cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1180847 - in /cxf/trunk: distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/ rt/rs/security/oauth-parent/oauth-te...
Date Mon, 10 Oct 2011 09:51:26 GMT
Author: sergeyb
Date: Mon Oct 10 09:51:26 2011
New Revision: 1180847

URL: http://svn.apache.org/viewvc?rev=1180847&view=rev
Log:
[CXF-2759] Removing a redundant Client callback property and making a loginName optional

Modified:
    cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
    cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
    cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java

Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
(original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
Mon Oct 10 09:51:26 2011
@@ -73,9 +73,9 @@ public class ApplicationController imple
 
         String secretKey = tokenGen.generateToken(new SecureRandom().generateSeed(20));
 
-        Client clientInfo = new Client(principal.getName(), consumerKey,
-            secretKey, clientApp.getCallbackURL(), clientApp.getClientName());
-
+        Client clientInfo = 
+new Client(consumerKey, secretKey, clientApp.getClientName(), clientApp.getCallbackURL());
+        clientInfo.setLoginName(principal.getName());
 
         Client authNInfo = clientManager.registerNewClient(consumerKey, clientInfo);
         if (authNInfo != null) {

Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
(original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
Mon Oct 10 09:51:26 2011
@@ -72,8 +72,7 @@ public class MemoryOAuthDataProvider imp
     protected DefaultOAuthValidator validator = new DefaultOAuthValidator();
 
     public MemoryOAuthDataProvider() {
-        Client client = new Client(CLIENT_ID, CLIENT_ID, 
-            CLIENT_SECRET, CALLBACK, APPLICATION_NAME);
+        Client client = new Client(CLIENT_ID, CLIENT_SECRET, APPLICATION_NAME, CALLBACK);
         clientAuthInfo.put(CLIENT_ID, client);
     }
     
@@ -99,7 +98,7 @@ public class MemoryOAuthDataProvider imp
                                                  reg.getLifetime());
         reqToken.setScopes(reg.getScopes());
         reqToken.setUris(reg.getUris());
-        
+        reqToken.setCallback(reg.getCallback());
         oauthTokens.put(token, reqToken);
         return reqToken;
     }

Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp
(original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp
Mon Oct 10 09:51:26 2011
@@ -40,10 +40,6 @@ under the License.
             <td>${clientInfo.secretKey}</td>
         </tr>
         <tr>
-            <td>Callback URL:</td>
-            <td>${clientInfo.callbackURL}</td>
-        </tr>
-        <tr>
             <td colspan="2">
                 <input type="submit" value="Register New Client"/>
             </td>

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
Mon Oct 10 09:51:26 2011
@@ -67,9 +67,10 @@ public class MemoryOAuthDataProvider imp
     protected DefaultOAuthValidator validator = new DefaultOAuthValidator();
 
     public MemoryOAuthDataProvider() {
-        Client client = new Client(OAuthTestUtils.CLIENT_ID, OAuthTestUtils.CLIENT_ID, 
+        Client client = new Client(OAuthTestUtils.CLIENT_ID, 
             OAuthTestUtils.CLIENT_SECRET,
-            OAuthTestUtils.CALLBACK, OAuthTestUtils.APPLICATION_NAME);
+            OAuthTestUtils.APPLICATION_NAME,
+            OAuthTestUtils.CALLBACK);
         clientAuthInfo.put(OAuthTestUtils.CLIENT_ID, client);
     }
     

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
Mon Oct 10 09:51:26 2011
@@ -22,48 +22,30 @@ import java.util.Collections;
 import java.util.List;
 
 public class Client {
-    private String loginName;
     private String consumerKey;
     private String secretKey;
-    private String callbackURL;
     private String applicationURI;
     private String applicationName;
+    
+    private String loginName;
+        
     private List<String> uris = Collections.emptyList();
     private List<String> scopes = Collections.emptyList();
 
-    public Client(String loginName,
-            String consumerKey, String secretKey, String callbackURL,
-            String applicationName, List<String> uris) {
-        this.loginName = loginName;
+    public Client(String consumerKey, 
+                  String secretKey,
+                  String applicationName,
+                  String applicationURI) {
         this.consumerKey = consumerKey;
         this.secretKey = secretKey;
-        this.callbackURL = callbackURL;
+        this.applicationURI = applicationURI;
         this.applicationName = applicationName;
-        this.uris = uris;
     }
     
-    public Client(String loginName, String consumerKey, String secretKey, String callbackURL,
-                      String applicationName) {
-        this(loginName, consumerKey, secretKey, callbackURL, applicationName, 
-             Collections.<String>emptyList());
-    }
-
-    public Client(String loginName, String consumerKey, String secretKey, String callbackURL)
{
-        this(loginName, consumerKey, secretKey, callbackURL, null);
-    }
-
-    public Client(String loginName, String consumerKey, String secretKey) {
-        this(loginName, consumerKey, secretKey, null);
+    public Client(String consumerKey, String secretKey) {
+        this(consumerKey, secretKey, null, null);
     }
 
-    public String getLoginName() {
-        return loginName;
-    }
-    
-    public List<String> getUris() {
-        return uris;
-    }
-    
     public String getConsumerKey() {
         return consumerKey;
     }
@@ -72,14 +54,6 @@ public class Client {
         return secretKey;
     }
 
-    public String getCallbackURL() {
-        return callbackURL;
-    }
-
-    public void setCallbackURL(String callbackURL) {
-        this.callbackURL = callbackURL;
-    }
-
     public String getApplicationName() {
         return applicationName;
     }
@@ -96,6 +70,22 @@ public class Client {
         this.applicationURI = applicationURI;
     }
 
+    public String getLoginName() {
+        return loginName == null ? consumerKey : loginName;
+    }
+    
+    public void setLoginName(String name) {
+        this.loginName = name;
+    }
+    
+    public List<String> getUris() {
+        return uris;
+    }
+    
+    public void setUris(List<String> uris) {
+        this.uris = uris;
+    }
+    
     public List<String> getScopes() {
         return scopes;
     }
@@ -115,13 +105,6 @@ public class Client {
 
         Client that = (Client)o;
 
-        if (applicationName != null ? !applicationName.equals(that.applicationName)
-            : that.applicationName != null) {
-            return false;
-        }
-        if (callbackURL != null ? !callbackURL.equals(that.callbackURL) : that.callbackURL
!= null) {
-            return false;
-        }
         if (!consumerKey.equals(that.consumerKey)) {
             return false;
         }
@@ -136,8 +119,6 @@ public class Client {
     public int hashCode() {
         int result = consumerKey.hashCode();
         result = 31 * result + secretKey.hashCode();
-        result = 31 * result + (callbackURL != null ? callbackURL.hashCode() : 0);
-        result = 31 * result + (applicationName != null ? applicationName.hashCode() : 0);
         return result;
     }
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
Mon Oct 10 09:51:26 2011
@@ -23,6 +23,7 @@ import java.util.List;
 public class RequestTokenRegistration {
     private Client client; 
     private String state;
+    private String callback;
     private List<String> uris;
     private List<String> scopes;
     private long lifetime;
@@ -33,6 +34,15 @@ public class RequestTokenRegistration {
     public Client getClient() {
         return client;
     }
+    
+    public void setCallback(String callback) {
+        this.callback = callback;
+    }
+
+    public String getCallback() {
+        return callback;
+    }
+    
     public void setState(String state) {
         this.state = state;
     }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
Mon Oct 10 09:51:26 2011
@@ -36,7 +36,6 @@ import net.oauth.OAuthProblemException;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.rs.security.oauth.data.Client;
 import org.apache.cxf.rs.security.oauth.data.OAuthAuthorizationData;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
@@ -75,17 +74,17 @@ public class AuthorizationRequestHandler
             }
             
             String decision = request.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
-            Client clientInfo = token.getClient();
             if (!OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision)) {
                 //user not authorized client
-                secData.setCallback(clientInfo.getCallbackURL());
+                secData.setCallback(token.getCallback());
                 return Response.ok(addAdditionalParams(secData, token)).build();
             }
 
             String verifier = dataProvider.createRequestTokenVerifier(token);
             
 
-            String callbackURL = clientInfo.getCallbackURL();
+            String callbackURL = getCallbackURI(token);
+            
 
             Map<String, String> queryParams = new HashMap<String, String>();
             queryParams.put(OAuth.OAUTH_VERIFIER, verifier);
@@ -112,6 +111,17 @@ public class AuthorizationRequestHandler
         }
     }
 
+    protected String getCallbackURI(RequestToken token) throws OAuthProblemException {
+        String callback = token.getCallback();
+        if (callback == null) {
+            callback = token.getClient().getApplicationURI();
+        }
+        if (callback == null) {
+            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
+        }
+        return callback;
+    }
+    
     protected String buildCallbackUrl(String callbackURL, final Map<String, String>
queryParams) {
 
         boolean containsQuestionMark = callbackURL.contains("?");

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
Mon Oct 10 09:51:26 2011
@@ -82,6 +82,7 @@ public class RequestTokenHandler {
             
             RequestTokenRegistration reg = new RequestTokenRegistration();
             reg.setClient(client);
+            reg.setCallback(callback);
             reg.setState(oAuthMessage.getParameter("state"));
             reg.setUris(uris);
             reg.setScopes(scopes);
@@ -119,9 +120,7 @@ public class RequestTokenHandler {
     protected void validateCallbackURL(Client client,
                                        String oauthCallback) throws OAuthProblemException
{
 
-        if (!StringUtils.isEmpty(client.getCallbackURL())
-            && !client.getCallbackURL().equals(oauthCallback)
-                || !StringUtils.isEmpty(client.getApplicationURI())
+        if (!StringUtils.isEmpty(client.getApplicationURI())
                     && !oauthCallback.startsWith(client.getApplicationURI())) {
             OAuthProblemException problemEx = new OAuthProblemException(
                 OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK);

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1180847&r1=1180846&r2=1180847&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Mon Oct 10 09:51:26 2011
@@ -62,7 +62,7 @@ public final class OAuthUtils {
 
     public static void validateMessage(OAuthMessage oAuthMessage, Client client, Token token)

         throws Exception {
-        OAuthConsumer consumer = new OAuthConsumer(client.getCallbackURL(), client.getConsumerKey(),
+        OAuthConsumer consumer = new OAuthConsumer(null, client.getConsumerKey(),
             client.getSecretKey(), null);
         OAuthAccessor accessor = new OAuthAccessor(consumer);
         if (token != null) {



Mime
View raw message