cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1183281 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth: data/OAuthPermission.java filters/AbstractAuthFilter.java services/RequestTokenHandler.java utils/OAuthUtils.java
Date Fri, 14 Oct 2011 10:28:31 GMT
Author: sergeyb
Date: Fri Oct 14 10:28:31 2011
New Revision: 1183281

URL: http://svn.apache.org/viewvc?rev=1183281&view=rev
Log:
[CXF-2759] Some more updates to do with the permission enforcement

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java?rev=1183281&r1=1183280&r2=1183281&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
Fri Oct 14 10:28:31 2011
@@ -25,6 +25,7 @@ public class OAuthPermission extends Per
     private List<String> roles = Collections.emptyList();
     private List<String> httpVerbs = Collections.emptyList();
     private String uri;
+    private boolean authorizationKeyRequired = true;
     
     public OAuthPermission(String permission, String description, String role) {
         this(permission, description, Collections.singletonList(role));
@@ -54,6 +55,12 @@ public class OAuthPermission extends Per
     public String getUri() {
         return uri;
     }
-    
-    
+
+    public void setAuthorizationKeyRequired(boolean authorizationKeyRequired) {
+        this.authorizationKeyRequired = authorizationKeyRequired;
+    }
+
+    public boolean isAuthorizationKeyRequired() {
+        return authorizationKeyRequired;
+    }
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1183281&r1=1183280&r2=1183281&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
Fri Oct 14 10:28:31 2011
@@ -88,8 +88,9 @@ public class AbstractAuthFilter {
             
         } else {
             String consumerKey = oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY);
+            String consumerSecret = oAuthMessage.getParameter("oauth_consumer_secret");
             client = dataProvider.getClient(consumerKey);
-            if (client == null) {
+            if (client == null || consumerSecret == null || !consumerSecret.equals(client.getSecretKey()))
{
                 throw new OAuthProblemException();
             }
         }
@@ -103,6 +104,7 @@ public class AbstractAuthFilter {
         
         List<OAuthPermission> permissions = dataProvider.getPermissionsInfo(
                 getAllScopes(client, accessToken));
+        
         for (OAuthPermission perm : permissions) {
             if (perm.getUri() != null 
                 && !checkRequestURI(req, Collections.singletonList(perm.getUri())))
{
@@ -112,11 +114,20 @@ public class AbstractAuthFilter {
                 && !perm.getHttpVerbs().contains(req.getMethod())) {
                 throw new OAuthProblemException();
             }
+            checkNoAccessTokenIsAllowed(client, accessToken, perm);
         }
+        
         return new OAuthInfo(client, accessToken, permissions);
         
     }
     
+    protected void checkNoAccessTokenIsAllowed(Client client, AccessToken token,
+            OAuthPermission perm) throws OAuthProblemException {
+        if (token == null && perm.isAuthorizationKeyRequired()) {
+            throw new OAuthProblemException();
+        }
+    }
+    
     protected List<String> getAllScopes(Client client, AccessToken token) {
         List<String> scopes = new LinkedList<String>();
         if (token != null) {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1183281&r1=1183280&r2=1183281&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
Fri Oct 14 10:28:31 2011
@@ -38,6 +38,7 @@ import org.apache.cxf.rs.security.oauth.
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
 
 public class RequestTokenHandler {
@@ -54,6 +55,8 @@ public class RequestTokenHandler {
         };
     
     private long tokenLifetime = 3600L;
+    private String defaultScope;
+    private String defaultURI;
     
     public Response handle(HttpServletRequest request, OAuthDataProvider dataProvider) {
         try {
@@ -77,8 +80,10 @@ public class RequestTokenHandler {
             String callback = oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK);
             validateCallbackURL(client, callback);
 
-            List<String> scopes = OAuthUtils.parseScopesFromRequest(oAuthMessage);
-            List<String> uris = OAuthUtils.parseUrisFromRequest(oAuthMessage);
+            List<String> scopes = OAuthUtils.parseParamValue(
+                    oAuthMessage.getParameter(OAuthConstants.X_OAUTH_SCOPE), defaultScope);
+            List<String> uris = OAuthUtils.parseParamValue(
+                    oAuthMessage.getParameter(OAuthConstants.X_OAUTH_URI), defaultURI);
             
             RequestTokenRegistration reg = new RequestTokenRegistration();
             reg.setClient(client);
@@ -136,5 +141,13 @@ public class RequestTokenHandler {
     public void setTokenLifetime(long tokenLifetime) {
         this.tokenLifetime = tokenLifetime;
     }
+
+    public void setDefaultScope(String defaultScope) {
+        this.defaultScope = defaultScope;
+    }
+
+    public void setDefaultURI(String defaultURI) {
+        this.defaultURI = defaultURI;
+    }
             
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1183281&r1=1183280&r2=1183281&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Fri Oct 14 10:28:31 2011
@@ -19,12 +19,8 @@
 package org.apache.cxf.rs.security.oauth.utils;
 
 import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URLEncoder;
 import java.util.ArrayList;
-import java.util.Collection;
 import java.util.List;
-import java.util.Map;
 import java.util.StringTokenizer;
 
 import javax.servlet.ServletContext;
@@ -54,9 +50,6 @@ import org.apache.cxf.rs.security.oauth.
 
 public final class OAuthUtils {
 
-    private static final String PARAMETER_SEPARATOR = "&";
-    private static final String NAME_VALUE_SEPARATOR = "=";
-
     private OAuthUtils() {
     }
 
@@ -128,7 +121,8 @@ public final class OAuthUtils {
                 Response.status(status).entity(e.getMessage()).build());
     }
 
-    public static List<String> parseParamFromRequest(String paramValue) throws IOException
{
+    public static List<String> parseParamValue(String paramValue, String defaultValue)

+        throws IOException {
         
         List<String> scopeList = new ArrayList<String>();
 
@@ -140,56 +134,13 @@ public final class OAuthUtils {
                 scopeList.add(token);
             }
         }
+        if (defaultValue != null) {
+            scopeList.add(defaultValue);
+        }
         return scopeList;
     }
 
-    public static List<String> parseScopesFromRequest(OAuthMessage message) throws
IOException {
-        return parseParamFromRequest(message.getParameter(OAuthConstants.X_OAUTH_SCOPE));
-    }
     
-    public static List<String> parseUrisFromRequest(OAuthMessage message) throws IOException
{
-        return parseParamFromRequest(message.getParameter(OAuthConstants.X_OAUTH_URI));
-    }
-
-    /**
-     * Translates parameters into <code>application/x-www-form-urlencoded</code>
String
-     *
-     * @param parameters parameters to encode
-     * @param encoding   The name of a supported
-     *                   <a href="../lang/package-summary.html#charenc">character
-     *                   encoding</a>.
-     * @return Translated string
-     */
-    public static String format(
-            final Collection<? extends Map.Entry<String, String>> parameters,
-            final String encoding) {
-        final StringBuilder result = new StringBuilder();
-        for (final Map.Entry<String, String> parameter : parameters) {
-            if (!StringUtils.isEmpty(parameter.getKey())
-                    && !StringUtils.isEmpty(parameter.getValue())) {
-                final String encodedName = encode(parameter.getKey(), encoding);
-                final String value = parameter.getValue();
-                final String encodedValue = value != null ? encode(value, encoding) : "";
-                if (result.length() > 0) {
-                    result.append(PARAMETER_SEPARATOR);
-                }
-                result.append(encodedName);
-                result.append(NAME_VALUE_SEPARATOR);
-                result.append(encodedValue);
-            }
-        }
-        return result.toString();
-    }
-
-    private static String encode(final String content, final String encoding) {
-        try {
-            return URLEncoder.encode(content,
-                    encoding != null ? encoding : "UTF-8");
-        } catch (UnsupportedEncodingException problem) {
-            throw new IllegalArgumentException(problem);
-        }
-    }
-
     public static RequestToken handleTokenRejectedException() throws OAuthProblemException
{
         OAuthProblemException problemEx = new OAuthProblemException(
                 OAuth.Problems.TOKEN_REJECTED);



Mime
View raw message