cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1242951 - in /cxf/branches/2.5.x-fixes: ./ rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
Date Fri, 10 Feb 2012 21:56:43 GMT
Author: sergeyb
Date: Fri Feb 10 21:56:43 2012
New Revision: 1242951

URL: http://svn.apache.org/viewvc?rev=1242951&view=rev
Log:
Merged revisions 1242948 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1242948 | sergeyb | 2012-02-10 21:52:03 +0000 (Fri, 10 Feb 2012) | 1 line
  
  [CXF-4100] Checking individual scopes
........

Modified:
    cxf/branches/2.5.x-fixes/   (props changed)
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java

Propchange: cxf/branches/2.5.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Feb 10 21:56:43 2012
@@ -1 +1 @@
-/cxf/trunk:1236720,1241934,1242263,1242359,1242729,1242739,1242840-1242842,1242847
+/cxf/trunk:1236720,1241934,1242263,1242359,1242729,1242739,1242840-1242842,1242847,1242948

Propchange: cxf/branches/2.5.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1242951&r1=1242950&r2=1242951&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
Fri Feb 10 21:56:43 2012
@@ -24,6 +24,8 @@ import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -47,6 +49,7 @@ import org.apache.cxf.common.util.String
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth.data.AuthorizationInput;
 import org.apache.cxf.rs.security.oauth.data.OAuthAuthorizationData;
+import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.data.UserSubject;
 import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
@@ -102,8 +105,28 @@ public class AuthorizationRequestHandler
                 
                 AuthorizationInput input = new AuthorizationInput();
                 input.setToken(token);
-                //TODO: check if some of individual scopes may have been refused 
-                input.setApprovedScopes(token.getScopes());
+                 
+                Set<OAuthPermission> approvedScopesSet = new HashSet<OAuthPermission>();
+                
+                List<OAuthPermission> originalScopes = token.getScopes(); 
+                for (OAuthPermission perm : originalScopes) {
+                    String param = oAuthMessage.getParameter(perm.getPermission() + "_status");
+                    if (param != null && OAuthConstants.AUTHORIZATION_DECISION_ALLOW.equals(param))
{
+                        approvedScopesSet.add(perm);
+                    }
+                }
+                List<OAuthPermission> approvedScopes = new LinkedList<OAuthPermission>(approvedScopesSet);
+                if (approvedScopes.isEmpty()) {
+                    approvedScopes = originalScopes;
+                } else if (approvedScopes.size() < originalScopes.size()) {
+                    for (OAuthPermission perm : originalScopes) {
+                        if (perm.isDefault() && !approvedScopes.contains(perm)) {
+                            approvedScopes.add(perm);    
+                        }
+                    }
+                }
+                
+                input.setApprovedScopes(approvedScopes);
                 
                 String verifier = dataProvider.finalizeAuthorization(input);
                 queryParams.put(OAuth.OAUTH_VERIFIER, verifier);



Mime
View raw message