Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9557096EA for ; Tue, 27 Sep 2011 16:18:11 +0000 (UTC) Received: (qmail 34414 invoked by uid 500); 27 Sep 2011 16:18:11 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 34365 invoked by uid 500); 27 Sep 2011 16:18:11 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 34357 invoked by uid 99); 27 Sep 2011 16:18:11 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Sep 2011 16:18:11 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Sep 2011 16:18:10 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 006E323888FE for ; Tue, 27 Sep 2011 16:17:50 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1176457 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth: data/Token.java filters/AbstractAuthFilter.java filters/OAuthInfo.java Date: Tue, 27 Sep 2011 16:17:49 -0000 To: commits@cxf.apache.org From: sergeyb@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20110927161750.006E323888FE@eris.apache.org> Author: sergeyb Date: Tue Sep 27 16:17:49 2011 New Revision: 1176457 URL: http://svn.apache.org/viewvc?rev=1176457&view=rev Log: [CXF-2759] Removing optional HTTP verbs from Token Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java?rev=1176457&r1=1176456&r2=1176457&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java Tue Sep 27 16:17:49 2011 @@ -30,7 +30,6 @@ public abstract class Token { protected Client client; protected List scopes; protected List uris; - private List httpVerbs; protected Token(Client client, String tokenString, String tokenSecret, long lifetime) { @@ -86,14 +85,5 @@ public abstract class Token { public void setUris(List uris) { this.uris = uris; } - - public void setHttpVerbs(List httpVerbs) { - this.httpVerbs = httpVerbs; - } - - public List getHttpVerbs() { - return httpVerbs; - } - } Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1176457&r1=1176456&r2=1176457&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java Tue Sep 27 16:17:49 2011 @@ -34,6 +34,7 @@ import org.apache.cxf.common.logging.Log import org.apache.cxf.common.security.SimplePrincipal; import org.apache.cxf.rs.security.oauth.data.AccessToken; import org.apache.cxf.rs.security.oauth.data.Client; +import org.apache.cxf.rs.security.oauth.data.OAuthPermission; import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider; import org.apache.cxf.rs.security.oauth.utils.OAuthUtils; import org.apache.cxf.security.SecurityContext; @@ -81,19 +82,18 @@ public class AbstractAuthFilter { if (accessToken == null) { throw new OAuthProblemException(); } - //check valid scope + //check valid URI if (!checkRequestURI(req, accessToken.getUris())) { throw new OAuthProblemException(); } - if (accessToken.getHttpVerbs() != null - && !accessToken.getHttpVerbs().contains(req.getMethod())) { - throw new OAuthProblemException(); - } authInfo = accessToken.getClient(); } else { String consumerKey = oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY); authInfo = dataProvider.getClient(consumerKey); + if (authInfo == null) { + throw new OAuthProblemException(); + } if (!checkRequestURI(req, authInfo.getUris())) { throw new OAuthProblemException(); } @@ -101,7 +101,19 @@ public class AbstractAuthFilter { OAuthUtils.validateMessage(oAuthMessage, authInfo, accessToken); - return new OAuthInfo(authInfo, accessToken, dataProvider); + List permissions = dataProvider.getPermissionsInfo( + accessToken != null ? accessToken.getScopes() : authInfo.getScopes()); + boolean matched = false; + for (OAuthPermission perm : permissions) { + if (perm.getHttpVerbs() == null + || perm.getHttpVerbs().contains(req.getMethod())) { + matched = true; + } + } + if (!matched) { + throw new OAuthProblemException(); + } + return new OAuthInfo(authInfo, accessToken, permissions); } Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java?rev=1176457&r1=1176456&r2=1176457&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java Tue Sep 27 16:17:49 2011 @@ -24,16 +24,15 @@ import java.util.List; import org.apache.cxf.rs.security.oauth.data.AccessToken; import org.apache.cxf.rs.security.oauth.data.Client; import org.apache.cxf.rs.security.oauth.data.OAuthPermission; -import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider; public class OAuthInfo { private Client client; private AccessToken token; - private OAuthDataProvider provider; - public OAuthInfo(Client client, AccessToken token, OAuthDataProvider provider) { + private List permissions; + public OAuthInfo(Client client, AccessToken token, List permissions) { this.client = client; this.token = token; - this.provider = provider; + this.permissions = permissions; } public Client getClient() { return client; @@ -43,8 +42,6 @@ public class OAuthInfo { } public List getRoles() { - List permissions = provider.getPermissionsInfo( - token != null ? token.getScopes() : client.getScopes()); List authorities = new ArrayList(); if (permissions != null) { for (OAuthPermission permission : permissions) {