Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6D53D9A16 for ; Wed, 29 Feb 2012 17:27:52 +0000 (UTC) Received: (qmail 55428 invoked by uid 500); 29 Feb 2012 17:27:52 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 55388 invoked by uid 500); 29 Feb 2012 17:27:52 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 55381 invoked by uid 99); 29 Feb 2012 17:27:52 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Feb 2012 17:27:52 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Feb 2012 17:27:46 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id CD7252388865; Wed, 29 Feb 2012 17:27:24 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1295190 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2: client/ common/ filters/ grants/code/ provider/ services/ tokens/bearer/ utils/ Date: Wed, 29 Feb 2012 17:27:24 -0000 To: commits@cxf.apache.org From: sergeyb@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120229172724.CD7252388865@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: sergeyb Date: Wed Feb 29 17:27:23 2012 New Revision: 1295190 URL: http://svn.apache.org/viewvc?rev=1295190&view=rev Log: [CXF-4112] Removing enum classes for now as they are awkward to deal with for custom token or grant types plus few more minor updates Removed: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenGrantType.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenType.java Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenGrant.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeDataProvider.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java?rev=1295190&r1=1295189&r2=1295190&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java Wed Feb 29 17:27:23 2012 @@ -32,7 +32,6 @@ import org.apache.cxf.jaxrs.client.Clien import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.jaxrs.ext.form.Form; import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant; -import org.apache.cxf.rs.security.oauth2.common.AccessTokenType; import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; import org.apache.cxf.rs.security.oauth2.common.OAuthError; import org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider; @@ -137,10 +136,10 @@ public final class OAuthClientUtils { if (200 == response.getStatus()) { if (map.containsKey(OAuthConstants.ACCESS_TOKEN) && map.containsKey(OAuthConstants.ACCESS_TOKEN_TYPE)) { - String type = map.get(OAuthConstants.ACCESS_TOKEN_TYPE); + String tokenType = map.get(OAuthConstants.ACCESS_TOKEN_TYPE); ClientAccessToken token = new ClientAccessToken( - AccessTokenType.fromString(type), + tokenType, map.get(OAuthConstants.ACCESS_TOKEN)); return token; } else { @@ -170,9 +169,8 @@ public final class OAuthClientUtils { private static void appendTokenData(StringBuilder sb, ClientAccessToken token) throws OAuthServiceException { // this should all be handled by token specific serializers - AccessTokenType type = token.getTokenType(); - if (type == AccessTokenType.BEARER) { - sb.append("Bearer"); + if (OAuthConstants.BEARER_TOKEN_TYPE.equals(token.getTokenType())) { + sb.append(OAuthConstants.BEARER_AUTHORIZATION_SCHEME); sb.append(" "); sb.append(token.getTokenKey()); } else { Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java?rev=1295190&r1=1295189&r2=1295190&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java Wed Feb 29 17:27:23 2012 @@ -26,15 +26,15 @@ import java.util.Map; public abstract class AccessToken { private String tokenKey; - private AccessTokenType tokenType; + private String tokenType; private Map parameters; - protected AccessToken(AccessTokenType type, String tokenKey) { - this.tokenType = type; + protected AccessToken(String tokenType, String tokenKey) { + this.tokenType = tokenType; this.tokenKey = tokenKey; } - public AccessTokenType getTokenType() { + public String getTokenType() { return tokenType; } Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenGrant.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenGrant.java?rev=1295190&r1=1295189&r2=1295190&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenGrant.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenGrant.java Wed Feb 29 17:27:23 2012 @@ -21,6 +21,6 @@ package org.apache.cxf.rs.security.oauth import javax.ws.rs.core.MultivaluedMap; public interface AccessTokenGrant { - AccessTokenGrantType getType(); + String getType(); MultivaluedMap toMap(); } Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java?rev=1295190&r1=1295189&r2=1295190&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java Wed Feb 29 17:27:23 2012 @@ -28,14 +28,10 @@ public class ClientAccessToken extends A private String scope; private String rToken; - public ClientAccessToken(String type, String tokenKey) { - this(AccessTokenType.valueOf(type), tokenKey); + public ClientAccessToken(String tokenType, String tokenKey) { + super(tokenType, tokenKey); } - public ClientAccessToken(AccessTokenType type, String tokenKey) { - super(type, tokenKey); - } - public void setApprovedScope(String approvedScope) { this.scope = approvedScope; } Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java?rev=1295190&r1=1295189&r2=1295190&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java Wed Feb 29 17:27:23 2012 @@ -33,11 +33,11 @@ public abstract class ServerAccessToken private UserSubject subject; protected ServerAccessToken(Client client, - AccessTokenType type, + String tokenType, String tokenKey, long lifetime, long issuedAt) { - super(type, tokenKey); + super(tokenType, tokenKey); this.client = client; this.lifetime = lifetime; this.issuedAt = issuedAt; Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java?rev=1295190&r1=1295189&r2=1295190&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java Wed Feb 29 17:27:23 2012 @@ -46,6 +46,7 @@ import org.apache.cxf.rs.security.oauth2 import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; import org.apache.cxf.security.SecurityContext; @@ -56,7 +57,7 @@ import org.apache.cxf.security.SecurityC public class OAuthRequestFilter implements RequestHandler { private static final Logger LOG = LogUtils.getL7dLogger(OAuthRequestFilter.class); - private static final String DEFAULT_AUTH_SCHEME = "Bearer"; + private static final String DEFAULT_AUTH_SCHEME = OAuthConstants.BEARER_AUTHORIZATION_SCHEME; private MessageContext mc; @@ -192,11 +193,6 @@ public class OAuthRequestFilter implemen protected SecurityContext createSecurityContext(HttpServletRequest request, final OAuthInfo info) { - // TODO: - // This custom parameter is only needed by the "oauth" - // demo shipped in the distribution; needs to be removed. - request.setAttribute("oauth_authorities", info.getRoles()); - UserSubject subject = info.getToken().getSubject(); final UserSubject theSubject = subject; Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeDataProvider.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeDataProvider.java?rev=1295190&r1=1295189&r2=1295190&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeDataProvider.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeDataProvider.java Wed Feb 29 17:27:23 2012 @@ -19,9 +19,6 @@ package org.apache.cxf.rs.security.oauth2.grants.code; -import java.util.List; - -import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; @@ -32,13 +29,6 @@ import org.apache.cxf.rs.security.oauth2 public interface AuthorizationCodeDataProvider extends OAuthDataProvider { /** - * Converts the requested scope to the list of permissions - * @param requestedScope - * @return list of permissions - */ - List convertScopeToPermissions(List requestedScope); - - /** * Creates a temporarily code grant which will capture the * information about the {@link Client} attempting to access or * modify the resource owner's resource Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java?rev=1295190&r1=1295189&r2=1295190&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrant.java Wed Feb 29 17:27:23 2012 @@ -24,7 +24,7 @@ import javax.ws.rs.core.MultivaluedMap; import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant; -import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrantType; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; @@ -56,13 +56,13 @@ public class AuthorizationCodeGrant impl return code; } - public AccessTokenGrantType getType() { - return AccessTokenGrantType.AUTHORIZATION_CODE; + public String getType() { + return OAuthConstants.AUTHORIZATION_CODE_GRANT; } public MultivaluedMap toMap() { MultivaluedMap map = new MetadataMap(); - map.putSingle("grant_type", AccessTokenGrantType.AUTHORIZATION_CODE.getGrantType()); + map.putSingle("grant_type", OAuthConstants.AUTHORIZATION_CODE_GRANT); map.putSingle("code", code); if (redirectUri != null) { map.putSingle("redirect_uri", redirectUri); Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java?rev=1295190&r1=1295189&r2=1295190&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java Wed Feb 29 17:27:23 2012 @@ -19,7 +19,10 @@ package org.apache.cxf.rs.security.oauth2.provider; +import java.util.List; + import org.apache.cxf.rs.security.oauth2.common.Client; +import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; /** @@ -28,6 +31,7 @@ import org.apache.cxf.rs.security.oauth2 */ public interface OAuthDataProvider { + /** * Returns the previously registered third-party {@link Client} * @param clientId the client id @@ -67,5 +71,12 @@ public interface OAuthDataProvider { * @throws OAuthServiceException */ void removeAccessToken(ServerAccessToken accessToken) throws OAuthServiceException; - + + /** + * Converts the requested scope to the list of permissions + * @param requestedScope + * @return list of permissions + */ + List convertScopeToPermissions(Client client, + List requestedScope); } Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java?rev=1295190&r1=1295189&r2=1295190&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java Wed Feb 29 17:27:23 2012 @@ -28,6 +28,7 @@ import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import javax.ws.rs.core.SecurityContext; @@ -77,7 +78,10 @@ public class AccessTokenService extends ClientAccessToken clientToken = new ClientAccessToken(serverToken.getTokenType(), serverToken.getTokenKey()); clientToken.setParameters(serverToken.getParameters()); - return Response.ok(clientToken).build(); + return Response.ok(clientToken) + .header(HttpHeaders.CACHE_CONTROL, "no-store") + .header("Pragma", "no-cache") + .build(); } private Client authenticateClientIfNeeded(MultivaluedMap params) { Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java?rev=1295190&r1=1295189&r2=1295190&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java Wed Feb 29 17:27:23 2012 @@ -100,9 +100,7 @@ public class AuthorizationCodeGrantServi List permissions = null; try { - List list = parseScope(params.getFirst(OAuthConstants.SCOPE)); - permissions = ((AuthorizationCodeDataProvider)getDataProvider()) - .convertScopeToPermissions(list); + permissions = convertScopeToPermissions(client, params.getFirst(OAuthConstants.SCOPE)); } catch (OAuthServiceException ex) { return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE); } @@ -116,6 +114,16 @@ public class AuthorizationCodeGrantServi this.grantLifetime = lifetime; } + protected List convertScopeToPermissions(Client client, String scope) + throws OAuthServiceException { + List list = parseScope(scope); + + List permissions = getDataProvider() + .convertScopeToPermissions(client, list); + + return permissions; + } + protected OAuthAuthorizationData createAuthorizationData( Client client, MultivaluedMap params, List perms) { @@ -283,4 +291,5 @@ public class AuthorizationCodeGrantServi session.removeAttribute(OAuthConstants.SESSION_AUTHENTICITY_TOKEN); return requestToken.equals(sessionToken); } + } Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java?rev=1295190&r1=1295189&r2=1295190&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/bearer/BearerAccessToken.java Wed Feb 29 17:27:23 2012 @@ -18,15 +18,15 @@ */ package org.apache.cxf.rs.security.oauth2.tokens.bearer; -import org.apache.cxf.rs.security.oauth2.common.AccessTokenType; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; public class BearerAccessToken extends ServerAccessToken { public BearerAccessToken(Client client, String tokenKey, long lifetime, long issuedAt) { - super(client, AccessTokenType.BEARER, tokenKey, lifetime, issuedAt); + super(client, OAuthConstants.BEARER_TOKEN_TYPE, tokenKey, lifetime, issuedAt); } } Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1295190&r1=1295189&r2=1295190&view=diff ============================================================================== --- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java (original) +++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java Wed Feb 29 17:27:23 2012 @@ -35,8 +35,19 @@ public final class OAuthConstants { public static final String RESPONSE_TYPE = "response_type"; public static final String TOKEN_RESPONSE_TYPE = "token"; - // Authorization Code Grant + // Well-known grant types public static final String AUTHORIZATION_CODE_GRANT = "authorization_code"; + // etc + + // Well-known token types + public static final String BEARER_TOKEN_TYPE = "bearer"; + public static final String MAC_TOKEN_TYPE = "mac"; + + // Token Authorization schemes + public static final String BEARER_AUTHORIZATION_SCHEME = "Bearer"; + public static final String MAC_AUTHORIZATION_SCHEME = "Mac"; + + // Authorization Code grant constants public static final String AUTHORIZATION_CODE_VALUE = "code"; public static final String CODE_RESPONSE_TYPE = "code"; public static final String SESSION_AUTHENTICITY_TOKEN = "session_authenticity_token";