cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1341215 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2: common/ filters/ grants/refresh/ provider/ services/ utils/
Date Mon, 21 May 2012 21:45:16 GMT
Author: sergeyb
Date: Mon May 21 21:45:15 2012
New Revision: 1341215

URL: http://svn.apache.org/viewvc?rev=1341215&view=rev
Log:
[CXF-4332] Adding a token validator against the remote AccessToken service

Added:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
  (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
  (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
  (with props)
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
  (with props)
Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/UserSubject.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java?rev=1341215&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
(added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
Mon May 21 21:45:15 2012
@@ -0,0 +1,123 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.common;
+
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+// Represents the information about the validated ServerAccessToken.
+// The problem with reading specific ServerAccessToken instances is that
+// the (JAXB) reader needs to be specifically aware of the concrete token
+// classes like BearerAccessToken, etc, even though classes like BearerAccessToken
+// will not add anything useful to the filter protecting the application.
+
+//TODO: consider simply extending ServerAccessToken, 
+// though this will require relaxing a bit the ServerAccessToken model 
+// (introduce default constructors, etc) 
+@XmlRootElement
+public class AccessTokenValidation {
+    private String clientId;
+    private UserSubject clientSubject;
+    
+    private String tokenKey;
+    private String tokenType;
+    private String tokenGrantType;
+    private long tokenIssuedAt;
+    private long tokenLifetime;
+    private UserSubject tokenSubject;
+    private List<OAuthPermission> tokenScopes = new LinkedList<OAuthPermission>();
+    
+    public AccessTokenValidation() {
+        
+    }
+    
+    public AccessTokenValidation(ServerAccessToken token) {
+        this.clientId = token.getClient().getClientId();
+        this.clientSubject = token.getClient().getSubject();
+        
+        this.tokenKey = token.getTokenKey();
+        this.tokenType = token.getTokenType();
+        this.tokenGrantType = token.getGrantType();
+        this.tokenIssuedAt = token.getIssuedAt();
+        this.tokenLifetime = token.getLifetime();
+        
+        this.tokenSubject = token.getSubject();
+        this.tokenScopes = token.getScopes();        
+    }
+    
+    public String getClientId() {
+        return clientId;
+    }
+    public void setClientId(String clientId) {
+        this.clientId = clientId;
+    }
+    public UserSubject getClientSubject() {
+        return clientSubject;
+    }
+    public void setClientSubject(UserSubject clientSubject) {
+        this.clientSubject = clientSubject;
+    }
+    public String getTokenKey() {
+        return tokenKey;
+    }
+    public void setTokenKey(String tokenId) {
+        this.tokenKey = tokenId;
+    }
+    public UserSubject getTokenSubject() {
+        return tokenSubject;
+    }
+    public void setTokenSubject(UserSubject tokenSubject) {
+        this.tokenSubject = tokenSubject;
+    }
+    public List<OAuthPermission> getTokenScopes() {
+        return tokenScopes;
+    }
+    public void setTokenScopes(List<OAuthPermission> tokenPermissions) {
+        this.tokenScopes = tokenPermissions;
+    }
+    public String getTokenGrantType() {
+        return tokenGrantType;
+    }
+    public void setTokenGrantType(String tokenGrantType) {
+        this.tokenGrantType = tokenGrantType;
+    }
+    public long getTokenIssuedAt() {
+        return tokenIssuedAt;
+    }
+    public void setTokenIssuedAt(long tokenIssuedAt) {
+        this.tokenIssuedAt = tokenIssuedAt;
+    }
+    public long getTokenLifetime() {
+        return tokenLifetime;
+    }
+    public void setTokenLifetime(long tokenLifetime) {
+        this.tokenLifetime = tokenLifetime;
+    }
+
+    public String getTokenType() {
+        return tokenType;
+    }
+
+    public void setTokenType(String tokenType) {
+        this.tokenType = tokenType;
+    }
+    
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
Mon May 21 21:45:15 2012
@@ -21,6 +21,8 @@ package org.apache.cxf.rs.security.oauth
 import java.util.Collections;
 import java.util.List;
 
+import javax.xml.bind.annotation.XmlRootElement;
+
 /**
  * Provides the complete information about a given opaque permission.
  * For example, a scope parameter such as "read_calendar" will be
@@ -28,10 +30,15 @@ import java.util.List;
  * the human readable description and optionally restrict it to
  * a limited set of HTTP verbs and request URIs
  */
+@XmlRootElement
 public class OAuthPermission extends Permission {
     private List<String> httpVerbs = Collections.emptyList();
     private List<String> uris = Collections.emptyList();
     
+    public OAuthPermission() {
+        
+    }
+    
     public OAuthPermission(String permission, String description) {
         super(permission, description);
     }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/UserSubject.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/UserSubject.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/UserSubject.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/UserSubject.java
Mon May 21 21:45:15 2012
@@ -21,15 +21,22 @@ package org.apache.cxf.rs.security.oauth
 import java.util.Collections;
 import java.util.List;
 
+import javax.xml.bind.annotation.XmlRootElement;
+
 /**
  * Represents a login name which AuthorizationService
  * may capture after the end user approved a given third party request
  */
+@XmlRootElement
 public class UserSubject {
     
     private String login;
     private List<String> roles = Collections.emptyList();
     
+    public UserSubject() {
+        
+    }
+    
     public UserSubject(String login) {
         this.login = login;
     }
@@ -40,20 +47,37 @@ public class UserSubject {
     }
     
     /**
-     * Returns the user login name
+     * Return the user login name
      * @return the login name
      */
     public String getLogin() {
         return login;
     }
+    
+    /**
+     * Set the user login name
+     * @param login the login name
+     */
+    public void setLogin(String login) {
+        this.login = login;
+    }
 
     /**
-     * Returns the optional list of user roles which may have 
+     * Return the optional list of user roles which may have 
      * been captured during the authentication process 
      * @return the list of roles
      */
     public List<String> getRoles() {
-        return Collections.unmodifiableList(roles);
+        return roles;
+    }
+    
+    /**
+     * Set the optional list of user roles which may have 
+     * been captured during the authentication process 
+     * @param roles the list of roles
+     */
+    public void setRoles(List<String> roles) {
+        this.roles = roles;
     }
     
 

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java?rev=1341215&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
(added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
Mon May 21 21:45:15 2012
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.filters;
+
+import java.util.Collections;
+import java.util.List;
+
+import javax.ws.rs.core.HttpHeaders;
+
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
+import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+public class AccessTokenValidatorClient implements AccessTokenValidator {
+
+    private WebClient tokenValidatorClient;
+    
+    public List<String> getSupportedAuthorizationSchemes() {
+        return Collections.singletonList(OAuthConstants.ALL_AUTH_SCHEMES);
+    }
+
+    public AccessTokenValidation validateAccessToken(String authScheme, String authSchemeData)

+        throws OAuthServiceException {
+        WebClient client = WebClient.fromClient(tokenValidatorClient, true);
+        client.header(HttpHeaders.AUTHORIZATION, authScheme + " " + authSchemeData);
+        return client.get(AccessTokenValidation.class);
+    }
+
+    public void setTokenValidatorClient(WebClient tokenValidatorClient) {
+        this.tokenValidatorClient = tokenValidatorClient;
+    }
+
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
Mon May 21 21:45:15 2012
@@ -20,33 +20,24 @@ package org.apache.cxf.rs.security.oauth
 
 import java.security.Principal;
 import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashSet;
 import java.util.List;
-import java.util.Set;
 import java.util.logging.Logger;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.ext.Provider;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.security.SimplePrincipal;
-import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.jaxrs.ext.RequestHandler;
 import org.apache.cxf.jaxrs.model.ClassResourceInfo;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
 import org.apache.cxf.rs.security.oauth2.common.OAuthContext;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
-import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.services.AbstractAccessTokenValidator;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 import org.apache.cxf.security.SecurityContext;
 
@@ -54,35 +45,21 @@ import org.apache.cxf.security.SecurityC
  * JAX-RS OAuth2 filter which can be used to protect the end-user endpoints
  */
 @Provider
-public class OAuthRequestFilter implements RequestHandler {
+public class OAuthRequestFilter extends AbstractAccessTokenValidator implements RequestHandler
{
     private static final Logger LOG = LogUtils.getL7dLogger(OAuthRequestFilter.class);
     
-    private static final String DEFAULT_AUTH_SCHEME = OAuthConstants.BEARER_AUTHORIZATION_SCHEME;

-    
-    private MessageContext mc;
-
-    private List<AccessTokenValidator> tokenHandlers = Collections.emptyList();
-    private Set<String> supportedSchemes = new HashSet<String>();
     private boolean useUserSubject;
-    private OAuthDataProvider dataProvider;
-    
-    public void setGrantHandlers(List<AccessTokenValidator> handlers) {
-        tokenHandlers = handlers;
-        for (AccessTokenValidator handler : handlers) {
-            supportedSchemes.addAll(handler.getSupportedAuthorizationSchemes());
-        }
-    }
     
     public Response handleRequest(Message m, ClassResourceInfo resourceClass) {
         // Get the access token
-        ServerAccessToken accessToken = getAccessToken(); 
+        AccessTokenValidation accessTokenV = getAccessTokenValidation(); 
         
         // Find the scopes which match the current request
         
-        List<OAuthPermission> permissions = accessToken.getScopes();
+        List<OAuthPermission> permissions = accessTokenV.getTokenScopes();
         List<OAuthPermission> matchingPermissions = new ArrayList<OAuthPermission>();
         
-        HttpServletRequest req = mc.getHttpServletRequest();
+        HttpServletRequest req = getMessageContext().getHttpServletRequest();
         for (OAuthPermission perm : permissions) {
             boolean uriOK = checkRequestURI(req, perm.getUris());
             boolean verbOK = checkHttpVerb(req, perm.getHttpVerbs());
@@ -98,13 +75,13 @@ public class OAuthRequestFilter implemen
         }
       
         // Create the security context and make it available on the message
-        SecurityContext sc = createSecurityContext(req, accessToken);
+        SecurityContext sc = createSecurityContext(req, accessTokenV);
         m.put(SecurityContext.class, sc);
         
         // Also set the OAuthContext
-        m.setContent(OAuthContext.class, new OAuthContext(accessToken.getSubject(),
+        m.setContent(OAuthContext.class, new OAuthContext(accessTokenV.getTokenSubject(),
                                                           matchingPermissions,
-                                                          accessToken.getGrantType()));
+                                                          accessTokenV.getTokenGrantType()));
         
         return null;
     }
@@ -139,79 +116,15 @@ public class OAuthRequestFilter implemen
         return foundValidScope;
     }
     
-    public void setDataProvider(OAuthDataProvider provider) {
-        dataProvider = provider;
-    }
-    
     public void setUseUserSubject(boolean useUserSubject) {
         this.useUserSubject = useUserSubject;
     }
     
-    @Context
-    public void setMessageContext(MessageContext context) {
-        this.mc = context;
-    }
-
-    protected AccessTokenValidator findTokenHandler(String authScheme) {
-        for (AccessTokenValidator handler : tokenHandlers) {
-            if (handler.getSupportedAuthorizationSchemes().contains(authScheme)) {
-                return handler;
-            }
-        }
-        return null;        
-    }
-    
-    /**
-     * Get the access token
-     */
-    protected ServerAccessToken getAccessToken() {
-        ServerAccessToken accessToken = null;
-        if (dataProvider == null && tokenHandlers.isEmpty()) {
-            throw new WebApplicationException(500);
-        }
-        
-        // Get the scheme and its data, Bearer only is supported by default
-        // WWW-Authenticate with the list of supported schemes will be sent back 
-        // if the scheme is not accepted
-        String[] authParts = AuthorizationUtils.getAuthorizationParts(mc, supportedSchemes);
-        String authScheme = authParts[0];
-        String authSchemeData = authParts[1];
-        
-        // Get the registered handler capable of processing the token
-        AccessTokenValidator handler = findTokenHandler(authScheme);
-        if (handler != null) {
-            try {
-                // Convert the HTTP Authorization scheme data into a token
-                accessToken = handler.getAccessToken(authSchemeData);
-            } catch (OAuthServiceException ex) {
-                AuthorizationUtils.throwAuthorizationFailure(
-                    Collections.singleton(authScheme));
-            }
-        }
-        // Default processing if no registered providers available
-        if (accessToken == null && authScheme.equals(DEFAULT_AUTH_SCHEME)) {
-            try {
-                accessToken = dataProvider.getAccessToken(authSchemeData);
-            } catch (OAuthServiceException ex) {
-                AuthorizationUtils.throwAuthorizationFailure(
-                    Collections.singleton(authScheme));
-            }
-        }
-        if (accessToken == null) {
-            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes);
-        }
-        // Check if token is still valid
-        if (OAuthUtils.isExpired(accessToken.getIssuedAt(), accessToken.getLifetime())) {
-            dataProvider.removeAccessToken(accessToken);
-            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes);
-        }
-        return accessToken;
-    }
     
     protected SecurityContext createSecurityContext(HttpServletRequest request, 
-                                                    ServerAccessToken token) {
-        UserSubject endUserSubject = token.getSubject();
-        UserSubject clientSubject = token.getClient().getSubject();
+                                                    AccessTokenValidation accessTokenV) {
+        UserSubject endUserSubject = accessTokenV.getTokenSubject();
+        UserSubject clientSubject = accessTokenV.getClientSubject();
 
         final UserSubject theSubject = 
             OAuthRequestFilter.this.useUserSubject ? endUserSubject : clientSubject;

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
Mon May 21 21:45:15 2012
@@ -50,7 +50,8 @@ public class RefreshTokenGrantHandler im
         }
         String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN);
         
-        ServerAccessToken token = dataProvider.refreshAccessToken(client.getClientId(), refreshToken);
+        ServerAccessToken token = dataProvider.refreshAccessToken(client.getClientId(), 
+                                                                  refreshToken);
         if (token == null) {
             return null;
         }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java
Mon May 21 21:45:15 2012
@@ -21,10 +21,10 @@ package org.apache.cxf.rs.security.oauth
 
 import java.util.List;
 
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
 
 public interface AccessTokenValidator {
     List<String> getSupportedAuthorizationSchemes();
-    ServerAccessToken getAccessToken(String schemeData)
+    AccessTokenValidation validateAccessToken(String authScheme, String authSchemeData)
         throws OAuthServiceException;
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
Mon May 21 21:45:15 2012
@@ -79,7 +79,7 @@ public interface OAuthDataProvider {
 
     /**
      * Removes the token
-     * @param token the token
+     * @param accessToken the token
      * @throws OAuthServiceException
      */
     void removeAccessToken(ServerAccessToken accessToken) throws OAuthServiceException;

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java?rev=1341215&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
(added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
Mon May 21 21:45:15 2012
@@ -0,0 +1,141 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.services;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+
+public abstract class AbstractAccessTokenValidator {
+    
+    private static final String DEFAULT_AUTH_SCHEME = OAuthConstants.BEARER_AUTHORIZATION_SCHEME;
+    
+    
+    private MessageContext mc;
+
+    private List<AccessTokenValidator> tokenHandlers = Collections.emptyList();
+    private Set<String> supportedSchemes = new HashSet<String>();
+    private OAuthDataProvider dataProvider;
+    
+    public void setTokenValidator(AccessTokenValidator validator) {
+        setTokenValidators(Collections.singletonList(validator));
+    }
+    
+    public void setTokenValidators(List<AccessTokenValidator> validators) {
+        tokenHandlers = validators;
+        for (AccessTokenValidator handler : validators) {
+            supportedSchemes.addAll(handler.getSupportedAuthorizationSchemes());
+        }
+    }
+    
+    public void setDataProvider(OAuthDataProvider provider) {
+        dataProvider = provider;
+    }
+    
+    @Context
+    public void setMessageContext(MessageContext context) {
+        this.mc = context;
+    }
+    
+    public MessageContext getMessageContext() {
+        return mc;
+    }
+
+    protected AccessTokenValidator findTokenValidator(String authScheme) {
+        for (AccessTokenValidator handler : tokenHandlers) {
+            List<String> handlerSchemes = handler.getSupportedAuthorizationSchemes();
+            if (handlerSchemes.size() == 1 && OAuthConstants.ALL_AUTH_SCHEMES.equals(handlerSchemes.get(0))
+                || handlerSchemes.contains(authScheme)) {
+                return handler;
+            }
+        }
+        return null;        
+    }
+    
+    /**
+     * Get the access token
+     */
+    protected AccessTokenValidation getAccessTokenValidation() {
+        AccessTokenValidation accessTokenV = null;
+        if (dataProvider == null && tokenHandlers.isEmpty()) {
+            throw new WebApplicationException(500);
+        }
+        
+        // Get the scheme and its data, Bearer only is supported by default
+        // WWW-Authenticate with the list of supported schemes will be sent back 
+        // if the scheme is not accepted
+        String[] authParts = AuthorizationUtils.getAuthorizationParts(mc, supportedSchemes);
+        String authScheme = authParts[0];
+        String authSchemeData = authParts[1];
+        
+        // Get the registered handler capable of processing the token
+        AccessTokenValidator handler = findTokenValidator(authScheme);
+        if (handler != null) {
+            try {
+                // Convert the HTTP Authorization scheme data into a token
+                accessTokenV = handler.validateAccessToken(authScheme, authSchemeData);
+            } catch (OAuthServiceException ex) {
+                AuthorizationUtils.throwAuthorizationFailure(
+                    Collections.singleton(authScheme));
+            }
+        }
+        // Default processing if no registered providers available
+        ServerAccessToken localAccessToken = null;
+        if (accessTokenV == null && dataProvider != null && authScheme.equals(DEFAULT_AUTH_SCHEME))
{
+            try {
+                localAccessToken = dataProvider.getAccessToken(authSchemeData);
+                accessTokenV = new AccessTokenValidation(localAccessToken);
+            } catch (OAuthServiceException ex) {
+                AuthorizationUtils.throwAuthorizationFailure(
+                    Collections.singleton(authScheme));
+            }
+        }
+        if (accessTokenV == null) {
+            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes);
+        }
+        // Check if token is still valid
+        if (OAuthUtils.isExpired(accessTokenV.getTokenIssuedAt(), accessTokenV.getTokenLifetime()))
{
+            if (localAccessToken != null) {
+                dataProvider.removeAccessToken(localAccessToken);
+            }
+            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes);
+        }
+        return accessTokenV;
+    }
+    
+    @Deprecated
+    public void setGrantHandlers(List<AccessTokenValidator> validators) {
+        setTokenValidators(validators);
+    }
+    
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java?rev=1341215&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
(added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
Mon May 21 21:45:15 2012
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.services;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
+
+@Path("validate")
+public class AccessTokenValidatorService extends AbstractAccessTokenValidator {
+    @GET
+    @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+    public AccessTokenValidation getTokenValidationInfo() {
+        return super.getAccessTokenValidation();
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
Mon May 21 21:45:15 2012
@@ -70,14 +70,18 @@ public final class AuthorizationUtils {
     }
     
     public static void throwAuthorizationFailure(Set<String> challenges) {
+        ResponseBuilder rb = Response.status(401);
+        
         StringBuilder sb = new StringBuilder();
         for (String challenge : challenges) {
+            if ("*".equals(challenge)) {
+                continue;
+            }
             if (sb.length() > 0) {
                 sb.append(",");
             }
             sb.append(challenge);
         }
-        ResponseBuilder rb = Response.status(401);
         if (sb.length() > 0) {
             rb.header(HttpHeaders.WWW_AUTHENTICATE, sb.toString());
         }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
Mon May 21 21:45:15 2012
@@ -51,6 +51,8 @@ public final class OAuthConstants {
     // Token Authorization schemes
     public static final String BEARER_AUTHORIZATION_SCHEME = "Bearer";
     public static final String MAC_AUTHORIZATION_SCHEME = "Mac";
+    public static final String ALL_AUTH_SCHEMES = "*";
+
     
     // Authorization Code grant constants
     public static final String AUTHORIZATION_CODE_VALUE = "code";



Mime
View raw message