You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/11/13 18:01:23 UTC

svn commit: r1408832 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services: AbstractOAuthService.java AccessTokenService.java RedirectionBasedGrantService.java

Author: sergeyb
Date: Tue Nov 13 17:01:22 2012
New Revision: 1408832

URL: http://svn.apache.org/viewvc?rev=1408832&view=rev
Log:
[CXF-4633] If the client is invalid then return an error directly to the end user without enforcing JSON media type

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java?rev=1408832&r1=1408831&r2=1408832&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java Tue Nov 13 17:01:22 2012
@@ -25,6 +25,7 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.jaxrs.ext.MessageContext;
@@ -64,29 +65,20 @@ public abstract class AbstractOAuthServi
         return getMessageContext().getUriInfo().getQueryParameters();
     }
     
-    protected Client getClient(MultivaluedMap<String, String> params) {
-        return getClient(params.getFirst(OAuthConstants.CLIENT_ID));
+    protected Client getValidClient(MultivaluedMap<String, String> params) {
+        return getValidClient(params.getFirst(OAuthConstants.CLIENT_ID));
     }
     /**
      * Get the {@link Client} reference
      * @param clientId the provided client id
      * @return Client the client reference 
-     * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found, 
-     *         the error is returned directly to the end user without 
-     *         following the redirect URI if any
+     * @throws {@link OAuthServiceExcepption} if no matching Client is found
      */
-    protected Client getClient(String clientId) {
+    protected Client getValidClient(String clientId) throws OAuthServiceException {
         Client client = null;
         
         if (clientId != null) {
-            try {
-                client = dataProvider.getClient(clientId);
-            } catch (OAuthServiceException ex) {
-                // log it
-            }
-        }
-        if (client == null) {
-            reportInvalidRequestError("Client ID is invalid");
+            client = dataProvider.getClient(clientId);
         }
         return client;
         
@@ -107,10 +99,21 @@ public abstract class AbstractOAuthServi
     }
     
     protected void reportInvalidRequestError(String errorDescription) {
+        reportInvalidRequestError(errorDescription, MediaType.APPLICATION_JSON_TYPE);
+    }
+    
+    protected void reportInvalidRequestError(String errorDescription, MediaType mt) {
         OAuthError error = 
             new OAuthError(OAuthConstants.INVALID_REQUEST, errorDescription);
-        throw new BadRequestException(
-                  Response.status(400).type(MediaType.APPLICATION_JSON).entity(error).build());
+        reportInvalidRequestError(error, mt);
+    }
+    
+    protected void reportInvalidRequestError(OAuthError entity, MediaType mt) {
+        ResponseBuilder rb = Response.status(400);
+        if (mt != null) {
+            rb.type(mt);
+        }
+        throw new BadRequestException(rb.entity(entity).build());
     }
 
     /**

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java?rev=1408832&r1=1408831&r2=1408832&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java Tue Nov 13 17:01:22 2012
@@ -215,4 +215,24 @@ public class AccessTokenService extends 
     protected Response createErrorResponseFromBean(OAuthError errorBean) {
         return Response.status(400).entity(errorBean).build();
     }
+    
+    /**
+     * Get the {@link Client} reference
+     * @param clientId the provided client id
+     * @return Client the client reference 
+     * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found
+     */
+    protected Client getClient(String clientId) {
+        Client client = null;
+        try {
+            client = getValidClient(clientId);
+        } catch (OAuthServiceException ex) {
+            // log it
+        }
+        if (client == null) {
+            reportInvalidRequestError("Client ID is invalid");
+        }
+        return client;
+        
+    }
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java?rev=1408832&r1=1408831&r2=1408832&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java Tue Nov 13 17:01:22 2012
@@ -316,4 +316,29 @@ public abstract class RedirectionBasedGr
         }
     }
     
+    /**
+     * Get the {@link Client} reference
+     * @param params request parameters
+     * @return Client the client reference 
+     * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found, 
+     *         the error is returned directly to the end user without 
+     *         following the redirect URI if any
+     */
+    protected Client getClient(MultivaluedMap<String, String> params) {
+        Client client = null;
+        
+        try {
+            client = getValidClient(params);
+        } catch (OAuthServiceException ex) {
+            if (ex.getError() != null) {
+                reportInvalidRequestError(ex.getError(), null);
+            }
+        }
+        
+        if (client == null) {
+            reportInvalidRequestError("Client ID is invalid", null);
+        }
+        return client;
+        
+    }
 }