You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2011/10/10 11:51:26 UTC
svn commit: r1180847 - in /cxf/trunk:
distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/
distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/
rt/rs/security/oauth-parent/oauth-te...
Author: sergeyb
Date: Mon Oct 10 09:51:26 2011
New Revision: 1180847
URL: http://svn.apache.org/viewvc?rev=1180847&view=rev
Log:
[CXF-2759] Removing a redundant Client callback property and making a loginName optional
Modified:
cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp
cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java Mon Oct 10 09:51:26 2011
@@ -73,9 +73,9 @@ public class ApplicationController imple
String secretKey = tokenGen.generateToken(new SecureRandom().generateSeed(20));
- Client clientInfo = new Client(principal.getName(), consumerKey,
- secretKey, clientApp.getCallbackURL(), clientApp.getClientName());
-
+ Client clientInfo =
+new Client(consumerKey, secretKey, clientApp.getClientName(), clientApp.getCallbackURL());
+ clientInfo.setLoginName(principal.getName());
Client authNInfo = clientManager.registerNewClient(consumerKey, clientInfo);
if (authNInfo != null) {
Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java Mon Oct 10 09:51:26 2011
@@ -72,8 +72,7 @@ public class MemoryOAuthDataProvider imp
protected DefaultOAuthValidator validator = new DefaultOAuthValidator();
public MemoryOAuthDataProvider() {
- Client client = new Client(CLIENT_ID, CLIENT_ID,
- CLIENT_SECRET, CALLBACK, APPLICATION_NAME);
+ Client client = new Client(CLIENT_ID, CLIENT_SECRET, APPLICATION_NAME, CALLBACK);
clientAuthInfo.put(CLIENT_ID, client);
}
@@ -99,7 +98,7 @@ public class MemoryOAuthDataProvider imp
reg.getLifetime());
reqToken.setScopes(reg.getScopes());
reqToken.setUris(reg.getUris());
-
+ reqToken.setCallback(reg.getCallback());
oauthTokens.put(token, reqToken);
return reqToken;
}
Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp (original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp Mon Oct 10 09:51:26 2011
@@ -40,10 +40,6 @@ under the License.
<td>${clientInfo.secretKey}</td>
</tr>
<tr>
- <td>Callback URL:</td>
- <td>${clientInfo.callbackURL}</td>
- </tr>
- <tr>
<td colspan="2">
<input type="submit" value="Register New Client"/>
</td>
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java Mon Oct 10 09:51:26 2011
@@ -67,9 +67,10 @@ public class MemoryOAuthDataProvider imp
protected DefaultOAuthValidator validator = new DefaultOAuthValidator();
public MemoryOAuthDataProvider() {
- Client client = new Client(OAuthTestUtils.CLIENT_ID, OAuthTestUtils.CLIENT_ID,
+ Client client = new Client(OAuthTestUtils.CLIENT_ID,
OAuthTestUtils.CLIENT_SECRET,
- OAuthTestUtils.CALLBACK, OAuthTestUtils.APPLICATION_NAME);
+ OAuthTestUtils.APPLICATION_NAME,
+ OAuthTestUtils.CALLBACK);
clientAuthInfo.put(OAuthTestUtils.CLIENT_ID, client);
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java Mon Oct 10 09:51:26 2011
@@ -22,48 +22,30 @@ import java.util.Collections;
import java.util.List;
public class Client {
- private String loginName;
private String consumerKey;
private String secretKey;
- private String callbackURL;
private String applicationURI;
private String applicationName;
+
+ private String loginName;
+
private List<String> uris = Collections.emptyList();
private List<String> scopes = Collections.emptyList();
- public Client(String loginName,
- String consumerKey, String secretKey, String callbackURL,
- String applicationName, List<String> uris) {
- this.loginName = loginName;
+ public Client(String consumerKey,
+ String secretKey,
+ String applicationName,
+ String applicationURI) {
this.consumerKey = consumerKey;
this.secretKey = secretKey;
- this.callbackURL = callbackURL;
+ this.applicationURI = applicationURI;
this.applicationName = applicationName;
- this.uris = uris;
}
- public Client(String loginName, String consumerKey, String secretKey, String callbackURL,
- String applicationName) {
- this(loginName, consumerKey, secretKey, callbackURL, applicationName,
- Collections.<String>emptyList());
- }
-
- public Client(String loginName, String consumerKey, String secretKey, String callbackURL) {
- this(loginName, consumerKey, secretKey, callbackURL, null);
- }
-
- public Client(String loginName, String consumerKey, String secretKey) {
- this(loginName, consumerKey, secretKey, null);
+ public Client(String consumerKey, String secretKey) {
+ this(consumerKey, secretKey, null, null);
}
- public String getLoginName() {
- return loginName;
- }
-
- public List<String> getUris() {
- return uris;
- }
-
public String getConsumerKey() {
return consumerKey;
}
@@ -72,14 +54,6 @@ public class Client {
return secretKey;
}
- public String getCallbackURL() {
- return callbackURL;
- }
-
- public void setCallbackURL(String callbackURL) {
- this.callbackURL = callbackURL;
- }
-
public String getApplicationName() {
return applicationName;
}
@@ -96,6 +70,22 @@ public class Client {
this.applicationURI = applicationURI;
}
+ public String getLoginName() {
+ return loginName == null ? consumerKey : loginName;
+ }
+
+ public void setLoginName(String name) {
+ this.loginName = name;
+ }
+
+ public List<String> getUris() {
+ return uris;
+ }
+
+ public void setUris(List<String> uris) {
+ this.uris = uris;
+ }
+
public List<String> getScopes() {
return scopes;
}
@@ -115,13 +105,6 @@ public class Client {
Client that = (Client)o;
- if (applicationName != null ? !applicationName.equals(that.applicationName)
- : that.applicationName != null) {
- return false;
- }
- if (callbackURL != null ? !callbackURL.equals(that.callbackURL) : that.callbackURL != null) {
- return false;
- }
if (!consumerKey.equals(that.consumerKey)) {
return false;
}
@@ -136,8 +119,6 @@ public class Client {
public int hashCode() {
int result = consumerKey.hashCode();
result = 31 * result + secretKey.hashCode();
- result = 31 * result + (callbackURL != null ? callbackURL.hashCode() : 0);
- result = 31 * result + (applicationName != null ? applicationName.hashCode() : 0);
return result;
}
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java Mon Oct 10 09:51:26 2011
@@ -23,6 +23,7 @@ import java.util.List;
public class RequestTokenRegistration {
private Client client;
private String state;
+ private String callback;
private List<String> uris;
private List<String> scopes;
private long lifetime;
@@ -33,6 +34,15 @@ public class RequestTokenRegistration {
public Client getClient() {
return client;
}
+
+ public void setCallback(String callback) {
+ this.callback = callback;
+ }
+
+ public String getCallback() {
+ return callback;
+ }
+
public void setState(String state) {
this.state = state;
}
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java Mon Oct 10 09:51:26 2011
@@ -36,7 +36,6 @@ import net.oauth.OAuthProblemException;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.rs.security.oauth.data.Client;
import org.apache.cxf.rs.security.oauth.data.OAuthAuthorizationData;
import org.apache.cxf.rs.security.oauth.data.RequestToken;
import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
@@ -75,17 +74,17 @@ public class AuthorizationRequestHandler
}
String decision = request.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
- Client clientInfo = token.getClient();
if (!OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision)) {
//user not authorized client
- secData.setCallback(clientInfo.getCallbackURL());
+ secData.setCallback(token.getCallback());
return Response.ok(addAdditionalParams(secData, token)).build();
}
String verifier = dataProvider.createRequestTokenVerifier(token);
- String callbackURL = clientInfo.getCallbackURL();
+ String callbackURL = getCallbackURI(token);
+
Map<String, String> queryParams = new HashMap<String, String>();
queryParams.put(OAuth.OAUTH_VERIFIER, verifier);
@@ -112,6 +111,17 @@ public class AuthorizationRequestHandler
}
}
+ protected String getCallbackURI(RequestToken token) throws OAuthProblemException {
+ String callback = token.getCallback();
+ if (callback == null) {
+ callback = token.getClient().getApplicationURI();
+ }
+ if (callback == null) {
+ throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
+ }
+ return callback;
+ }
+
protected String buildCallbackUrl(String callbackURL, final Map<String, String> queryParams) {
boolean containsQuestionMark = callbackURL.contains("?");
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java Mon Oct 10 09:51:26 2011
@@ -82,6 +82,7 @@ public class RequestTokenHandler {
RequestTokenRegistration reg = new RequestTokenRegistration();
reg.setClient(client);
+ reg.setCallback(callback);
reg.setState(oAuthMessage.getParameter("state"));
reg.setUris(uris);
reg.setScopes(scopes);
@@ -119,9 +120,7 @@ public class RequestTokenHandler {
protected void validateCallbackURL(Client client,
String oauthCallback) throws OAuthProblemException {
- if (!StringUtils.isEmpty(client.getCallbackURL())
- && !client.getCallbackURL().equals(oauthCallback)
- || !StringUtils.isEmpty(client.getApplicationURI())
+ if (!StringUtils.isEmpty(client.getApplicationURI())
&& !oauthCallback.startsWith(client.getApplicationURI())) {
OAuthProblemException problemEx = new OAuthProblemException(
OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK);
Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java Mon Oct 10 09:51:26 2011
@@ -62,7 +62,7 @@ public final class OAuthUtils {
public static void validateMessage(OAuthMessage oAuthMessage, Client client, Token token)
throws Exception {
- OAuthConsumer consumer = new OAuthConsumer(client.getCallbackURL(), client.getConsumerKey(),
+ OAuthConsumer consumer = new OAuthConsumer(null, client.getConsumerKey(),
client.getSecretKey(), null);
OAuthAccessor accessor = new OAuthAccessor(consumer);
if (token != null) {