cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1182563 - in /cxf/trunk: distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/ rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/ rt/rs/security/oauth-parent/oauth/src/main/java/org...
Date Wed, 12 Oct 2011 20:07:33 GMT
Author: sergeyb
Date: Wed Oct 12 20:07:33 2011
New Revision: 1182563

URL: http://svn.apache.org/viewvc?rev=1182563&view=rev
Log:
[CXF-2759] Updating authorization handler mappings plus few more minor updates

Modified:
    cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java

Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml?rev=1182563&r1=1182562&r2=1182563&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml
(original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/security-beans.xml
Wed Oct 12 20:07:33 2011
@@ -28,7 +28,7 @@
     <beans:bean id="authenticationSuccHandler"
                 class="demo.oauth.server.spring.AuthenticationSuccessfullHandler">
         <beans:property name="defaultTargetUrl" value="/app/newClientForm.jsp"/>
-        <beans:property name="confirmationUrl" value="/auth/oauth/authorizeDecision"/>
+        <beans:property name="confirmationUrl" value="/auth/oauth/authorize/decision"/>
     </beans:bean>
 
     <beans:bean id="authenticationFailHandler"

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java?rev=1182563&r1=1182562&r2=1182563&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
Wed Oct 12 20:07:33 2011
@@ -23,6 +23,10 @@ public class Permission {
     private String permission;
     private String description;
     
+    public Permission() {
+        
+    }
+    
     public Permission(String permission, String description) {
         this.description = description;
         this.permission = permission;

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1182563&r1=1182562&r2=1182563&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
Wed Oct 12 20:07:33 2011
@@ -110,7 +110,7 @@ public class AbstractAuthFilter {
                 matched = true;
             }
         }
-        if (!matched) {
+        if (!matched && permissions.size() > 0) {
             throw new OAuthProblemException();
         }
         return new OAuthInfo(authInfo, accessToken, permissions);
@@ -118,7 +118,7 @@ public class AbstractAuthFilter {
     }
 
     protected boolean checkRequestURI(HttpServletRequest request, List<String> uris)
{
-        if (uris == null) {
+        if (uris == null || uris.isEmpty()) {
             return true;
         }
         String servletPath = request.getPathInfo();

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1182563&r1=1182562&r2=1182563&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
Wed Oct 12 20:07:33 2011
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.rs.security.oauth.services;
 
+import java.io.IOException;
 import java.net.URI;
 import java.util.HashMap;
 import java.util.Map;
@@ -66,13 +67,13 @@ public class AuthorizationRequestHandler
             }
             
             OAuthAuthorizationData secData = new OAuthAuthorizationData();
-            if (!compareRequestSessionTokens(request)) {
+            if (!compareRequestSessionTokens(request, oAuthMessage)) {
                 addAuthenticityTokenToSession(secData, request);
                 return Response.ok(
                         addAdditionalParams(secData, dataProvider, token)).build();
             }
             
-            String decision = request.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
+            String decision = oAuthMessage.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY);
             boolean allow = OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision);
 
             Map<String, String> queryParams = new HashMap<String, String>();
@@ -145,9 +146,15 @@ public class AuthorizationRequestHandler
         session.setAttribute(OAuthConstants.AUTHENTICITY_TOKEN, value);
     }
     
-    private boolean compareRequestSessionTokens(HttpServletRequest request) {
+    private boolean compareRequestSessionTokens(HttpServletRequest request,
+            OAuthMessage oAuthMessage) {
         HttpSession session = request.getSession();
-        String requestToken = request.getParameter(OAuthConstants.AUTHENTICITY_TOKEN);
+        String requestToken = null; 
+        try {
+            requestToken = oAuthMessage.getParameter(OAuthConstants.AUTHENTICITY_TOKEN);
+        } catch (IOException ex) {
+            return false;
+        }
         String sessionToken = (String) session.getAttribute(OAuthConstants.AUTHENTICITY_TOKEN);
         
         if (StringUtils.isEmpty(requestToken) || StringUtils.isEmpty(sessionToken)) {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java?rev=1182563&r1=1182562&r2=1182563&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java
Wed Oct 12 20:07:33 2011
@@ -36,6 +36,7 @@ import org.apache.cxf.rs.security.oauth.
  * redirect End User back to the Client, supplying 
  * a request token verifier (aka authorization code)
  */
+@Path("/authorize")
 public class AuthorizationRequestService extends AbstractOAuthService {
 
     private AuthorizationRequestHandler handler = new AuthorizationRequestHandler();
@@ -45,25 +46,24 @@ public class AuthorizationRequestService
     }
     
     @GET
-    @Path("/authorize")
     @Produces({"application/xhtml+xml", "text/html", "application/xml", "application/json"
})
     public Response authorize() {
         Response response = handler.handle(getHttpRequest(), getDataProvider());
         if (response.getEntity() instanceof OAuthAuthorizationData) {
-            String replyTo = getUriInfo().getBaseUriBuilder().path("authorizeDecision").build().toString();
+            String replyTo = getUriInfo().getAbsolutePathBuilder().path("decision").build().toString();
             ((OAuthAuthorizationData)response.getEntity()).setReplyTo(replyTo);
         }
         return response;
     }
 
     @GET
-    @Path("/authorizeDecision")
+    @Path("/decision")
     public Response authorizeDecision() {
         return authorize();
     }
     
     @POST
-    @Path("/authorizeDecision")
+    @Path("/decision")
     @Consumes("application/x-www-form-urlencoded")
     public Response authorizeDecisionForm() {
         return authorizeDecision();

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java?rev=1182563&r1=1182562&r2=1182563&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OAuthDefaultServices.java
Wed Oct 12 20:07:33 2011
@@ -85,13 +85,13 @@ public class OAuthDefaultServices {
     }
     
     @GET
-    @Path("/authorizeDecision")
+    @Path("/authorize/decision")
     public Response authorizeDecision() {
         return authorizeService.authorizeDecision();
     }
     
     @POST
-    @Path("/authorizeDecision")
+    @Path("/authorize/decision")
     @Consumes("application/x-www-form-urlencoded")
     public Response authorizeDecisionForm() {
         return authorizeService.authorizeDecision();

Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java?rev=1182563&r1=1182562&r2=1182563&view=diff
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java
(original)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/JAXRSClientServerBookTest.java
Wed Oct 12 20:07:33 2011
@@ -70,7 +70,7 @@ public class JAXRSClientServerBookTest e
     @BeforeClass
     public static void startServers() throws Exception {
         assertTrue("server did not launch correctly",
-                   launchServer(BookServer.class));
+                   launchServer(BookServer.class, true));
     }
     
     @Test



Mime
View raw message