cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1182990 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth: data/OAuthPermission.java data/Token.java filters/AbstractAuthFilter.java filters/OAuthInfo.java filters/OAuthServletFilter.java
Date Thu, 13 Oct 2011 17:12:00 GMT
Author: sergeyb
Date: Thu Oct 13 17:11:59 2011
New Revision: 1182990

URL: http://svn.apache.org/viewvc?rev=1182990&view=rev
Log:
[CXF-2759] Fixing a bit the way permissions are enforced

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java?rev=1182990&r1=1182989&r2=1182990&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
Thu Oct 13 17:11:59 2011
@@ -22,9 +22,10 @@ import java.util.Collections;
 import java.util.List;
 
 public class OAuthPermission extends Permission {
-    private List<String> roles;
-    private List<String> httpVerbs;
-
+    private List<String> roles = Collections.emptyList();
+    private List<String> httpVerbs = Collections.emptyList();
+    private String uri;
+    
     public OAuthPermission(String permission, String description, String role) {
         this(permission, description, Collections.singletonList(role));
     }
@@ -34,18 +35,25 @@ public class OAuthPermission extends Per
         this.roles = roles;
     }
     
-    public OAuthPermission(String permission, String description, 
-            List<String> roles, List<String> verbs) {
-        super(permission, description);
-        this.roles = roles;
-        this.httpVerbs = roles;
-    }
-    
     public List<String> getRoles() {
         return roles;
     }
-    
+
+    public void setHttpVerbs(List<String> httpVerbs) {
+        this.httpVerbs = httpVerbs;
+    }
+
     public List<String> getHttpVerbs() {
         return httpVerbs;
     }
+
+    public void setUri(String uri) {
+        this.uri = uri;
+    }
+
+    public String getUri() {
+        return uri;
+    }
+    
+    
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java?rev=1182990&r1=1182989&r2=1182990&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
Thu Oct 13 17:11:59 2011
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.rs.security.oauth.data;
 
+import java.util.Collections;
 import java.util.List;
 
 
@@ -28,8 +29,8 @@ public abstract class Token {
     protected long issuedAt = -1;
     protected long lifetime = -1;
     protected Client client;
-    protected List<String> scopes;
-    protected List<String> uris;
+    protected List<String> scopes = Collections.emptyList();
+    protected List<String> uris = Collections.emptyList();
     
     protected Token(Client client, String tokenString,
                     String tokenSecret, long lifetime) {
@@ -70,7 +71,7 @@ public abstract class Token {
     }
 
     public List<String> getScopes() {
-        return scopes == null || scopes.isEmpty() ? client.getScopes() : scopes;
+        return scopes;
     }
 
     public void setScopes(List<String> scopes) {
@@ -79,7 +80,7 @@ public abstract class Token {
        
 
     public List<String> getUris() {
-        return uris == null || uris.isEmpty() ? client.getUris() : uris;
+        return uris;
     }
 
     public void setUris(List<String> uris) {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1182990&r1=1182989&r2=1182990&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
Thu Oct 13 17:11:59 2011
@@ -19,6 +19,8 @@
 package org.apache.cxf.rs.security.oauth.filters;
 
 import java.security.Principal;
+import java.util.Collections;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -59,7 +61,7 @@ public class AbstractAuthFilter {
         
     }
     
-    public void setOAuthDataProvider(OAuthDataProvider provider) {
+    public void setDataProvider(OAuthDataProvider provider) {
         dataProvider = provider;
     }
     
@@ -70,7 +72,7 @@ public class AbstractAuthFilter {
         }
         
         AccessToken accessToken = null;
-        Client authInfo = null;
+        Client client = null;
         
         OAuthMessage oAuthMessage = OAuthServlet.getMessage(req, req.getRequestURL().toString());
         if (oAuthMessage.getParameter(OAuth.OAUTH_TOKEN) != null) {
@@ -82,43 +84,60 @@ public class AbstractAuthFilter {
             if (accessToken == null) {
                 throw new OAuthProblemException();
             }
-            //check valid URI
-            if (!checkRequestURI(req, accessToken.getUris())) {
-                throw new OAuthProblemException();
-            }
-            authInfo = accessToken.getClient(); 
+            client = accessToken.getClient(); 
             
         } else {
             String consumerKey = oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY);
-            authInfo = dataProvider.getClient(consumerKey);
-            if (authInfo == null) {
-                throw new OAuthProblemException();
-            }
-            if (!checkRequestURI(req, authInfo.getUris())) {
+            client = dataProvider.getClient(consumerKey);
+            if (client == null) {
                 throw new OAuthProblemException();
             }
         }
 
-        OAuthUtils.validateMessage(oAuthMessage, authInfo, accessToken);
+        OAuthUtils.validateMessage(oAuthMessage, client, accessToken);
 
+        //check valid URI
+        if (!checkRequestURI(req, getAllUris(client, accessToken))) {
+            throw new OAuthProblemException();
+        }
+        
         List<OAuthPermission> permissions = dataProvider.getPermissionsInfo(
-                accessToken != null ? accessToken.getScopes() : authInfo.getScopes());
-        boolean matched = false;
+                getAllScopes(client, accessToken));
         for (OAuthPermission perm : permissions) {
-            if (perm.getHttpVerbs() == null 
-                    || perm.getHttpVerbs().contains(req.getMethod())) {
-                matched = true;
+            if (perm.getUri() != null 
+                && !checkRequestURI(req, Collections.singletonList(perm.getUri())))
{
+                throw new OAuthProblemException();
+            }
+            if (!perm.getHttpVerbs().isEmpty() 
+                && !perm.getHttpVerbs().contains(req.getMethod())) {
+                throw new OAuthProblemException();
             }
         }
-        if (!matched && permissions.size() > 0) {
-            throw new OAuthProblemException();
-        }
-        return new OAuthInfo(authInfo, accessToken, permissions);
+        return new OAuthInfo(client, accessToken, permissions);
         
     }
+    
+    protected List<String> getAllScopes(Client client, AccessToken token) {
+        List<String> scopes = new LinkedList<String>();
+        if (token != null) {
+            scopes.addAll(token.getScopes());
+        }
+        scopes.addAll(client.getScopes());
+        return scopes;
+    }
+    
+    protected List<String> getAllUris(Client client, AccessToken token) {
+        List<String> uris = new LinkedList<String>();
+        if (token != null) {
+            uris.addAll(token.getUris());
+        }
+        uris.addAll(client.getUris());
+        return uris;
+    }
 
     protected boolean checkRequestURI(HttpServletRequest request, List<String> uris)
{
-        if (uris == null || uris.isEmpty()) {
+        
+        if (uris.isEmpty()) {
             return true;
         }
         String servletPath = request.getPathInfo();

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java?rev=1182990&r1=1182989&r2=1182990&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
Thu Oct 13 17:11:59 2011
@@ -43,10 +43,8 @@ public class OAuthInfo {
     
     public List<String> getRoles() {
         List<String> authorities = new ArrayList<String>();
-        if (permissions != null) {
-            for (OAuthPermission permission : permissions) {
-                authorities.addAll(permission.getRoles());
-            }
+        for (OAuthPermission permission : permissions) {
+            authorities.addAll(permission.getRoles());
         }
         return authorities;
     }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java?rev=1182990&r1=1182989&r2=1182990&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java
Thu Oct 13 17:11:59 2011
@@ -42,7 +42,7 @@ public class OAuthServletFilter extends 
 
     public void init(FilterConfig filterConfig) throws ServletException {
         ServletContext servletContext = filterConfig.getServletContext();
-        super.setOAuthDataProvider(OAuthUtils.getOAuthDataProvider(servletContext));
+        super.setDataProvider(OAuthUtils.getOAuthDataProvider(servletContext));
     }
 
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws



Mime
View raw message