You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/12/14 12:26:53 UTC

[2/3] cxf git commit: Revert "Make sure the State is always returned to the client on an error"

Revert "Make sure the State is always returned to the client on an error"

This reverts commit 08068c8a6c784e866ba9bb9b2b16e5b35d569e1b.

Conflicts:
	rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6a2cd429
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6a2cd429
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6a2cd429

Branch: refs/heads/3.0.x-fixes
Commit: 6a2cd429a8e5f0775e99282dcf213ec5a3b5a3f0
Parents: 20d4c14
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Dec 14 11:17:14 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Dec 14 11:21:52 2015 +0000

----------------------------------------------------------------------
 .../services/RedirectionBasedGrantService.java  | 25 ++++++++++++++++++++
 1 file changed, 25 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6a2cd429/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index e260bbc..923b3b6 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -235,8 +235,15 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         //TODO: additionally we can check that the Principal that got authenticated
         // in startAuthorization is the same that got authenticated in completeAuthorization
         
+<<<<<<< HEAD
         Client client = getClient(params);
         String redirectUri = validateRedirectUri(client, params.getFirst(OAuthConstants.REDIRECT_URI));
+=======
+        OAuthRedirectionState state = 
+            recreateRedirectionStateFromSession(userSubject, params, sessionToken);
+        Client client = getClient(state.getClientId());
+        String redirectUri = validateRedirectUri(client, state.getRedirectUri());
+>>>>>>> f3646c6... Revert "Make sure the State is always returned to the client on an error"
         
         // Get the end user decision value
         String decision = params.getFirst(OAuthConstants.AUTHORIZATION_DECISION_KEY);
@@ -325,7 +332,11 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         List<String> uris = client.getRedirectUris();
         if (redirectUri != null) {
             if (!uris.contains(redirectUri)) {
+<<<<<<< HEAD
                 redirectUri = null;
+=======
+                reportInvalidRequestError("Client Redirect Uri is invalid");
+>>>>>>> f3646c6... Revert "Make sure the State is always returned to the client on an error"
             } 
         } else if (uris.size() == 1 && useRegisteredRedirectUriIfPossible) {
             redirectUri = uris.get(0);
@@ -387,11 +398,19 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
      *         the error is returned directly to the end user without 
      *         following the redirect URI if any
      */
+<<<<<<< HEAD
     protected Client getClient(MultivaluedMap<String, String> params) {
         Client client = null;
         
         try {
             client = getValidClient(params);
+=======
+    protected Client getClient(String clientId) {
+        Client client = null;
+        
+        try {
+            client = getValidClient(clientId);
+>>>>>>> f3646c6... Revert "Make sure the State is always returned to the client on an error"
         } catch (OAuthServiceException ex) {
             if (ex.getError() != null) {
                 reportInvalidRequestError(ex.getError(), null);
@@ -404,6 +423,12 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         return client;
         
     }
+<<<<<<< HEAD
+=======
+    protected Client getClient(MultivaluedMap<String, String> params) {
+        return this.getClient(params.getFirst(OAuthConstants.CLIENT_ID));
+    }
+>>>>>>> f3646c6... Revert "Make sure the State is always returned to the client on an error"
     protected String getSupportedGrantType() {
         return this.supportedGrantType;
     }