cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1176408 [2/3] - in /cxf/trunk: distribution/src/main/release/samples/oauth/ distribution/src/main/release/samples/oauth/client/ distribution/src/main/release/samples/oauth/client/src/ distribution/src/main/release/samples/oauth/client/src/...
Date Tue, 27 Sep 2011 14:47:33 GMT
Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java Tue Sep 27 14:47:30 2011
@@ -0,0 +1,146 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package demo.oauth.server.controllers;
+
+import java.security.Principal;
+import java.security.SecureRandom;
+import java.util.Set;
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+
+import demo.oauth.server.ClientApp;
+import org.apache.cxf.common.util.StringUtils;
+
+import org.apache.cxf.rs.security.oauth.data.Client;
+import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.provider.MD5TokenGenerator;
+import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
+
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.context.ServletContextAware;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.view.RedirectView;
+
+@Controller
+public class ApplicationController implements ServletContextAware {
+
+    private OAuthDataProvider oauthDataProvider;
+
+    private OAuthClientManager clientManager;
+
+    @RequestMapping("/newClientForm")
+    public ModelAndView handleRequest(@ModelAttribute("client") ClientApp clientApp) {
+        return new ModelAndView("newClientForm");
+    }
+
+    @RequestMapping("/registerClient")
+    public ModelAndView registerApp(@ModelAttribute("client") ClientApp clientApp)
+        throws Exception {
+
+        if (StringUtils.isEmpty(clientApp.getClientName())) {
+            clientApp.setError("Client name field is required!");
+
+            return handleInternalRedirect(clientApp);
+        }
+
+        MD5TokenGenerator tokenGen = new MD5TokenGenerator();
+        Principal principal = SecurityContextHolder.getContext().getAuthentication();
+        String consumerKey = clientApp.getConsumerKey();
+        if (StringUtils.isEmpty(consumerKey)) {
+            consumerKey = tokenGen
+                .generateToken((principal.getName() + clientApp.getClientName()).getBytes("UTF-8"));
+        }
+
+        String secretKey = tokenGen.generateToken(new SecureRandom().generateSeed(20));
+
+        Client clientInfo = new Client(principal.getName(), consumerKey,
+            secretKey, clientApp.getCallbackURL(), clientApp.getClientName());
+
+
+        Client authNInfo = clientManager.registerNewClient(consumerKey, clientInfo);
+        if (authNInfo != null) {
+            clientApp.setError("Client already exists!");
+
+            return handleInternalRedirect(clientApp);
+        }
+
+        ModelAndView modelAndView = new ModelAndView("clientDetails");
+        modelAndView.getModel().put("clientInfo", clientInfo);
+
+        return modelAndView;
+    }
+
+    @RequestMapping("/listRegisteredClients")
+    public ModelAndView listRegisteredClients() {
+        Set<Client> apps = clientManager.listRegisteredClients();
+
+        ModelAndView modelAndView = new ModelAndView("registeredClientsList");
+        modelAndView.getModelMap().put("clients", apps);
+        return modelAndView;
+    }
+
+    @RequestMapping("/listAuthorizedClients")
+    public ModelAndView listAuthorizedClients() {
+        Set<Client> apps = clientManager.listAuthorizedClients();
+
+        ModelAndView modelAndView = new ModelAndView("authorizedClientsList");
+        modelAndView.getModelMap().put("clients", apps);
+        return modelAndView;
+    }
+
+    @RequestMapping("/removeClient")
+    public ModelAndView removeClient(HttpServletRequest request) {
+        String consumerKey = request.getParameter("consumerKey");
+
+        clientManager.removeRegisteredClient(consumerKey);
+
+
+        ModelAndView modelAndView = new ModelAndView(new RedirectView("/app/listRegisteredClients"));
+        return modelAndView;
+    }
+
+    @RequestMapping("/revokeAccess")
+    public ModelAndView revokeAccess(HttpServletRequest request) {
+        String consumerKey = request.getParameter("consumerKey");
+
+        oauthDataProvider.removeTokens(consumerKey);
+
+        ModelAndView modelAndView = new ModelAndView(new RedirectView("/app/listAuthorizedClients"));
+        return modelAndView;
+    }
+
+    @RequestMapping("/displayVerifier")
+    public ModelAndView displayVerifier() {
+        return new ModelAndView("displayVerifier");
+    }
+
+    private ModelAndView handleInternalRedirect(ClientApp app) {
+        ModelAndView modelAndView = new ModelAndView("newClientForm");
+        modelAndView.getModel().put("client", app);
+        return modelAndView;
+    }
+
+    public void setServletContext(ServletContext servletContext) {
+        oauthDataProvider = OAuthUtils.getOAuthDataProvider(null, servletContext);
+        clientManager = (OAuthClientManager)oauthDataProvider;
+    }
+}

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java Tue Sep 27 14:47:30 2011
@@ -0,0 +1,202 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package demo.oauth.server.controllers;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.concurrent.ConcurrentHashMap;
+
+import net.oauth.OAuth;
+import net.oauth.OAuthProblemException;
+
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.jaxrs.impl.MetadataMap;
+import org.apache.cxf.rs.security.oauth.data.AccessToken;
+import org.apache.cxf.rs.security.oauth.data.Client;
+import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
+import org.apache.cxf.rs.security.oauth.data.RequestToken;
+import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
+import org.apache.cxf.rs.security.oauth.data.Token;
+import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
+import org.apache.cxf.rs.security.oauth.provider.MD5TokenGenerator;
+import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
+
+public class MemoryOAuthDataProvider implements OAuthDataProvider {
+
+    public static final String CALLBACK = "http://www.example.com/callback";
+    public static final String APPLICATION_NAME = "Test Oauth 1.0 application";
+    public static final String CLIENT_ID = "12345678";
+    public static final String CLIENT_SECRET = "secret";
+
+    private static final ConcurrentHashMap<String, OAuthPermission> AVAILABLE_PERMISSIONS = 
+        new ConcurrentHashMap<String, OAuthPermission>();
+
+    static {
+        AVAILABLE_PERMISSIONS
+                .put("read_info", new OAuthPermission("read_info", "Read your personal information",
+                        "ROLE_USER"));
+        AVAILABLE_PERMISSIONS.put("modify_info",
+                new OAuthPermission("modify_info", "Modify your personal information", "ROLE_ADMIN"));
+    }
+
+    protected ConcurrentHashMap<String, Client> clientAuthInfo = new ConcurrentHashMap<String, Client>();
+
+    protected MetadataMap<String, String> userRegisteredClients = new MetadataMap<String, String>();
+
+    protected MetadataMap<String, String> userAuthorizedClients = new MetadataMap<String, String>();
+
+    protected ConcurrentHashMap<String, Token> oauthTokens = new ConcurrentHashMap<String, Token>();
+
+    protected MD5TokenGenerator tokenGenerator = new MD5TokenGenerator();
+
+    protected DefaultOAuthValidator validator = new DefaultOAuthValidator();
+
+    public MemoryOAuthDataProvider() {
+        Client client = new Client(CLIENT_ID, CLIENT_ID, 
+            CLIENT_SECRET, CALLBACK, APPLICATION_NAME);
+        clientAuthInfo.put(CLIENT_ID, client);
+    }
+    
+    public List<OAuthPermission> getPermissionsInfo(List<String> requestPermissions) {
+        List<OAuthPermission> permissions = new ArrayList<OAuthPermission>();
+        for (String requestScope : requestPermissions) {
+            OAuthPermission oAuthPermission = AVAILABLE_PERMISSIONS.get(requestScope);
+            permissions.add(oAuthPermission);
+        }
+    
+        return permissions;
+    }
+    
+    public Client getClient(String consumerKey) {
+        return clientAuthInfo.get(consumerKey);
+    }
+
+    public RequestToken createRequestToken(RequestTokenRegistration reg) throws OAuthServiceException {
+        String token = generateToken();
+        String tokenSecret = generateToken();
+
+        RequestToken reqToken = new RequestToken(reg.getClient(), token, tokenSecret, 
+                                                 reg.getLifetime());
+        reqToken.setScopes(reg.getScopes());
+        reqToken.setUris(reg.getUris());
+        
+        oauthTokens.put(token, reqToken);
+        return reqToken;
+    }
+
+    public RequestToken getRequestToken(String tokenString) throws OAuthServiceException {
+
+        Token token = oauthTokens.get(tokenString);
+        if (token == null || (!RequestToken.class.isAssignableFrom(token.getClass()))) {
+            throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED));
+        }
+        RequestToken requestToken = (RequestToken) token;
+
+        Client c = token.getClient();
+        if (c == null) {
+            throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN));
+        }
+        try {
+            validator.validateToken(requestToken);
+        } catch (OAuthProblemException ex) {
+            throw new OAuthServiceException(ex);
+        }
+        return requestToken;
+    }
+
+    public String createRequestTokenVerifier(RequestToken requestToken) throws
+            OAuthServiceException {
+        requestToken.setOauthVerifier(generateToken());
+        return requestToken.getOauthVerifier();
+    }
+
+    public AccessToken createAccessToken(RequestToken requestToken) throws
+            OAuthServiceException {
+
+        Client client = requestToken.getClient();
+        requestToken = getRequestToken(requestToken.getTokenString());
+
+        String accessTokenString = generateToken();
+        String tokenSecretString = generateToken();
+
+        AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString, 3600);
+
+        accessToken.setScopes(requestToken.getScopes());
+        accessToken.setUris(requestToken.getUris());
+
+        synchronized (oauthTokens) {
+            oauthTokens.remove(requestToken.getTokenString());
+            oauthTokens.put(accessTokenString, accessToken);
+            synchronized (userAuthorizedClients) {
+                userAuthorizedClients.add(client.getConsumerKey(), client.getConsumerKey());
+            }
+        }
+
+        return accessToken;
+    }
+
+    public AccessToken getAccessToken(String accessToken) throws OAuthServiceException
+    {
+        Token token = oauthTokens.get(accessToken);
+        if (token == null || !AccessToken.class.isAssignableFrom(token.getClass())) {
+            throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED));
+        }
+        try {
+            validator.validateToken(token);
+        } catch (OAuthProblemException ex) {
+            throw new OAuthServiceException(ex);
+        }
+        return (AccessToken) token;
+    }
+
+    
+
+    public void removeTokens(String consumerKey) {
+        if (!StringUtils.isEmpty(consumerKey)) {
+            List<String> registeredApps = this.userAuthorizedClients.get(consumerKey);
+            if (registeredApps != null) {
+                registeredApps.remove(consumerKey);
+            }
+            for (Token token : oauthTokens.values()) {
+                Client authNInfo = token.getClient();
+                if (consumerKey.equals(authNInfo.getConsumerKey())) {
+                    oauthTokens.remove(token.getTokenString());
+                }
+            }
+        }
+    }
+
+    protected String generateToken() throws OAuthServiceException {
+        String token;
+        try {
+            token = tokenGenerator.generateToken(UUID.randomUUID().toString().getBytes("UTF-8"));
+        } catch (Exception e) {
+            throw new OAuthServiceException("Unable to create token ", e.getCause());
+        }
+        return token;
+    }
+
+    public void setClientAuthInfo(Map<String, Client> clientAuthInfo) {
+        this.clientAuthInfo.putAll(clientAuthInfo);
+    }
+}

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java Tue Sep 27 14:47:30 2011
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package demo.oauth.server.controllers;
+
+import java.util.Set;
+
+import org.apache.cxf.rs.security.oauth.data.Client;
+
+
+public interface OAuthClientManager {
+    Client registerNewClient(String consumerKey, Client client);
+
+    Set<Client> listRegisteredClients();
+
+    Set<Client> listAuthorizedClients();
+
+    void removeRegisteredClient(String consumerKey);
+
+}

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/SampleOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/SampleOAuthDataProvider.java?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/SampleOAuthDataProvider.java (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/SampleOAuthDataProvider.java Tue Sep 27 14:47:30 2011
@@ -0,0 +1,86 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package demo.oauth.server.controllers;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.cxf.rs.security.oauth.data.Client;
+import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
+import org.apache.cxf.rs.security.oauth.data.Token;
+
+public class SampleOAuthDataProvider extends MemoryOAuthDataProvider
+    implements OAuthClientManager {
+
+    public Client registerNewClient(String consumerKey, Client client) {
+        Client authNInfo = clientAuthInfo.putIfAbsent(consumerKey, client);
+        if (authNInfo == null) {
+            userRegisteredClients.add(consumerKey, consumerKey);
+        }
+        return authNInfo;
+    }
+
+    public Set<Client> listRegisteredClients() {
+        Set<Client> apps = new HashSet<Client>();
+        Set<String> appList = userRegisteredClients.keySet();
+        if (appList != null) {
+            for (String s : appList) {
+                apps.add(clientAuthInfo.get(s));
+            }
+        }
+        return apps;
+    }
+
+    public Set<Client> listAuthorizedClients() {
+        Set<Client> apps = new HashSet<Client>();
+        Set<String> appList = userAuthorizedClients.keySet();
+        if (appList != null) {
+            for (String s : appList) {
+                apps.add(clientAuthInfo.get(s));
+            }
+        }
+        return apps;
+    }
+ 
+    public synchronized void removeRegisteredClient(String consumerKey) {
+        List<String> registeredApps = this.userRegisteredClients.get(consumerKey);
+        this.clientAuthInfo.remove(consumerKey);
+
+        //remove registered app
+        registeredApps.remove(consumerKey);
+        this.userRegisteredClients.put(consumerKey, registeredApps);
+
+        //remove all authorized apps from other clients
+        for (Map.Entry<String, List<String>> userAuthorizedClientsSet : userAuthorizedClients.entrySet()) {
+            String principalName = userAuthorizedClientsSet.getKey();
+            List<String> clients = userAuthorizedClientsSet.getValue();
+            clients.remove(consumerKey);
+            userAuthorizedClients.put(principalName, clients);
+        }
+        //remove access tokens
+        for (Token token : oauthTokens.values()) {
+            Client authNInfo = token.getClient();
+            if (consumerKey.equals(authNInfo.getConsumerKey())) {
+                oauthTokens.remove(token.getTokenString());
+            }
+        }
+    }   
+}

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/SampleOAuthDataProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/SampleOAuthDataProvider.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationFailureHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationFailureHandler.java?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationFailureHandler.java (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationFailureHandler.java Tue Sep 27 14:47:30 2011
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package demo.oauth.server.spring;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import net.oauth.OAuth;
+
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+
+public class AuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
+
+    private String authorizeUrl;
+
+    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
+                                        AuthenticationException exception)
+        throws IOException, ServletException {
+        String oauthToken = request.getParameter(OAuth.OAUTH_TOKEN);
+        String xOAuthURI = request.getParameter(OAuthConstants.X_OAUTH_URI);
+        String xScope = request.getParameter(OAuthConstants.X_OAUTH_SCOPE);
+
+        StringBuffer url = new StringBuffer(authorizeUrl).append("?").append(OAuth.OAUTH_TOKEN).append("=")
+            .append(oauthToken);
+
+        if (!StringUtils.isEmpty(xOAuthURI)) {
+            url.append("&").append(OAuthConstants.X_OAUTH_URI).append("=")
+                .append(xOAuthURI);
+        }
+
+        if (!StringUtils.isEmpty(xScope)) {
+            url.append("&").append(OAuthConstants.X_OAUTH_SCOPE).append("=").append
+                (xScope);
+        }
+
+        setDefaultFailureUrl(url.toString());
+        super.onAuthenticationFailure(request, response,
+            exception);
+    }
+
+    public void setAuthorizeUrl(String authorizeUrl) {
+        this.authorizeUrl = authorizeUrl;
+    }
+}

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationFailureHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationFailureHandler.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationSuccessfullHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationSuccessfullHandler.java?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationSuccessfullHandler.java (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationSuccessfullHandler.java Tue Sep 27 14:47:30 2011
@@ -0,0 +1,83 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package demo.oauth.server.spring;
+
+import java.io.IOException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import net.oauth.OAuth;
+
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+
+public class AuthenticationSuccessfullHandler extends SavedRequestAwareAuthenticationSuccessHandler {
+
+    private String confirmationUrl;
+
+    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
+                                        Authentication authentication) throws IOException,
+            ServletException {
+        super.onAuthenticationSuccess(request, response, authentication);
+    }
+
+    protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
+
+        String oauthToken = request.getParameter(OAuth.OAUTH_TOKEN);
+        String authToken = request.getParameter(OAuthConstants.AUTHENTICITY_TOKEN);
+        String decision = request.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
+        String xOAuthURI = request.getParameter(OAuthConstants.X_OAUTH_URI);
+        String xScope = request.getParameter(OAuthConstants.X_OAUTH_SCOPE);
+
+        if (StringUtils.isEmpty(oauthToken)) {
+            return super.determineTargetUrl(request, response);
+        }
+
+        StringBuffer url = new StringBuffer(confirmationUrl).append("?").append(OAuth.OAUTH_TOKEN).append
+                ("=")
+                .append(oauthToken).append("&").append(OAuthConstants.AUTHENTICITY_TOKEN)
+                .append("=")
+                .append(authToken);
+
+        if (!StringUtils.isEmpty(decision)) {
+            url.append("&").append(OAuthConstants.AUTHORIZATION_DECISION_KEY).append("=")
+                    .append(decision);
+        }
+
+        if (!StringUtils.isEmpty(xOAuthURI)) {
+            url.append("&").append(OAuthConstants.X_OAUTH_URI).append("=")
+                    .append(xOAuthURI);
+        }
+
+        if (!StringUtils.isEmpty(xScope)) {
+            url.append("&").append(OAuthConstants.X_OAUTH_SCOPE).append("=").append
+                (xScope);
+        }
+
+        return url.toString();
+    }
+
+    public void setConfirmationUrl(String confirmationUrl) {
+        this.confirmationUrl = confirmationUrl;
+    }
+}

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationSuccessfullHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/AuthenticationSuccessfullHandler.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringOAuthAuthenticationFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringOAuthAuthenticationFilter.java?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringOAuthAuthenticationFilter.java (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringOAuthAuthenticationFilter.java Tue Sep 27 14:47:30 2011
@@ -0,0 +1,72 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package demo.oauth.server.spring;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+public class SpringOAuthAuthenticationFilter implements Filter {
+    public static final String OAUTH_AUTHORITIES = "oauth_authorities";
+
+    public void init(FilterConfig filterConfig) throws ServletException {
+    }
+
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+        throws IOException, ServletException {
+        HttpServletRequest req = (HttpServletRequest)request;
+        HttpServletResponse resp = (HttpServletResponse)response;
+
+        List<String> authorities = (List<String>)request.getAttribute(OAUTH_AUTHORITIES);
+        List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
+
+        if (authorities != null) {
+            for (String authority : authorities) {
+                grantedAuthorities.add(new GrantedAuthorityImpl(authority));
+            }
+
+            Authentication auth = new AnonymousAuthenticationToken(UUID.randomUUID().toString(),
+                req.getUserPrincipal(), grantedAuthorities);
+
+            SecurityContextHolder.getContext().setAuthentication(auth);
+        }
+
+
+        chain.doFilter(req, resp);
+    }
+
+    public void destroy() {
+
+    }
+}

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringOAuthAuthenticationFilter.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringOAuthAuthenticationFilter.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringSecurityExceptionMapper.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringSecurityExceptionMapper.java?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringSecurityExceptionMapper.java (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringSecurityExceptionMapper.java Tue Sep 27 14:47:30 2011
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package demo.oauth.server.spring;
+
+import javax.ws.rs.core.Response;
+import javax.ws.rs.ext.ExceptionMapper;
+
+import org.springframework.security.access.AccessDeniedException;
+
+public class SpringSecurityExceptionMapper implements ExceptionMapper<AccessDeniedException> {
+
+    public Response toResponse(AccessDeniedException exception) {
+        return Response.status(Response.Status.FORBIDDEN).build();
+    }
+}

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringSecurityExceptionMapper.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/spring/SpringSecurityExceptionMapper.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/oauth-beans.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/oauth-beans.xml?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/oauth-beans.xml (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/oauth-beans.xml Tue Sep 27 14:47:30 2011
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:beans="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:sec="http://cxf.apache.org/configuration/security"
+       xmlns:http="http://cxf.apache.org/transports/http/configuration"
+       xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+       xmlns:jaxws="http://java.sun.com/xml/ns/jaxws" xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+       xsi:schemaLocation="http://cxf.apache.org/configuration/security
+  		      http://cxf.apache.org/schemas/configuration/security.xsd
+            http://cxf.apache.org/transports/http/configuration
+            http://cxf.apache.org/schemas/configuration/http-conf.xsd
+            http://cxf.apache.org/transports/http-jetty/configuration
+            http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+            http://www.springframework.org/schema/beans
+            http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd">
+
+    <import resource="classpath:META-INF/cxf/cxf.xml"/>
+    <import resource="classpath:META-INF/cxf/cxf-servlet.xml"/>
+
+
+    <!-- Publish OAuth endpoints-->
+    <jaxrs:server id="oauthServer" address="/oauth/">
+        <jaxrs:serviceBeans>
+            <ref bean="oauthServices"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="dispatchProvider"/>
+        </jaxrs:providers>
+    </jaxrs:server>
+
+    <!--Definitions of OAuth module endpoints-->
+    <bean id="oauthServices"
+class="org.apache.cxf.rs.security.oauth.services.OAuthDefaultServices"/>
+
+    <!--Redirects from Resource Owner Authorization Endpoint to sign in page-->
+    <bean id="dispatchProvider" class="org.apache.cxf.jaxrs.provider.RequestDispatcherProvider">
+        <property name="resourcePath" value="/oAuthLogin.jsp"/>
+    </bean>
+
+
+    <!-- Endpoint serves OAuth protected resource -->
+    <jaxrs:server id="resourceServer" address="/resources/">
+        <jaxrs:serviceBeans>
+            <ref bean="resource"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="springSecurityExceptionMapper"/>
+        </jaxrs:providers>
+    </jaxrs:server>
+
+    <bean id="springSecurityExceptionMapper"
+          class="demo.oauth.server.spring.SpringSecurityExceptionMapper"/>
+    <!-- Resource Provider -->
+    <bean id="resource" class="demo.oauth.server.SampleResourceProvider"/>
+</beans>

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/oauth-beans.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/oauth-beans.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/oauth-beans.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml Tue Sep 27 14:47:30 2011
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+             xmlns:beans="http://www.springframework.org/schema/beans"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xmlns:context="http://www.springframework.org/schema/context"
+             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
+                        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
+
+    <beans:bean id="authenticationSuccHandler"
+                class="demo.oauth.server.spring.AuthenticationSuccessfullHandler">
+        <beans:property name="defaultTargetUrl" value="/app/newClientForm.jsp"/>
+        <beans:property name="confirmationUrl" value="/auth/oauth/authorizeDecision"/>
+    </beans:bean>
+
+    <beans:bean id="authenticationFailHandler"
+                class="demo.oauth.server.spring.AuthenticationFailureHandler">
+        <beans:property name="authorizeUrl" value="/auth/oauth/authorize"/>
+    </beans:bean>
+
+    <global-method-security secured-annotations="enabled" jsr250-annotations="enabled"/>
+
+    <beans:bean id="entryPoint" class="demo.oauth.server.CustomAuth">
+        <beans:property name="loginFormUrl" value="/index.jsp"/>
+    </beans:bean>
+
+    <http auto-config="false" entry-point-ref="entryPoint">
+        <intercept-url pattern="/oAuthLogin.jsp" filters="none"/>
+        <intercept-url pattern="/index.jsp" filters="none"/>
+        <intercept-url pattern="/" filters="none"/>
+        <intercept-url pattern="/favicon.ico" filters="none"/>
+        <intercept-url pattern="/auth/oauth/**" filters="none"/>
+        <intercept-url pattern="/auth/resources/**" filters="none"/>
+        <intercept-url pattern="/**" access="ROLE_USER"/>
+
+        <form-login authentication-success-handler-ref="authenticationSuccHandler"
+                    authentication-failure-handler-ref="authenticationFailHandler" login-page="/index.jsp"
+                    authentication-failure-url="/auth/oauth/authorize"
+                    default-target-url="/app/newClientForm.jsp"/>
+
+        <logout invalidate-session="true" logout-url="/logout.htm"
+                logout-success-url="/login.jsp?loggedout=true"/>
+    </http>
+
+
+    <authentication-manager>
+        <authentication-provider>
+            <user-service>
+                <user name="user1" password="1111" authorities="ROLE_USER"/>
+                <user name="user2" password="2222" authorities="ROLE_USER"/>
+            </user-service>
+        </authentication-provider>
+    </authentication-manager>
+
+</beans:beans>

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/spring-servlet.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/spring-servlet.xml?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/spring-servlet.xml (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/spring-servlet.xml Tue Sep 27 14:47:30 2011
@@ -0,0 +1,36 @@
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:context="http://www.springframework.org/schema/context"
+       xmlns:mvc="http://www.springframework.org/schema/mvc"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans
+       http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/context
+       http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
+
+    <mvc:annotation-driven/>
+    <context:annotation-config/>
+    <context:component-scan base-package="demo.oauth.server.controllers"/>
+
+    <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
+        <property name="prefix" value="/WEB-INF/views/"/>
+        <property name="suffix" value=".jsp"/>
+    </bean>
+
+</beans>

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/spring-servlet.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/spring-servlet.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/spring-servlet.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/authorizedClientsList.jsp
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/authorizedClientsList.jsp?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/authorizedClientsList.jsp (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/authorizedClientsList.jsp Tue Sep 27 14:47:30 2011
@@ -0,0 +1,63 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<%--@elvariable id="clients" type="java.util.Set<org.apache.cxf.rs.security.oauth.provider.Client>"--%>
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<%@ page isELIgnored="false" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
+<html>
+<head><title>Authorized Clients</title></head>
+<body>
+
+<h3>Authorized clients:</h3>
+<table>
+    <c:forEach var="client" items="${clients}">
+        <form:form action="/app/revokeAccess" commandName="client">
+            <input type="hidden" name="consumerKey" value="${client.consumerKey}"/>
+            <tr>
+                <td>Application Name:</td>
+                <td>${client.applicationName}</td>
+            </tr>
+            <tr>
+                <td>Customer Key:</td>
+                <td>${client.consumerKey}</td>
+            </tr>
+            <tr>
+                <td>Consumer Secret:</td>
+                <td>${client.secretKey}</td>
+            </tr>
+            <tr>
+                <td>Callback URL:</td>
+                <td>${client.callbackURL}</td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <input type="submit" value="Revoke Access"/>
+                </td>
+            </tr>
+        </form:form>
+        <tr>
+            <td>&nbsp;</td>
+            <td>&nbsp;</td>
+        </tr>
+    </c:forEach>
+</table>
+
+</body>
+</html>

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp Tue Sep 27 14:47:30 2011
@@ -0,0 +1,63 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<%--@elvariable id="clientInfo" type="org.apache.cxf.rs.security.oauth.provider.Client"--%>
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<%@ page isELIgnored="false" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
+<html>
+<head><title>Application Details</title></head>
+<body>
+
+<table>
+    <form:form action="/app/newClientForm">
+        <tr>
+            <td>Application Name:</td>
+            <td>${clientInfo.applicationName}</td>
+        </tr>
+        <tr>
+            <td>Customer Key:</td>
+            <td>${clientInfo.consumerKey}</td>
+        </tr>
+        <tr>
+            <td>Consumer Secret:</td>
+            <td>${clientInfo.secretKey}</td>
+        </tr>
+        <tr>
+            <td>Callback URL:</td>
+            <td>${clientInfo.callbackURL}</td>
+        </tr>
+        <tr>
+            <td colspan="2">
+                <input type="submit" value="Register New Client"/>
+            </td>
+        </tr>
+    </form:form>
+    <tr>
+        <td>
+            <form:form action="/app/listRegisteredClients">
+                <input type="submit" value="List Registered Clients"/>
+            </form:form>
+        </td>
+    </tr>
+
+</table>
+
+</body>
+</html>

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/displayVerifier.jsp
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/displayVerifier.jsp?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/displayVerifier.jsp (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/displayVerifier.jsp Tue Sep 27 14:47:30 2011
@@ -0,0 +1,36 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<%--@elvariable id="oauth_verifier" type="java.lang.String"--%>
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<%@ page isELIgnored="false" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<html>
+<head><title>OAuth 1.0a CXF server</title></head>
+<body>
+<h4>Callback URI was not provided, propably you cannot receive callbacks.
+    Save below oauth verifier value to be able to receive access token.
+</h4>
+<table>
+    <tr>
+        <td>OAuth verifier:</td>
+        <td><%=request.getParameter("oauth_verifier")%></td>
+    </tr>
+</table>
+</body>
+</html>
\ No newline at end of file

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/newClientForm.jsp
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/newClientForm.jsp?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/newClientForm.jsp (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/newClientForm.jsp Tue Sep 27 14:47:30 2011
@@ -0,0 +1,70 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<%--@elvariable id="client" type="org.apache.cxf.rs.security.oauth.demo.server.ClientApp"--%>
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<%@ page isELIgnored="false" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
+<html>
+<head><title>Authorization Server</title></head>
+<body>
+
+<c:if test="${!empty client.error}">
+    <font color="red"><p>Error: ${client.error}</p></font>
+</c:if>
+<table>
+    <form:form commandName="client" action="/app/registerClient">
+        <tr>
+            <td>Consumer key:</td>
+            <td><form:input size="70" path="consumerKey"/> - You can provide consumer key,
+                if not it will be automatically generated
+            </td>
+        </tr>
+        <tr>
+            <td>Client Name:</td>
+            <td><form:input size="70" path="clientName"/></td>
+        </tr>
+        <tr>
+            <td>Callback URL:</td>
+            <td><form:input size="70" path="callbackURL"/></td>
+        </tr>
+        <tr>
+            <td colspan="2">
+                <input type="submit" value="Register New Client"/>
+            </td>
+        </tr>
+    </form:form>
+    <tr>
+        <form:form action="/app/listRegisteredClients">
+            <td colspan="2">
+                <input type="submit" value="List Registered Clients"/>
+            </td>
+        </form:form>
+    </tr>
+    <tr>
+        <form:form action="/app/listAuthorizedClients">
+            <td colspan="2">
+                <input type="submit" value="List Authorized Clients"/>
+            </td>
+        </form:form>
+    </tr>
+</table>
+
+</body>
+</html>

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/registeredClientsList.jsp
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/registeredClientsList.jsp?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/registeredClientsList.jsp (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/registeredClientsList.jsp Tue Sep 27 14:47:30 2011
@@ -0,0 +1,69 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<%--@elvariable id="clients" type="java.util.Set<org.apache.cxf.rs.security.oauth.provider.Client>"--%>
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<%@ page isELIgnored="false" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
+<html>
+<head><title>Registered clients</title></head>
+<body>
+<h3>Registered clients:</h3>
+<table>
+    <c:forEach var="client" items="${clients}">
+        <form:form action="/app/removeClient" commandName="client">
+            <input type="hidden" name="consumerKey" value="${client.consumerKey}"/>
+            <tr>
+                <td>Application Name:</td>
+                <td>${client.applicationName}</td>
+            </tr>
+            <tr>
+                <td>Customer Key:</td>
+                <td>${client.consumerKey}</td>
+            </tr>
+            <tr>
+                <td>Consumer Secret:</td>
+                <td>${client.secretKey}</td>
+            </tr>
+            <tr>
+                <td>Callback URL:</td>
+                <td>${client.callbackURL}</td>
+            </tr>
+            <tr>
+                <td colspan="2">
+                    <input type="submit" value="Remove Client"/>
+                </td>
+            </tr>
+        </form:form>
+        <tr>
+            <td>&nbsp;</td>
+            <td>&nbsp;</td>
+        </tr>
+    </c:forEach>
+    <tr>
+        <form:form action="/app/newClientForm">
+            <td colspan="2">
+                <input type="submit" value="Register New Client"/>
+            </td>
+        </form:form>
+    </tr>
+</table>
+
+</body>
+</html>

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/web.xml?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/web.xml (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/web.xml Tue Sep 27 14:47:30 2011
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+         http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+         metadata-complete="true" version="2.5">
+
+    <context-param>
+        <param-name>oauth.data.provider-class</param-name>
+        <param-value>demo.oauth.server.controllers.SampleOAuthDataProvider</param-value>
+    </context-param>
+
+    <filter>
+        <filter-name>oauthFilter</filter-name>
+        <filter-class>org.apache.cxf.rs.security.oauth.filters.OAuthServletFilter</filter-class>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>oauthFilter</filter-name>
+        <url-pattern>/auth/resources/person/*</url-pattern>
+    </filter-mapping>
+
+
+    <filter>
+        <filter-name>oauthSpringFilter</filter-name>
+        <filter-class>demo.oauth.server.spring.SpringOAuthAuthenticationFilter
+        </filter-class>
+    </filter>
+    <filter-mapping>
+        <filter-name>oauthSpringFilter</filter-name>
+        <url-pattern>/auth/resources/person/*</url-pattern>
+    </filter-mapping>
+    <!-- **************** Spring configuration *****************-->
+
+    <context-param>
+        <param-name>contextConfigLocation</param-name>
+        <param-value>/WEB-INF/*-beans.xml</param-value>
+    </context-param>
+
+
+    <listener>
+        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+    </listener>
+
+    <filter>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>springSecurityFilterChain</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <servlet>
+        <servlet-name>spring</servlet-name>
+        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>spring</servlet-name>
+        <url-pattern>/app/*</url-pattern>
+    </servlet-mapping>
+
+    <!-- **************** CXF configuration *****************-->
+    <servlet>
+        <servlet-name>CXFServlet</servlet-name>
+        <servlet-class>
+            org.apache.cxf.transport.servlet.CXFServlet
+        </servlet-class>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>CXFServlet</servlet-name>
+        <url-pattern>/auth/*</url-pattern>
+    </servlet-mapping>
+
+    <welcome-file-list>
+        <welcome-file>index.jsp</welcome-file>
+    </welcome-file-list>
+</web-app>

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/web.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/web.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/web.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/index.jsp
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/index.jsp?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/index.jsp (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/index.jsp Tue Sep 27 14:47:30 2011
@@ -0,0 +1,78 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<%--@elvariable id="text" type="java.lang.String"--%>
+<%--@elvariable id="oauthauthorizationdata" type="org.apache.cxf.rs.security.oauth.provider.OAuthAuthorizationData"--%>
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<%@ page isELIgnored="false" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
+<html>
+<head><title>OAuth 1.0a CXF server</title></head>
+<body>
+<table align="center">
+    <tr align="center">
+        <td><h2>Sample CXF-OAuth 1.0a server implementation</h2></td>
+    </tr>
+
+    <tr align="center">
+        <td><h3>OAuth protected resources at path: </h3></td>
+    </tr>
+    <tr align="center">
+        <td><input size="70" value="/auth/resources/person/{name}"/><br/><br/>
+            You can access this resources by using OAuth client hosted at: <a
+                    href="http://www.oauthclient.appspot.com/">OAuth client</a></td>
+    </tr>
+</table>
+<br/><br/>
+<table align="center">
+    <tr align="center">
+        <td><h3>Login with Username and Password to register OAuth client</h3></td>
+    </tr>
+
+    <tr>
+        <td>User: user1</td>
+    </tr>
+    <tr>
+        <td>Password: 1111</td>
+    </tr>
+    <tr align="center">
+        <td>
+            <form name="f" action="/j_spring_security_check" method="POST">
+                <c:if test="${not empty param.login_error}">
+                    <font color="red">
+                        Your login attempt was not successful, try again.<br/><br/>
+                        Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.
+                    </font>
+                </c:if>
+                <label for="login">User</label>
+                <input type="text" id="login" name='j_username'
+                       value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/>
+
+                <div class="clear"></div>
+                <label for="password">Password</label>
+                <input type="password" id="password" name="j_password"/>
+                <br>
+                <input type="submit" class="button" name="commit" value="Log in"/>
+            </form>
+        </td>
+    </tr>
+</table>
+
+</body>
+</html>

Added: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/oAuthLogin.jsp
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/oAuthLogin.jsp?rev=1176408&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/oAuthLogin.jsp (added)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/oAuthLogin.jsp Tue Sep 27 14:47:30 2011
@@ -0,0 +1,111 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<%--@elvariable id="text" type="java.lang.String"--%>
+<%--@elvariable id="oauthauthorizationdata" type="org.apache.cxf.rs.security.oauth.provider.OAuthAuthorizationData"--%>
+<%@ page contentType="text/html;charset=UTF-8" language="java" %>
+<%@ page isELIgnored="false" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
+<html>
+<head><title>OAuth 1.0a CXF server</title></head>
+<body>
+<c:choose>
+    <c:when test="${!empty oauthauthorizationdata.oauthToken}">
+        <table align="center">
+            <tr align="center">
+                <td>
+                    <form name="f" action="/j_spring_security_check" method="POST">
+                        <input type="hidden" name="oauth_token"
+                               value="${oauthauthorizationdata.oauthToken}"/>
+                        <input type="hidden"
+                               name="<%=org.apache.cxf.rs.security.oauth.utils.OAuthConstants
+                                   .AUTHENTICITY_TOKEN%>"
+                               value="${oauthauthorizationdata.authenticityToken}"/>
+                        <input type="hidden"
+                               name="<%=org.apache.cxf.rs.security.oauth.utils.OAuthConstants
+                                   .X_OAUTH_URI%>"
+                               value="<%=request.getParameter("x_oauth_uri")%>"/>
+                        <input type="hidden"
+                               name="<%=org.apache.cxf.rs.security.oauth.utils.OAuthConstants
+                                   .X_OAUTH_SCOPE%>"
+                               value="<%=request.getParameter("x_oauth_scope")%>"/>
+
+                        <p>The application <b>${oauthauthorizationdata.applicationName}</b> would like
+                            the
+                            ability to access and update your data on Sample OAuth CXF server:
+                            <br/></p>
+                        <b>Scopes:</b>
+                        <c:forEach items="${oauthauthorizationdata.uris}" var="uri">
+                            <li>${uri}</li>
+                        </c:forEach>
+
+                        <br/>
+                        <b>Permissions:</b>
+
+                        <c:forEach items="${oauthauthorizationdata.permissions}" var="permission">
+                            <li>${permission.description}</li>
+                        </c:forEach>
+                        <br/>
+                        Please ensure that you trust this website with your information before
+                        proceeding!
+                        <c:if test="${not empty param.login_error}">
+                            <font color="red">
+                                Your login attempt was not successful, try again.<br/><br/>
+                                Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.
+                            </font>
+                        </c:if>
+                        <br>
+                        User: user2
+                        <br>
+                        Password: 2222
+                        <br>
+                        <label for="login">User</label>
+                        <input type="text" id="login" name='j_username'
+                               value='<c:if test="${not empty param.login_error}"><c:out
+                                   value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/>
+
+                        <div class="clear"></div>
+                        <label for="password">Password</label>
+                        <input type="password" id="password" name="j_password"/>
+                        <br>
+                        <button name="<%=org.apache.cxf.rs.security.oauth.utils.OAuthConstants
+                            .AUTHORIZATION_DECISION_KEY%>"
+                                type="submit"
+                                value="<%=org.apache.cxf.rs.security.oauth.utils.OAuthConstants
+                                    .AUTHORIZATION_DECISION_DENY%>">
+                            Deny
+                        </button>
+                        <button name="<%=org.apache.cxf.rs.security.oauth.utils.OAuthConstants
+                            .AUTHORIZATION_DECISION_KEY%>"
+                                type="submit"
+                                value="<%=org.apache.cxf.rs.security.oauth.utils.OAuthConstants
+                                    .AUTHORIZATION_DECISION_ALLOW%>">
+                            Allow
+                        </button>
+                    </form>
+                </td>
+            </tr>
+        </table>
+    </c:when>
+    <c:otherwise>
+        <h3>Invalid request</h3>
+    </c:otherwise>
+</c:choose>
+</body>
+</html>

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java?rev=1176408&r1=1176407&r2=1176408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java Tue Sep 27 14:47:30 2011
@@ -93,8 +93,8 @@ public class MemoryOAuthDataProvider imp
 
         RequestToken reqToken = new RequestToken(reg.getClient(), token, tokenSecret, 
                                                  reg.getLifetime());
-        reqToken.setPermissions(reg.getPermissions());
         reqToken.setScopes(reg.getScopes());
+        reqToken.setUris(reg.getUris());
         
         oauthTokens.put(token, reqToken);
         return reqToken;
@@ -137,8 +137,8 @@ public class MemoryOAuthDataProvider imp
 
         AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString, 3600);
 
-        accessToken.setPermissions(requestToken.getPermissions());
         accessToken.setScopes(requestToken.getScopes());
+        accessToken.setUris(requestToken.getUris());
 
         synchronized (oauthTokens) {
             oauthTokens.remove(requestToken.getTokenString());

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java?rev=1176408&r1=1176407&r2=1176408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java Tue Sep 27 14:47:30 2011
@@ -28,18 +28,18 @@ public class Client {
     private String callbackURL;
     private String applicationURI;
     private String applicationName;
+    private List<String> uris = Collections.emptyList();
     private List<String> scopes = Collections.emptyList();
-    private List<String> permissions = Collections.emptyList();
 
     public Client(String loginName,
             String consumerKey, String secretKey, String callbackURL,
-            String applicationName, List<String> scopes) {
+            String applicationName, List<String> uris) {
         this.loginName = loginName;
         this.consumerKey = consumerKey;
         this.secretKey = secretKey;
         this.callbackURL = callbackURL;
         this.applicationName = applicationName;
-        this.scopes = scopes;
+        this.uris = uris;
     }
     
     public Client(String loginName, String consumerKey, String secretKey, String callbackURL,
@@ -60,8 +60,8 @@ public class Client {
         return loginName;
     }
     
-    public List<String> getScopes() {
-        return scopes;
+    public List<String> getUris() {
+        return uris;
     }
     
     public String getConsumerKey() {
@@ -96,12 +96,12 @@ public class Client {
         this.applicationURI = applicationURI;
     }
 
-    public List<String> getPermissions() {
-        return permissions;
+    public List<String> getScopes() {
+        return scopes;
     }
 
-    public void setPermissions(List<String> permissions) {
-        this.permissions = permissions;
+    public void setScopes(List<String> scopes) {
+        this.scopes = scopes;
     }
     
     @Override

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java?rev=1176408&r1=1176407&r2=1176408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java Tue Sep 27 14:47:30 2011
@@ -33,7 +33,7 @@ public class OAuthAuthorizationData impl
     private String callback;
     private String oauthVerifier;
     private List<? extends Permission> permissions;
-    private List<String> scopes;
+    private List<String> uris;
 
     public OAuthAuthorizationData() {
     }
@@ -90,12 +90,12 @@ public class OAuthAuthorizationData impl
         this.permissions = permissions;
     }
 
-    public void setScopes(List<String> scopes) {
-        this.scopes = scopes;
+    public void setUris(List<String> uris) {
+        this.uris = uris;
     }
 
-    public List<String> getScopes() {
-        return scopes;
+    public List<String> getUris() {
+        return uris;
     }
 
     public void setAuthenticityToken(String authenticityToken) {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java?rev=1176408&r1=1176407&r2=1176408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java Tue Sep 27 14:47:30 2011
@@ -23,8 +23,8 @@ import java.util.List;
 public class RequestTokenRegistration {
     private Client client; 
     private String state;
+    private List<String> uris;
     private List<String> scopes;
-    private List<String> permissions;
     private long lifetime;
     
     public void setClient(Client client) {
@@ -39,18 +39,18 @@ public class RequestTokenRegistration {
     public String getState() {
         return state;
     }
+    public void setUris(List<String> uris) {
+        this.uris = uris;
+    }
+    public List<String> getUris() {
+        return uris;
+    }
     public void setScopes(List<String> scopes) {
         this.scopes = scopes;
     }
     public List<String> getScopes() {
         return scopes;
     }
-    public void setPermissions(List<String> permissions) {
-        this.permissions = permissions;
-    }
-    public List<String> getPermissions() {
-        return permissions;
-    }
     public void setLifetime(long lifetime) {
         this.lifetime = lifetime;
     }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java?rev=1176408&r1=1176407&r2=1176408&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java (original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java Tue Sep 27 14:47:30 2011
@@ -28,8 +28,8 @@ public abstract class Token {
     protected long issuedAt = -1;
     protected long lifetime = -1;
     protected Client client;
-    protected List<String> permissions;
     protected List<String> scopes;
+    protected List<String> uris;
     private List<String> httpVerbs;
     
     protected Token(Client client, String tokenString,
@@ -70,14 +70,6 @@ public abstract class Token {
         return lifetime;
     }
 
-    public List<String> getPermissions() {
-        return permissions == null || permissions.isEmpty() ? client.getPermissions() : permissions;
-    }
-
-    public void setPermissions(List<String> permissions) {
-        this.permissions = permissions;
-    }
-
     public List<String> getScopes() {
         return scopes == null || scopes.isEmpty() ? client.getScopes() : scopes;
     }
@@ -85,6 +77,15 @@ public abstract class Token {
     public void setScopes(List<String> scopes) {
         this.scopes = scopes;
     }
+       
+
+    public List<String> getUris() {
+        return uris == null || uris.isEmpty() ? client.getUris() : uris;
+    }
+
+    public void setUris(List<String> uris) {
+        this.uris = uris;
+    }
 
     public void setHttpVerbs(List<String> httpVerbs) {
         this.httpVerbs = httpVerbs;



Mime
View raw message