cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmo...@apache.org
Subject svn commit: r1026892 - in /cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server: ./ src/main/java/org/apache/cxf/auth/oauth/demo/server/ src/main/java/org/apache/cxf/auth/oauth/demo/server/controllers/ src/main/java/org/apache...
Date Sun, 24 Oct 2010 21:14:59 GMT
Author: lmoren
Date: Sun Oct 24 21:14:58 2010
New Revision: 1026892

URL: http://svn.apache.org/viewvc?rev=1026892&view=rev
Log:
- added support for @Secured annotation
 - improved scopes definition
 - simplified configuration

Added:
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/CustomAuth.java
  (with props)
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SampleOAuthDataProvider.java
  (contents, props changed)
      - copied, changed from r985017, cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SpringOAuthRequestHandler.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/SpringOAuthAuthenticationFilter.java
  (with props)
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/SpringSecurityExceptionMapper.java
  (with props)
Removed:
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SpringOAuthRequestHandler.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/appengine-web.xml
Modified:
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/pom.xml
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/SampleResourceProvider.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/controllers/ApplicationController.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationFailureHandler.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationSuccessfullHandler.java
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/security-beans.xml
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/web.xml
    cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/pom.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/pom.xml?rev=1026892&r1=1026891&r2=1026892&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/pom.xml
(original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/pom.xml
Sun Oct 24 21:14:58 2010
@@ -65,49 +65,65 @@
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-web</artifactId>
-            <version>${spring.version}</version>
+            <version>3.0.3.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-webmvc</artifactId>
-            <version>${spring.version}</version>
+            <version>3.0.3.RELEASE</version>
         </dependency>
 
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-core</artifactId>
-            <version>${spring.version}</version>
+            <version>3.0.3.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-beans</artifactId>
-            <version>${spring.version}</version>
+            <version>3.0.3.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-context</artifactId>
-            <version>${spring.version}</version>
+            <version>3.0.3.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-core</artifactId>
-            <version>${spring.version}</version>
+            <version>3.0.3.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-web</artifactId>
-            <version>${spring.version}</version>
+            <version>3.0.3.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-config</artifactId>
-            <version>${spring.version}</version>
+            <version>3.0.3.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-acl</artifactId>
-            <version>${spring.version}</version>
+            <version>3.0.3.RELEASE</version>
         </dependency>
+        <dependency>
+            <groupId>javax.annotation</groupId>
+            <artifactId>jsr250-api</artifactId>
+            <version>1.0</version>
+        </dependency>
+        <dependency>
+            <groupId>cglib</groupId>
+            <artifactId>cglib</artifactId>
+            <version>2.1</version>
+        </dependency>
+        <dependency>
+            <groupId>asm</groupId>
+            <artifactId>asm</artifactId>
+            <version>1.5.3</version>
+        </dependency>
+
 
         <dependency>
             <artifactId>standard</artifactId>

Added: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/CustomAuth.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/CustomAuth.java?rev=1026892&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/CustomAuth.java
(added)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/CustomAuth.java
Sun Oct 24 21:14:58 2010
@@ -0,0 +1,20 @@
+package org.apache.cxf.auth.oauth.demo.server;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
+
+/**
+ * @author Lukasz Moren
+ */
+public class CustomAuth extends LoginUrlAuthenticationEntryPoint {
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response,
+                         AuthenticationException authException) throws IOException, ServletException
{
+        super.commence(request, response, authException);
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/CustomAuth.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/CustomAuth.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/SampleResourceProvider.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/SampleResourceProvider.java?rev=1026892&r1=1026891&r2=1026892&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/SampleResourceProvider.java
(original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/SampleResourceProvider.java
Sun Oct 24 21:14:58 2010
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.auth.oauth.demo.server;
 
+import javax.annotation.security.RolesAllowed;
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
@@ -26,7 +27,6 @@ import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
-import javax.xml.ws.handler.MessageContext;
 
 /**
  * Sample JAX-RS resource service
@@ -36,20 +36,19 @@ import javax.xml.ws.handler.MessageConte
 @Path("/")
 public class SampleResourceProvider {
 
-    @Context
-    private MessageContext mc;
-
     @GET
     @Produces("text/html")
-    @Path("/person/{name}")
+    @Path("/person/get/{name}")
+    @RolesAllowed( {"ROLE_USER"})
     public Response getInfo(@PathParam("name") String name, @Context HttpServletRequest request)
{
         return Response.ok("Successfully accessed OAuth protected person: " + name).build();
     }
 
     @POST
     @Produces("text/html")
-    @Path("/person/{name}")
-    public Response modifyInfo(@PathParam("name") String name) {
+    @Path("/person/modify/{name}")
+    @RolesAllowed( {"ROLE_ADMIN"})
+    public Response modifyInfo(@PathParam("name") String name, @Context HttpServletRequest
request) {
         return Response.ok("Successfully modified OAuth protected person: " + name).build();
     }
 }

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/controllers/ApplicationController.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/controllers/ApplicationController.java?rev=1026892&r1=1026891&r2=1026892&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/controllers/ApplicationController.java
(original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/controllers/ApplicationController.java
Sun Oct 24 21:14:58 2010
@@ -21,24 +21,24 @@ package org.apache.cxf.auth.oauth.demo.s
 import java.security.Principal;
 import java.security.SecureRandom;
 import java.util.Set;
-import javax.annotation.Resource;
+import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.cxf.auth.oauth.demo.server.ClientApp;
 import org.apache.cxf.auth.oauth.provider.Client;
 import org.apache.cxf.auth.oauth.provider.ClientImpl;
-import org.apache.cxf.auth.oauth.provider.ClientManager;
+import org.apache.cxf.auth.oauth.provider.OAuthClientManager;
 import org.apache.cxf.auth.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.auth.oauth.token.MD5TokenGenerator;
 import org.apache.cxf.auth.oauth.token.TokenGenerator;
+import org.apache.cxf.auth.oauth.utils.OAuthUtils;
 import org.apache.cxf.common.util.StringUtils;
 
-
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.context.ServletContextAware;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.view.RedirectView;
 
@@ -46,13 +46,11 @@ import org.springframework.web.servlet.v
  * @author Lukasz Moren
  */
 @Controller
-public class ApplicationController {
+public class ApplicationController implements ServletContextAware {
 
-    @Autowired
     private OAuthDataProvider oauthDataProvider;
 
-    @Resource(name = "oauthDataProvider")
-    private ClientManager clientManager;
+    private OAuthClientManager clientManager;
 
     @RequestMapping("/newClientForm")
     public ModelAndView handleRequest(@ModelAttribute("client") ClientApp clientApp) {
@@ -149,4 +147,9 @@ public class ApplicationController {
         modelAndView.getModel().put("client", app);
         return modelAndView;
     }
+
+    public void setServletContext(ServletContext servletContext) {
+        oauthDataProvider = OAuthUtils.getOAuthDataProviderFromServletContext(servletContext);
+        clientManager = (OAuthClientManager)OAuthUtils.getOAuthDataProviderFromServletContext(servletContext);
+    }
 }

Copied: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SampleOAuthDataProvider.java
(from r985017, cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SpringOAuthRequestHandler.java)
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SampleOAuthDataProvider.java?p2=cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SampleOAuthDataProvider.java&p1=cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SpringOAuthRequestHandler.java&r1=985017&r2=1026892&rev=1026892&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SpringOAuthRequestHandler.java
(original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SampleOAuthDataProvider.java
Sun Oct 24 21:14:58 2010
@@ -22,8 +22,7 @@ import java.security.Principal;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 
-import org.apache.cxf.auth.oauth.handlers.AbstractOAuthRequestHandler;
-
+import org.apache.cxf.auth.oauth.provider.MemoryOauthDataProvider;
 
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
@@ -31,7 +30,7 @@ import org.springframework.security.web.
 /**
  * @author Lukasz Moren
  */
-public class SpringOAuthRequestHandler extends AbstractOAuthRequestHandler {
+public class SampleOAuthDataProvider extends MemoryOauthDataProvider {
 
     public Principal loggedPrincipal(HttpServletRequest request) {
         HttpSession session = request.getSession();

Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SampleOAuthDataProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/oauth/SampleOAuthDataProvider.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationFailureHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationFailureHandler.java?rev=1026892&r1=1026891&r2=1026892&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationFailureHandler.java
(original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationFailureHandler.java
Sun Oct 24 21:14:58 2010
@@ -25,10 +25,9 @@ import javax.servlet.http.HttpServletRes
 
 import net.oauth.OAuth;
 
-import org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler;
+import org.apache.cxf.auth.oauth.endpoints.AuthorizationService;
 import org.apache.cxf.common.util.StringUtils;
 
-
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 
@@ -42,14 +41,14 @@ public class AuthenticationFailureHandle
     public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
                                         AuthenticationException exception)
         throws IOException, ServletException {
-        String xOAuthScope = request.getParameter(OAuthRequestHandler.X_OAUTH_SCOPE);
+        String xOAuthScope = request.getParameter(AuthorizationService.X_OAUTH_SCOPE);
         String oauthToken = request.getParameter(OAuth.OAUTH_TOKEN);
 
         StringBuffer url = new StringBuffer(authorizeUrl).append("?").append(OAuth.OAUTH_TOKEN).append("=")
             .append(oauthToken);
 
         if (!StringUtils.isEmpty(xOAuthScope)) {
-            url.append("&").append(OAuthRequestHandler.X_OAUTH_SCOPE).append("=")
+            url.append("&").append(AuthorizationService.X_OAUTH_SCOPE).append("=")
                 .append(xOAuthScope);
         }
 

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationSuccessfullHandler.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationSuccessfullHandler.java?rev=1026892&r1=1026891&r2=1026892&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationSuccessfullHandler.java
(original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/AuthenticationSuccessfullHandler.java
Sun Oct 24 21:14:58 2010
@@ -25,10 +25,9 @@ import javax.servlet.http.HttpServletRes
 
 import net.oauth.OAuth;
 
-import org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler;
+import org.apache.cxf.auth.oauth.endpoints.AuthorizationService;
 import org.apache.cxf.common.util.StringUtils;
 
-
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 
@@ -47,25 +46,25 @@ public class AuthenticationSuccessfullHa
     protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response)
{
 
         String oauthToken = request.getParameter(OAuth.OAUTH_TOKEN);
-        String authToken = request.getParameter(OAuthRequestHandler.AUTHENTICITY_TOKEN);
-        String decision = request.getParameter(OAuthRequestHandler.AUTHORIZATION_DECISION_KEY);
-        String xOAuthScope = request.getParameter(OAuthRequestHandler.X_OAUTH_SCOPE);
+        String authToken = request.getParameter(AuthorizationService.AUTHENTICITY_TOKEN);
+        String decision = request.getParameter(AuthorizationService.AUTHORIZATION_DECISION_KEY);
+        String xOAuthScope = request.getParameter(AuthorizationService.X_OAUTH_SCOPE);
 
         if (StringUtils.isEmpty(oauthToken)) {
             return super.determineTargetUrl(request, response);
         }
 
         StringBuffer url = new StringBuffer(confirmationUrl).append("?").append(OAuth.OAUTH_TOKEN).append("=")
-            .append(oauthToken).append("&").append(OAuthRequestHandler.AUTHENTICITY_TOKEN).append("=")
+            .append(oauthToken).append("&").append(AuthorizationService.AUTHENTICITY_TOKEN).append("=")
             .append(authToken);
 
         if (!StringUtils.isEmpty(decision)) {
-            url.append("&").append(OAuthRequestHandler.AUTHORIZATION_DECISION_KEY).append("=")
+            url.append("&").append(AuthorizationService.AUTHORIZATION_DECISION_KEY).append("=")
                 .append(decision);
         }
 
         if (!StringUtils.isEmpty(xOAuthScope)) {
-            url.append("&").append(OAuthRequestHandler.X_OAUTH_SCOPE).append("=")
+            url.append("&").append(AuthorizationService.X_OAUTH_SCOPE).append("=")
                 .append(xOAuthScope);
         }
 

Added: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/SpringOAuthAuthenticationFilter.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/SpringOAuthAuthenticationFilter.java?rev=1026892&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/SpringOAuthAuthenticationFilter.java
(added)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/SpringOAuthAuthenticationFilter.java
Sun Oct 24 21:14:58 2010
@@ -0,0 +1,63 @@
+package org.apache.cxf.auth.oauth.demo.server.spring;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.cxf.auth.oauth.interceptors.OAuthSecurityFilter;
+
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+/**
+ * @author Lukasz Moren
+ */
+public class SpringOAuthAuthenticationFilter implements Filter {
+
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+        throws IOException, ServletException {
+        HttpServletRequest req = (HttpServletRequest)request;
+        HttpServletResponse resp = (HttpServletResponse)response;
+
+        List<String> authorities = (List<String>)request.getAttribute(OAuthSecurityFilter.OAUTH_AUTHORITIES);
+        List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
+
+        if (authorities != null) {
+            for (String authority : authorities) {
+                grantedAuthorities.add(new GrantedAuthorityImpl(authority));
+            }
+
+            Authentication auth = new AnonymousAuthenticationToken(UUID.randomUUID().toString(),
+                req.getUserPrincipal(), grantedAuthorities);
+
+            SecurityContextHolder.getContext().setAuthentication(auth);
+        }
+
+
+        chain.doFilter(req, resp);
+    }
+
+    @Override
+    public void destroy() {
+
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/SpringOAuthAuthenticationFilter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/SpringOAuthAuthenticationFilter.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/SpringSecurityExceptionMapper.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/SpringSecurityExceptionMapper.java?rev=1026892&view=auto
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/SpringSecurityExceptionMapper.java
(added)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/SpringSecurityExceptionMapper.java
Sun Oct 24 21:14:58 2010
@@ -0,0 +1,16 @@
+package org.apache.cxf.auth.oauth.demo.server.spring;
+
+import javax.ws.rs.core.Response;
+import javax.ws.rs.ext.ExceptionMapper;
+
+import org.springframework.security.access.AccessDeniedException;
+
+/**
+ * @author Lukasz Moren
+ */
+public class SpringSecurityExceptionMapper implements ExceptionMapper<AccessDeniedException>
{
+
+    public Response toResponse(AccessDeniedException exception) {
+        return Response.status(Response.Status.FORBIDDEN).build();
+    }
+}

Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/SpringSecurityExceptionMapper.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/java/org/apache/cxf/auth/oauth/demo/server/spring/SpringSecurityExceptionMapper.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml?rev=1026892&r1=1026891&r2=1026892&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml
(original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/oauth-beans.xml
Sun Oct 24 21:14:58 2010
@@ -62,38 +62,20 @@
         <property name="resourcePath" value="/oAuthLogin.jsp"/>
     </bean>
 
-    <!-- Intercept request to OAuth protected resources -->
-    <bean id="oauthSecurityInterceptor"
-          class="org.apache.cxf.auth.oauth.interceptors.OAuthSecurityInterceptor">
-        <property name="handler" ref="requestHandler"/>
-    </bean>
-
-    <!--OAuth data provider -->
-    <bean id="oauthDataProvider" class="org.apache.cxf.auth.oauth.provider.MemoryOauthDataProvider">
-        <property name="validator" ref="validator"/>
-    </bean>
-
-    <bean id="requestHandler" class="org.apache.cxf.auth.oauth.demo.server.oauth.SpringOAuthRequestHandler">
-        <property name="OAuthDataProvider" ref="oauthDataProvider"/>
-    </bean>
-
     <bean id="validator" class="org.apache.cxf.auth.oauth.validation.OAuthMessageValidator"/>
 
     <!--Definitions of OAuth module endpoints-->
     <bean id="resourceOwnerAuthorizationEndpoint"
           class="org.apache.cxf.auth.oauth.endpoints.AuthorizationServiceImpl">
-        <property name="handler" ref="requestHandler"/>
         <property name="displayVerifierURL" value="http://localhost:8081/app/displayVerifier"/>
     </bean>
 
     <bean id="tokenService"
           class="org.apache.cxf.auth.oauth.endpoints.TokenCredentialsServiceImpl">
-        <property name="handler" ref="requestHandler"/>
     </bean>
 
     <bean id="temporaryCredentialService"
           class="org.apache.cxf.auth.oauth.endpoints.TemporaryCredentialsServiceImpl">
-        <property name="handler" ref="requestHandler"/>
     </bean>
 
 
@@ -102,11 +84,13 @@
         <jaxrs:serviceBeans>
             <ref bean="resource"/>
         </jaxrs:serviceBeans>
-        <jaxrs:inInterceptors>
-            <ref bean="oauthSecurityInterceptor"/>
-        </jaxrs:inInterceptors>
+        <jaxrs:providers>
+            <ref bean="springSecurityExceptionMapper"/>
+        </jaxrs:providers>
     </jaxrs:server>
 
+    <bean id="springSecurityExceptionMapper"
+          class="org.apache.cxf.auth.oauth.demo.server.spring.SpringSecurityExceptionMapper"/>
     <!-- Resource Provider -->
     <bean id="resource" class="org.apache.cxf.auth.oauth.demo.server.SampleResourceProvider"/>
 </beans>
\ No newline at end of file

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/security-beans.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/security-beans.xml?rev=1026892&r1=1026891&r2=1026892&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/security-beans.xml
(original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/security-beans.xml
Sun Oct 24 21:14:58 2010
@@ -36,7 +36,13 @@
         <beans:property name="authorizeUrl" value="/auth/oauth/authorize"/>
     </beans:bean>
 
-    <http auto-config="false">
+    <global-method-security secured-annotations="enabled" jsr250-annotations="enabled"/>
+
+    <beans:bean id="entryPoint" class="org.apache.cxf.auth.oauth.demo.server.CustomAuth">
+        <beans:property name="loginFormUrl" value="/index.jsp"/>
+    </beans:bean>
+
+    <http auto-config="false" entry-point-ref="entryPoint">
         <intercept-url pattern="/oAuthLogin.jsp" filters="none"/>
         <intercept-url pattern="/index.jsp" filters="none"/>
         <intercept-url pattern="/" filters="none"/>

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/web.xml?rev=1026892&r1=1026891&r2=1026892&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/web.xml
(original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/WEB-INF/web.xml
Sun Oct 24 21:14:58 2010
@@ -23,7 +23,31 @@
          http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
          metadata-complete="true" version="2.5">
 
+    <context-param>
+        <param-name>oauth.data.provider-class</param-name>
+        <param-value>org.apache.cxf.auth.oauth.demo.server.oauth.SampleOAuthDataProvider</param-value>
+    </context-param>
 
+    <filter>
+        <filter-name>oauthFilter</filter-name>
+        <filter-class>org.apache.cxf.auth.oauth.interceptors.OAuthSecurityFilter</filter-class>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>oauthFilter</filter-name>
+        <url-pattern>/auth/resources/person/*</url-pattern>
+    </filter-mapping>
+
+
+    <filter>
+        <filter-name>oauthSpringFilter</filter-name>
+        <filter-class>org.apache.cxf.auth.oauth.demo.server.spring.SpringOAuthAuthenticationFilter
+        </filter-class>
+    </filter>
+    <filter-mapping>
+        <filter-name>oauthSpringFilter</filter-name>
+        <url-pattern>/auth/resources/person/*</url-pattern>
+    </filter-mapping>
     <!-- **************** Spring configuration *****************-->
 
     <context-param>

Modified: cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp
URL: http://svn.apache.org/viewvc/cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp?rev=1026892&r1=1026891&r2=1026892&view=diff
==============================================================================
--- cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp
(original)
+++ cxf/sandbox/oauth_1.0a/distribution/src/main/release/samples/oauth_1.0a/server/src/main/webapp/oAuthLogin.jsp
Sun Oct 24 21:14:58 2010
@@ -1,4 +1,4 @@
-<%@ page import="org.apache.cxf.auth.oauth.handlers.OAuthRequestHandler" %>
+<%@ page import="org.apache.cxf.auth.oauth.endpoints.AuthorizationService" %>
 <!--
 Licensed to the Apache Software Foundation (ASF) under one
 or more contributor license agreements. See the NOTICE file
@@ -36,9 +36,11 @@ under the License.
                         <form name="f" action="/j_spring_security_check" method="POST">
                             <input type="hidden" name="oauth_token"
                                    value="${oauthauthorizationdata.oauthToken}"/>
-                            <input type="hidden" name="<%=OAuthRequestHandler.AUTHENTICITY_TOKEN%>"
+                            <input type="hidden"
+                                   name="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.AUTHENTICITY_TOKEN%>"
                                    value="${oauthauthorizationdata.authenticityToken}"/>
-                            <input type="hidden" name="<%=OAuthRequestHandler.X_OAUTH_SCOPE%>"
+                            <input type="hidden"
+                                   name="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.X_OAUTH_SCOPE%>"
                                    value="<%=request.getParameter("x_oauth_scope")%>"/>
 
                             <p>The application <b>${oauthauthorizationdata.applicationName}</b>
would like the
@@ -69,12 +71,14 @@ under the License.
                             <label for="password">Password</label>
                             <input type="password" id="password" name="j_password"/>
                             <br>
-                            <button name="<%=OAuthRequestHandler.AUTHORIZATION_DECISION_KEY%>"
type="submit"
-                                    value="<%=OAuthRequestHandler.AUTHORIZATION_DECISION_DENY%>">
+                            <button name="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.AUTHORIZATION_DECISION_KEY%>"
+                                    type="submit"
+                                    value="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.AUTHORIZATION_DECISION_DENY%>">
                                 Deny
                             </button>
-                            <button name="<%=OAuthRequestHandler.AUTHORIZATION_DECISION_KEY%>"
type="submit"
-                                    value="<%=OAuthRequestHandler.AUTHORIZATION_DECISION_ALLOW%>">
+                            <button name="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.AUTHORIZATION_DECISION_KEY%>"
+                                    type="submit"
+                                    value="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.AUTHORIZATION_DECISION_ALLOW%>">
                                 Allow
                             </button>
                         </form>
@@ -84,9 +88,11 @@ under the License.
                             <form action="/auth/oauth/authorize">
                                 <input type="hidden" name="oauth_token"
                                        value="${oauthauthorizationdata.oauthToken}"/>
-                                <input type="hidden" name="<%=OAuthRequestHandler.AUTHENTICITY_TOKEN%>"
+                                <input type="hidden"
+                                       name="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.AUTHENTICITY_TOKEN%>"
                                        value="${oauthauthorizationdata.authenticityToken}"/>
-                                <input type="hidden" name="<%=OAuthRequestHandler.X_OAUTH_SCOPE%>"
+                                <input type="hidden"
+                                       name="<%=org.apache.cxf.auth.oauth.endpoints.AuthorizationService.X_OAUTH_SCOPE%>"
                                        value="<%=request.getParameter("x_oauth_scope")%>"/>
 
                                 <p>The application <b>${oauthauthorizationdata.applicationName}</b>
would like
@@ -99,14 +105,14 @@ under the License.
                                     </c:forEach></ul>
                                 Please ensure that you trust this website with your information
before
                                 proceeding!</p>
-                                <button name="<%=OAuthRequestHandler.AUTHORIZATION_DECISION_KEY%>"
+                                <button name="<%=AuthorizationService.AUTHORIZATION_DECISION_KEY%>"
                                         type="submit"
-                                        value="<%=OAuthRequestHandler.AUTHORIZATION_DECISION_DENY%>">
+                                        value="<%=AuthorizationService.AUTHORIZATION_DECISION_DENY%>">
                                     Deny
                                 </button>
-                                <button name="<%=OAuthRequestHandler.AUTHORIZATION_DECISION_KEY%>"
+                                <button name="<%=AuthorizationService.AUTHORIZATION_DECISION_KEY%>"
                                         type="submit"
-                                        value="<%=OAuthRequestHandler.AUTHORIZATION_DECISION_ALLOW%>">
+                                        value="<%=AuthorizationService.AUTHORIZATION_DECISION_ALLOW%>">
                                     Allow
                                 </button>
                             </form>



Mime
View raw message