You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by lm...@apache.org on 2010/11/22 10:51:56 UTC
svn commit: r1037651 - in
/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main:
java/org/apache/cxf/auth/oauth/demo/server/oauth/
java/org/apache/cxf/auth/oauth/demo/server/spring/ webapp/ webapp/WEB-INF/
Author: lmoren
Date: Mon Nov 22 09:51:56 2010
New Revision: 1037651
URL: http://svn.apache.org/viewvc?rev=1037651&view=rev
Log:
- added scope-permission authorization style
- support for wildcards in scope url
Modified:
cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SampleOAuthDataProvider.java
cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationFailureHandler.java
cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationSuccessfullHandler.java
cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml
cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp
Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SampleOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SampleOAuthDataProvider.java?rev=1037651&r1=1037650&r2=1037651&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SampleOAuthDataProvider.java (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SampleOAuthDataProvider.java Mon Nov 22 09:51:56 2010
@@ -26,8 +26,8 @@ import javax.servlet.http.HttpServletReq
import javax.servlet.http.HttpSession;
import org.apache.cxf.auth.oauth.provider.MemoryOauthDataProvider;
-import org.apache.cxf.auth.oauth.tokens.OAuthScope;
+import org.apache.cxf.auth.oauth.tokens.OAuthPermission;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
@@ -36,32 +36,33 @@ import org.springframework.security.web.
*/
public class SampleOAuthDataProvider extends MemoryOauthDataProvider {
- protected ConcurrentHashMap<String, OAuthScope> availableScopes
- = new ConcurrentHashMap<String, OAuthScope>();
+ protected ConcurrentHashMap<String, OAuthPermission> availablePermissions
+ = new ConcurrentHashMap<String, OAuthPermission>();
{
- availableScopes
- .put("read_info", new OAuthScope("read_info", "Read your personal information", "ROLE_USER"));
- availableScopes.put("modify_info",
- new OAuthScope("modify_info", "Modify your personal information", "ROLE_ADMIN"));
+ availablePermissions
+ .put("read_info", new OAuthPermission("read_info", "Read your personal information",
+ "ROLE_USER"));
+ availablePermissions.put("modify_info",
+ new OAuthPermission("modify_info", "Modify your personal information", "ROLE_ADMIN"));
}
@Override
- public List<OAuthScope> getAvailableScopes(List<String> requestScopes) {
- List<OAuthScope> scopes = new ArrayList<OAuthScope>();
- for (String requestScope : requestScopes) {
- OAuthScope oAuthScope = availableScopes.get(requestScope);
- scopes.add(oAuthScope);
+ public List<OAuthPermission> getAvailablePermissions(List<String> strings) {
+ List<OAuthPermission> permissions = new ArrayList<OAuthPermission>();
+ for (String requestScope : strings) {
+ OAuthPermission oAuthScope = availablePermissions.get(requestScope);
+ permissions.add(oAuthScope);
}
- return scopes;
+ return permissions;
}
@Override
public Principal loggedPrincipal(HttpServletRequest request) {
HttpSession session = request.getSession();
- SecurityContext ctx = (SecurityContext)session
- .getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
+ SecurityContext ctx = (SecurityContext) session
+ .getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
if (ctx != null) {
return ctx.getAuthentication();
}
Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationFailureHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationFailureHandler.java?rev=1037651&r1=1037650&r2=1037651&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationFailureHandler.java (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationFailureHandler.java Mon Nov 22 09:51:56 2010
@@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletRes
import net.oauth.OAuth;
import org.apache.cxf.auth.oauth.endpoints.AuthorizationService;
+import org.apache.cxf.auth.oauth.handlers.AuthorizationRequestHandler;
import org.apache.cxf.common.util.StringUtils;
import org.springframework.security.core.AuthenticationException;
@@ -41,14 +42,14 @@ public class AuthenticationFailureHandle
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
AuthenticationException exception)
throws IOException, ServletException {
- String xOAuthScope = request.getParameter(AuthorizationService.X_OAUTH_SCOPE);
+ String xOAuthScope = request.getParameter(AuthorizationRequestHandler.X_OAUTH_SCOPE);
String oauthToken = request.getParameter(OAuth.OAUTH_TOKEN);
StringBuffer url = new StringBuffer(authorizeUrl).append("?").append(OAuth.OAUTH_TOKEN).append("=")
.append(oauthToken);
if (!StringUtils.isEmpty(xOAuthScope)) {
- url.append("&").append(AuthorizationService.X_OAUTH_SCOPE).append("=")
+ url.append("&").append(AuthorizationRequestHandler.X_OAUTH_SCOPE).append("=")
.append(xOAuthScope);
}
Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationSuccessfullHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationSuccessfullHandler.java?rev=1037651&r1=1037650&r2=1037651&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationSuccessfullHandler.java (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationSuccessfullHandler.java Mon Nov 22 09:51:56 2010
@@ -25,7 +25,7 @@ import javax.servlet.http.HttpServletRes
import net.oauth.OAuth;
-import org.apache.cxf.auth.oauth.endpoints.AuthorizationService;
+import org.apache.cxf.auth.oauth.handlers.AuthorizationRequestHandler;
import org.apache.cxf.common.util.StringUtils;
import org.springframework.security.core.Authentication;
@@ -39,33 +39,42 @@ public class AuthenticationSuccessfullHa
private String confirmationUrl;
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
- Authentication authentication) throws IOException, ServletException {
+ Authentication authentication) throws IOException,
+ ServletException {
super.onAuthenticationSuccess(request, response, authentication);
}
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
String oauthToken = request.getParameter(OAuth.OAUTH_TOKEN);
- String authToken = request.getParameter(AuthorizationService.AUTHENTICITY_TOKEN);
- String decision = request.getParameter(AuthorizationService.AUTHORIZATION_DECISION_KEY);
- String xOAuthScope = request.getParameter(AuthorizationService.X_OAUTH_SCOPE);
+ String authToken = request.getParameter(AuthorizationRequestHandler.AUTHENTICITY_TOKEN);
+ String decision = request.getParameter(AuthorizationRequestHandler.AUTHORIZATION_DECISION_KEY);
+ String xOAuthScope = request.getParameter(AuthorizationRequestHandler.X_OAUTH_SCOPE);
+ String xPermission = request.getParameter(AuthorizationRequestHandler.X_OAUTH_PERMISSION);
if (StringUtils.isEmpty(oauthToken)) {
return super.determineTargetUrl(request, response);
}
- StringBuffer url = new StringBuffer(confirmationUrl).append("?").append(OAuth.OAUTH_TOKEN).append("=")
- .append(oauthToken).append("&").append(AuthorizationService.AUTHENTICITY_TOKEN).append("=")
- .append(authToken);
+ StringBuffer url = new StringBuffer(confirmationUrl).append("?").append(OAuth.OAUTH_TOKEN).append
+ ("=")
+ .append(oauthToken).append("&").append(AuthorizationRequestHandler.AUTHENTICITY_TOKEN)
+ .append("=")
+ .append(authToken);
if (!StringUtils.isEmpty(decision)) {
- url.append("&").append(AuthorizationService.AUTHORIZATION_DECISION_KEY).append("=")
- .append(decision);
+ url.append("&").append(AuthorizationRequestHandler.AUTHORIZATION_DECISION_KEY).append("=")
+ .append(decision);
}
if (!StringUtils.isEmpty(xOAuthScope)) {
- url.append("&").append(AuthorizationService.X_OAUTH_SCOPE).append("=")
- .append(xOAuthScope);
+ url.append("&").append(AuthorizationRequestHandler.X_OAUTH_SCOPE).append("=")
+ .append(xOAuthScope);
+ }
+
+ if (!StringUtils.isEmpty(xPermission)) {
+ url.append("&").append(AuthorizationRequestHandler.X_OAUTH_PERMISSION).append("=").append
+ (xPermission);
}
return url.toString();
Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml?rev=1037651&r1=1037650&r2=1037651&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml Mon Nov 22 09:51:56 2010
@@ -41,34 +41,24 @@
<!-- Publish OAuth endpoints-->
- <jaxrs:server id="oauthServer" address="/oauth/" >
+ <jaxrs:server id="oauthServer" address="/oauth/">
<jaxrs:serviceBeans>
- <ref bean="temporaryCredentialService"/>
- <ref bean="resourceOwnerAuthorizationEndpoint"/>
- <ref bean="tokenService"/>
+ <ref bean="oauthServices"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="dispatchProvider"/>
</jaxrs:providers>
</jaxrs:server>
- <!--Redirects from Resource Owner Authorization Endpoint to sign in page-->
- <bean id="dispatchProvider" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider">
- <property name="resourcePath" value="/oAuthLogin.jsp"/>
- </bean>
-
<!--Definitions of OAuth module endpoints-->
- <bean id="resourceOwnerAuthorizationEndpoint"
- class="org.apache.cxf.auth.oauth.endpoints.AuthorizationServiceImpl">
+ <bean id="oauthServices"
+ class="org.apache.cxf.auth.oauth.endpoints.OAuthDefaultServices">
<property name="displayVerifierURL" value="http://localhost:8081/app/displayVerifier"/>
</bean>
- <bean id="tokenService"
- class="org.apache.cxf.auth.oauth.endpoints.TokenCredentialsServiceImpl">
- </bean>
-
- <bean id="temporaryCredentialService"
- class="org.apache.cxf.auth.oauth.endpoints.TemporaryCredentialsServiceImpl">
+ <!--Redirects from Resource Owner Authorization Endpoint to sign in page-->
+ <bean id="dispatchProvider" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider">
+ <property name="resourcePath" value="/oAuthLogin.jsp"/>
</bean>
Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp?rev=1037651&r1=1037650&r2=1037651&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp Mon Nov 22 09:51:56 2010
@@ -1,4 +1,3 @@
-<%@ page import="org.apache.cxf.auth.oauth.endpoints.AuthorizationService" %>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
@@ -18,7 +17,8 @@ specific language governing permissions
under the License.
-->
<%--@elvariable id="text" type="java.lang.String"--%>
-<%--@elvariable id="oauthauthorizationdata" type="org.apache.cxf.auth.oauth.provider.OAuthAuthorizationData"--%>
+<%--@elvariable id="oauthauthorizationdata" type="org.apache.cxf.auth.oauth.provider
+.OAuthAuthorizationData"--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ page isELIgnored="false" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
@@ -37,18 +37,32 @@ under the License.
<input type="hidden" name="oauth_token"
value="${oauthauthorizationdata.oauthToken}"/>
<input type="hidden"
- name="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.AUTHENTICITY_TOKEN%>"
+ name="<%=org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler
+ .AUTHENTICITY_TOKEN%>"
value="${oauthauthorizationdata.authenticityToken}"/>
<input type="hidden"
- name="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.X_OAUTH_SCOPE%>"
+ name="<%=org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler
+ .X_OAUTH_SCOPE%>"
value="<%=request.getParameter("x_oauth_scope")%>"/>
+ <input type="hidden"
+ name="<%=org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler
+ .X_OAUTH_PERMISSION%>"
+ value="<%=request.getParameter("x_oauth_permission")%>"/>
- <p>The application <b>${oauthauthorizationdata.applicationName}</b> would like the
+ <p>The application <b>${oauthauthorizationdata.applicationName}</b> would like
+ the
ability to access and update your data on Sample OAuth CXF server:
<br/>
+ <b>Scopes:</b>
<ul>
<c:forEach items="${oauthauthorizationdata.scopes}" var="scope">
- <li><b>${scope.description}</b></li>
+ <li><b>${scope}</b></li>
+ </c:forEach></ul>
+ <br/>
+ <b>Permissions:</b>
+ <ul>
+ <c:forEach items="${oauthauthorizationdata.permissions}" var="permission">
+ <li><b>${permission.description}</b></li>
</c:forEach></ul>
Please ensure that you trust this website with your information before
proceeding!</p>
@@ -65,20 +79,25 @@ under the License.
<br>
<label for="login">User</label>
<input type="text" id="login" name='j_username'
- value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/>
+ value='<c:if test="${not empty param.login_error}"><c:out
+ value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/>
<div class="clear"></div>
<label for="password">Password</label>
<input type="password" id="password" name="j_password"/>
<br>
- <button name="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.AUTHORIZATION_DECISION_KEY%>"
+ <button name="<%=org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler
+ .AUTHORIZATION_DECISION_KEY%>"
type="submit"
- value="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.AUTHORIZATION_DECISION_DENY%>">
+ value="<%=org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler
+ .AUTHORIZATION_DECISION_DENY%>">
Deny
</button>
- <button name="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.AUTHORIZATION_DECISION_KEY%>"
+ <button name="<%=org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler
+ .AUTHORIZATION_DECISION_KEY%>"
type="submit"
- value="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.AUTHORIZATION_DECISION_ALLOW%>">
+ value="<%=org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler
+ .AUTHORIZATION_DECISION_ALLOW%>">
Allow
</button>
</form>
@@ -89,30 +108,49 @@ under the License.
<input type="hidden" name="oauth_token"
value="${oauthauthorizationdata.oauthToken}"/>
<input type="hidden"
- name="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.AUTHENTICITY_TOKEN%>"
+ name="<%=org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler
+ .AUTHENTICITY_TOKEN%>"
value="${oauthauthorizationdata.authenticityToken}"/>
<input type="hidden"
- name="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.X_OAUTH_SCOPE%>"
+ name="<%=org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler
+ .X_OAUTH_SCOPE%>"
value="<%=request.getParameter("x_oauth_scope")%>"/>
+ <input type="hidden"
+ name="<%=org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler
+ .X_OAUTH_PERMISSION%>"
+ value="<%=request.getParameter("x_oauth_permission")%>"/>
- <p>The application <b>${oauthauthorizationdata.applicationName}</b> would like
+ <p>The application <b>${oauthauthorizationdata.applicationName}</b> would
+ like
the
ability to access and update your data on Sample OAuth CXF server.
<br/>
+ <b>Scopes:</b>
<ul>
<c:forEach items="${oauthauthorizationdata.scopes}" var="scope">
- <li><b>${scope.description}</b></li>
+ <li><b>${scope}</b></li>
+ </c:forEach></ul>
+ <br/>
+ <b>Permissions:</b>
+ <ul>
+ <c:forEach items="${oauthauthorizationdata.permissions}"
+ var="permission">
+ <li><b>${permission.description}</b></li>
</c:forEach></ul>
Please ensure that you trust this website with your information before
proceeding!</p>
- <button name="<%=AuthorizationService.AUTHORIZATION_DECISION_KEY%>"
+ <button name="<%=org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler
+ .AUTHORIZATION_DECISION_KEY%>"
type="submit"
- value="<%=AuthorizationService.AUTHORIZATION_DECISION_DENY%>">
+ value="<%=org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler
+ .AUTHORIZATION_DECISION_DENY%>">
Deny
</button>
- <button name="<%=AuthorizationService.AUTHORIZATION_DECISION_KEY%>"
+ <button name="<%=org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler
+ .AUTHORIZATION_DECISION_KEY%>"
type="submit"
- value="<%=AuthorizationService.AUTHORIZATION_DECISION_ALLOW%>">
+ value="<%=org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler
+ .AUTHORIZATION_DECISION_ALLOW%>">
Allow
</button>
</form>