cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1363166 - in /cxf/trunk: rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/ rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/ rt/rs/security/oauth-parent/oauth/sr...
Date Wed, 18 Jul 2012 23:03:28 GMT
Author: sergeyb
Date: Wed Jul 18 23:03:28 2012
New Revision: 1363166

URL: http://svn.apache.org/viewvc?rev=1363166&view=rev
Log:
[CXF-4428,CXF-4432] Turning error-related properties into contextual ones, fixing the test;
restoring the original support for oob callbacks with few updates

Added:
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
  (with props)
Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java
    cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
Wed Jul 18 23:03:28 2012
@@ -36,6 +36,7 @@ public class OAuthAuthorizationData impl
     private String authenticityToken;
     private String applicationName;
     private String applicationURI;
+    private String callbackURI;
     private String applicationDescription;
     private String logoUri;
     private String replyTo;
@@ -111,4 +112,12 @@ public class OAuthAuthorizationData impl
     public String getLogoUri() {
         return logoUri;
     }
+
+    public String getCallbackURI() {
+        return callbackURI;
+    }
+
+    public void setCallbackURI(String callbackURI) {
+        this.callbackURI = callbackURI;
+    }
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
Wed Jul 18 23:03:28 2012
@@ -35,7 +35,6 @@ public abstract class AbstractOAuthServi
     
     private OAuthDataProvider dataProvider;
     private OAuthValidator validator = new DefaultOAuthValidator();
-    private boolean reportFailureDetails; 
     
     @Context 
     public void setMessageContext(MessageContext context) {
@@ -43,7 +42,6 @@ public abstract class AbstractOAuthServi
     }
     
     public MessageContext getMessageContext() {
-        mc.put(OAuthUtils.REPORT_FAILURE_DETAILS, reportFailureDetails);
         return mc;
     }
     
@@ -63,5 +61,4 @@ public abstract class AbstractOAuthServi
         this.validator = validator;
     }
     
-    
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
Wed Jul 18 23:03:28 2012
@@ -36,6 +36,7 @@ import java.util.logging.Logger;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
+import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 
@@ -138,8 +139,14 @@ public class AuthorizationRequestHandler
             if (token.getState() != null) {
                 queryParams.put("state", token.getState());
             }
-            URI callback = buildCallbackURI(getCallbackURI(token), queryParams);
-            return Response.seeOther(callback).build();
+            String callbackValue = getCallbackValue(token);
+            if (OAuthConstants.OAUTH_CALLBACK_OOB.equals(callbackValue)) {
+                OOBAuthorizationResponse bean = convertQueryParamsToOOB(queryParams);
+                return Response.ok().type(MediaType.TEXT_HTML).entity(bean).build();
+            } else {
+                URI callbackURI = buildCallbackURI(callbackValue, queryParams);
+                return Response.seeOther(callbackURI).build();
+            }
             
         } catch (OAuthProblemException e) {
             LOG.log(Level.WARNING, "An OAuth related problem: {0}", new Object[]{e.fillInStackTrace()});
@@ -158,7 +165,7 @@ public class AuthorizationRequestHandler
         }
     }
 
-    protected String getCallbackURI(RequestToken token) throws OAuthProblemException {
+    protected String getCallbackValue(RequestToken token) throws OAuthProblemException {
         String callback = token.getCallback();
         if (callback == null) {
             callback = token.getClient().getApplicationURI();
@@ -179,12 +186,22 @@ public class AuthorizationRequestHandler
         return builder.build(); 
     }
     
+    private OOBAuthorizationResponse convertQueryParamsToOOB(Map<String, String> queryParams)
{
+
+        OOBAuthorizationResponse oob = new OOBAuthorizationResponse();
+        oob.setRequestToken(queryParams.get(OAuth.OAUTH_TOKEN));
+        oob.setVerifier(queryParams.get(OAuth.OAUTH_VERIFIER));
+        oob.setState(queryParams.get("state"));
+        return oob; 
+    }
+    
     protected OAuthAuthorizationData addAdditionalParams(OAuthAuthorizationData secData,
                                                          OAuthDataProvider dataProvider,
-                                                         RequestToken token) {
+                                                         RequestToken token) throws OAuthProblemException
{
         secData.setOauthToken(token.getTokenKey());
         secData.setApplicationName(token.getClient().getApplicationName()); 
         secData.setApplicationURI(token.getClient().getApplicationURI());
+        secData.setCallbackURI(getCallbackValue(token));
         secData.setApplicationDescription(token.getClient().getApplicationDescription());
         secData.setLogoUri(token.getClient().getLogoUri());
         secData.setPermissions(token.getScopes());

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java?rev=1363166&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
(added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
Wed Jul 18 23:03:28 2012
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.services;
+
+public class OOBAuthorizationResponse {
+    private String requestToken;
+    private String verifier;
+    private String state;
+    public String getRequestToken() {
+        return requestToken;
+    }
+    public void setRequestToken(String requestToken) {
+        this.requestToken = requestToken;
+    }
+    public String getVerifier() {
+        return verifier;
+    }
+    public void setVerifier(String verifier) {
+        this.verifier = verifier;
+    }
+    public String getState() {
+        return state;
+    }
+    public void setState(String state) {
+        this.state = state;
+    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
Wed Jul 18 23:03:28 2012
@@ -123,21 +123,22 @@ public class RequestTokenHandler {
 
     protected void validateCallbackURL(Client client,
                                        String oauthCallback) throws OAuthProblemException
{
-
-        if (StringUtils.isEmpty(oauthCallback) 
-            || client.getCallbackURI() != null
-                && !oauthCallback.equals(client.getCallbackURI())
-            || client.getApplicationURI() != null
-                && !oauthCallback.startsWith(client.getApplicationURI())) {
-            OAuthProblemException problemEx = new OAuthProblemException(
-                OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK);
-            problemEx
-                .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
-                    HttpServletResponse.SC_BAD_REQUEST);
-            throw problemEx;
-            
+        // the callback must not be empty or null, and it should either match
+        // the pre-registered callback URI or have the common root with the
+        // the pre-registered application URI
+        if (!StringUtils.isEmpty(oauthCallback) 
+            && (!StringUtils.isEmpty(client.getCallbackURI())
+                && oauthCallback.equals(client.getCallbackURI())
+                || !StringUtils.isEmpty(client.getApplicationURI())
+                && oauthCallback.startsWith(client.getApplicationURI()))) {
+            return;
         }
-        
+        OAuthProblemException problemEx = new OAuthProblemException(
+            OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK);
+        problemEx
+            .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
+                HttpServletResponse.SC_BAD_REQUEST);
+        throw problemEx;
     }
 
     public void setTokenLifetime(long tokenLifetime) {

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
Wed Jul 18 23:03:28 2012
@@ -40,6 +40,8 @@ public final class OAuthConstants {
     public static final String X_OAUTH_SCOPE = "scope";
     public static final String OAUTH_CONSUMER_SECRET = "oauth_consumer_secret";
     
+    public static final String OAUTH_CALLBACK_OOB = "oob";
+    
     private OAuthConstants() {
         
     }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Wed Jul 18 23:03:28 2012
@@ -64,7 +64,8 @@ import org.apache.cxf.rs.security.oauth.
  */
 public final class OAuthUtils {
     public static final String REPORT_FAILURE_DETAILS = "report.failure.details";
-
+    public static final String REPORT_FAILURE_DETAILS_AS_HEADER = "report.failure.details.as.header";
+    
     private OAuthUtils() {
     }
 
@@ -162,8 +163,24 @@ public final class OAuthUtils {
                                            Exception e, 
                                            int status) {
         ResponseBuilder builder = Response.status(status);
-        if (MessageUtils.isTrue(mc.get(REPORT_FAILURE_DETAILS))) {
-            builder.entity(e.getMessage());
+        if (MessageUtils.isTrue(mc.getContextualProperty(REPORT_FAILURE_DETAILS))) {
+            boolean asHeader = MessageUtils.isTrue(
+                mc.getContextualProperty(REPORT_FAILURE_DETAILS_AS_HEADER));
+            String text = null;
+            if (e instanceof OAuthProblemException) {
+                OAuthProblemException problem = (OAuthProblemException)e;
+                if (asHeader && problem.getProblem() != null) {
+                    text = problem.getProblem();
+                }
+            }
+            if (text == null) {
+                text = e.getMessage();
+            }
+            if (asHeader) {
+                builder.header("oauth_problem", text);
+            } else {
+                builder.entity(e.getMessage());    
+            }
         }
         throw new WebApplicationException(builder.build());
     }

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java
Wed Jul 18 23:03:28 2012
@@ -101,12 +101,8 @@ public class TemporaryCredentialServiceT
                 //test wrong client id
                 parameters.put(OAuth.OAUTH_CONSUMER_KEY, "wrong");
                 message = invokeRequestToken(parameters, style, OAuthServer.PORT);
-
-                wwwHeader = message.getHeader(HttpHeaders.WWW_AUTHENTICATE);
-                List<OAuth.Parameter> list = OAuthMessage.decodeAuthorization(wwwHeader);
-
-                String oauthProblem = OAuthTestUtils.findOAuthParameter(list, "oauth_problem").getValue();
-                Assert.assertEquals(OAuth.Problems.CONSUMER_KEY_UNKNOWN, oauthProblem);
+                String response = message.getHeader("oauth_problem");
+                Assert.assertEquals(OAuth.Problems.CONSUMER_KEY_UNKNOWN, response);
             }
         }
     }

Modified: cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml
(original)
+++ cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml
Wed Jul 18 23:03:28 2012
@@ -29,6 +29,10 @@ under the License.
         <jaxrs:serviceBeans>
             <ref bean="temporaryCredentialService"/>
         </jaxrs:serviceBeans>
+        <jaxrs:properties>
+           <entry key="report.failure.details" value="true"/>
+           <entry key="report.failure.details.as.header" value="true"/>
+        </jaxrs:properties>
     </jaxrs:server>
 
     <bean id="temporaryCredentialService"



Mime
View raw message