You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/02/07 13:35:30 UTC
svn commit: r1565632 - in /cxf/branches/2.7.x-fixes: ./
rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/
rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/
Author: sergeyb
Date: Fri Feb 7 12:35:30 2014
New Revision: 1565632
URL: http://svn.apache.org/r1565632
Log:
Merged revisions 1565629 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1565629 | sergeyb | 2014-02-07 12:24:37 +0000 (Fri, 07 Feb 2014) | 1 line
Making it possible to register OAuthRequestFilter as the interceptor and also use it on non-JAX-RS paths
........
Added:
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
- copied unchanged from r1565629, cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
Modified:
cxf/branches/2.7.x-fixes/ (props changed)
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
Merged /cxf/trunk:r1565629
Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java?rev=1565632&r1=1565631&r2=1565632&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java Fri Feb 7 12:35:30 2014
@@ -54,9 +54,13 @@ public class OAuthRequestFilter extends
private boolean audienceIsEndpointAddress;
public Response handleRequest(Message m, ClassResourceInfo resourceClass) {
-
+ validateRequest(m);
+ return null;
+ }
+
+ protected void validateRequest(Message m) {
if (isCorsRequest(m)) {
- return null;
+ return;
}
// Get the access token
@@ -97,8 +101,6 @@ public class OAuthRequestFilter extends
oauthContext.setTokenAudience(accessTokenV.getAudience());
m.setContent(OAuthContext.class, oauthContext);
-
- return null;
}
protected boolean checkHttpVerb(HttpServletRequest req, List<String> verbs) {
Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java?rev=1565632&r1=1565631&r2=1565632&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java (original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java Fri Feb 7 12:35:30 2014
@@ -28,6 +28,8 @@ import javax.ws.rs.InternalServerErrorEx
import javax.ws.rs.core.Context;
import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.jaxrs.ext.MessageContextImpl;
+import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
@@ -73,7 +75,7 @@ public abstract class AbstractAccessToke
}
public MessageContext getMessageContext() {
- return mc;
+ return mc != null ? mc : new MessageContextImpl(PhaseInterceptorChain.getCurrentMessage());
}
protected AccessTokenValidator findTokenValidator(String authScheme) {
@@ -99,7 +101,7 @@ public abstract class AbstractAccessToke
// Get the scheme and its data, Bearer only is supported by default
// WWW-Authenticate with the list of supported schemes will be sent back
// if the scheme is not accepted
- String[] authParts = AuthorizationUtils.getAuthorizationParts(mc, supportedSchemes);
+ String[] authParts = getAuthorizationParts();
String authScheme = authParts[0];
String authSchemeData = authParts[1];
@@ -108,7 +110,7 @@ public abstract class AbstractAccessToke
if (handler != null) {
try {
// Convert the HTTP Authorization scheme data into a token
- accessTokenV = handler.validateAccessToken(mc, authScheme, authSchemeData);
+ accessTokenV = handler.validateAccessToken(getMessageContext(), authScheme, authSchemeData);
} catch (OAuthServiceException ex) {
AuthorizationUtils.throwAuthorizationFailure(
Collections.singleton(authScheme), realm);
@@ -163,5 +165,8 @@ public abstract class AbstractAccessToke
this.audiences = audiences;
}
+ protected String[] getAuthorizationParts() {
+ return AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes);
+ }
}