cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmo...@apache.org
Subject svn commit: r985017 [1/2] - in /cxf/sandbox/oauth_1.0a: distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/ distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/a...
Date Thu, 12 Aug 2010 22:30:04 GMT
Author: lmoren
Date: Thu Aug 12 22:30:02 2010
New Revision: 985017

URL: http://svn.apache.org/viewvc?rev=985017&view=rev
Log:
- added principal to token
- added possibility to revoke granted access tokens
- added possibility to remove registered applications
- improvements in oauht implementation

Added:
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/ClientApp.java   (contents, props changed)
      - copied, changed from r981471, cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/Application.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/authorizedClientsList.jsp
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/clientDetails.jsp
      - copied, changed from r981471, cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/applicationDetails.jsp
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/displayVerifier.jsp
      - copied, changed from r983494, cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/newClientForm.jsp
      - copied, changed from r981471, cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/newAppForm.jsp
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/registeredClientsList.jsp
      - copied, changed from r981471, cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/registeredAppsList.jsp
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Client.java   (contents, props changed)
      - copied, changed from r981471, cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthNInfo.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientImpl.java   (contents, props changed)
      - copied, changed from r981471, cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthNInfoImpl.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/TestMemoryOAuthDataProvider.java   (contents, props changed)
      - copied, changed from r982045, cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/servlets/TestMemoryOAuthDataProvider.java
Removed:
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/Application.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/applicationDetails.jsp
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/newAppForm.jsp
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/registeredAppsList.jsp
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthNInfo.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthNInfoImpl.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/servlets/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/servlets/
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/servlet/WEB-INF/
Modified:
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/AuthorizeResourceOwnerController.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/CallbackURLController.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/GetProtectedResourceController.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/TemporaryCredentialsController.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/TokenRequestController.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/model/Common.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/views/authorizeResourceOwner.jsp
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/views/temporaryCredentials.jsp
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/index.jsp
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/SampleResourceProvider.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/controllers/ApplicationController.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SpringOAuthRequestHandler.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationFailureHandler.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationSuccessfullHandler.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/security-beans.xml
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/web.xml
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/AbstractOAuthRequestHandler.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/MemoryOauthDataProvider.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/OAuthDataProvider.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/token/TokenGenerator.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/AccessToken.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/RequestToken.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/tokens/Token.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/utils/OAuthUtils.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthMessageValidator.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/validation/OAuthValidator.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/TestOAuthRequestHandler.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/OAuthTestUtils.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialServiceTest.java
    cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/test/resources/oauth-beans.xml

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/AuthorizeResourceOwnerController.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/AuthorizeResourceOwnerController.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/AuthorizeResourceOwnerController.java (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/AuthorizeResourceOwnerController.java Thu Aug 12 22:30:02 2010
@@ -21,6 +21,8 @@ package org.apache.cxf.auth.oauth.demo.c
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.cxf.auth.oauth.demo.client.model.OAuthParams;
+
+
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/CallbackURLController.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/CallbackURLController.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/CallbackURLController.java (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/CallbackURLController.java Thu Aug 12 22:30:02 2010
@@ -27,6 +27,7 @@ import net.oauth.server.OAuthServlet;
 import org.apache.cxf.auth.oauth.demo.client.model.Common;
 import org.apache.cxf.auth.oauth.demo.client.model.OAuthParams;
 
+
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/GetProtectedResourceController.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/GetProtectedResourceController.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/GetProtectedResourceController.java (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/GetProtectedResourceController.java Thu Aug 12 22:30:02 2010
@@ -37,6 +37,7 @@ import net.oauth.client.URLConnectionCli
 
 import org.apache.cxf.auth.oauth.demo.client.model.OAuthParams;
 
+
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/TemporaryCredentialsController.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/TemporaryCredentialsController.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/TemporaryCredentialsController.java (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/TemporaryCredentialsController.java Thu Aug 12 22:30:02 2010
@@ -21,7 +21,6 @@ package org.apache.cxf.auth.oauth.demo.c
 import java.util.HashMap;
 import java.util.Map;
 import java.util.UUID;
-
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 
@@ -30,11 +29,13 @@ import net.oauth.OAuthAccessor;
 import net.oauth.OAuthConsumer;
 import net.oauth.OAuthMessage;
 import net.oauth.OAuthServiceProvider;
+import net.oauth.ParameterStyle;
 import net.oauth.client.OAuthClient;
 import net.oauth.client.URLConnectionClient;
 
 import org.apache.cxf.auth.oauth.demo.client.model.OAuthParams;
 
+
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -83,8 +84,11 @@ public class TemporaryCredentialsControl
             parameters.put(OAuth.OAUTH_NONCE, UUID.randomUUID().toString());
             parameters.put(OAuth.OAUTH_TIMESTAMP, String.valueOf(System.currentTimeMillis() / 1000));
             parameters.put(OAuth.OAUTH_CALLBACK, oAuthParams.getCallbackURL());
+            parameters.put("realm", "private");
 
             try {
+                accessor.consumer
+                    .setProperty(OAuthClient.PARAMETER_STYLE, ParameterStyle.AUTHORIZATION_HEADER);
                 client.getRequestToken(accessor, OAuthMessage.POST, parameters.entrySet());
             } catch (Exception e) {
                 oAuthParams.setErrorMessage(e.toString());

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/TokenRequestController.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/TokenRequestController.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/TokenRequestController.java (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/controllers/TokenRequestController.java Thu Aug 12 22:30:02 2010
@@ -21,7 +21,6 @@ package org.apache.cxf.auth.oauth.demo.c
 import java.util.HashMap;
 import java.util.Map;
 import java.util.UUID;
-
 import javax.servlet.http.HttpServletRequest;
 
 import net.oauth.OAuth;
@@ -35,6 +34,7 @@ import net.oauth.client.URLConnectionCli
 import org.apache.cxf.auth.oauth.demo.client.model.Common;
 import org.apache.cxf.auth.oauth.demo.client.model.OAuthParams;
 
+
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/model/Common.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/model/Common.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/model/Common.java (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/java/org/apache/cxf/auth/oauth/demo/client/model/Common.java Thu Aug 12 22:30:02 2010
@@ -27,7 +27,7 @@ import javax.servlet.http.HttpServletReq
 public final class Common {
     private Common() {
     }
-    
+
     public static String findCookieValue(HttpServletRequest request, String key) {
         Cookie[] cookies = request.getCookies();
 

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/views/authorizeResourceOwner.jsp
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/views/authorizeResourceOwner.jsp?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/views/authorizeResourceOwner.jsp (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/views/authorizeResourceOwner.jsp Thu Aug 12 22:30:02 2010
@@ -1,20 +1,20 @@
 <!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
 
-  http://www.apache.org/licenses/LICENSE-2.0
+http://www.apache.org/licenses/LICENSE-2.0
 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
 -->
 <%--@elvariable id="text" type="java.lang.String"--%>
 <%--@elvariable id="oAuthParams" type="org.apache.cxf.auth.oauth.demo.client.model.OAuthParams"--%>

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/views/temporaryCredentials.jsp
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/views/temporaryCredentials.jsp?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/views/temporaryCredentials.jsp (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/WEB-INF/views/temporaryCredentials.jsp Thu Aug 12 22:30:02 2010
@@ -1,20 +1,20 @@
 <!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
 -->
 <%--@elvariable id="text" type="java.lang.String"--%>
 <%--@elvariable id="oAuthParams" type="org.apache.cxf.auth.oauth.demo.client.model.OAuthParams"--%>

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/index.jsp
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/index.jsp?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/index.jsp (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/client/src/main/webapp/index.jsp Thu Aug 12 22:30:02 2010
@@ -1,20 +1,20 @@
 <!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
 
-  http://www.apache.org/licenses/LICENSE-2.0
+http://www.apache.org/licenses/LICENSE-2.0
 
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
 -->
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
 <%response.sendRedirect("/app/temporaryCredentials"); %>

Copied: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/ClientApp.java (from r981471, cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/Application.java)
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/ClientApp.java?p2=cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/ClientApp.java&p1=cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/Application.java&r1=981471&r2=985017&rev=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/Application.java (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/ClientApp.java Thu Aug 12 22:30:02 2010
@@ -22,18 +22,19 @@ import java.io.Serializable;
 
 /**
  * @author Lukasz Moren
- */
-public class Application implements Serializable {
-    private String applicationName = "OAuth 1.0a client";
+ */ //todo add functionality to revoke credentials
+//todo deny does not work
+public class ClientApp implements Serializable {
+    private String clientName = "OAuth 1.0a client";
     private String callbackURL = "http://localhost:8080/app/callback";
     private String error;
 
-    public String getApplicationName() {
-        return applicationName;
+    public String getClientName() {
+        return clientName;
     }
 
-    public void setApplicationName(String applicationName) {
-        this.applicationName = applicationName;
+    public void setClientName(String clientName) {
+        this.clientName = clientName;
     }
 
     public String getCallbackURL() {

Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/ClientApp.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/ClientApp.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/SampleResourceProvider.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/SampleResourceProvider.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/SampleResourceProvider.java (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/SampleResourceProvider.java Thu Aug 12 22:30:02 2010
@@ -24,7 +24,9 @@ import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Response;
 
-/** Sample JAX-RS resource service
+/**
+ * Sample JAX-RS resource service
+ *
  * @author Lukasz Moren
  */
 @Path("/")

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/controllers/ApplicationController.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/controllers/ApplicationController.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/controllers/ApplicationController.java (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/controllers/ApplicationController.java Thu Aug 12 22:30:02 2010
@@ -18,23 +18,27 @@
  */
 package org.apache.cxf.auth.oauth.demo.server.controllers;
 
+import java.security.Principal;
 import java.security.SecureRandom;
 import java.util.Set;
+import javax.servlet.http.HttpServletRequest;
 
-import org.apache.cxf.auth.oauth.demo.server.Application;
-import org.apache.cxf.auth.oauth.provider.ClientAuthNInfo;
-import org.apache.cxf.auth.oauth.provider.ClientAuthNInfoImpl;
+import org.apache.cxf.auth.oauth.demo.server.ClientApp;
+import org.apache.cxf.auth.oauth.provider.Client;
+import org.apache.cxf.auth.oauth.provider.ClientImpl;
 import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.auth.oauth.token.MD5TokenGenerator;
 import org.apache.cxf.auth.oauth.token.TokenGenerator;
 import org.apache.cxf.common.util.StringUtils;
 
+
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.view.RedirectView;
 
 /**
  * @author Lukasz Moren
@@ -45,58 +49,100 @@ public class ApplicationController {
     @Autowired
     private OAuthDataProvider oauthDataProvider;
 
-    @RequestMapping("/newAppForm")
-    public ModelAndView handleRequest(@ModelAttribute("application") Application app) {
-        return new ModelAndView("newAppForm");
+    @RequestMapping("/newClientForm")
+    public ModelAndView handleRequest(@ModelAttribute("client") ClientApp clientApp) {
+        return new ModelAndView("newClientForm");
     }
 
-    @RequestMapping("/registerApp")
-    public ModelAndView registerApp(@ModelAttribute("application") Application app)
+    @RequestMapping("/registerClient")
+    public ModelAndView registerApp(@ModelAttribute("client") ClientApp clientApp)
         throws Exception {
 
-        if (StringUtils.isEmpty(app.getApplicationName()) || StringUtils.isEmpty(app.getCallbackURL())) {
-            app.setError("All fields are required!");
+        if (StringUtils.isEmpty(clientApp.getClientName())) {
+            clientApp.setError("Client name field is required!");
+
+            return handleInternalRedirect(clientApp);
+        }
 
-            return handleInternalRedirect(app);
+        if (StringUtils.isEmpty(clientApp.getCallbackURL())) {
+            clientApp.setCallbackURL(org.apache.cxf.auth.oauth.provider.Client.OAUTH_OOB);
         }
 
         TokenGenerator tokenGen = new MD5TokenGenerator();
-        String loggedUserName = SecurityContextHolder.getContext().getAuthentication().getName();
+        Principal principal = SecurityContextHolder.getContext().getAuthentication();
 
         String consumerKey = tokenGen
-            .generateToken((loggedUserName + app.getApplicationName()).getBytes("UTF-8"));
+            .generateToken((principal.getName() + clientApp.getClientName()).getBytes("UTF-8"));
         String secretKey = tokenGen.generateToken(new SecureRandom().generateSeed(20));
 
-        ClientAuthNInfo clientInfo = new ClientAuthNInfoImpl(consumerKey,
-            secretKey, app.getCallbackURL(), app.getApplicationName());
+        Client clientInfo = new ClientImpl(consumerKey,
+            secretKey, clientApp.getCallbackURL(), clientApp.getClientName());
 
 
-        ClientAuthNInfo authNInfo = oauthDataProvider.addNewClient(loggedUserName, consumerKey, clientInfo);
+        Client authNInfo = oauthDataProvider.registerNewClient(principal, consumerKey, clientInfo);
         if (authNInfo != null) {
-            app.setError("Application already exists!");
+            clientApp.setError("Client already exists!");
 
-            return handleInternalRedirect(app);
+            return handleInternalRedirect(clientApp);
         }
 
-        ModelAndView modelAndView = new ModelAndView("applicationDetails");
+        ModelAndView modelAndView = new ModelAndView("clientDetails");
         modelAndView.getModel().put("clientInfo", clientInfo);
 
         return modelAndView;
     }
 
-    @RequestMapping("/listRegisteredApps")
-    public ModelAndView listRegisteredApps() {
-        String user = SecurityContextHolder.getContext().getAuthentication().getName();
-        Set<ClientAuthNInfo> apps = oauthDataProvider.listAllUserClients(user);
+    @RequestMapping("/listRegisteredClients")
+    public ModelAndView listRegisteredClients() {
+        Principal user = SecurityContextHolder.getContext().getAuthentication();
+        Set<Client> apps = oauthDataProvider.listRegisteredClients(user);
+
+        ModelAndView modelAndView = new ModelAndView("registeredClientsList");
+        modelAndView.getModelMap().put("clients", apps);
+        return modelAndView;
+    }
+
+    @RequestMapping("/listAuthorizedClients")
+    public ModelAndView listAuthorizedClients() {
+        Principal user = SecurityContextHolder.getContext().getAuthentication();
+        Set<Client> apps = oauthDataProvider.listAuthorizedClients(user);
+
+        ModelAndView modelAndView = new ModelAndView("authorizedClientsList");
+        modelAndView.getModelMap().put("clients", apps);
+        return modelAndView;
+    }
+
+    @RequestMapping("/removeClient")
+    public ModelAndView removeClient(HttpServletRequest request) {
+        Principal user = SecurityContextHolder.getContext().getAuthentication();
+        String consumerKey = request.getParameter("consumerKey");
+
+        oauthDataProvider.removeRegisteredClient(user, consumerKey);
+
+
+        ModelAndView modelAndView = new ModelAndView(new RedirectView("/app/listRegisteredClients"));
+        return modelAndView;
+    }
+
+    @RequestMapping("/revokeAccess")
+    public ModelAndView revokeAccess(HttpServletRequest request) {
+        Principal user = SecurityContextHolder.getContext().getAuthentication();
+        String consumerKey = request.getParameter("consumerKey");
+
+        oauthDataProvider.removeTokenCredentials(user, consumerKey);
 
-        ModelAndView modelAndView = new ModelAndView("registeredAppsList");
-        modelAndView.getModelMap().put("apps", apps);
+        ModelAndView modelAndView = new ModelAndView(new RedirectView("/app/listAuthorizedClients"));
         return modelAndView;
     }
 
-    private ModelAndView handleInternalRedirect(Application app) {
-        ModelAndView modelAndView = new ModelAndView("newAppForm");
-        modelAndView.getModel().put("application", app);
+    @RequestMapping("/displayVerifier")
+    public ModelAndView displayVerifier() {
+        return new ModelAndView("displayVerifier");
+    }
+
+    private ModelAndView handleInternalRedirect(ClientApp app) {
+        ModelAndView modelAndView = new ModelAndView("newClientForm");
+        modelAndView.getModel().put("client", app);
         return modelAndView;
     }
 }

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SpringOAuthRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SpringOAuthRequestHandler.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SpringOAuthRequestHandler.java (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SpringOAuthRequestHandler.java Thu Aug 12 22:30:02 2010
@@ -18,11 +18,13 @@
  */
 package org.apache.cxf.auth.oauth.demo.server.oauth;
 
+import java.security.Principal;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 
 import org.apache.cxf.auth.oauth.handlers.AbstractOAuthRequestHandler;
 
+
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 
@@ -31,12 +33,12 @@ import org.springframework.security.web.
  */
 public class SpringOAuthRequestHandler extends AbstractOAuthRequestHandler {
 
-    public String loggedUser(HttpServletRequest request) {
+    public Principal loggedPrincipal(HttpServletRequest request) {
         HttpSession session = request.getSession();
         SecurityContext ctx = (SecurityContext)session
             .getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
         if (ctx != null) {
-            return ctx.getAuthentication().getName();
+            return ctx.getAuthentication();
         }
         return null;
     }

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationFailureHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationFailureHandler.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationFailureHandler.java (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationFailureHandler.java Thu Aug 12 22:30:02 2010
@@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletRes
 
 import net.oauth.OAuth;
 
+
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationSuccessfullHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationSuccessfullHandler.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationSuccessfullHandler.java (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationSuccessfullHandler.java Thu Aug 12 22:30:02 2010
@@ -28,6 +28,7 @@ import net.oauth.OAuth;
 import org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler;
 import org.apache.cxf.common.util.StringUtils;
 
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml Thu Aug 12 22:30:02 2010
@@ -82,10 +82,11 @@
     </bean>
 
     <!--OAuth data provider -->
-    <bean id="oauthDataProvider" class="org.apache.cxf.auth.oauth.provider.MemoryOauthDataProvider"/>
+    <bean id="oauthDataProvider" class="org.apache.cxf.auth.oauth.provider.MemoryOauthDataProvider">
+        <property name="validator" ref="validator"/>
+    </bean>
 
     <bean id="requestHandler" class="org.apache.cxf.auth.oauth.demo.server.oauth.SpringOAuthRequestHandler">
-        <property name="OAuthValidator" ref="validator"/>
         <property name="OAuthDataProvider" ref="oauthDataProvider"/>
     </bean>
 
@@ -95,6 +96,7 @@
     <bean id="resourceOwnerAuthorizationEndpoint"
           class="org.apache.cxf.auth.oauth.endpoints.AuthorizationServiceImpl">
         <property name="handler" ref="requestHandler"/>
+        <property name="displayVerifierURL" value="http://localhost:8081/app/displayVerifier"/>
     </bean>
 
     <bean id="tokenService"

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/security-beans.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/security-beans.xml?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/security-beans.xml (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/security-beans.xml Thu Aug 12 22:30:02 2010
@@ -27,7 +27,7 @@
 
     <beans:bean id="authenticationSuccHandler"
                 class="org.apache.cxf.auth.oauth.demo.server.spring.AuthenticationSuccessfullHandler">
-        <beans:property name="defaultTargetUrl" value="/app/newAppForm.jsp"/>
+        <beans:property name="defaultTargetUrl" value="/app/newClientForm.jsp"/>
         <beans:property name="confirmationUrl" value="/auth/oauth/authorize"/>
     </beans:bean>
 
@@ -40,6 +40,7 @@
         <intercept-url pattern="/oAuthLogin.jsp" filters="none"/>
         <intercept-url pattern="/index.jsp" filters="none"/>
         <intercept-url pattern="/" filters="none"/>
+        <intercept-url pattern="/favicon.ico" filters="none"/>
         <intercept-url pattern="/auth/oauth/**" filters="none"/>
         <intercept-url pattern="/auth/resources/**" filters="none"/>
         <intercept-url pattern="/**" access="ROLE_USER"/>
@@ -47,7 +48,7 @@
         <form-login authentication-success-handler-ref="authenticationSuccHandler"
                     authentication-failure-handler-ref="authenticationFailHandler" login-page="/index.jsp"
                     authentication-failure-url="/auth/oauth/authorize"
-                    default-target-url="/app/newAppForm.jsp"/>
+                    default-target-url="/app/newClientForm.jsp"/>
 
         <logout invalidate-session="true" logout-url="/logout.htm"
                 logout-success-url="/login.jsp?loggedout=true"/>

Added: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/authorizedClientsList.jsp
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/authorizedClientsList.jsp?rev=985017&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/authorizedClientsList.jsp (added)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/authorizedClientsList.jsp Thu Aug 12 22:30:02 2010
@@ -0,0 +1,63 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<%--@elvariable id="clients" type="java.util.Set<org.apache.cxf.auth.oauth.provider.Client>"--%>
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<%@ page isELIgnored="false" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
+<html>
+<head><title>Authorized Clients</title></head>
+<body>
+
+<h3>Authorized clients:</h3>
+<table>
+    <c:forEach var="client" items="${clients}">
+        <form:form action="/app/revokeAccess" commandName="client">
+            <input type="hidden" name="consumerKey" value="${client.consumerKey}"/>
+            <tr>
+                <td>Application Name:</td>
+                <td>${client.applicationName}</td>
+            </tr>
+            <tr>
+                <td>Customer Key:</td>
+                <td>${client.consumerKey}</td>
+            </tr>
+            <tr>
+                <td>Consumer Secret:</td>
+                <td>${client.secretKey}</td>
+            </tr>
+            <tr>
+                <td>Callback URL:</td>
+                <td>${client.callbackURL}</td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <input type="submit" value="Revoke Access"/>
+                </td>
+            </tr>
+        </form:form>
+        <tr>
+            <td>&nbsp;</td>
+            <td>&nbsp;</td>
+        </tr>
+    </c:forEach>
+</table>
+
+</body>
+</html>

Copied: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/clientDetails.jsp (from r981471, cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/applicationDetails.jsp)
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/clientDetails.jsp?p2=cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/clientDetails.jsp&p1=cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/applicationDetails.jsp&r1=981471&r2=985017&rev=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/applicationDetails.jsp (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/clientDetails.jsp Thu Aug 12 22:30:02 2010
@@ -16,7 +16,7 @@ KIND, either express or implied. See the
 specific language governing permissions and limitations
 under the License.
 -->
-<%--@elvariable id="clientInfo" type="org.apache.cxf.auth.oauth.provider.ClientAuthenticationInfo"--%>
+<%--@elvariable id="clientInfo" type="org.apache.cxf.auth.oauth.provider.Client"--%>
 <%@ page contentType="text/html;charset=UTF-8" language="java" %>
 <%@ page isELIgnored="false" %>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
@@ -26,7 +26,7 @@ under the License.
 <body>
 
 <table>
-    <form:form action="/app/newAppForm">
+    <form:form action="/app/newClientForm">
         <tr>
             <td>Application Name:</td>
             <td>${clientInfo.applicationName}</td>
@@ -45,14 +45,14 @@ under the License.
         </tr>
         <tr>
             <td colspan="2">
-                <input type="submit" value="Register New App"/>
+                <input type="submit" value="Register New Client"/>
             </td>
         </tr>
     </form:form>
     <tr>
         <td>
-            <form:form action="/app/listRegisteredApps">
-                <input type="submit" value="List Registered Apps"/>
+            <form:form action="/app/listRegisteredClients">
+                <input type="submit" value="List Registered Clients"/>
             </form:form>
         </td>
     </tr>

Copied: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/displayVerifier.jsp (from r983494, cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp)
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/displayVerifier.jsp?p2=cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/displayVerifier.jsp&p1=cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp&r1=983494&r2=985017&rev=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/displayVerifier.jsp Thu Aug 12 22:30:02 2010
@@ -1,4 +1,3 @@
-<%@ page import="org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler" %>
 <!--
 Licensed to the Apache Software Foundation (ASF) under one
 or more contributor license agreements. See the NOTICE file
@@ -17,82 +16,22 @@ KIND, either express or implied. See the
 specific language governing permissions and limitations
 under the License.
 -->
-<%--@elvariable id="text" type="java.lang.String"--%>
-<%--@elvariable id="oauthauthorizationdata" type="org.apache.cxf.auth.oauth.provider.OAuthAuthorizationData"--%>
+<%--@elvariable id="oauth_verifier" type="java.lang.String"--%>
 <%@ page contentType="text/html;charset=UTF-8" language="java" %>
 <%@ page isELIgnored="false" %>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 <html>
 <head><title>OAuth 1.0a CXF server</title></head>
 <body>
-<c:choose>
-    <c:when test="${!empty oauthauthorizationdata.oauthToken}">
-        <table align="center">
-            <tr align="center">
-                <td>
-                    <%--user not logged in, login and allow thir party app access--%>
-                    <c:choose><c:when test="${empty oauthauthorizationdata.userName}">
-                        <form name="f" action="/j_spring_security_check" method="POST">
-                            <input type="hidden" name="oauth_token"
-                                   value="${oauthauthorizationdata.oauthToken}"/>
-                            <input type="hidden" name="<%=OAuthRequestHandler.AUTHENTICITY_TOKEN%>"
-                                   value="${oauthauthorizationdata.authenticityToken}"/>
-
-                            <p>The application <b>${oauthauthorizationdata.applicationName}</b> would like the
-                                ability to access and update your data on Sample OAuth CXF server.
-                                <br/>
-                                Please ensure that you trust this website with your information before
-                                proceeding!</p>
-                            <c:if test="${not empty param.login_error}">
-                                <font color="red">
-                                    Your login attempt was not successful, try again.<br/><br/>
-                                    Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.
-                                </font>
-                            </c:if>
-                            <br>
-                            User: user1
-                            <br>
-                            Password: 1111
-                            <br>
-                            <label for="login">User</label>
-                            <input type="text" id="login" name='j_username'
-                                   value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/>
-
-                            <div class="clear"></div>
-                            <label for="password">Password</label>
-                            <input type="password" id="password" name="j_password"/>
-                            <br>
-                            <input type="submit" class="button" name="commit" value="Allow"/>
-                            <input type="submit" class="button" name="commit" value="Deny"/>
-                        </form>
-                    </c:when>
-                        <%--user is logged in, just ask user to allow third party app access--%>
-                        <c:otherwise>
-                            <form action="/auth/oauth/authorize">
-                                <input type="hidden" name="oauth_token"
-                                       value="${oauthauthorizationdata.oauthToken}"/>
-                                <input type="hidden" name="<%=OAuthRequestHandler.AUTHENTICITY_TOKEN%>"
-                                       value="${oauthauthorizationdata.authenticityToken}"/>
-
-                                <p>The application <b>${oauthauthorizationdata.applicationName}</b> would like
-                                    the
-                                    ability to access and update your data on Sample OAuth CXF server.
-                                    <br/>
-                                    Please ensure that you trust this website with your information before
-                                    proceeding!</p>
-                                <input type="submit" class="button" name="commit" value="Allow"/>
-                                <input type="submit" class="button" name="commit" value="Deny"/>
-                            </form>
-                        </c:otherwise>
-                    </c:choose>
-                </td>
-            </tr>
-        </table>
-    </c:when>
-    <c:otherwise>
-        <h3>Invalid request</h3>
-    </c:otherwise>
-</c:choose>
+<h4>Callback URI was not provided, propably you cannot receive callbacks.
+    Save below oauth verifier value to be able to receive access token.
+</h4>
+<table>
+    <tr>
+        <%--todo display properly--%>
+        <td>OAuth verifier:</td>
+        <td>${oauth_verifier}</td>
+    </tr>
+</table>
 </body>
 </html>
\ No newline at end of file

Copied: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/newClientForm.jsp (from r981471, cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/newAppForm.jsp)
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/newClientForm.jsp?p2=cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/newClientForm.jsp&p1=cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/newAppForm.jsp&r1=981471&r2=985017&rev=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/newAppForm.jsp (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/newClientForm.jsp Thu Aug 12 22:30:02 2010
@@ -16,22 +16,23 @@ KIND, either express or implied. See the
 specific language governing permissions and limitations
 under the License.
 -->
-<%--@elvariable id="application" type="org.apache.cxf.auth.oauth.demo.server.Application"--%>
+<%--@elvariable id="client" type="org.apache.cxf.auth.oauth.demo.server.ClientApp"--%>
 <%@ page contentType="text/html;charset=UTF-8" language="java" %>
 <%@ page isELIgnored="false" %>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
 <%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 <html>
-<head><title>Create new application</title></head>
+<head><title>Authorization Server</title></head>
 <body>
-<form:form commandName="application" action="/app/registerApp">
-    <c:if test="${!empty application.error}">
-        <font color="red"><p>Error: ${application.error}</p></font>
-    </c:if>
-    <table>
+
+<c:if test="${!empty client.error}">
+    <font color="red"><p>Error: ${client.error}</p></font>
+</c:if>
+<table>
+    <form:form commandName="client" action="/app/registerClient">
         <tr>
-            <td>Application Name:</td>
-            <td><form:input size="70" path="applicationName"/></td>
+            <td>Client Name:</td>
+            <td><form:input size="70" path="clientName"/></td>
         </tr>
         <tr>
             <td>Callback URL:</td>
@@ -39,10 +40,25 @@ under the License.
         </tr>
         <tr>
             <td colspan="2">
-                <input type="submit" value="Register Application"/>
+                <input type="submit" value="Register New Client"/>
             </td>
         </tr>
-    </table>
-</form:form>
+    </form:form>
+    <tr>
+        <form:form action="/app/listRegisteredClients">
+            <td colspan="2">
+                <input type="submit" value="List Registered Clients"/>
+            </td>
+        </form:form>
+    </tr>
+    <tr>
+        <form:form action="/app/listAuthorizedClients">
+            <td colspan="2">
+                <input type="submit" value="List Authorized Clients"/>
+            </td>
+        </form:form>
+    </tr>
+</table>
+
 </body>
 </html>

Copied: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/registeredClientsList.jsp (from r981471, cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/registeredAppsList.jsp)
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/registeredClientsList.jsp?p2=cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/registeredClientsList.jsp&p1=cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/registeredAppsList.jsp&r1=981471&r2=985017&rev=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/registeredAppsList.jsp (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/views/registeredClientsList.jsp Thu Aug 12 22:30:02 2010
@@ -16,44 +16,53 @@ KIND, either express or implied. See the
 specific language governing permissions and limitations
 under the License.
 -->
-<%--@elvariable id="apps" type="java.util.Set<org.apache.cxf.auth.oauth.provider.ClientAuthNInfo>"--%>
+<%--@elvariable id="clients" type="java.util.Set<org.apache.cxf.auth.oauth.provider.Client>"--%>
 <%@ page contentType="text/html;charset=UTF-8" language="java" %>
 <%@ page isELIgnored="false" %>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
-<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
 <html>
-<head><title>Registered Applications</title></head>
+<head><title>Registered clients</title></head>
 <body>
-<form:form action="/app/newAppForm">
-    <table>
-        <c:forEach var="app" items="${apps}">
+<h3>Registered clients:</h3>
+<table>
+    <c:forEach var="client" items="${clients}">
+        <form:form action="/app/removeClient" commandName="client">
+            <input type="hidden" name="consumerKey" value="${client.consumerKey}"/>
             <tr>
                 <td>Application Name:</td>
-                <td>${app.applicationName}</td>
+                <td>${client.applicationName}</td>
             </tr>
             <tr>
                 <td>Customer Key:</td>
-                <td>${app.consumerKey}</td>
+                <td>${client.consumerKey}</td>
             </tr>
             <tr>
                 <td>Consumer Secret:</td>
-                <td>${app.secretKey}</td>
+                <td>${client.secretKey}</td>
             </tr>
             <tr>
                 <td>Callback URL:</td>
-                <td>${app.callbackURL}</td>
+                <td>${client.callbackURL}</td>
             </tr>
             <tr>
-                <td>&nbsp;</td>
-                <td>&nbsp;</td>
+                <td colspan="2">
+                    <input type="submit" value="Remove Client"/>
+                </td>
             </tr>
-        </c:forEach>
+        </form:form>
         <tr>
+            <td>&nbsp;</td>
+            <td>&nbsp;</td>
+        </tr>
+    </c:forEach>
+    <tr>
+        <form:form action="/app/newClientForm">
             <td colspan="2">
-                <input type="submit" value="Register New App"/>
+                <input type="submit" value="Register New Client"/>
             </td>
-        </tr>
-    </table>
-</form:form>
+        </form:form>
+    </tr>
+</table>
+
 </body>
 </html>

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/web.xml?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/web.xml (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/web.xml Thu Aug 12 22:30:02 2010
@@ -25,7 +25,7 @@
 
 
     <!-- **************** Spring configuration *****************-->
-    
+
     <context-param>
         <param-name>contextConfigLocation</param-name>
         <param-value>/WEB-INF/*-beans.xml</param-value>

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp (original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp Thu Aug 12 22:30:02 2010
@@ -31,7 +31,7 @@ under the License.
         <table align="center">
             <tr align="center">
                 <td>
-                    <%--user not logged in, login and allow thir party app access--%>
+                        <%--user not logged in, login and allow thir party app access--%>
                     <c:choose><c:when test="${empty oauthauthorizationdata.userName}">
                         <form name="f" action="/j_spring_security_check" method="POST">
                             <input type="hidden" name="oauth_token"

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/AuthorizationServiceImpl.java Thu Aug 12 22:30:02 2010
@@ -21,6 +21,7 @@ package org.apache.cxf.auth.oauth.endpoi
 
 import java.io.IOException;
 import java.net.URI;
+import java.net.URISyntaxException;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.servlet.http.HttpServletRequest;
@@ -33,6 +34,7 @@ import javax.ws.rs.core.Response;
 import net.oauth.OAuthException;
 import net.oauth.OAuthProblemException;
 
+import org.apache.cxf.auth.oauth.provider.Client;
 import org.apache.cxf.auth.oauth.provider.OAuthAuthorizationData;
 import org.apache.cxf.auth.oauth.utils.OAuthUtils;
 import org.apache.cxf.common.logging.LogUtils;
@@ -45,6 +47,7 @@ import org.apache.cxf.common.util.String
 public class AuthorizationServiceImpl extends OAuthAbstractService implements AuthorizationService {
 
     private static final Logger LOG = LogUtils.getL7dLogger(AuthorizationServiceImpl.class);
+    private String displayVerifierURL;
 
     @GET
     @Path("/")
@@ -60,6 +63,12 @@ public class AuthorizationServiceImpl ex
                 return Response.ok(oauthData).build();
             }
 
+            if (Client.OAUTH_OOB.equals(callback)) {
+                return Response
+                    .seeOther(new URI(displayVerifierURL + "?" + "oauth_verifier=" + verifier))
+                    .build();
+            }
+
             StringBuffer redirectUrl = new StringBuffer(callback).append("?oauth_token=")
                 .append(oauthData.getOauthToken()).append("&oauth_verifier=").append(verifier);
 
@@ -83,7 +92,16 @@ public class AuthorizationServiceImpl ex
                 LOG.log(Level.SEVERE, "OAuth library exception: {0}", new Object[] {e.toString()});
             }
             OAuthUtils.handleException(response, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+        } catch (URISyntaxException e) {
+            if (LOG.isLoggable(Level.SEVERE)) {
+                LOG.log(Level.SEVERE, "OAuth module exception: {0}", new Object[] {e.toString()});
+            }
+            OAuthUtils.handleException(response, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
         }
         return null;
     }
+
+    public void setDisplayVerifierURL(String displayVerifierURL) {
+        this.displayVerifierURL = displayVerifierURL;
+    }
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/endpoints/TemporaryCredentialsService.java Thu Aug 12 22:30:02 2010
@@ -35,5 +35,5 @@ public interface TemporaryCredentialsSer
     @POST
     @Produces("application/x-www-form-urlencoded")
     Response getTemporaryCredentials(@Context HttpServletRequest request,
-                                                @Context HttpServletResponse response);
+                                     @Context HttpServletResponse response);
 }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/AbstractOAuthRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/AbstractOAuthRequestHandler.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/AbstractOAuthRequestHandler.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/AbstractOAuthRequestHandler.java Thu Aug 12 22:30:02 2010
@@ -20,6 +20,7 @@ package org.apache.cxf.auth.oauth.handle
 
 import java.io.IOException;
 import java.net.URISyntaxException;
+import java.security.Principal;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.UUID;
@@ -39,12 +40,11 @@ import net.oauth.OAuthMessage;
 import net.oauth.OAuthProblemException;
 import net.oauth.server.OAuthServlet;
 
-import org.apache.cxf.auth.oauth.provider.ClientAuthNInfo;
+import org.apache.cxf.auth.oauth.provider.Client;
 import org.apache.cxf.auth.oauth.provider.OAuthAuthorizationData;
 import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.auth.oauth.tokens.AccessToken;
 import org.apache.cxf.auth.oauth.tokens.RequestToken;
-import org.apache.cxf.auth.oauth.validation.OAuthValidator;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
 
@@ -56,7 +56,6 @@ public abstract class AbstractOAuthReque
     private static final Logger LOG = LogUtils.getL7dLogger(AbstractOAuthRequestHandler.class);
 
     private OAuthDataProvider dataProvider;
-    private OAuthValidator validator;
 
     public Response handleTemporaryCredentials(HttpServletRequest request)
         throws IOException, ServletException, OAuthException {
@@ -79,10 +78,10 @@ public abstract class AbstractOAuthReque
             LOG.log(Level.FINE, "All required OAuth parameters are present");
         }
 
-        ClientAuthNInfo authNInfo = dataProvider
+        Client authNInfo = dataProvider
             .getClientAuthenticationInfo(oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY));
 
-        //client credentials not found
+        //client credentials not found //todo handle exception
         if (authNInfo == null) {
             OAuthProblemException problemEx = new OAuthProblemException(
                 OAuth.Problems.CONSUMER_KEY_UNKNOWN);
@@ -99,7 +98,7 @@ public abstract class AbstractOAuthReque
 
         //validate message
         try {
-            validator.validateMessage(oAuthMessage, accessor);
+            dataProvider.getValidator().validateMessage(oAuthMessage, accessor);
         } catch (URISyntaxException e) {
             throw new OAuthException(e);
         }
@@ -108,7 +107,7 @@ public abstract class AbstractOAuthReque
         authNInfo = setCallbackURL(authNInfo,
             oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK));
 
-        RequestToken requestToken = dataProvider.generateRequestToken(authNInfo);
+        RequestToken requestToken = dataProvider.generateRequestToken(authNInfo, Long.valueOf(3600));
 
         if (LOG.isLoggable(Level.FINE)) {
             LOG.log(Level.FINE, "Preparing Temporary Credentials Endpoint correct response");
@@ -128,7 +127,7 @@ public abstract class AbstractOAuthReque
     public OAuthAuthorizationData handleAuthorization(HttpServletRequest request,
                                                       HttpServletResponse response,
                                                       String oAuthCredentialsPage)
-        throws IOException {
+        throws IOException, OAuthException {
         LOG.log(Level.INFO, "Resource Owner Authorization Endpoint invoked");
 
         //create security token that is passed to sign in page and validate it in confirmation service
@@ -139,25 +138,26 @@ public abstract class AbstractOAuthReque
 
         try {
             oAuthMessage.requireParameters(OAuth.OAUTH_TOKEN);
-            validator.checkParameters(oAuthMessage);
+            dataProvider.getValidator().checkParameters(oAuthMessage);
         } catch (Exception e) {
-            return secData;
+            throw new OAuthException(e);
         }
 
-        RequestToken token = isValidTokenRequest(oAuthMessage);
+        RequestToken token = dataProvider
+            .getRequestToken(oAuthMessage.getToken(), oAuthMessage.getConsumerKey(), null);
         if (token == null) {
-            return addAdditionalParams(secData, token, null);
+            return secData;
         }
 
         //check if user is logged in
-        String username = loggedUser(request);
-        if (StringUtils.isEmpty(username)) {
+        Principal principal = loggedPrincipal(request);
+        if (principal == null || StringUtils.isEmpty(principal.getName())) {
             //add authenticity token into session
             addAuthenticityTokenToSession(secData, request);
-            return addAdditionalParams(secData, token, username);
+            return addAdditionalParams(secData, token, principal);
         }
 
-        token = isValidTokenRequest(oAuthMessage);
+        token = dataProvider.getRequestToken(oAuthMessage.getToken(), oAuthMessage.getConsumerKey(), null);
         if (token == null) {
             return secData;
         }
@@ -166,16 +166,20 @@ public abstract class AbstractOAuthReque
         boolean authentic = compareRequestSessionTokens(request);
         if (!authentic) {
             addAuthenticityTokenToSession(secData, request);
-            return addAdditionalParams(secData, token, username);
+            return addAdditionalParams(secData, token, principal);
         }
 
-        token = dataProvider.validateRequestToken(oAuthMessage.getToken(), true);
-        ClientAuthNInfo clientInfo = token.getClientAuthenticationInfo();
+        token = dataProvider
+            .generateVerifier(oAuthMessage.getToken(), oAuthMessage.getConsumerKey(), principal);
+        if (token == null) {
+            return secData;
+        }
+        Client clientInfo = token.getClient();
 
         secData.setCallback(clientInfo.getCallbackURL());
         secData.setOauthVerifier(token.getOauthVerifier());
 
-        return addAdditionalParams(secData, token, username);
+        return addAdditionalParams(secData, token, principal);
     }
 
     private boolean compareRequestSessionTokens(HttpServletRequest request) {
@@ -200,19 +204,6 @@ public abstract class AbstractOAuthReque
         session.setAttribute(AUTHENTICITY_TOKEN, value);
     }
 
-    private RequestToken isValidTokenRequest(OAuthMessage message)
-        throws IOException {
-        RequestToken token = dataProvider.validateRequestToken(message.getToken(), false);
-
-        if (token == null) {
-            if (LOG.isLoggable(Level.WARNING)) {
-                LOG.log(Level.WARNING, "Request token was not found customer key was not found");
-            }
-            return token;
-        }
-        return token;
-    }
-
     public Response handleAccessToken(HttpServletRequest request)
         throws IOException, OAuthException {
         OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
@@ -226,19 +217,20 @@ public abstract class AbstractOAuthReque
             OAuth.OAUTH_VERIFIER);
 
         RequestToken token = dataProvider
-            .getRequestToken(oAuthMessage.getToken(), oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER));
+            .getRequestToken(oAuthMessage.getToken(), oAuthMessage.getConsumerKey(),
+                oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER));
 
-        ClientAuthNInfo authInfo = token.getClientAuthenticationInfo();
+        Client authInfo = token.getClient();
         OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(), authInfo.getConsumerKey(),
             authInfo.getSecretKey(), null);
         OAuthAccessor accessor = new OAuthAccessor(consumer);
         try {
-            validator.validateMessage(oAuthMessage, accessor);
+            dataProvider.getValidator().validateMessage(oAuthMessage, accessor);
         } catch (URISyntaxException e) {
             throw new OAuthException(e);
         }
 
-        AccessToken accessToken = dataProvider.generateAccessToken(token);
+        AccessToken accessToken = dataProvider.generateAccessToken(token.getPrincipal(), token);
 
         //create response
         Map<String, Object> responseParams = new HashMap<String, Object>();
@@ -261,9 +253,10 @@ public abstract class AbstractOAuthReque
             OAuth.OAUTH_TIMESTAMP,
             OAuth.OAUTH_NONCE);
 
-        AccessToken accessToken = dataProvider.getAccessToken(oAuthMessage.getToken());
-        ClientAuthNInfo authInfo = accessToken.getClientAuthenticationInfo();
-
+        AccessToken accessToken = dataProvider
+            .getAccessToken(oAuthMessage.getToken(), oAuthMessage.getConsumerKey());
+        Client authInfo = accessToken.getClient();
+        //todo check if exists
 
         OAuthConsumer consumer = new OAuthConsumer(authInfo.getCallbackURL(), authInfo.getConsumerKey(),
             authInfo.getSecretKey(), null);
@@ -271,7 +264,7 @@ public abstract class AbstractOAuthReque
         OAuthAccessor accessor = new OAuthAccessor(consumer);
 
         try {
-            validator.validateMessage(oAuthMessage, accessor);
+            dataProvider.getValidator().validateMessage(oAuthMessage, accessor);
         } catch (URISyntaxException e) {
             throw new OAuthException(e);
         }
@@ -279,31 +272,30 @@ public abstract class AbstractOAuthReque
 
 
     protected OAuthAuthorizationData addAdditionalParams(OAuthAuthorizationData secData, RequestToken token,
-                                                         String username) {
+                                                         Principal principal) {
         secData.setOauthToken(token.getTokenString());
-        secData.setApplicationName(token.getClientAuthenticationInfo().getApplicationName());
-        secData.setUserName(username);
+        secData.setApplicationName(token.getClient().getApplicationName());
+        if (principal == null) {
+            secData.setUserName(null);
+        } else {
+            secData.setUserName(principal.getName());
+        }
 
         return secData;
     }
 
     //todo check if this same as registered
 
-    protected ClientAuthNInfo setCallbackURL(ClientAuthNInfo authNInfo,
-                                             String oauthCallback) {
+    protected Client setCallbackURL(Client authNInfo,
+                                    String oauthCallback) {
 
-        if (!oauthCallback.equals(ClientAuthNInfo.OAUTH_OOB)) {
+        if (!oauthCallback.equals(Client.OAUTH_OOB)) {
             authNInfo.setCallbackURL(oauthCallback);
         }
 
         return authNInfo;
     }
 
-
-    public void setOAuthValidator(OAuthValidator oAuthValidator) {
-        this.validator = oAuthValidator;
-    }
-
     public void setOAuthDataProvider(OAuthDataProvider provider) {
         this.dataProvider = provider;
     }

Modified: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java?rev=985017&r1=985016&r2=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/handlers/OAuthRequestHandler.java Thu Aug 12 22:30:02 2010
@@ -19,6 +19,7 @@
 package org.apache.cxf.auth.oauth.handlers;
 
 import java.io.IOException;
+import java.security.Principal;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -28,7 +29,6 @@ import net.oauth.OAuthException;
 
 import org.apache.cxf.auth.oauth.provider.OAuthAuthorizationData;
 import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
-import org.apache.cxf.auth.oauth.validation.OAuthValidator;
 
 /**
  * @author Lukasz Moren
@@ -59,9 +59,7 @@ public interface OAuthRequestHandler {
     /**
      * Returns logged user name, or null if no user is logged
      */
-    String loggedUser(HttpServletRequest request);
-
-    void setOAuthValidator(OAuthValidator oAuthValidator);
+    Principal loggedPrincipal(HttpServletRequest request);
 
     void setOAuthDataProvider(OAuthDataProvider provider);
 

Copied: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Client.java (from r981471, cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthNInfo.java)
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Client.java?p2=cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Client.java&p1=cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthNInfo.java&r1=981471&r2=985017&rev=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthNInfo.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Client.java Thu Aug 12 22:30:02 2010
@@ -21,7 +21,7 @@ package org.apache.cxf.auth.oauth.provid
 /**
  * @author Lukasz Moren
  */
-public interface ClientAuthNInfo {
+public interface Client {
     //oauth calbackurl "out of band" parameter
     String OAUTH_OOB = "oob";
 

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Client.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/Client.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Copied: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientImpl.java (from r981471, cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthNInfoImpl.java)
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientImpl.java?p2=cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientImpl.java&p1=cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthNInfoImpl.java&r1=981471&r2=985017&rev=985017&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientAuthNInfoImpl.java (original)
+++ cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientImpl.java Thu Aug 12 22:30:02 2010
@@ -21,25 +21,25 @@ package org.apache.cxf.auth.oauth.provid
 /**
  * @author Lukasz Moren
  */
-public class ClientAuthNInfoImpl implements ClientAuthNInfo {
+public class ClientImpl implements Client {
     private String consumerKey;
     private String secretKey;
     private String callbackURL;
     private String applicationName;
 
-    public ClientAuthNInfoImpl(String consumerKey, String secretKey, String callbackURL,
-                                        String applicationName) {
+    public ClientImpl(String consumerKey, String secretKey, String callbackURL,
+                      String applicationName) {
         this.consumerKey = consumerKey;
         this.secretKey = secretKey;
         this.callbackURL = callbackURL;
         this.applicationName = applicationName;
     }
 
-    public ClientAuthNInfoImpl(String consumerKey, String secretKey, String callbackURL) {
+    public ClientImpl(String consumerKey, String secretKey, String callbackURL) {
         this(consumerKey, secretKey, callbackURL, null);
     }
 
-    public ClientAuthNInfoImpl(String consumerKey, String secretKey) {
+    public ClientImpl(String consumerKey, String secretKey) {
         this(consumerKey, secretKey, null);
     }
 
@@ -76,7 +76,7 @@ public class ClientAuthNInfoImpl impleme
             return false;
         }
 
-        ClientAuthNInfoImpl that = (ClientAuthNInfoImpl)o;
+        ClientImpl that = (ClientImpl)o;
 
         if (applicationName != null ? !applicationName.equals(that.applicationName)
             : that.applicationName != null) {

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/rt/rs/oauth/src/main/java/org/apache/cxf/auth/oauth/provider/ClientImpl.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date



Mime
View raw message