You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/02/13 13:38:36 UTC
svn commit: r1567907 - in
/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2:
filters/ services/
Author: sergeyb
Date: Thu Feb 13 12:38:36 2014
New Revision: 1567907
URL: http://svn.apache.org/r1567907
Log:
[CXF-5561] Updating AccessTokenValidatorService to ensure an authenticated Principal is available
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java?rev=1567907&r1=1567906&r2=1567907&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java Thu Feb 13 12:38:36 2014
@@ -41,6 +41,7 @@ import org.apache.cxf.rs.security.oauth2
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.services.AbstractAccessTokenValidator;
+import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.apache.cxf.security.SecurityContext;
@@ -65,8 +66,15 @@ public class OAuthRequestFilter extends
return;
}
+ // Get the scheme and its data, Bearer only is supported by default
+ // WWW-Authenticate with the list of supported schemes will be sent back
+ // if the scheme is not accepted
+ String[] authParts = getAuthorizationParts(m);
+ String authScheme = authParts[0];
+ String authSchemeData = authParts[1];
+
// Get the access token
- AccessTokenValidation accessTokenV = getAccessTokenValidation();
+ AccessTokenValidation accessTokenV = getAccessTokenValidation(authScheme, authSchemeData);
// Find the scopes which match the current request
@@ -190,4 +198,7 @@ public class OAuthRequestFilter extends
this.audienceIsEndpointAddress = audienceIsEndpointAddress;
}
+ protected String[] getAuthorizationParts(Message m) {
+ return AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes);
+ }
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java?rev=1567907&r1=1567906&r2=1567907&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java Thu Feb 13 12:38:36 2014
@@ -34,6 +34,16 @@ public class OAuthRequestInterceptor ext
validateRequest(message);
}
+ protected String[] getAuthorizationParts(Message message) {
+ return super.getAuthorizationParts(message);
+
+// You can customise it, extract the token from the message, example, get
+// WS-Security Binary token put on the message by WSS4JInInterceptor
+//
+// String token = getTokenFromCurrentMessage(mc);
+// return new String[] {"Bearer", token};
+ }
+
public Collection<PhaseInterceptor<? extends Message>> getAdditionalInterceptors() {
return null;
}
@@ -57,14 +67,4 @@ public class OAuthRequestInterceptor ext
public void handleFault(Message message) {
}
-// protected String[] getAuthorizationParts() {
-// // the current message is wrapped in MessageContext
-// MessageContext mc = getMessageContext();
-//
-// // extract the token from the message, example, get
-// // WS-Security Binary token put on the message by WSS4JInInterceptor
-//
-// String token = getTokenFromCurrentMessage(mc);
-// return new String[] {"Bearer", token};
-// }
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java?rev=1567907&r1=1567906&r2=1567907&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java Thu Feb 13 12:38:36 2014
@@ -43,16 +43,14 @@ public abstract class AbstractAccessToke
private static final String DEFAULT_AUTH_SCHEME = OAuthConstants.BEARER_AUTHORIZATION_SCHEME;
+
+ protected Set<String> supportedSchemes = new HashSet<String>();
+ protected String realm;
private MessageContext mc;
-
private List<AccessTokenValidator> tokenHandlers = Collections.emptyList();
private List<String> audiences = new LinkedList<String>();
-
- private Set<String> supportedSchemes = new HashSet<String>();
-
private OAuthDataProvider dataProvider;
- private String realm;
public void setTokenValidator(AccessTokenValidator validator) {
setTokenValidators(Collections.singletonList(validator));
@@ -92,19 +90,12 @@ public abstract class AbstractAccessToke
/**
* Get the access token
*/
- protected AccessTokenValidation getAccessTokenValidation() {
+ protected AccessTokenValidation getAccessTokenValidation(String authScheme, String authSchemeData) {
AccessTokenValidation accessTokenV = null;
if (dataProvider == null && tokenHandlers.isEmpty()) {
throw ExceptionUtils.toInternalServerErrorException(null, null);
}
- // Get the scheme and its data, Bearer only is supported by default
- // WWW-Authenticate with the list of supported schemes will be sent back
- // if the scheme is not accepted
- String[] authParts = getAuthorizationParts();
- String authScheme = authParts[0];
- String authSchemeData = authParts[1];
-
// Get the registered handler capable of processing the token
AccessTokenValidator handler = findTokenValidator(authScheme);
if (handler != null) {
@@ -164,9 +155,4 @@ public abstract class AbstractAccessToke
public void setAudiences(List<String> audiences) {
this.audiences = audiences;
}
-
- protected String[] getAuthorizationParts() {
- return AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes);
- }
-
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java?rev=1567907&r1=1567906&r2=1567907&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java Thu Feb 13 12:38:36 2014
@@ -18,18 +18,25 @@
*/
package org.apache.cxf.rs.security.oauth2.services;
+import javax.ws.rs.Encoded;
+import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
+import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
@Path("validate")
public class AccessTokenValidatorService extends AbstractAccessTokenValidator {
@GET
@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
- public AccessTokenValidation getTokenValidationInfo() {
- return super.getAccessTokenValidation();
+ public AccessTokenValidation getTokenValidationInfo(@FormParam("authScheme") String authScheme,
+ @Encoded @FormParam("authScheme") String authSchemeData) {
+ if (getMessageContext().getSecurityContext().getUserPrincipal() == null) {
+ AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
+ }
+ return super.getAccessTokenValidation(authScheme, authSchemeData);
}
}