cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1225832 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth: services/ utils/
Date Fri, 30 Dec 2011 14:10:29 GMT
Author: sergeyb
Date: Fri Dec 30 14:10:28 2011
New Revision: 1225832

URL: http://svn.apache.org/viewvc?rev=1225832&view=rev
Log:
[CXF-4001] Using InputStream available on the message when checking for form parameters

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java?rev=1225832&r1=1225831&r2=1225832&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
Fri Dec 30 14:10:28 2011
@@ -18,10 +18,7 @@
  */
 package org.apache.cxf.rs.security.oauth.services;
 
-import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.core.Context;
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.core.UriInfo;
 
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
@@ -40,6 +37,10 @@ public abstract class AbstractOAuthServi
         this.mc = context;    
     }
     
+    public MessageContext getMessageContext() {
+        return mc;
+    }
+    
     public void setDataProvider(OAuthDataProvider dataProvider) {
         this.dataProvider = dataProvider;
     }
@@ -48,15 +49,5 @@ public abstract class AbstractOAuthServi
         return OAuthUtils.getOAuthDataProvider(dataProvider, mc.getServletContext());
     }
     
-    protected HttpServletRequest getHttpRequest() {
-        return mc.getHttpServletRequest();
-    }
-    
-    protected UriInfo getUriInfo() {
-        return mc.getUriInfo();
-    }
     
-    protected SecurityContext getSecurityContext() {
-        return mc.getSecurityContext();
-    }
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java?rev=1225832&r1=1225831&r2=1225832&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
Fri Dec 30 14:10:28 2011
@@ -23,7 +23,6 @@ import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.core.Response;
 
@@ -32,6 +31,7 @@ import net.oauth.OAuthMessage;
 import net.oauth.OAuthProblemException;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth.data.AccessToken;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
@@ -53,10 +53,10 @@ public class AccessTokenHandler {
             OAuth.OAUTH_VERIFIER
         };
     
-    public Response handle(HttpServletRequest request, OAuthDataProvider dataProvider) {
+    public Response handle(MessageContext mc, OAuthDataProvider dataProvider) {
         try {
             OAuthMessage oAuthMessage = 
-                OAuthUtils.getOAuthMessage(request, REQUIRED_PARAMETERS);
+                OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS);
 
             RequestToken requestToken = dataProvider.getRequestToken(oAuthMessage.getToken());
             if (requestToken == null) {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java?rev=1225832&r1=1225831&r2=1225832&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java
Fri Dec 30 14:10:28 2011
@@ -43,12 +43,12 @@ public class AccessTokenService extends 
     @GET
     @Produces("application/x-www-form-urlencoded")
     public Response getAccessTokenWithGET() {
-        return handler.handle(getHttpRequest(), getDataProvider());
+        return getAccessToken();
     }
     
     @POST
     @Produces("application/x-www-form-urlencoded")
     public Response getAccessToken() {
-        return handler.handle(getHttpRequest(), getDataProvider());
+        return handler.handle(getMessageContext(), getDataProvider());
     }
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1225832&r1=1225831&r2=1225832&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
Fri Dec 30 14:10:28 2011
@@ -43,6 +43,7 @@ import net.oauth.OAuthProblemException;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth.data.OAuthAuthorizationData;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.data.UserSubject;
@@ -61,11 +62,11 @@ public class AuthorizationRequestHandler
             OAuth.OAUTH_TOKEN
         };
     
-    public Response handle(HttpServletRequest request, OAuthDataProvider dataProvider) {
-
+    public Response handle(MessageContext mc, OAuthDataProvider dataProvider) {
+        HttpServletRequest request = mc.getHttpServletRequest();
         try {
             OAuthMessage oAuthMessage = 
-                OAuthUtils.getOAuthMessage(request, REQUIRED_PARAMETERS);
+                OAuthUtils.getOAuthMessage(mc, request, REQUIRED_PARAMETERS);
             new DefaultOAuthValidator().checkSingleParameter(oAuthMessage);
 
             RequestToken token = dataProvider.getRequestToken(oAuthMessage.getToken());
@@ -85,21 +86,20 @@ public class AuthorizationRequestHandler
 
             Map<String, String> queryParams = new HashMap<String, String>();
             if (allow) {
-                SecurityContext sc = 
-                    (SecurityContext)request.getAttribute(SecurityContext.class.getName());
-                if (sc != null) {
-                    UserSubject subject = new UserSubject();
-                    subject.setLogin(sc.getUserPrincipal().getName());
-                    if (sc instanceof LoginSecurityContext) {
-                        List<String> roleNames = new ArrayList<String>();
-                        Set<Principal> roles = ((LoginSecurityContext)sc).getUserRoles();
-                        for (Principal p : roles) {
-                            roleNames.add(p.getName());
-                        }
-                        subject.setRoles(roleNames);
+                SecurityContext sc = mc.getSecurityContext();
+                
+                UserSubject subject = new UserSubject();
+                subject.setLogin(sc.getUserPrincipal().getName());
+                if (sc instanceof LoginSecurityContext) {
+                    List<String> roleNames = new ArrayList<String>();
+                    Set<Principal> roles = ((LoginSecurityContext)sc).getUserRoles();
+                    for (Principal p : roles) {
+                        roleNames.add(p.getName());
                     }
-                    token.setSubject(subject);
+                    subject.setRoles(roleNames);
                 }
+                token.setSubject(subject);
+                
                 String verifier = dataProvider.setRequestTokenVerifier(token);
                 queryParams.put(OAuth.OAUTH_VERIFIER, verifier);
             } else {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java?rev=1225832&r1=1225831&r2=1225832&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestService.java
Fri Dec 30 14:10:28 2011
@@ -19,14 +19,12 @@
 
 package org.apache.cxf.rs.security.oauth.services;
 
-import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Response;
-import javax.ws.rs.core.SecurityContext;
 
 import org.apache.cxf.rs.security.oauth.data.OAuthAuthorizationData;
 
@@ -50,12 +48,10 @@ public class AuthorizationRequestService
     @GET
     @Produces({"application/xhtml+xml", "text/html", "application/xml", "application/json"
})
     public Response authorize() {
-        HttpServletRequest httpRequest = getHttpRequest();
-        httpRequest.setAttribute(SecurityContext.class.getName(),
-                                 super.getSecurityContext());
-        Response response = handler.handle(httpRequest, getDataProvider());
+        Response response = handler.handle(getMessageContext(), getDataProvider());
         if (response.getEntity() instanceof OAuthAuthorizationData) {
-            String replyTo = getUriInfo().getAbsolutePathBuilder().path("decision").build().toString();
+            String replyTo = getMessageContext().getUriInfo()
+                .getAbsolutePathBuilder().path("decision").build().toString();
             ((OAuthAuthorizationData)response.getEntity()).setReplyTo(replyTo);
         }
         return response;

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1225832&r1=1225831&r2=1225832&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
Fri Dec 30 14:10:28 2011
@@ -24,7 +24,6 @@ import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.core.Response;
 
@@ -34,6 +33,7 @@ import net.oauth.OAuthProblemException;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth.data.Client;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
@@ -58,10 +58,10 @@ public class RequestTokenHandler {
     private String defaultScope;
     private String defaultURI;
     
-    public Response handle(HttpServletRequest request, OAuthDataProvider dataProvider) {
+    public Response handle(MessageContext mc, OAuthDataProvider dataProvider) {
         try {
             OAuthMessage oAuthMessage = 
-                OAuthUtils.getOAuthMessage(request, REQUIRED_PARAMETERS);
+                OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS);
 
             Client client = dataProvider
                 .getClient(oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY));

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java?rev=1225832&r1=1225831&r2=1225832&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java
Fri Dec 30 14:10:28 2011
@@ -42,12 +42,12 @@ public class RequestTokenService extends
     @GET
     @Produces("application/x-www-form-urlencoded")
     public Response getRequestTokenWithGET() {
-        return handler.handle(getHttpRequest(), getDataProvider());
+        return getRequestToken();
     }
     
     @POST
     @Produces("application/x-www-form-urlencoded")
     public Response getRequestToken() {
-        return handler.handle(getHttpRequest(), getDataProvider());
+        return handler.handle(getMessageContext(), getDataProvider());
     }
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1225832&r1=1225831&r2=1225832&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Fri Dec 30 14:10:28 2011
@@ -19,6 +19,7 @@
 package org.apache.cxf.rs.security.oauth.utils;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
@@ -45,6 +46,7 @@ import net.oauth.server.OAuthServlet;
 
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.jaxrs.model.URITemplate;
 import org.apache.cxf.jaxrs.utils.FormUtils;
@@ -122,23 +124,27 @@ public final class OAuthUtils {
         }
     }
     
-    public static OAuthMessage getOAuthMessage(HttpServletRequest request,
+    public static OAuthMessage getOAuthMessage(MessageContext mc,
+                                               HttpServletRequest request,
                                                String[] requiredParams) throws Exception
{
         OAuthMessage oAuthMessage = OAuthServlet.getMessage(request, request.getRequestURL().toString());
-        OAuthUtils.addParametersIfNeeded(request, oAuthMessage);
+        OAuthUtils.addParametersIfNeeded(mc, request, oAuthMessage);
         oAuthMessage.requireParameters(requiredParams);
         return oAuthMessage;
     }
     
-    public static void addParametersIfNeeded(HttpServletRequest request,
-            OAuthMessage oAuthMessage) throws IOException {
+    public static void addParametersIfNeeded(MessageContext mc,
+                                             HttpServletRequest request,
+                                             OAuthMessage oAuthMessage) throws IOException
{
         List<Entry<String, String>> params = oAuthMessage.getParameters();
         String enc = oAuthMessage.getBodyEncoding();
         enc = enc == null ? "UTF-8" : enc;
         
         if (params.isEmpty() 
             && MediaType.APPLICATION_FORM_URLENCODED.equals(oAuthMessage.getBodyType()))
{
-            String body = FormUtils.readBody(oAuthMessage.getBodyAsStream(), enc);
+            InputStream stream = mc != null 
+                ? mc.getContent(InputStream.class) : oAuthMessage.getBodyAsStream();
+            String body = FormUtils.readBody(stream, enc);
             MultivaluedMap<String, String> map = new MetadataMap<String, String>();
             FormUtils.populateMapFromString(map, body, enc, true, request);
             for (String key : map.keySet()) {



Mime
View raw message