You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/11/13 18:01:23 UTC
svn commit: r1408832 - in
/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services:
AbstractOAuthService.java AccessTokenService.java
RedirectionBasedGrantService.java
Author: sergeyb
Date: Tue Nov 13 17:01:22 2012
New Revision: 1408832
URL: http://svn.apache.org/viewvc?rev=1408832&view=rev
Log:
[CXF-4633] If the client is invalid then return an error directly to the end user without enforcing JSON media type
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java?rev=1408832&r1=1408831&r2=1408832&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java Tue Nov 13 17:01:22 2012
@@ -25,6 +25,7 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.jaxrs.ext.MessageContext;
@@ -64,29 +65,20 @@ public abstract class AbstractOAuthServi
return getMessageContext().getUriInfo().getQueryParameters();
}
- protected Client getClient(MultivaluedMap<String, String> params) {
- return getClient(params.getFirst(OAuthConstants.CLIENT_ID));
+ protected Client getValidClient(MultivaluedMap<String, String> params) {
+ return getValidClient(params.getFirst(OAuthConstants.CLIENT_ID));
}
/**
* Get the {@link Client} reference
* @param clientId the provided client id
* @return Client the client reference
- * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found,
- * the error is returned directly to the end user without
- * following the redirect URI if any
+ * @throws {@link OAuthServiceExcepption} if no matching Client is found
*/
- protected Client getClient(String clientId) {
+ protected Client getValidClient(String clientId) throws OAuthServiceException {
Client client = null;
if (clientId != null) {
- try {
- client = dataProvider.getClient(clientId);
- } catch (OAuthServiceException ex) {
- // log it
- }
- }
- if (client == null) {
- reportInvalidRequestError("Client ID is invalid");
+ client = dataProvider.getClient(clientId);
}
return client;
@@ -107,10 +99,21 @@ public abstract class AbstractOAuthServi
}
protected void reportInvalidRequestError(String errorDescription) {
+ reportInvalidRequestError(errorDescription, MediaType.APPLICATION_JSON_TYPE);
+ }
+
+ protected void reportInvalidRequestError(String errorDescription, MediaType mt) {
OAuthError error =
new OAuthError(OAuthConstants.INVALID_REQUEST, errorDescription);
- throw new BadRequestException(
- Response.status(400).type(MediaType.APPLICATION_JSON).entity(error).build());
+ reportInvalidRequestError(error, mt);
+ }
+
+ protected void reportInvalidRequestError(OAuthError entity, MediaType mt) {
+ ResponseBuilder rb = Response.status(400);
+ if (mt != null) {
+ rb.type(mt);
+ }
+ throw new BadRequestException(rb.entity(entity).build());
}
/**
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java?rev=1408832&r1=1408831&r2=1408832&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java Tue Nov 13 17:01:22 2012
@@ -215,4 +215,24 @@ public class AccessTokenService extends
protected Response createErrorResponseFromBean(OAuthError errorBean) {
return Response.status(400).entity(errorBean).build();
}
+
+ /**
+ * Get the {@link Client} reference
+ * @param clientId the provided client id
+ * @return Client the client reference
+ * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found
+ */
+ protected Client getClient(String clientId) {
+ Client client = null;
+ try {
+ client = getValidClient(clientId);
+ } catch (OAuthServiceException ex) {
+ // log it
+ }
+ if (client == null) {
+ reportInvalidRequestError("Client ID is invalid");
+ }
+ return client;
+
+ }
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java?rev=1408832&r1=1408831&r2=1408832&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java Tue Nov 13 17:01:22 2012
@@ -316,4 +316,29 @@ public abstract class RedirectionBasedGr
}
}
+ /**
+ * Get the {@link Client} reference
+ * @param params request parameters
+ * @return Client the client reference
+ * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found,
+ * the error is returned directly to the end user without
+ * following the redirect URI if any
+ */
+ protected Client getClient(MultivaluedMap<String, String> params) {
+ Client client = null;
+
+ try {
+ client = getValidClient(params);
+ } catch (OAuthServiceException ex) {
+ if (ex.getError() != null) {
+ reportInvalidRequestError(ex.getError(), null);
+ }
+ }
+
+ if (client == null) {
+ reportInvalidRequestError("Client ID is invalid", null);
+ }
+ return client;
+
+ }
}