Thu Mar 1 17:13:45 2012
@@ -19,38 +19,29 @@
package org.apache.cxf.rs.security.oauth2.grants.code;
-import java.util.Collections;
-import java.util.List;
-import java.util.UUID;
-
import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-import org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler;
+import org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
-import org.apache.cxf.rs.security.oauth2.utils.MD5SequenceGenerator;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
-public class AuthorizationCodeGrantHandler implements AccessTokenGrantHandler {
-
- private static final long DEFAULT_TOKEN_LIFETIME = 3600L;
-
- private AuthorizationCodeDataProvider codeProvider;
- private long tokenLifetime = DEFAULT_TOKEN_LIFETIME;
+public class AuthorizationCodeGrantHandler extends AbstractGrantHandler {
- public List<String> getSupportedGrantTypes() {
- return Collections.singletonList(OAuthConstants.AUTHORIZATION_CODE_GRANT);
+ public AuthorizationCodeGrantHandler() {
+ super(OAuthConstants.AUTHORIZATION_CODE_GRANT);
}
+
public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> params)
throws OAuthServiceException {
-
+ String codeValue = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);
ServerAuthorizationCodeGrant grant =
- codeProvider.removeCodeGrant(params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE));
+ ((AuthorizationCodeDataProvider)getDataProvider()).removeCodeGrant(codeValue);
if (grant == null) {
return null;
}
@@ -66,27 +57,13 @@ public class AuthorizationCodeGrantHandl
}
}
BearerAccessToken token = new BearerAccessToken(client,
- generateTokenKey(),
- tokenLifetime,
+ generateRandomTokenKey(),
+ getTokenLifetime(),
System.currentTimeMillis() / 1000);
token.setScopes(grant.getApprovedScopes());
token.setSubject(grant.getSubject());
+ token.setGrantType(OAuthConstants.AUTHORIZATION_CODE_GRANT);
return token;
}
- public void setCodeProvider(AuthorizationCodeDataProvider codeProvider) {
- this.codeProvider = codeProvider;
- }
-
- protected String generateTokenKey() throws OAuthServiceException {
- try {
- byte[] bytes = UUID.randomUUID().toString().getBytes("UTF-8");
- return new MD5SequenceGenerator().generate(bytes);
- } catch (Exception ex) {
- throw new OAuthServiceException(OAuthConstants.SERVER_ERROR, ex);
- }
- }
- public void setTokenLifetime(long tokenLifetime) {
- this.tokenLifetime = tokenLifetime;
- }
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java?rev=1295681&r1=1295680&r2=1295681&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java Thu Mar 1 17:13:45 2012
@@ -18,12 +18,15 @@
*/
package org.apache.cxf.rs.security.oauth2.services;
+import java.util.logging.Logger;
+
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
+import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
@@ -35,8 +38,10 @@ import org.apache.cxf.rs.security.oauth2
* Abstract utility class which OAuth services extend
*/
public abstract class AbstractOAuthService {
+ private static final Logger LOG = LogUtils.getL7dLogger(AbstractOAuthService.class);
private MessageContext mc;
private OAuthDataProvider dataProvider;
+ private boolean blockUnsecureRequests;
@Context
public void setMessageContext(MessageContext context) {
@@ -79,10 +84,23 @@ public abstract class AbstractOAuthServi
}
+ protected void checkTransportSecurity() {
+ if (!mc.getSecurityContext().isSecure()) {
+ LOG.warning("Unsecure HTTP, Transport Layer Security is recommended");
+ if (blockUnsecureRequests) {
+ throw new WebApplicationException(400);
+ }
+ }
+ }
+
protected void reportInvalidRequestError(String errorDescription) {
OAuthError error =
new OAuthError(OAuthConstants.INVALID_REQUEST, errorDescription);
throw new WebApplicationException(
Response.status(400).type(MediaType.APPLICATION_JSON).entity(error).build());
}
+
+ public void setBlockUnsecureRequests(boolean blockUnsecureRequests) {
+ this.blockUnsecureRequests = blockUnsecureRequests;
+ }
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java?rev=1295681&r1=1295680&r2=1295681&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java Thu Mar 1 17:13:45 2012
@@ -108,6 +108,8 @@ public class AccessTokenService extends
Object clientIdProp = getMessageContext().get(OAuthConstants.CLIENT_ID);
if (clientIdProp != null) {
client = getClient(clientIdProp.toString());
+ //TODO:
+ // consider matching client.getLoginName() against principal.getName() ?
}
}
} else {
@@ -145,7 +147,7 @@ public class AccessTokenService extends
if (grantHandlers.size() == 0) {
AuthorizationCodeGrantHandler handler = new AuthorizationCodeGrantHandler();
if (handler.getSupportedGrantTypes().contains(grantType)) {
- handler.setCodeProvider(
+ handler.setDataProvider(
(AuthorizationCodeDataProvider)super.getDataProvider());
return handler;
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java?rev=1295681&r1=1295680&r2=1295681&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java Thu Mar 1 17:13:45 2012
@@ -36,7 +36,6 @@ import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
-import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriBuilder;
import org.apache.cxf.common.util.StringUtils;
@@ -50,6 +49,7 @@ import org.apache.cxf.rs.security.oauth2
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.security.LoginSecurityContext;
+import org.apache.cxf.security.SecurityContext;
/**
@@ -61,7 +61,6 @@ import org.apache.cxf.security.LoginSecu
*/
@Path("/authorize")
public class AuthorizationCodeGrantService extends AbstractOAuthService {
-
private static final long DEFAULT_CODE_GRANT_LIFETIME = 3600L;
private long grantLifetime = DEFAULT_CODE_GRANT_LIFETIME;
@@ -88,6 +87,8 @@ public class AuthorizationCodeGrantServi
}
protected Response startAuthorization(MultivaluedMap<String, String> params) {
+ getAndValidateSecurityContext();
+
Client client = getClient(params);
String redirectUri = validateRedirectUri(client, params.getFirst(OAuthConstants.REDIRECT_URI));
if (!client.isConfidential()) {
@@ -159,10 +160,13 @@ public class AuthorizationCodeGrantServi
}
protected Response completeAuthorization(MultivaluedMap<String, String> params) {
+ SecurityContext securityContext = getAndValidateSecurityContext();
if (!compareRequestAndSessionTokens(params.getFirst(OAuthConstants.SESSION_AUTHENTICITY_TOKEN))) {
throw new WebApplicationException(400);
}
+ //TODO: additionally we can check that the Principal that got authenticated
+ // in startAuthorization is the same that got authenticated in completeAuthorization
Client client = getClient(params);
String originalRedirectUri = params.getFirst(OAuthConstants.REDIRECT_URI);
@@ -202,17 +206,15 @@ public class AuthorizationCodeGrantServi
}
codeReg.setApprovedScope(approvedScope);
- SecurityContext sc = getMessageContext().getSecurityContext();
List<String> roleNames = Collections.emptyList();
- if (sc instanceof LoginSecurityContext) {
+ if (securityContext instanceof LoginSecurityContext) {
roleNames = new ArrayList<String>();
- Set<Principal> roles = ((LoginSecurityContext)sc).getUserRoles();
+ Set<Principal> roles = ((LoginSecurityContext)securityContext).getUserRoles();
for (Principal p : roles) {
roleNames.add(p.getName());
}
}
- codeReg.setSubject(new UserSubject(sc.getUserPrincipal() == null
- ? null : sc.getUserPrincipal().getName(), roleNames));
+ codeReg.setSubject(new UserSubject(securityContext.getUserPrincipal().getName(), roleNames));
ServerAuthorizationCodeGrant grant = null;
try {
@@ -222,15 +224,25 @@ public class AuthorizationCodeGrantServi
}
UriBuilder ub = getRedirectUriBuilder(params.getFirst(OAuthConstants.STATE), actualRedirectUri);
- ub.queryParam("code", grant.getCode());
+ ub.queryParam(OAuthConstants.AUTHORIZATION_CODE_VALUE, grant.getCode());
return Response.seeOther(ub.build()).build();
}
+ private SecurityContext getAndValidateSecurityContext() {
+ SecurityContext securityContext =
+ (SecurityContext)getMessageContext().get(SecurityContext.class.getName());
+ if (securityContext == null || securityContext.getUserPrincipal() == null) {
+ throw new WebApplicationException(401);
+ }
+ checkTransportSecurity();
+ return securityContext;
+ }
+
protected Response createErrorResponse(MultivaluedMap<String, String> params,
String redirectUri,
String error) {
UriBuilder ub = getRedirectUriBuilder(params.getFirst(OAuthConstants.STATE), redirectUri);
- ub.queryParam("error", error);
+ ub.queryParam(OAuthConstants.ERROR_KEY, error);
return Response.seeOther(ub.build()).build();
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1295681&r1=1295680&r2=1295681&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java Thu Mar 1 17:13:45 2012
@@ -37,6 +37,7 @@ public final class OAuthConstants {
// Well-known grant types
public static final String AUTHORIZATION_CODE_GRANT = "authorization_code";
+ public static final String CLIENT_CREDENTIALS_GRANT = "client_credentials";
// etc
// Well-known token types