Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2BF517F9E for ; Mon, 10 Oct 2011 09:51:53 +0000 (UTC) Received: (qmail 16136 invoked by uid 500); 10 Oct 2011 09:51:53 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 16084 invoked by uid 500); 10 Oct 2011 09:51:53 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 16077 invoked by uid 99); 10 Oct 2011 09:51:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Oct 2011 09:51:53 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Oct 2011 09:51:48 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 5002923889D7 for ; Mon, 10 Oct 2011 09:51:27 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1180847 - in /cxf/trunk: distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/ rt/rs/security/oauth-parent/oauth-te... Date: Mon, 10 Oct 2011 09:51:26 -0000 To: commits@cxf.apache.org From: sergeyb@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20111010095127.5002923889D7@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: sergeyb Date: Mon Oct 10 09:51:26 2011 New Revision: 1180847 URL: http://svn.apache.org/viewvc?rev=1180847&view=rev Log: [CXF-2759] Removing a redundant Client callback property and making a loginName optional Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java?rev=1180847&r1=1180846&r2=1180847&view=diff ============================================================================== --- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java (original) +++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ApplicationController.java Mon Oct 10 09:51:26 2011 @@ -73,9 +73,9 @@ public class ApplicationController imple String secretKey = tokenGen.generateToken(new SecureRandom().generateSeed(20)); - Client clientInfo = new Client(principal.getName(), consumerKey, - secretKey, clientApp.getCallbackURL(), clientApp.getClientName()); - + Client clientInfo = +new Client(consumerKey, secretKey, clientApp.getClientName(), clientApp.getCallbackURL()); + clientInfo.setLoginName(principal.getName()); Client authNInfo = clientManager.registerNewClient(consumerKey, clientInfo); if (authNInfo != null) { Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java?rev=1180847&r1=1180846&r2=1180847&view=diff ============================================================================== --- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java (original) +++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java Mon Oct 10 09:51:26 2011 @@ -72,8 +72,7 @@ public class MemoryOAuthDataProvider imp protected DefaultOAuthValidator validator = new DefaultOAuthValidator(); public MemoryOAuthDataProvider() { - Client client = new Client(CLIENT_ID, CLIENT_ID, - CLIENT_SECRET, CALLBACK, APPLICATION_NAME); + Client client = new Client(CLIENT_ID, CLIENT_SECRET, APPLICATION_NAME, CALLBACK); clientAuthInfo.put(CLIENT_ID, client); } @@ -99,7 +98,7 @@ public class MemoryOAuthDataProvider imp reg.getLifetime()); reqToken.setScopes(reg.getScopes()); reqToken.setUris(reg.getUris()); - + reqToken.setCallback(reg.getCallback()); oauthTokens.put(token, reqToken); return reqToken; } Modified: cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp?rev=1180847&r1=1180846&r2=1180847&view=diff ============================================================================== --- cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp (original) +++ cxf/trunk/distribution/src/main/release/samples/oauth/server/src/main/webapp/WEB-INF/views/clientDetails.jsp Mon Oct 10 09:51:26 2011 @@ -40,10 +40,6 @@ under the License. ${clientInfo.secretKey} - Callback URL: - ${clientInfo.callbackURL} - - Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java?rev=1180847&r1=1180846&r2=1180847&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth-test/src/main/java/org/apache/cxf/rs/security/oauth/test/MemoryOAuthDataProvider.java Mon Oct 10 09:51:26 2011 @@ -67,9 +67,10 @@ public class MemoryOAuthDataProvider imp protected DefaultOAuthValidator validator = new DefaultOAuthValidator(); public MemoryOAuthDataProvider() { - Client client = new Client(OAuthTestUtils.CLIENT_ID, OAuthTestUtils.CLIENT_ID, + Client client = new Client(OAuthTestUtils.CLIENT_ID, OAuthTestUtils.CLIENT_SECRET, - OAuthTestUtils.CALLBACK, OAuthTestUtils.APPLICATION_NAME); + OAuthTestUtils.APPLICATION_NAME, + OAuthTestUtils.CALLBACK); clientAuthInfo.put(OAuthTestUtils.CLIENT_ID, client); } Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java?rev=1180847&r1=1180846&r2=1180847&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java Mon Oct 10 09:51:26 2011 @@ -22,48 +22,30 @@ import java.util.Collections; import java.util.List; public class Client { - private String loginName; private String consumerKey; private String secretKey; - private String callbackURL; private String applicationURI; private String applicationName; + + private String loginName; + private List uris = Collections.emptyList(); private List scopes = Collections.emptyList(); - public Client(String loginName, - String consumerKey, String secretKey, String callbackURL, - String applicationName, List uris) { - this.loginName = loginName; + public Client(String consumerKey, + String secretKey, + String applicationName, + String applicationURI) { this.consumerKey = consumerKey; this.secretKey = secretKey; - this.callbackURL = callbackURL; + this.applicationURI = applicationURI; this.applicationName = applicationName; - this.uris = uris; } - public Client(String loginName, String consumerKey, String secretKey, String callbackURL, - String applicationName) { - this(loginName, consumerKey, secretKey, callbackURL, applicationName, - Collections.emptyList()); - } - - public Client(String loginName, String consumerKey, String secretKey, String callbackURL) { - this(loginName, consumerKey, secretKey, callbackURL, null); - } - - public Client(String loginName, String consumerKey, String secretKey) { - this(loginName, consumerKey, secretKey, null); + public Client(String consumerKey, String secretKey) { + this(consumerKey, secretKey, null, null); } - public String getLoginName() { - return loginName; - } - - public List getUris() { - return uris; - } - public String getConsumerKey() { return consumerKey; } @@ -72,14 +54,6 @@ public class Client { return secretKey; } - public String getCallbackURL() { - return callbackURL; - } - - public void setCallbackURL(String callbackURL) { - this.callbackURL = callbackURL; - } - public String getApplicationName() { return applicationName; } @@ -96,6 +70,22 @@ public class Client { this.applicationURI = applicationURI; } + public String getLoginName() { + return loginName == null ? consumerKey : loginName; + } + + public void setLoginName(String name) { + this.loginName = name; + } + + public List getUris() { + return uris; + } + + public void setUris(List uris) { + this.uris = uris; + } + public List getScopes() { return scopes; } @@ -115,13 +105,6 @@ public class Client { Client that = (Client)o; - if (applicationName != null ? !applicationName.equals(that.applicationName) - : that.applicationName != null) { - return false; - } - if (callbackURL != null ? !callbackURL.equals(that.callbackURL) : that.callbackURL != null) { - return false; - } if (!consumerKey.equals(that.consumerKey)) { return false; } @@ -136,8 +119,6 @@ public class Client { public int hashCode() { int result = consumerKey.hashCode(); result = 31 * result + secretKey.hashCode(); - result = 31 * result + (callbackURL != null ? callbackURL.hashCode() : 0); - result = 31 * result + (applicationName != null ? applicationName.hashCode() : 0); return result; } } Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java?rev=1180847&r1=1180846&r2=1180847&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/RequestTokenRegistration.java Mon Oct 10 09:51:26 2011 @@ -23,6 +23,7 @@ import java.util.List; public class RequestTokenRegistration { private Client client; private String state; + private String callback; private List uris; private List scopes; private long lifetime; @@ -33,6 +34,15 @@ public class RequestTokenRegistration { public Client getClient() { return client; } + + public void setCallback(String callback) { + this.callback = callback; + } + + public String getCallback() { + return callback; + } + public void setState(String state) { this.state = state; } Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1180847&r1=1180846&r2=1180847&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java Mon Oct 10 09:51:26 2011 @@ -36,7 +36,6 @@ import net.oauth.OAuthProblemException; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; -import org.apache.cxf.rs.security.oauth.data.Client; import org.apache.cxf.rs.security.oauth.data.OAuthAuthorizationData; import org.apache.cxf.rs.security.oauth.data.RequestToken; import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator; @@ -75,17 +74,17 @@ public class AuthorizationRequestHandler } String decision = request.getParameter(OAuthConstants.AUTHORIZATION_DECISION_KEY); - Client clientInfo = token.getClient(); if (!OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(decision)) { //user not authorized client - secData.setCallback(clientInfo.getCallbackURL()); + secData.setCallback(token.getCallback()); return Response.ok(addAdditionalParams(secData, token)).build(); } String verifier = dataProvider.createRequestTokenVerifier(token); - String callbackURL = clientInfo.getCallbackURL(); + String callbackURL = getCallbackURI(token); + Map queryParams = new HashMap(); queryParams.put(OAuth.OAUTH_VERIFIER, verifier); @@ -112,6 +111,17 @@ public class AuthorizationRequestHandler } } + protected String getCallbackURI(RequestToken token) throws OAuthProblemException { + String callback = token.getCallback(); + if (callback == null) { + callback = token.getClient().getApplicationURI(); + } + if (callback == null) { + throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED); + } + return callback; + } + protected String buildCallbackUrl(String callbackURL, final Map queryParams) { boolean containsQuestionMark = callbackURL.contains("?"); Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1180847&r1=1180846&r2=1180847&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java Mon Oct 10 09:51:26 2011 @@ -82,6 +82,7 @@ public class RequestTokenHandler { RequestTokenRegistration reg = new RequestTokenRegistration(); reg.setClient(client); + reg.setCallback(callback); reg.setState(oAuthMessage.getParameter("state")); reg.setUris(uris); reg.setScopes(scopes); @@ -119,9 +120,7 @@ public class RequestTokenHandler { protected void validateCallbackURL(Client client, String oauthCallback) throws OAuthProblemException { - if (!StringUtils.isEmpty(client.getCallbackURL()) - && !client.getCallbackURL().equals(oauthCallback) - || !StringUtils.isEmpty(client.getApplicationURI()) + if (!StringUtils.isEmpty(client.getApplicationURI()) && !oauthCallback.startsWith(client.getApplicationURI())) { OAuthProblemException problemEx = new OAuthProblemException( OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK); Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1180847&r1=1180846&r2=1180847&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java Mon Oct 10 09:51:26 2011 @@ -62,7 +62,7 @@ public final class OAuthUtils { public static void validateMessage(OAuthMessage oAuthMessage, Client client, Token token) throws Exception { - OAuthConsumer consumer = new OAuthConsumer(client.getCallbackURL(), client.getConsumerKey(), + OAuthConsumer consumer = new OAuthConsumer(null, client.getConsumerKey(), client.getSecretKey(), null); OAuthAccessor accessor = new OAuthAccessor(consumer); if (token != null) {