cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1185620 - in /cxf/trunk: distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/ rt/rs/security/oauth-paren...
Date Tue, 18 Oct 2011 12:23:33 GMT
Author: sergeyb
Date: Tue Oct 18 12:23:33 2011
New Revision: 1185620

URL: http://svn.apache.org/viewvc?rev=1185620&view=rev
Log:
[CXF-2759] Minor changes to do with deleting the tokens

Modified:
    cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
    cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
    cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java

Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
(original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java
Tue Oct 18 12:23:33 2011
@@ -122,8 +122,8 @@ new Client(consumerKey, secretKey, clien
     @RequestMapping("/revokeAccess")
     public ModelAndView revokeAccess(HttpServletRequest request) {
         String consumerKey = request.getParameter("consumerKey");
-
-        oauthDataProvider.removeTokens(consumerKey);
+        
+        clientManager.removeAllTokens(consumerKey);
 
         ModelAndView modelAndView = new ModelAndView(new RedirectView("/app/listAuthorizedClients"));
         return modelAndView;

Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
(original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
Tue Oct 18 12:23:33 2011
@@ -36,7 +36,6 @@ import org.apache.cxf.rs.security.oauth.
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
 import org.apache.cxf.rs.security.oauth.data.Token;
-import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
 import org.apache.cxf.rs.security.oauth.provider.MD5SequenceGenerator;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
@@ -69,8 +68,6 @@ public class MemoryOAuthDataProvider imp
 
     protected MD5SequenceGenerator tokenGenerator = new MD5SequenceGenerator();
 
-    protected DefaultOAuthValidator validator = new DefaultOAuthValidator();
-
     public MemoryOAuthDataProvider() {
         Client client = new Client(CLIENT_ID, CLIENT_SECRET, APPLICATION_NAME, CALLBACK);
         clientAuthInfo.put(CLIENT_ID, client);
@@ -95,7 +92,7 @@ public class MemoryOAuthDataProvider imp
         String tokenSecret = generateToken();
 
         RequestToken reqToken = new RequestToken(reg.getClient(), token, tokenSecret, 
-                                                 reg.getLifetime());
+                                                 reg.getLifetime(), reg.getIssuedAt());
         reqToken.setScopes(reg.getScopes());
         reqToken.setUris(reg.getUris());
         reqToken.setCallback(reg.getCallback());
@@ -109,18 +106,7 @@ public class MemoryOAuthDataProvider imp
         if (token == null || (!RequestToken.class.isAssignableFrom(token.getClass()))) {
             throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED));
         }
-        RequestToken requestToken = (RequestToken) token;
-
-        Client c = token.getClient();
-        if (c == null) {
-            throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN));
-        }
-        try {
-            validator.validateToken(requestToken);
-        } catch (OAuthProblemException ex) {
-            throw new OAuthServiceException(ex);
-        }
-        return requestToken;
+        return (RequestToken) token;
     }
 
     public String setRequestTokenVerifier(RequestToken requestToken) throws
@@ -138,7 +124,7 @@ public class MemoryOAuthDataProvider imp
         String accessTokenString = generateToken();
         String tokenSecretString = generateToken();
 
-        AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString,
3600);
+        AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString,
3600, System.currentTimeMillis()/1000);
 
         accessToken.setScopes(requestToken.getScopes());
         accessToken.setUris(requestToken.getUris());
@@ -156,33 +142,23 @@ public class MemoryOAuthDataProvider imp
 
     public AccessToken getAccessToken(String accessToken) throws OAuthServiceException
     {
-        Token token = oauthTokens.get(accessToken);
-        if (token == null || !AccessToken.class.isAssignableFrom(token.getClass())) {
-            throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED));
-        }
-        try {
-            validator.validateToken(token);
-        } catch (OAuthProblemException ex) {
-            throw new OAuthServiceException(ex);
-        }
-        return (AccessToken) token;
+        return (AccessToken) oauthTokens.get(accessToken);
     }
 
-    
+    public void removeAllTokens(String consumerKey) {
+        //TODO: implement
+    }
 
-    public void removeTokens(String consumerKey) {
-        if (!StringUtils.isEmpty(consumerKey)) {
-            List<String> registeredApps = this.userAuthorizedClients.get(consumerKey);
-            if (registeredApps != null) {
-                registeredApps.remove(consumerKey);
-            }
-            for (Token token : oauthTokens.values()) {
-                Client authNInfo = token.getClient();
-                if (consumerKey.equals(authNInfo.getConsumerKey())) {
-                    oauthTokens.remove(token.getTokenKey());
-                }
+    public void removeToken(Token t) {
+        
+        for (Token token : oauthTokens.values()) {
+            Client authNInfo = token.getClient();
+            if (t.getClient().getConsumerKey().equals(authNInfo.getConsumerKey())) {
+                oauthTokens.remove(token.getTokenKey());
+                break;
             }
         }
+        
     }
 
     protected String generateToken() throws OAuthServiceException {

Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java
(original)
+++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/OAuthClientManager.java
Tue Oct 18 12:23:33 2011
@@ -32,4 +32,5 @@ public interface OAuthClientManager {
 
     void removeRegisteredClient(String consumerKey);
 
+    void removeAllTokens(String consumerKey);
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java
Tue Oct 18 12:23:33 2011
@@ -25,10 +25,6 @@ import java.util.Map;
 import java.util.UUID;
 import java.util.concurrent.ConcurrentHashMap;
 
-import net.oauth.OAuth;
-import net.oauth.OAuthProblemException;
-
-import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.rs.security.oauth.data.AccessToken;
 import org.apache.cxf.rs.security.oauth.data.Client;
@@ -36,7 +32,6 @@ import org.apache.cxf.rs.security.oauth.
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
 import org.apache.cxf.rs.security.oauth.data.Token;
-import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
 import org.apache.cxf.rs.security.oauth.provider.MD5SequenceGenerator;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
@@ -65,8 +60,6 @@ public class MemoryOAuthDataProvider imp
     protected MD5SequenceGenerator tokenGenerator = 
         new MD5SequenceGenerator();
 
-    protected DefaultOAuthValidator validator = new DefaultOAuthValidator();
-
     public MemoryOAuthDataProvider() {
         Client client = new Client(OAuthTestUtils.CLIENT_ID, 
             OAuthTestUtils.CLIENT_SECRET,
@@ -94,7 +87,7 @@ public class MemoryOAuthDataProvider imp
         String tokenSecret = generateToken();
 
         RequestToken reqToken = new RequestToken(reg.getClient(), token, tokenSecret, 
-                                                 reg.getLifetime());
+                                                 reg.getLifetime(), reg.getIssuedAt());
         reqToken.setScopes(reg.getScopes());
         reqToken.setUris(reg.getUris());
         
@@ -104,22 +97,7 @@ public class MemoryOAuthDataProvider imp
 
     public RequestToken getRequestToken(String tokenString) throws OAuthServiceException
{
 
-        Token token = oauthTokens.get(tokenString);
-        if (token == null || (!RequestToken.class.isAssignableFrom(token.getClass()))) {
-            throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED));
-        }
-        RequestToken requestToken = (RequestToken) token;
-
-        Client c = token.getClient();
-        if (c == null) {
-            throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN));
-        }
-        try {
-            validator.validateToken(requestToken);
-        } catch (OAuthProblemException ex) {
-            throw new OAuthServiceException(ex);
-        }
-        return requestToken;
+        return (RequestToken)oauthTokens.get(tokenString);
     }
 
     public String setRequestTokenVerifier(RequestToken requestToken) throws
@@ -137,7 +115,8 @@ public class MemoryOAuthDataProvider imp
         String accessTokenString = generateToken();
         String tokenSecretString = generateToken();
 
-        AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString,
3600);
+        AccessToken accessToken = new AccessToken(client, accessTokenString, tokenSecretString,
+                                                  3600, System.currentTimeMillis() / 1000);
 
         accessToken.setScopes(requestToken.getScopes());
         accessToken.setUris(requestToken.getUris());
@@ -153,35 +132,20 @@ public class MemoryOAuthDataProvider imp
         return accessToken;
     }
 
-    public AccessToken getAccessToken(String accessToken) throws OAuthServiceException
-    {
-        Token token = oauthTokens.get(accessToken);
-        if (token == null || !AccessToken.class.isAssignableFrom(token.getClass())) {
-            throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED));
-        }
-        try {
-            validator.validateToken(token);
-        } catch (OAuthProblemException ex) {
-            throw new OAuthServiceException(ex);
-        }
-        return (AccessToken) token;
+    public AccessToken getAccessToken(String accessToken) throws OAuthServiceException {
+        return  (AccessToken)oauthTokens.get(accessToken);
     }
 
-    
-
-    public void removeTokens(String consumerKey) {
-        if (!StringUtils.isEmpty(consumerKey)) {
-            List<String> registeredApps = this.userAuthorizedClients.get(consumerKey);
-            if (registeredApps != null) {
-                registeredApps.remove(consumerKey);
-            }
-            for (Token token : oauthTokens.values()) {
-                Client authNInfo = token.getClient();
-                if (consumerKey.equals(authNInfo.getConsumerKey())) {
-                    oauthTokens.remove(token.getTokenKey());
-                }
+    public void removeToken(Token t) {
+        
+        for (Token token : oauthTokens.values()) {
+            Client authNInfo = token.getClient();
+            if (t.getClient().getConsumerKey().equals(authNInfo.getConsumerKey())) {
+                oauthTokens.remove(token.getTokenKey());
+                break;
             }
         }
+        
     }
 
     protected String generateToken() throws OAuthServiceException {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/AccessToken.java
Tue Oct 18 12:23:33 2011
@@ -24,11 +24,12 @@ package org.apache.cxf.rs.security.oauth
 public class AccessToken extends Token {
     public AccessToken(Client client, String tokenString,
                        String tokenSecret) {
-        super(client, tokenString, tokenSecret, -1L);
+        this(client, tokenString, tokenSecret, -1L, 
+             System.currentTimeMillis() / 1000);
     }
 
     public AccessToken(Client client, String tokenString,
-                       String tokenSecret, long lifeTime) {
-        super(client, tokenString, tokenSecret, lifeTime);
+                        String tokenSecret, long lifetime, long issuedAt) {
+        super(client, tokenString, tokenSecret, lifetime, issuedAt);
     }
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestToken.java
Tue Oct 18 12:23:33 2011
@@ -27,14 +27,16 @@ public class RequestToken extends Token 
     private String callback;
     private String state;
     
-    public RequestToken(Client client, String tokenString,
+    public RequestToken(Client client, 
+                        String tokenString,
                         String tokenSecret) {
-        this(client, tokenString, tokenSecret, -1L);
+        this(client, tokenString, tokenSecret, -1L, 
+             System.currentTimeMillis() / 1000);
     }
 
     public RequestToken(Client client, String tokenString,
-                        String tokenSecret, Long lifetime) {
-        super(client, tokenString, tokenSecret, lifetime);
+                        String tokenSecret, long lifetime, long issuedAt) {
+        super(client, tokenString, tokenSecret, lifetime, issuedAt);
     }
 
     /**

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java
Tue Oct 18 12:23:33 2011
@@ -31,6 +31,7 @@ public class RequestTokenRegistration {
     private List<String> uris;
     private List<String> scopes;
     private long lifetime;
+    private long issuedAt;
     
     public void setClient(Client client) {
         this.client = client;
@@ -71,4 +72,10 @@ public class RequestTokenRegistration {
     public long getLifetime() {
         return lifetime;
     }
+    public void setIssuedAt(long issuedAt) {
+        this.issuedAt = issuedAt;
+    }
+    public long getIssuedAt() {
+        return issuedAt;
+    }
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
Tue Oct 18 12:23:33 2011
@@ -26,30 +26,21 @@ import java.util.List;
  */
 public abstract class Token {
 
-    protected String tokenString;
-    protected String tokenSecret;
-    protected long issuedAt = -1;
-    protected long lifetime = -1;
-    protected Client client;
-    protected List<String> scopes = Collections.emptyList();
-    protected List<String> uris = Collections.emptyList();
+    private String tokenString;
+    private String tokenSecret;
+    private long issuedAt = -1;
+    private long lifetime = -1;
+    private Client client;
+    private List<String> scopes = Collections.emptyList();
+    private List<String> uris = Collections.emptyList();
     
     protected Token(Client client, String tokenKey,
-                    String tokenSecret, long lifetime) {
+                    String tokenSecret, long lifetime, long issuedAt) {
         this.client = client;
         this.tokenString = tokenKey;
         this.tokenSecret = tokenSecret;
-        initTokenLifeTime(lifetime);
-    }
-
-    protected Token(Client client, String tokenKey,
-                    String tokenSecret) {
-        this(client, tokenKey, tokenSecret, -1);
-    }
-
-    private void initTokenLifeTime(Long lifetm) {
-        this.lifetime = lifetm;
-        issuedAt = System.currentTimeMillis() / 1000;
+        this.lifetime = lifetime;
+        this.issuedAt = issuedAt;
     }
 
     /**

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
Tue Oct 18 12:23:33 2011
@@ -112,7 +112,7 @@ public class AbstractAuthFilter {
             }
         }
 
-        OAuthUtils.validateMessage(oAuthMessage, client, accessToken);
+        OAuthUtils.validateMessage(oAuthMessage, client, accessToken, dataProvider);
 
         //check valid URI
         checkRequestURI(req, getAllUris(client, accessToken));

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/DefaultOAuthValidator.java
Tue Oct 18 12:23:33 2011
@@ -45,7 +45,8 @@ public class DefaultOAuthValidator exten
         super.checkSingleParameters(message);
     }
 
-    public void validateToken(Token token) throws OAuthProblemException {
+    public void validateToken(Token token, OAuthDataProvider provider) 
+        throws OAuthProblemException {
         if (token == null) {
             throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
         } else {
@@ -53,6 +54,7 @@ public class DefaultOAuthValidator exten
             Long lifetime = token.getLifetime();
             if (lifetime != -1
                 && (issuedAt + lifetime < (System.currentTimeMillis() / 1000)))
{
+                provider.removeToken(token);
                 throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
             }
         }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
Tue Oct 18 12:23:33 2011
@@ -26,6 +26,7 @@ import org.apache.cxf.rs.security.oauth.
 import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
+import org.apache.cxf.rs.security.oauth.data.Token;
 
 /**
  * OAuth provider responsible for persisting the information about 
@@ -90,12 +91,12 @@ public interface OAuthDataProvider {
     AccessToken getAccessToken(String accessToken) throws OAuthServiceException;
 
     /**
-     * Removes the tokens associated with a given client id
-     * @param clientId the client id
+     * Removes the token
+     * @param token the token
      * @throws OAuthServiceException
      */
-    void removeTokens(String clientId) throws OAuthServiceException;;
-
+    void removeToken(Token token) throws OAuthServiceException;
+    
     /**
      * Returns the list of {@link OAuthPermission} beans describing opaque
      * permissions (aka scopes) such as "read_data", etc

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
Tue Oct 18 12:23:33 2011
@@ -67,7 +67,8 @@ public class AccessTokenHandler {
                 throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
             }
             
-            OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken);
+            OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken,
+                                       dataProvider);
 
             AccessToken accessToken = dataProvider.createAccessToken(requestToken);
 

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
Tue Oct 18 12:23:33 2011
@@ -75,7 +75,7 @@ public class RequestTokenHandler {
                 throw problemEx;
             }
 
-            OAuthUtils.validateMessage(oAuthMessage, client, null);
+            OAuthUtils.validateMessage(oAuthMessage, client, null, dataProvider);
 
             String callback = oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK);
             validateCallbackURL(client, callback);
@@ -92,6 +92,7 @@ public class RequestTokenHandler {
             reg.setUris(uris);
             reg.setScopes(scopes);
             reg.setLifetime(tokenLifetime);
+            reg.setIssuedAt(System.currentTimeMillis() / 1000);
             
             RequestToken requestToken = dataProvider.createRequestToken(reg);
 

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1185620&r1=1185619&r2=1185620&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Tue Oct 18 12:23:33 2011
@@ -56,7 +56,10 @@ public final class OAuthUtils {
     private OAuthUtils() {
     }
 
-    public static void validateMessage(OAuthMessage oAuthMessage, Client client, Token token)

+    public static void validateMessage(OAuthMessage oAuthMessage, 
+                                       Client client, 
+                                       Token token,
+                                       OAuthDataProvider provider) 
         throws Exception {
         OAuthConsumer consumer = new OAuthConsumer(null, client.getConsumerKey(),
             client.getSecretKey(), null);
@@ -73,7 +76,7 @@ public final class OAuthUtils {
         DefaultOAuthValidator validator = new DefaultOAuthValidator(); 
         validator.validateMessage(oAuthMessage, accessor);
         if (token != null) {
-            validator.validateToken(token);
+            validator.validateToken(token, provider);
         }
     }
     



Mime
View raw message