You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/12/04 17:38:34 UTC
[2/3] cxf git commit: Make sure the default scopes are returned to
the user
Make sure the default scopes are returned to the user
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/796fda4c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/796fda4c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/796fda4c
Branch: refs/heads/master
Commit: 796fda4c78788994686f2cad961b5bbdf8bcb4ef
Parents: 0b9ce1c
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Dec 4 16:13:13 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Dec 4 16:35:04 2015 +0000
----------------------------------------------------------------------
.../oauth2/services/AuthorizationCodeGrantService.java | 6 ++++--
.../security/oauth2/services/ImplicitGrantService.java | 4 +++-
.../oauth2/services/RedirectionBasedGrantService.java | 13 ++++++++++---
3 files changed, 17 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/796fda4c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index b95eae7..36615e7 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -68,10 +68,12 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
MultivaluedMap<String, String> params,
String redirectUri,
UserSubject subject,
+ List<String> requestedScopes,
List<OAuthPermission> perms,
boolean authorizationCanBeSkipped) {
OAuthAuthorizationData data =
- super.createAuthorizationData(client, params, redirectUri, subject, perms, authorizationCanBeSkipped);
+ super.createAuthorizationData(client, params, redirectUri, subject,
+ requestedScopes, perms, authorizationCanBeSkipped);
setCodeQualifier(data, params);
return data;
}
@@ -105,7 +107,7 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
codeReg.setClient(client);
codeReg.setRedirectUri(state.getRedirectUri());
codeReg.setRequestedScope(requestedScope);
- if (approvedScope != null && approvedScope.isEmpty()) {
+ if (approvedScope == null || approvedScope.isEmpty()) {
// no down-scoping done by a user, all of the requested scopes have been authorized
codeReg.setApprovedScope(requestedScope);
} else {
http://git-wip-us.apache.org/repos/asf/cxf/blob/796fda4c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
index 057c59d..bec3714 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
@@ -55,10 +55,12 @@ public class ImplicitGrantService extends AbstractImplicitGrantService {
MultivaluedMap<String, String> params,
String redirectUri,
UserSubject subject,
+ List<String> requestedScopes,
List<OAuthPermission> perms,
boolean authorizationCanBeSkipped) {
OAuthAuthorizationData data =
- super.createAuthorizationData(client, params, redirectUri, subject, perms, authorizationCanBeSkipped);
+ super.createAuthorizationData(client, params, redirectUri, subject,
+ requestedScopes, perms, authorizationCanBeSkipped);
data.setImplicitFlow(true);
return data;
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/796fda4c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index cc9baba..53cedaf 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -172,8 +172,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
// Populate the authorization challenge data
OAuthAuthorizationData data =
- createAuthorizationData(client, params, redirectUri, userSubject, requestedPermissions,
- authorizationCanBeSkipped);
+ createAuthorizationData(client, params, redirectUri, userSubject, requestedScope,
+ requestedPermissions, authorizationCanBeSkipped);
if (authorizationCanBeSkipped) {
List<OAuthPermission> approvedScopes =
@@ -203,6 +203,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
MultivaluedMap<String, String> params,
String redirectUri,
UserSubject subject,
+ List<String> requestedScope,
List<OAuthPermission> perms,
boolean authorizationCanBeSkipped) {
@@ -213,7 +214,13 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
secData.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
secData.setNonce(params.getFirst(OAuthConstants.NONCE));
secData.setClientId(client.getClientId());
- secData.setProposedScope(params.getFirst(OAuthConstants.SCOPE));
+ if (requestedScope != null && !requestedScope.isEmpty()) {
+ StringBuilder builder = new StringBuilder();
+ for (String scope : requestedScope) {
+ builder.append(scope + " ");
+ }
+ secData.setProposedScope(builder.toString().trim());
+ }
if (!authorizationCanBeSkipped) {
secData.setPermissions(perms);
secData.setApplicationName(client.getApplicationName());