You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/07/19 01:17:36 UTC
svn commit: r1363169 - in /cxf/branches/2.6.x-fixes: ./
rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/
rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/
rt/rs/security/oau...
Author: sergeyb
Date: Wed Jul 18 23:17:35 2012
New Revision: 1363169
URL: http://svn.apache.org/viewvc?rev=1363169&view=rev
Log:
Merged revisions 1363166-1363167 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1363166 | sergeyb | 2012-07-19 00:03:28 +0100 (Thu, 19 Jul 2012) | 1 line
[CXF-4428,CXF-4432] Turning error-related properties into contextual ones, fixing the test; restoring the original support for oob callbacks with few updates
........
r1363167 | sergeyb | 2012-07-19 00:06:23 +0100 (Thu, 19 Jul 2012) | 1 line
Updating the spnego handler to use message.getContextualProperty when checking for the credential
........
Added:
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
- copied unchanged from r1363167, cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
Modified:
cxf/branches/2.6.x-fixes/ (props changed)
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
cxf/branches/2.6.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java
cxf/branches/2.6.x-fixes/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml
Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Merged /cxf/trunk:r1363166-1363167
Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java?rev=1363169&r1=1363168&r2=1363169&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java Wed Jul 18 23:17:35 2012
@@ -36,6 +36,7 @@ public class OAuthAuthorizationData impl
private String authenticityToken;
private String applicationName;
private String applicationURI;
+ private String callbackURI;
private String applicationDescription;
private String logoUri;
private String replyTo;
@@ -111,4 +112,12 @@ public class OAuthAuthorizationData impl
public String getLogoUri() {
return logoUri;
}
+
+ public String getCallbackURI() {
+ return callbackURI;
+ }
+
+ public void setCallbackURI(String callbackURI) {
+ this.callbackURI = callbackURI;
+ }
}
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java?rev=1363169&r1=1363168&r2=1363169&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java Wed Jul 18 23:17:35 2012
@@ -35,7 +35,6 @@ public abstract class AbstractOAuthServi
private OAuthDataProvider dataProvider;
private OAuthValidator validator = new DefaultOAuthValidator();
- private boolean reportFailureDetails;
@Context
public void setMessageContext(MessageContext context) {
@@ -43,7 +42,6 @@ public abstract class AbstractOAuthServi
}
public MessageContext getMessageContext() {
- mc.put(OAuthUtils.REPORT_FAILURE_DETAILS, reportFailureDetails);
return mc;
}
@@ -63,5 +61,4 @@ public abstract class AbstractOAuthServi
this.validator = validator;
}
-
}
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1363169&r1=1363168&r2=1363169&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java Wed Jul 18 23:17:35 2012
@@ -36,6 +36,7 @@ import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
@@ -138,8 +139,14 @@ public class AuthorizationRequestHandler
if (token.getState() != null) {
queryParams.put("state", token.getState());
}
- URI callback = buildCallbackURI(getCallbackURI(token), queryParams);
- return Response.seeOther(callback).build();
+ String callbackValue = getCallbackValue(token);
+ if (OAuthConstants.OAUTH_CALLBACK_OOB.equals(callbackValue)) {
+ OOBAuthorizationResponse bean = convertQueryParamsToOOB(queryParams);
+ return Response.ok().type(MediaType.TEXT_HTML).entity(bean).build();
+ } else {
+ URI callbackURI = buildCallbackURI(callbackValue, queryParams);
+ return Response.seeOther(callbackURI).build();
+ }
} catch (OAuthProblemException e) {
LOG.log(Level.WARNING, "An OAuth related problem: {0}", new Object[]{e.fillInStackTrace()});
@@ -158,7 +165,7 @@ public class AuthorizationRequestHandler
}
}
- protected String getCallbackURI(RequestToken token) throws OAuthProblemException {
+ protected String getCallbackValue(RequestToken token) throws OAuthProblemException {
String callback = token.getCallback();
if (callback == null) {
callback = token.getClient().getApplicationURI();
@@ -179,12 +186,22 @@ public class AuthorizationRequestHandler
return builder.build();
}
+ private OOBAuthorizationResponse convertQueryParamsToOOB(Map<String, String> queryParams) {
+
+ OOBAuthorizationResponse oob = new OOBAuthorizationResponse();
+ oob.setRequestToken(queryParams.get(OAuth.OAUTH_TOKEN));
+ oob.setVerifier(queryParams.get(OAuth.OAUTH_VERIFIER));
+ oob.setState(queryParams.get("state"));
+ return oob;
+ }
+
protected OAuthAuthorizationData addAdditionalParams(OAuthAuthorizationData secData,
OAuthDataProvider dataProvider,
- RequestToken token) {
+ RequestToken token) throws OAuthProblemException {
secData.setOauthToken(token.getTokenKey());
secData.setApplicationName(token.getClient().getApplicationName());
secData.setApplicationURI(token.getClient().getApplicationURI());
+ secData.setCallbackURI(getCallbackValue(token));
secData.setApplicationDescription(token.getClient().getApplicationDescription());
secData.setLogoUri(token.getClient().getLogoUri());
secData.setPermissions(token.getScopes());
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1363169&r1=1363168&r2=1363169&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java Wed Jul 18 23:17:35 2012
@@ -123,21 +123,22 @@ public class RequestTokenHandler {
protected void validateCallbackURL(Client client,
String oauthCallback) throws OAuthProblemException {
-
- if (StringUtils.isEmpty(oauthCallback)
- || client.getCallbackURI() != null
- && !oauthCallback.equals(client.getCallbackURI())
- || client.getApplicationURI() != null
- && !oauthCallback.startsWith(client.getApplicationURI())) {
- OAuthProblemException problemEx = new OAuthProblemException(
- OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK);
- problemEx
- .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
- HttpServletResponse.SC_BAD_REQUEST);
- throw problemEx;
-
+ // the callback must not be empty or null, and it should either match
+ // the pre-registered callback URI or have the common root with the
+ // the pre-registered application URI
+ if (!StringUtils.isEmpty(oauthCallback)
+ && (!StringUtils.isEmpty(client.getCallbackURI())
+ && oauthCallback.equals(client.getCallbackURI())
+ || !StringUtils.isEmpty(client.getApplicationURI())
+ && oauthCallback.startsWith(client.getApplicationURI()))) {
+ return;
}
-
+ OAuthProblemException problemEx = new OAuthProblemException(
+ OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK);
+ problemEx
+ .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
+ HttpServletResponse.SC_BAD_REQUEST);
+ throw problemEx;
}
public void setTokenLifetime(long tokenLifetime) {
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java?rev=1363169&r1=1363168&r2=1363169&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java Wed Jul 18 23:17:35 2012
@@ -40,6 +40,8 @@ public final class OAuthConstants {
public static final String X_OAUTH_SCOPE = "scope";
public static final String OAUTH_CONSUMER_SECRET = "oauth_consumer_secret";
+ public static final String OAUTH_CALLBACK_OOB = "oob";
+
private OAuthConstants() {
}
Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1363169&r1=1363168&r2=1363169&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java Wed Jul 18 23:17:35 2012
@@ -64,7 +64,8 @@ import org.apache.cxf.rs.security.oauth.
*/
public final class OAuthUtils {
public static final String REPORT_FAILURE_DETAILS = "report.failure.details";
-
+ public static final String REPORT_FAILURE_DETAILS_AS_HEADER = "report.failure.details.as.header";
+
private OAuthUtils() {
}
@@ -162,8 +163,24 @@ public final class OAuthUtils {
Exception e,
int status) {
ResponseBuilder builder = Response.status(status);
- if (MessageUtils.isTrue(mc.get(REPORT_FAILURE_DETAILS))) {
- builder.entity(e.getMessage());
+ if (MessageUtils.isTrue(mc.getContextualProperty(REPORT_FAILURE_DETAILS))) {
+ boolean asHeader = MessageUtils.isTrue(
+ mc.getContextualProperty(REPORT_FAILURE_DETAILS_AS_HEADER));
+ String text = null;
+ if (e instanceof OAuthProblemException) {
+ OAuthProblemException problem = (OAuthProblemException)e;
+ if (asHeader && problem.getProblem() != null) {
+ text = problem.getProblem();
+ }
+ }
+ if (text == null) {
+ text = e.getMessage();
+ }
+ if (asHeader) {
+ builder.header("oauth_problem", text);
+ } else {
+ builder.entity(e.getMessage());
+ }
}
throw new WebApplicationException(builder.build());
}
Modified: cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java?rev=1363169&r1=1363168&r2=1363169&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java (original)
+++ cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/auth/AbstractSpnegoAuthSupplier.java Wed Jul 18 23:17:35 2012
@@ -135,7 +135,8 @@ public abstract class AbstractSpnegoAuth
GSSManager manager = GSSManager.getInstance();
GSSName serverName = manager.createName(spn, null);
- GSSCredential delegatedCred = (GSSCredential)message.get(GSSCredential.class.getName());
+ GSSCredential delegatedCred =
+ (GSSCredential)message.getContextualProperty(GSSCredential.class.getName());
GSSContext context = manager
.createContext(serverName.canonicalize(oid), oid, delegatedCred, GSSContext.DEFAULT_LIFETIME);
Modified: cxf/branches/2.6.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java?rev=1363169&r1=1363168&r2=1363169&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java (original)
+++ cxf/branches/2.6.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java Wed Jul 18 23:17:35 2012
@@ -101,12 +101,8 @@ public class TemporaryCredentialServiceT
//test wrong client id
parameters.put(OAuth.OAUTH_CONSUMER_KEY, "wrong");
message = invokeRequestToken(parameters, style, OAuthServer.PORT);
-
- wwwHeader = message.getHeader(HttpHeaders.WWW_AUTHENTICATE);
- List<OAuth.Parameter> list = OAuthMessage.decodeAuthorization(wwwHeader);
-
- String oauthProblem = OAuthTestUtils.findOAuthParameter(list, "oauth_problem").getValue();
- Assert.assertEquals(OAuth.Problems.CONSUMER_KEY_UNKNOWN, oauthProblem);
+ String response = message.getHeader("oauth_problem");
+ Assert.assertEquals(OAuth.Problems.CONSUMER_KEY_UNKNOWN, response);
}
}
}
Modified: cxf/branches/2.6.x-fixes/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml?rev=1363169&r1=1363168&r2=1363169&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml (original)
+++ cxf/branches/2.6.x-fixes/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml Wed Jul 18 23:17:35 2012
@@ -29,6 +29,10 @@ under the License.
<jaxrs:serviceBeans>
<ref bean="temporaryCredentialService"/>
</jaxrs:serviceBeans>
+ <jaxrs:properties>
+ <entry key="report.failure.details" value="true"/>
+ <entry key="report.failure.details.as.header" value="true"/>
+ </jaxrs:properties>
</jaxrs:server>
<bean id="temporaryCredentialService"