cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1242948 - /cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
Date Fri, 10 Feb 2012 21:52:03 GMT
Author: sergeyb
Date: Fri Feb 10 21:52:03 2012
New Revision: 1242948

URL: http://svn.apache.org/viewvc?rev=1242948&view=rev
Log:
[CXF-4100] Checking individual scopes

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1242948&r1=1242947&r2=1242948&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
Fri Feb 10 21:52:03 2012
@@ -24,6 +24,8 @@ import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -47,6 +49,7 @@ import org.apache.cxf.common.util.String
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth.data.AuthorizationInput;
 import org.apache.cxf.rs.security.oauth.data.OAuthAuthorizationData;
+import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.data.UserSubject;
 import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
@@ -102,8 +105,28 @@ public class AuthorizationRequestHandler
                 
                 AuthorizationInput input = new AuthorizationInput();
                 input.setToken(token);
-                //TODO: check if some of individual scopes may have been refused 
-                input.setApprovedScopes(token.getScopes());
+                 
+                Set<OAuthPermission> approvedScopesSet = new HashSet<OAuthPermission>();
+                
+                List<OAuthPermission> originalScopes = token.getScopes(); 
+                for (OAuthPermission perm : originalScopes) {
+                    String param = oAuthMessage.getParameter(perm.getPermission() + "_status");
+                    if (param != null && OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(param))
{
+                        approvedScopesSet.add(perm);
+                    }
+                }
+                List<OAuthPermission> approvedScopes = new LinkedList<OAuthPermission>(approvedScopesSet);
+                if (approvedScopes.isEmpty()) {
+                    approvedScopes = originalScopes;
+                } else if (approvedScopes.size() < originalScopes.size()) {
+                    for (OAuthPermission perm : originalScopes) {
+                        if (perm.isDefault() && !approvedScopes.contains(perm)) {
+                            approvedScopes.add(perm);    
+                        }
+                    }
+                }
+                
+                input.setApprovedScopes(approvedScopes);
                 
                 String verifier = dataProvider.finalizeAuthorization(input);
                 queryParams.put(OAuth.OAUTH_VERIFIER, verifier);



Mime
View raw message