cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1242844 - in /cxf/branches/2.5.x-fixes: ./ distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/ rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/ rt/rs/securit...
Date Fri, 10 Feb 2012 16:46:05 GMT
Author: sergeyb
Date: Fri Feb 10 16:46:05 2012
New Revision: 1242844

URL: http://svn.apache.org/viewvc?rev=1242844&view=rev
Log:
Merged revisions 1242840,1242842 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1242840 | sergeyb | 2012-02-10 16:26:50 +0000 (Fri, 10 Feb 2012) | 1 line
  
  Updating OAuthProvider to cope better with multiple authorization approval vars 
........
  r1242842 | sergeyb | 2012-02-10 16:41:12 +0000 (Fri, 10 Feb 2012) | 1 line
  
  [CXF-4100] Adding a 'default' property to Permission
........

Modified:
    cxf/branches/2.5.x-fixes/   (props changed)
    cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
    cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/MemoryOAuthDataProvider.java

Propchange: cxf/branches/2.5.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Feb 10 16:46:05 2012
@@ -1 +1 @@
-/cxf/trunk:1236720,1241934,1242263,1242359,1242729,1242739
+/cxf/trunk:1236720,1241934,1242263,1242359,1242729,1242739,1242840-1242842

Propchange: cxf/branches/2.5.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java?rev=1242844&r1=1242843&r2=1242844&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
(original)
+++ cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/oauth/server/src/main/java/demo/oauth/server/controllers/MemoryOAuthDataProvider.java
Fri Feb 10 16:46:05 2012
@@ -32,6 +32,7 @@ import net.oauth.OAuthProblemException;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.rs.security.oauth.data.AccessToken;
 import org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration;
+import org.apache.cxf.rs.security.oauth.data.AuthorizationInput;
 import org.apache.cxf.rs.security.oauth.data.Client;
 import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
@@ -110,8 +111,9 @@ public class MemoryOAuthDataProvider imp
         return (RequestToken) token;
     }
 
-    public String setRequestTokenVerifier(RequestToken requestToken) throws
+    public String finalizeAuthorization(AuthorizationInput input) throws
             OAuthServiceException {
+        RequestToken requestToken = input.getToken();
         requestToken.setVerifier(generateToken());
         return requestToken.getVerifier();
     }

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java?rev=1242844&r1=1242843&r2=1242844&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Permission.java
Fri Feb 10 16:46:05 2012
@@ -26,6 +26,7 @@ package org.apache.cxf.rs.security.oauth
 public class Permission {
     private String permission;
     private String description;
+    private boolean isDefault;
     
     public Permission() {
         
@@ -51,4 +52,18 @@ public class Permission {
     public void setPermission(String permission) {
         this.permission = permission;
     }
+
+    /**
+     * Indicates that this permission has been allocated by default.
+     * Authorization View handlers may use this property in order to restrict
+     * the list of scopes which may be refused to non-default scopes only
+     * @param isDefault
+     */
+    public void setDefault(boolean value) {
+        this.isDefault = value;
+    }
+
+    public boolean isDefault() {
+        return isDefault;
+    }
 }

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java?rev=1242844&r1=1242843&r2=1242844&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
Fri Feb 10 16:46:05 2012
@@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.oauth
 
 import org.apache.cxf.rs.security.oauth.data.AccessToken;
 import org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration;
+import org.apache.cxf.rs.security.oauth.data.AuthorizationInput;
 import org.apache.cxf.rs.security.oauth.data.Client;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
@@ -66,11 +67,11 @@ public interface OAuthDataProvider {
      * this verifier to the client who will exchange it for 
      * a new {@link AccessToken}
      *    
-     * @param requestToken the request token
+     * @param data AuthorizationInput
      * @return the generated verifier
      * @throws OAuthServiceException
      */
-    String setRequestTokenVerifier(RequestToken requestToken) throws OAuthServiceException;
+    String finalizeAuthorization(AuthorizationInput data) throws OAuthServiceException;
     
     /**
      * Creates a new {@link AccessToken}

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1242844&r1=1242843&r2=1242844&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
Fri Feb 10 16:46:05 2012
@@ -45,6 +45,7 @@ import net.oauth.OAuthProblemException;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth.data.AuthorizationInput;
 import org.apache.cxf.rs.security.oauth.data.OAuthAuthorizationData;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.data.UserSubject;
@@ -99,7 +100,12 @@ public class AuthorizationRequestHandler
                 token.setSubject(new UserSubject(sc.getUserPrincipal() == null 
                     ? null : sc.getUserPrincipal().getName(), roleNames));
                 
-                String verifier = dataProvider.setRequestTokenVerifier(token);
+                AuthorizationInput input = new AuthorizationInput();
+                input.setToken(token);
+                //TODO: check if some of individual scopes may have been refused 
+                input.setApprovedScopes(token.getScopes());
+                
+                String verifier = dataProvider.finalizeAuthorization(input);
                 queryParams.put(OAuth.OAUTH_VERIFIER, verifier);
             } else {
                 dataProvider.removeToken(token);

Modified: cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/MemoryOAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/MemoryOAuthDataProvider.java?rev=1242844&r1=1242843&r2=1242844&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/MemoryOAuthDataProvider.java
(original)
+++ cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/MemoryOAuthDataProvider.java
Fri Feb 10 16:46:05 2012
@@ -29,6 +29,7 @@ import java.util.concurrent.ConcurrentHa
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.rs.security.oauth.data.AccessToken;
 import org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration;
+import org.apache.cxf.rs.security.oauth.data.AuthorizationInput;
 import org.apache.cxf.rs.security.oauth.data.Client;
 import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
@@ -102,8 +103,9 @@ public class MemoryOAuthDataProvider imp
         return (RequestToken)oauthTokens.get(tokenString);
     }
 
-    public String setRequestTokenVerifier(RequestToken requestToken) throws
+    public String finalizeAuthorization(AuthorizationInput input) throws
             OAuthServiceException {
+        RequestToken requestToken = input.getToken();
         requestToken.setVerifier(generateToken());
         return requestToken.getVerifier();
     }



Mime
View raw message