You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/01/22 23:12:29 UTC
svn commit: r1234634 - in /cxf/trunk:
distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/
rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/
rt/rs/security/oauth-paren...
Author: sergeyb
Date: Sun Jan 22 22:12:29 2012
New Revision: 1234634
URL: http://svn.apache.org/viewvc?rev=1234634&view=rev
Log:
[CXF-4051] Fixes to do with supporting OAuth scopes
Modified:
cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java?rev=1234634&r1=1234633&r2=1234634&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java Sun Jan 22 22:12:29 2012
@@ -20,6 +20,7 @@
package demo.oauth.server.controllers;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.UUID;
@@ -52,9 +53,10 @@ public class MemoryOAuthDataProvider imp
static {
AVAILABLE_PERMISSIONS
.put("read_info", new OAuthPermission("read_info", "Read your personal information",
- "ROLE_USER"));
+ Collections.singletonList("ROLE_USER")));
AVAILABLE_PERMISSIONS.put("modify_info",
- new OAuthPermission("modify_info", "Modify your personal information", "ROLE_ADMIN"));
+ new OAuthPermission("modify_info", "Modify your personal information",
+ Collections.singletonList("ROLE_ADMIN")));
}
protected ConcurrentHashMap<String, Client> clientAuthInfo = new ConcurrentHashMap<String, Client>();
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java?rev=1234634&r1=1234633&r2=1234634&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java Sun Jan 22 22:12:29 2012
@@ -20,6 +20,7 @@
package org.apache.cxf.rs.security.oauth.test;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.UUID;
@@ -44,9 +45,10 @@ public class MemoryOAuthDataProvider imp
static {
AVAILABLE_PERMISSIONS
.put("read_info", new OAuthPermission("read_info", "Read your personal information",
- "ROLE_USER"));
+ Collections.singletonList("ROLE_USER")));
AVAILABLE_PERMISSIONS.put("modify_info",
- new OAuthPermission("modify_info", "Modify your personal information", "ROLE_ADMIN"));
+ new OAuthPermission("modify_info", "Modify your personal information",
+ Collections.singletonList("ROLE_ADMIN")));
}
protected ConcurrentHashMap<String, Client> clientAuthInfo = new ConcurrentHashMap<String, Client>();
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java?rev=1234634&r1=1234633&r2=1234634&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java Sun Jan 22 22:12:29 2012
@@ -161,7 +161,16 @@ public final class OAuthClientUtils {
String method, String requestURI, Map<String, String> parameters) {
try {
OAuthMessage msg = accessor.newRequestMessage(method, requestURI, parameters.entrySet());
- return msg.getAuthorizationHeader(null);
+ StringBuilder sb = new StringBuilder();
+ sb.append(msg.getAuthorizationHeader(null));
+ for (Map.Entry<String, String> entry : parameters.entrySet()) {
+ if (!entry.getKey().startsWith("oauth_")) {
+ sb.append(", ");
+ sb.append(OAuth.percentEncode(entry.getKey())).append("=\"");
+ sb.append(OAuth.percentEncode(entry.getValue())).append('"');
+ }
+ }
+ return sb.toString();
} catch (Exception ex) {
throw new ClientWebApplicationException(ex);
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java?rev=1234634&r1=1234633&r2=1234634&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java Sun Jan 22 22:12:29 2012
@@ -30,8 +30,8 @@ public class OAuthPermission extends Per
private List<String> uri = Collections.emptyList();
private boolean authorizationKeyRequired = true;
- public OAuthPermission(String permission, String description, String role) {
- this(permission, description, Collections.singletonList(role));
+ public OAuthPermission(String permission, String description) {
+ super(permission, description);
}
public OAuthPermission(String permission, String description, List<String> roles) {
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1234634&r1=1234633&r2=1234634&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java Sun Jan 22 22:12:29 2012
@@ -19,11 +19,17 @@
package org.apache.cxf.rs.security.oauth.filters;
import java.security.Principal;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
import java.util.List;
+import java.util.Map;
+import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
import net.oauth.OAuth;
import net.oauth.OAuthMessage;
@@ -38,6 +44,7 @@ import org.apache.cxf.rs.security.oauth.
import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
import org.apache.cxf.rs.security.oauth.data.UserSubject;
import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
import org.apache.cxf.security.SecurityContext;
@@ -57,6 +64,14 @@ public class AbstractAuthFilter {
OAuth.OAUTH_NONCE
};
+ private static final Set<String> ALLOWED_OAUTH_PARAMETERS;
+ static {
+ ALLOWED_OAUTH_PARAMETERS = new HashSet<String>();
+ ALLOWED_OAUTH_PARAMETERS.addAll(Arrays.asList(REQUIRED_PARAMETERS));
+ ALLOWED_OAUTH_PARAMETERS.add(OAuthConstants.X_OAUTH_SCOPE);
+ ALLOWED_OAUTH_PARAMETERS.add(OAuthConstants.X_OAUTH_URI);
+ }
+
private OAuthDataProvider dataProvider;
protected AbstractAuthFilter() {
@@ -90,7 +105,8 @@ public class AbstractAuthFilter {
AccessToken accessToken = null;
Client client = null;
- OAuthMessage oAuthMessage = OAuthServlet.getMessage(req, req.getRequestURL().toString());
+ OAuthMessage oAuthMessage = OAuthServlet.getMessage(new CustomHttpServletWrapper(req),
+ OAuthServlet.getRequestURL(req));
if (oAuthMessage.getParameter(OAuth.OAUTH_TOKEN) != null) {
oAuthMessage.requireParameters(REQUIRED_PARAMETERS);
@@ -205,4 +221,24 @@ public class AbstractAuthFilter {
}
return new OAuthContext(subject, info.getPermissions());
}
+
+ private static class CustomHttpServletWrapper extends HttpServletRequestWrapper {
+ public CustomHttpServletWrapper(HttpServletRequest req) {
+ super(req);
+ }
+
+ public Map<String, String[]> getParameterMap() {
+ Map<String, String[]> params = super.getParameterMap();
+ if (ALLOWED_OAUTH_PARAMETERS.containsAll(params.keySet())) {
+ return params;
+ }
+ Map<String, String[]> newParams = new HashMap<String, String[]>();
+ for (Map.Entry<String, String[]> entry : params.entrySet()) {
+ if (ALLOWED_OAUTH_PARAMETERS.contains(entry.getKey())) {
+ newParams.put(entry.getKey(), entry.getValue());
+ }
+ }
+ return newParams;
+ }
+ }
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java?rev=1234634&r1=1234633&r2=1234634&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java Sun Jan 22 22:12:29 2012
@@ -84,8 +84,11 @@ public class AccessTokenHandler {
if (LOG.isLoggable(Level.WARNING)) {
LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
}
- return OAuthUtils.handleException(e, e.getHttpStatusCode(),
- String.valueOf(e.getParameters().get("realm")));
+ int code = e.getHttpStatusCode();
+ if (code == 200) {
+ code = HttpServletResponse.SC_UNAUTHORIZED;
+ }
+ return OAuthUtils.handleException(e, code, String.valueOf(e.getParameters().get("realm")));
} catch (Exception e) {
if (LOG.isLoggable(Level.WARNING)) {
LOG.log(Level.WARNING, "Server Exception: {0}", new Object[] {e.fillInStackTrace()});
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1234634&r1=1234633&r2=1234634&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java Sun Jan 22 22:12:29 2012
@@ -115,8 +115,11 @@ public class AuthorizationRequestHandler
if (LOG.isLoggable(Level.WARNING)) {
LOG.log(Level.WARNING, "An OAuth related problem: {0}", new Object[]{e.fillInStackTrace()});
}
- return OAuthUtils.handleException(e, e.getHttpStatusCode(),
- String.valueOf(e.getParameters().get("realm")));
+ int code = e.getHttpStatusCode();
+ if (code == 200) {
+ code = HttpServletResponse.SC_UNAUTHORIZED;
+ }
+ return OAuthUtils.handleException(e, code, String.valueOf(e.getParameters().get("realm")));
} catch (Exception e) {
if (LOG.isLoggable(Level.SEVERE)) {
LOG.log(Level.SEVERE, "Server exception: {0}", new Object[]{e.fillInStackTrace()});
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1234634&r1=1234633&r2=1234634&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java Sun Jan 22 22:12:29 2012
@@ -67,12 +67,7 @@ public class RequestTokenHandler {
.getClient(oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY));
//client credentials not found
if (client == null) {
- OAuthProblemException problemEx = new OAuthProblemException(
- OAuth.Problems.CONSUMER_KEY_UNKNOWN);
- problemEx
- .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
- HttpServletResponse.SC_UNAUTHORIZED);
- throw problemEx;
+ throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
}
OAuthUtils.validateMessage(oAuthMessage, client, null, dataProvider);
@@ -112,8 +107,11 @@ public class RequestTokenHandler {
if (LOG.isLoggable(Level.WARNING)) {
LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
}
- return OAuthUtils.handleException(e, e.getHttpStatusCode(),
- String.valueOf(e.getParameters().get("realm")));
+ int code = e.getHttpStatusCode();
+ if (code == 200) {
+ code = HttpServletResponse.SC_UNAUTHORIZED;
+ }
+ return OAuthUtils.handleException(e, code, String.valueOf(e.getParameters().get("realm")));
} catch (Exception e) {
if (LOG.isLoggable(Level.SEVERE)) {
LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1234634&r1=1234633&r2=1234634&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java Sun Jan 22 22:12:29 2012
@@ -201,7 +201,7 @@ public final class OAuthUtils {
scopeList.add(token);
}
}
- if (defaultValue != null) {
+ if (defaultValue != null && !scopeList.contains(defaultValue)) {
scopeList.add(defaultValue);
}
return scopeList;