cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1237715 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth: data/ filters/ services/ utils/
Date Mon, 30 Jan 2012 15:26:05 GMT
Author: sergeyb
Date: Mon Jan 30 15:26:04 2012
New Revision: 1237715

URL: http://svn.apache.org/viewvc?rev=1237715&view=rev
Log:
Support for pre-authorized tokens to do with the so called 2-way flow

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java?rev=1237715&r1=1237714&r2=1237715&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Client.java
Mon Jan 30 15:26:04 2012
@@ -18,8 +18,6 @@
  */
 package org.apache.cxf.rs.security.oauth.data;
 
-import java.util.Collections;
-import java.util.List;
 /**
  * Represents a registered third-party consumer
  */
@@ -31,7 +29,7 @@ public class Client {
     
     private String loginName;
         
-    private List<OAuthPermission> scopes = Collections.emptyList();
+    private AccessToken preAuthorizedToken;
 
     public Client(String consumerId, 
                   String secretKey,
@@ -115,22 +113,6 @@ public class Client {
         this.loginName = name;
     }
     
-    /**
-     * Returns a list of opaque permissions/scopes
-     * @return the scopes
-     */
-    public List<OAuthPermission> getScopes() {
-        return scopes;
-    }
-
-    /**
-     * Sets a list of opaque permissions/scopes
-     * @param scopes the scopes
-     */
-    public void setScopes(List<OAuthPermission> scopes) {
-        this.scopes = scopes;
-    }
-    
     @Override
     public boolean equals(Object o) {
         if (this == o) {
@@ -158,4 +140,12 @@ public class Client {
         result = 31 * result + secretKey.hashCode();
         return result;
     }
+
+    public void setPreAuthorizedToken(AccessToken preAuthorizedToken) {
+        this.preAuthorizedToken = preAuthorizedToken;
+    }
+
+    public AccessToken getPreAuthorizedToken() {
+        return preAuthorizedToken;
+    }
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java?rev=1237715&r1=1237714&r2=1237715&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
Mon Jan 30 15:26:04 2012
@@ -25,12 +25,9 @@ import java.util.List;
  * Provides the complete information about a given opaque permission.
  */
 public class OAuthPermission extends Permission {
-    private String subjectName;
     private List<String> roles = Collections.emptyList();
-    
     private List<String> httpVerbs = Collections.emptyList();
     private List<String> uris = Collections.emptyList();
-    private boolean authorizationKeyRequired = true;
     
     public OAuthPermission(String permission, String description) {
         super(permission, description);
@@ -41,14 +38,6 @@ public class OAuthPermission extends Per
         this.roles = roles;
     }
 
-    public void setSubjectName(String subjectName) {
-        this.subjectName = subjectName;
-    }
-
-    public String getSubjectName() {
-        return subjectName;
-    }
-
     public void setRoles(List<String> roles) {
         this.roles = roles;
     }
@@ -72,13 +61,5 @@ public class OAuthPermission extends Per
     public List<String> getUris() {
         return uris;
     }
-
-    public void setAuthorizationKeyRequired(boolean authorizationKeyRequired) {
-        this.authorizationKeyRequired = authorizationKeyRequired;
-    }
-
-    public boolean isAuthorizationKeyRequired() {
-        return authorizationKeyRequired;
-    }
     
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java?rev=1237715&r1=1237714&r2=1237715&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
Mon Jan 30 15:26:04 2012
@@ -33,6 +33,7 @@ public abstract class Token {
     private Client client;
     private List<OAuthPermission> scopes = Collections.emptyList();
     private UserSubject subject;
+    private boolean preAuthorized;
     
     protected Token(Client client, String tokenKey,
                     String tokenSecret, long lifetime, long issuedAt) {
@@ -119,4 +120,12 @@ public abstract class Token {
         return subject;
     }
 
+    public void setPreAuthorized(boolean preAuthorized) {
+        this.preAuthorized = preAuthorized;
+    }
+
+    public boolean isPreAuthorized() {
+        return preAuthorized;
+    }
+
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1237715&r1=1237714&r2=1237715&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
Mon Jan 30 15:26:04 2012
@@ -166,17 +166,20 @@ public class AbstractAuthFilter {
             } else {
                 OAuthUtils.validateMessage(oAuthMessage, client, null, dataProvider);
             }
-            
+            accessToken = client.getPreAuthorizedToken();
+            if (accessToken == null || !accessToken.isPreAuthorized()) {
+                LOG.warning("Preauthorized access token is unavailable");
+                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
+            }
         }
 
-        List<OAuthPermission> permissions = OAuthUtils.getAllScopes(client, accessToken);
+        List<OAuthPermission> permissions = accessToken.getScopes();
         List<OAuthPermission> matchingPermissions = new ArrayList<OAuthPermission>();
         
         for (OAuthPermission perm : permissions) {
             boolean uriOK = checkRequestURI(req, perm.getUris());
             boolean verbOK = checkHttpVerb(req, perm.getHttpVerbs());
-            boolean accessOK = checkNoAccessTokenIsAllowed(client, accessToken, perm);
-            if (uriOK && verbOK && accessOK) {
+            if (uriOK && verbOK) {
                 matchingPermissions.add(perm);
             }
         }
@@ -186,21 +189,7 @@ public class AbstractAuthFilter {
             LOG.warning(message);
             throw new OAuthProblemException(message);
         }
-        
-        String subjectName = null;
-        for (OAuthPermission perm : matchingPermissions) {
-            String currentName = perm.getSubjectName();
-            if (subjectName != null 
-                && (currentName == null || !subjectName.equals(currentName))) {
-                String message = "Inconsistent subject name";
-                LOG.warning(message);
-                throw new OAuthProblemException(message);    
-            }
-            subjectName = currentName;
-        }
-        
-        
-        return new OAuthInfo(client, accessToken, matchingPermissions);
+        return new OAuthInfo(accessToken, matchingPermissions);
         
     }
     
@@ -209,16 +198,6 @@ public class AbstractAuthFilter {
         return m != null ? (AuthorizationPolicy)m.get(AuthorizationPolicy.class) : null;
     }
     
-    protected boolean checkNoAccessTokenIsAllowed(Client client, AccessToken token,
-            OAuthPermission perm) {
-        if (token == null && perm.isAuthorizationKeyRequired()) {
-            String message = "Token is expected";
-            LOG.fine(message);
-            return false;
-        }
-        return true;
-    }
-    
     protected boolean checkHttpVerb(HttpServletRequest req, List<String> verbs) {
         if (!verbs.isEmpty() 
             && !verbs.contains(req.getMethod())) {
@@ -256,22 +235,15 @@ public class AbstractAuthFilter {
         // demo shipped in the distribution; needs to be removed.
         request.setAttribute("oauth_authorities", info.getRoles());
         
-        UserSubject subject = info.getToken() != null ? info.getToken().getSubject() : null;
-        if (subject == null) {
-            for (OAuthPermission perm : info.getPermissions()) {
-                if (perm.getSubjectName() != null) {
-                    subject = new UserSubject(perm.getSubjectName(), perm.getRoles());
-                }
-                break;
-            }
-        }
+        UserSubject subject = info.getToken().getSubject();
+
         final UserSubject theSubject = subject;
         return new SecurityContext() {
 
             public Principal getUserPrincipal() {
                 String login = AbstractAuthFilter.this.useUserSubject 
                     ? (theSubject != null ? theSubject.getLogin() : null)
-                    : info.getClient().getLoginName();  
+                    : info.getToken().getClient().getLoginName();  
                 return new SimplePrincipal(login);
             }
 
@@ -293,7 +265,7 @@ public class AbstractAuthFilter {
         if (info.getToken() != null) {
             subject = info.getToken().getSubject();
         }
-        return new OAuthContext(subject, info.getPermissions());
+        return new OAuthContext(subject, info.getMatchedPermissions());
     }
     
     private static class CustomHttpServletWrapper extends HttpServletRequestWrapper {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java?rev=1237715&r1=1237714&r2=1237715&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
Mon Jan 30 15:26:04 2012
@@ -22,25 +22,18 @@ import java.util.ArrayList;
 import java.util.List;
 
 import org.apache.cxf.rs.security.oauth.data.AccessToken;
-import org.apache.cxf.rs.security.oauth.data.Client;
 import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
 
 /**
  * Captures the information about the current request
  */
 public class OAuthInfo {
-    private Client client;
     private AccessToken token;
     private List<OAuthPermission> permissions;
-    public OAuthInfo(Client client, 
-                     AccessToken token, 
-                     List<OAuthPermission> permissions) {
-        this.client = client;
+    public OAuthInfo(AccessToken token, 
+                     List<OAuthPermission> matchedPermissions) {
         this.token = token;
-        this.permissions = permissions;
-    }
-    public Client getClient() {
-        return client;
+        this.permissions = matchedPermissions;
     }
     public AccessToken getToken() {
         return token;
@@ -54,7 +47,7 @@ public class OAuthInfo {
         return authorities;
     }
     
-    public List<OAuthPermission> getPermissions() {
+    public List<OAuthPermission> getMatchedPermissions() {
         return permissions;
     }
     

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java?rev=1237715&r1=1237714&r2=1237715&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
Mon Jan 30 15:26:04 2012
@@ -50,8 +50,7 @@ public class AccessTokenHandler {
             OAuth.OAUTH_SIGNATURE_METHOD,
             OAuth.OAUTH_SIGNATURE,
             OAuth.OAUTH_TIMESTAMP,
-            OAuth.OAUTH_NONCE,
-            OAuth.OAUTH_VERIFIER
+            OAuth.OAUTH_NONCE
         };
     
     public Response handle(MessageContext mc, OAuthDataProvider dataProvider) {
@@ -63,8 +62,15 @@ public class AccessTokenHandler {
             if (requestToken == null) {
                 throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
             }
+            
             String oauthVerifier = oAuthMessage.getParameter(OAuth.OAUTH_VERIFIER);
-            if (oauthVerifier == null || !oauthVerifier.equals(requestToken.getVerifier()))
{
+            if (oauthVerifier == null) {
+                if (requestToken.getSubject() != null && requestToken.isPreAuthorized())
{
+                    LOG.fine("Preauthorized request token");
+                } else {
+                    throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
+                }
+            } else if (!oauthVerifier.equals(requestToken.getVerifier())) {
                 throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
             }
             

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1237715&r1=1237714&r2=1237715&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
Mon Jan 30 15:26:04 2012
@@ -156,7 +156,7 @@ public class AuthorizationRequestHandler
         secData.setApplicationName(token.getClient().getApplicationName()); 
         secData.setApplicationURI(token.getClient().getApplicationURI());
         
-        secData.setPermissions(OAuthUtils.getAllScopes(token.getClient(), token));
+        secData.setPermissions(token.getScopes());
         
         return secData;
     }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1237715&r1=1237714&r2=1237715&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Mon Jan 30 15:26:04 2012
@@ -23,7 +23,6 @@ import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
-import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
@@ -51,7 +50,6 @@ import org.apache.cxf.jaxrs.impl.Metadat
 import org.apache.cxf.jaxrs.model.URITemplate;
 import org.apache.cxf.jaxrs.utils.FormUtils;
 import org.apache.cxf.rs.security.oauth.data.Client;
-import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.data.Token;
 import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
@@ -83,15 +81,6 @@ public final class OAuthUtils {
         return false;
     }
     
-    public static List<OAuthPermission> getAllScopes(Client client, Token token) {
-        List<OAuthPermission> scopes = new LinkedList<OAuthPermission>();
-        if (token != null) {
-            scopes.addAll(token.getScopes());
-        }
-        scopes.addAll(client.getScopes());
-        return scopes;
-    }
-    
     public static void validateMessage(OAuthMessage oAuthMessage, 
                                        Client client, 
                                        Token token,



Mime
View raw message