You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/05/25 13:06:47 UTC
svn commit: r1342573 - in
/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2:
services/AccessTokenService.java utils/OAuthConstants.java
Author: sergeyb
Date: Fri May 25 11:06:47 2012
New Revision: 1342573
URL: http://svn.apache.org/viewvc?rev=1342573&view=rev
Log:
[CXF-4341] Doing the case-insensitive comparison for the default Basic auth scheme
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java?rev=1342573&r1=1342572&r2=1342573&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java Fri May 25 11:06:47 2012
@@ -132,14 +132,14 @@ public class AccessTokenService extends
// client has already authenticated
Principal p = sc.getUserPrincipal();
String scheme = sc.getAuthenticationScheme();
- if ("Basic".equals(scheme)) {
+ if (OAuthConstants.BASIC_SCHEME.equalsIgnoreCase(scheme)) {
// section 2.3.1
client = getClient(p.getName());
} else {
// section 2.3.2
// the client has authenticated itself using some other scheme
// in which case the mapping between the scheme and the client_id
- // should've been done, in which case the client_id is expected
+ // should've been done and the client_id is expected
// on the current message
Object clientIdProp = getMessageContext().get(OAuthConstants.CLIENT_ID);
if (clientIdProp != null) {
@@ -152,7 +152,7 @@ public class AccessTokenService extends
// the client id and secret are expected to be in the Basic scheme data
String[] parts =
AuthorizationUtils.getAuthorizationParts(getMessageContext());
- if ("Basic".equals(parts[0])) {
+ if (OAuthConstants.BASIC_SCHEME.equalsIgnoreCase(parts[0])) {
String[] authInfo = AuthorizationUtils.getBasicAuthParts(parts[1]);
client = getAndValidateClient(authInfo[0], authInfo[1]);
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1342573&r1=1342572&r2=1342573&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java Fri May 25 11:06:47 2012
@@ -53,6 +53,8 @@ public final class OAuthConstants {
public static final String MAC_AUTHORIZATION_SCHEME = "Mac";
public static final String ALL_AUTH_SCHEMES = "*";
+ // Default Client Authentication Scheme
+ public static final String BASIC_SCHEME = "Basic";
// Authorization Code grant constants
public static final String AUTHORIZATION_CODE_VALUE = "code";