cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1199858 - in /cxf/trunk/rt: frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/ rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/ rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/secur...
Date Wed, 09 Nov 2011 17:06:34 GMT
Author: sergeyb
Date: Wed Nov  9 17:06:34 2011
New Revision: 1199858

URL: http://svn.apache.org/viewvc?rev=1199858&view=rev
Log:
[CXF-3894] Making sure OAuth services can also log the form values captured by HttpServletRequest
parameters

Modified:
    cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java

Modified: cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java?rev=1199858&r1=1199857&r2=1199858&view=diff
==============================================================================
--- cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java (original)
+++ cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java Wed
Nov  9 17:06:34 2011
@@ -107,20 +107,24 @@ public final class FormUtils {
                 String[] values = request.getParameterValues(paramName);
                 params.put(HttpUtils.urlDecode(paramName), Arrays.asList(values));
             }
-            String chain = PhaseInterceptorChain.getCurrentMessage().getInterceptorChain().toString();
-            if (chain.contains(LoggingInInterceptor.class.getSimpleName())) {
-                ByteArrayOutputStream bos = new ByteArrayOutputStream();
-                try {
-                    writeMapToOutputStream(params, bos, enc, false);
-                    LOG.info(bos.toString(enc));
-                } catch (IOException ex) {
-                    // ignore
-                }
+            logRequestParametersIfNeeded(params, enc);
+        }
+    }
+    
+    public static void logRequestParametersIfNeeded(Map<String, List<String>>
params, String enc) {
+        String chain = PhaseInterceptorChain.getCurrentMessage().getInterceptorChain().toString();
+        if (chain.contains(LoggingInInterceptor.class.getSimpleName())) {
+            ByteArrayOutputStream bos = new ByteArrayOutputStream();
+            try {
+                writeMapToOutputStream(params, bos, enc, false);
+                LOG.info(bos.toString(enc));
+            } catch (IOException ex) {
+                // ignore
             }
         }
     }
     
-    public static void writeMapToOutputStream(MultivaluedMap<String, String> map, 
+    public static void writeMapToOutputStream(Map<String, List<String>> map,

                                               OutputStream os,
                                               String enc,
                                               boolean encoded) throws IOException {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java?rev=1199858&r1=1199857&r2=1199858&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java
Wed Nov  9 17:06:34 2011
@@ -143,6 +143,20 @@ public final class OAuthClientUtils {
         return doGetAuthorizationHeader(accessor, method, requestURI, parameters);
     }
     
+
+    /**
+     * Creates OAuth Authorization header containing consumer key and secret values only
+     * @param consumer Consumer bean containing the consumer key and secret
+     * @return the header value
+     */
+    public static String createAuthorizationHeader(Consumer consumer) {
+        StringBuilder sb = new StringBuilder();
+        sb.append("OAuth ").append("oauth_consumer_key=").append(consumer.getKey())
+          .append("oauth_consumer_secret=").append(consumer.getSecret());
+        return sb.toString();
+        
+    }
+    
     private static String doGetAuthorizationHeader(OAuthAccessor accessor, 
             String method, String requestURI, Map<String, String> parameters) {
         try {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1199858&r1=1199857&r2=1199858&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
Wed Nov  9 17:06:34 2011
@@ -20,7 +20,6 @@ package org.apache.cxf.rs.security.oauth
 
 import java.security.Principal;
 import java.util.Collections;
-import java.util.LinkedList;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -115,10 +114,10 @@ public class AbstractAuthFilter {
         OAuthUtils.validateMessage(oAuthMessage, client, accessToken, dataProvider);
 
         //check valid URI
-        checkRequestURI(req, getAllUris(client, accessToken));
+        checkRequestURI(req, OAuthUtils.getAllUris(client, accessToken));
         
         List<OAuthPermission> permissions = dataProvider.getPermissionsInfo(
-                getAllScopes(client, accessToken));
+                OAuthUtils.getAllScopes(client, accessToken));
         
         for (OAuthPermission perm : permissions) {
             if (perm.getUri() != null) {
@@ -144,24 +143,6 @@ public class AbstractAuthFilter {
         }
     }
     
-    protected List<String> getAllScopes(Client client, AccessToken token) {
-        List<String> scopes = new LinkedList<String>();
-        if (token != null) {
-            scopes.addAll(token.getScopes());
-        }
-        scopes.addAll(client.getScopes());
-        return scopes;
-    }
-    
-    protected List<String> getAllUris(Client client, AccessToken token) {
-        List<String> uris = new LinkedList<String>();
-        if (token != null) {
-            uris.addAll(token.getUris());
-        }
-        uris.addAll(client.getUris());
-        return uris;
-    }
-
     protected void checkRequestURI(HttpServletRequest request, List<String> uris)
         throws OAuthProblemException {
         

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1199858&r1=1199857&r2=1199858&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Wed Nov  9 17:06:34 2011
@@ -20,7 +20,12 @@ package org.apache.cxf.rs.security.oauth
 
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
 import java.util.StringTokenizer;
 
 import javax.servlet.ServletContext;
@@ -56,6 +61,24 @@ public final class OAuthUtils {
     private OAuthUtils() {
     }
 
+    public static List<String> getAllScopes(Client client, Token token) {
+        List<String> scopes = new LinkedList<String>();
+        if (token != null) {
+            scopes.addAll(token.getScopes());
+        }
+        scopes.addAll(client.getScopes());
+        return scopes;
+    }
+    
+    public static List<String> getAllUris(Client client, Token token) {
+        List<String> uris = new LinkedList<String>();
+        if (token != null) {
+            uris.addAll(token.getUris());
+        }
+        uris.addAll(client.getUris());
+        return uris;
+    }
+    
     public static void validateMessage(OAuthMessage oAuthMessage, 
                                        Client client, 
                                        Token token,
@@ -90,16 +113,29 @@ public final class OAuthUtils {
     
     public static void addParametersIfNeeded(HttpServletRequest request,
             OAuthMessage oAuthMessage) throws IOException {
-        if (oAuthMessage.getParameters().isEmpty() 
+        List<Entry<String, String>> params = oAuthMessage.getParameters();
+        String enc = oAuthMessage.getBodyEncoding();
+        enc = enc == null ? "UTF-8" : enc;
+        
+        if (params.isEmpty() 
             && MediaType.APPLICATION_FORM_URLENCODED.equals(oAuthMessage.getBodyType()))
{
-            String enc = oAuthMessage.getBodyEncoding();
-            enc = enc == null ? "UTF-8" : enc;
             String body = FormUtils.readBody(oAuthMessage.getBodyAsStream(), enc);
             MultivaluedMap<String, String> map = new MetadataMap<String, String>();
             FormUtils.populateMapFromString(map, body, enc, true, request);
             for (String key : map.keySet()) {
                 oAuthMessage.addParameter(key, map.getFirst(key));
             }
+        } else {
+            // This path will most likely work only for the AuthorizationRequestService
+            // when processing a user confirmation with only 3 parameters expected
+            String ct = request.getContentType();
+            if (ct != null && MediaType.APPLICATION_FORM_URLENCODED.equals(ct)) {
+                Map<String, List<String>> map = new HashMap<String, List<String>>();
+                for (Entry<String, String> param : params) {
+                    map.put(param.getKey(), Collections.singletonList(param.getValue()));
+                }
+                FormUtils.logRequestParametersIfNeeded(map, enc);
+            }
         }
     }
     



Mime
View raw message