cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1293444 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth: filters/ grants/code/ provider/ services/ utils/
Date Fri, 24 Feb 2012 21:51:37 GMT
Author: sergeyb
Date: Fri Feb 24 21:51:36 2012
New Revision: 1293444

URL: http://svn.apache.org/viewvc?rev=1293444&view=rev
Log:
[CXF-4112] Checking the expired tokens plus few minor updates

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/grants/code/AuthorizationCodeGrant.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/grants/code/AuthorizationCodeGrantHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationCodeGrantService.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java?rev=1293444&r1=1293443&r2=1293444&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthRequestFilter.java
Fri Feb 24 21:51:36 2012
@@ -183,6 +183,10 @@ public class OAuthRequestFilter implemen
         if (accessToken == null) {
             AuthorizationUtils.throwAuthorizationFailure(supportedSchemes);
         }
+        if (OAuthUtils.isExpired(accessToken.getIssuedAt(), accessToken.getLifetime())) {
+            dataProvider.removeAccessToken(accessToken);
+            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes);
+        }
         return accessToken;
     }
     

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/grants/code/AuthorizationCodeGrant.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/grants/code/AuthorizationCodeGrant.java?rev=1293444&r1=1293443&r2=1293444&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/grants/code/AuthorizationCodeGrant.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/grants/code/AuthorizationCodeGrant.java
Fri Feb 24 21:51:36 2012
@@ -18,6 +18,8 @@
  */
 package org.apache.cxf.rs.security.oauth.grants.code;
 
+import java.net.URI;
+
 import javax.ws.rs.core.MultivaluedMap;
 
 import org.apache.cxf.jaxrs.impl.MetadataMap;
@@ -36,6 +38,11 @@ public class AuthorizationCodeGrant impl
     public AuthorizationCodeGrant(String code) {
         this.code = code;
     }
+    
+    public AuthorizationCodeGrant(String code, URI uri) {
+        this.code = code;
+        redirectUri = uri.toString();
+    }
 
     public void setRedirectUri(String redirectUri) {
         this.redirectUri = redirectUri;

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/grants/code/AuthorizationCodeGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/grants/code/AuthorizationCodeGrantHandler.java?rev=1293444&r1=1293443&r2=1293444&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/grants/code/AuthorizationCodeGrantHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/grants/code/AuthorizationCodeGrantHandler.java
Fri Feb 24 21:51:36 2012
@@ -31,6 +31,7 @@ import org.apache.cxf.rs.security.oauth.
 import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth.tokens.bearer.BearerAccessToken;
 import org.apache.cxf.rs.security.oauth.utils.MD5SequenceGenerator;
+import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
 
 
 
@@ -54,6 +55,10 @@ public class AuthorizationCodeGrantHandl
         if (grant == null) {
             return null;
         }
+        if (OAuthUtils.isExpired(grant.getIssuedAt(), grant.getLifetime())) {
+            throw new OAuthServiceException("invalid_grant");
+        }
+        
         String expectedRedirectUri = grant.getRedirectUri();
         if (expectedRedirectUri != null) {
             String providedRedirectUri = params.getFirst(REDIRECT_URI);

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java?rev=1293444&r1=1293443&r2=1293444&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/provider/OAuthDataProvider.java
Fri Feb 24 21:51:36 2012
@@ -19,7 +19,6 @@
 
 package org.apache.cxf.rs.security.oauth.provider;
 
-import org.apache.cxf.rs.security.oauth.common.AccessToken;
 import org.apache.cxf.rs.security.oauth.common.Client;
 import org.apache.cxf.rs.security.oauth.common.ServerAccessToken;
 
@@ -60,13 +59,13 @@ public interface OAuthDataProvider {
      * @return AccessToken
      * @throws OAuthServiceException
      */
-    AccessToken refreshAccessToken(String clientId, String refreshToken) throws OAuthServiceException;
+    ServerAccessToken refreshAccessToken(String clientId, String refreshToken) throws OAuthServiceException;
 
     /**
      * Removes the token
      * @param token the token
      * @throws OAuthServiceException
      */
-    void removeAccessToken(String accessToken) throws OAuthServiceException;
+    void removeAccessToken(ServerAccessToken accessToken) throws OAuthServiceException;
     
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationCodeGrantService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationCodeGrantService.java?rev=1293444&r1=1293443&r2=1293444&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationCodeGrantService.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationCodeGrantService.java
Fri Feb 24 21:51:36 2012
@@ -195,6 +195,11 @@ public class AuthorizationCodeGrantServi
         if (!requestedScope.containsAll(approvedScope)) {
             return createErrorResponse(params, actualRedirectUri, INVALID_SCOPE);
         }
+        // the decision was allow but the approved scopes end up being empty
+        // in this case we default to the requestedScope
+        if (approvedScope.isEmpty()) {
+            approvedScope = requestedScope;
+        }
         codeReg.setApprovedScope(approvedScope);
         
         SecurityContext sc = getMessageContext().getSecurityContext();

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1293444&r1=1293443&r2=1293444&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Fri Feb 24 21:51:36 2012
@@ -32,6 +32,11 @@ public final class OAuthUtils {
     private OAuthUtils() {
     }
 
+    public static boolean isExpired(Long issuedAt, Long lifetime) {
+        return lifetime != -1
+            && issuedAt + lifetime < System.currentTimeMillis() / 1000;
+    }
+    
     public static boolean checkRequestURI(String servletPath, String uri) {
         boolean wildcard = uri.endsWith("*");
         String theURI = wildcard ? uri.substring(0, uri.length() - 1) : uri;



Mime
View raw message