cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1364642 - in /cxf/branches/2.5.x-fixes: ./ rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/ rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/ rt/rs/security/...
Date Mon, 23 Jul 2012 14:23:35 GMT
Author: sergeyb
Date: Mon Jul 23 14:23:35 2012
New Revision: 1364642

URL: http://svn.apache.org/viewvc?rev=1364642&view=rev
Log:
Merged revisions 1362118 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes

................
  r1362118 | sergeyb | 2012-07-16 17:25:59 +0100 (Mon, 16 Jul 2012) | 9 lines
  
  Merged revisions 1362114 via svnmerge from 
  https://svn.apache.org/repos/asf/cxf/trunk
  
  ........
    r1362114 | sergeyb | 2012-07-16 17:20:32 +0100 (Mon, 16 Jul 2012) | 1 line
    
    [CXF-4225] Reusing default validator instance between requests, making it possible to
customize the validation
  ........
................

Modified:
    cxf/branches/2.5.x-fixes/   (props changed)
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java

Propchange: cxf/branches/2.5.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (added)
+++ svn:mergeinfo Mon Jul 23 14:23:35 2012
@@ -0,0 +1,2 @@
+/cxf/branches/2.6.x-fixes:1362118
+/cxf/trunk:1362114

Propchange: cxf/branches/2.5.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1364642&r1=1364641&r2=1364642&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
Mon Jul 23 14:23:35 2012
@@ -35,6 +35,7 @@ import javax.servlet.http.HttpServletReq
 import net.oauth.OAuth;
 import net.oauth.OAuthMessage;
 import net.oauth.OAuthProblemException;
+import net.oauth.OAuthValidator;
 import net.oauth.server.OAuthServlet;
 
 import org.apache.cxf.common.logging.LogUtils;
@@ -47,6 +48,7 @@ import org.apache.cxf.rs.security.oauth.
 import org.apache.cxf.rs.security.oauth.data.OAuthContext;
 import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
 import org.apache.cxf.rs.security.oauth.data.UserSubject;
+import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
@@ -77,7 +79,8 @@ public class AbstractAuthFilter {
     
     private boolean useUserSubject;
     private OAuthDataProvider dataProvider;
-
+    private OAuthValidator validator = new DefaultOAuthValidator();
+    
     protected AbstractAuthFilter() {
         
     }
@@ -130,7 +133,8 @@ public class AbstractAuthFilter {
             }
             client = accessToken.getClient(); 
             
-            OAuthUtils.validateMessage(oAuthMessage, client, accessToken, dataProvider);
   
+            OAuthUtils.validateMessage(oAuthMessage, client, accessToken, 
+                                       dataProvider, validator);    
         } else {
             String consumerKey = null;
             String consumerSecret = null;
@@ -161,7 +165,8 @@ public class AbstractAuthFilter {
                 LOG.warning("Client secret is invalid");
                 throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
             } else {
-                OAuthUtils.validateMessage(oAuthMessage, client, null, dataProvider);
+                OAuthUtils.validateMessage(oAuthMessage, client, null, 
+                                           dataProvider, validator);
             }
             accessToken = client.getPreAuthorizedToken();
             if (accessToken == null || !accessToken.isPreAuthorized()) {
@@ -265,6 +270,10 @@ public class AbstractAuthFilter {
         return new OAuthContext(subject, info.getMatchedPermissions());
     }
     
+    public void setValidator(OAuthValidator validator) {
+        this.validator = validator;
+    }
+
     private static class CustomHttpServletWrapper extends HttpServletRequestWrapper {
         public CustomHttpServletWrapper(HttpServletRequest req) {
             super(req);

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java?rev=1364642&r1=1364641&r2=1364642&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java
Mon Jul 23 14:23:35 2012
@@ -48,6 +48,7 @@ public class OAuthServletFilter extends 
     public void init(FilterConfig filterConfig) throws ServletException {
         ServletContext servletContext = filterConfig.getServletContext();
         super.setDataProvider(OAuthUtils.getOAuthDataProvider(servletContext));
+        super.setValidator(OAuthUtils.getOAuthValidator(servletContext));
         super.setUseUserSubject(MessageUtils.isTrue(servletContext.getInitParameter(USE_USER_SUBJECT)));
     }
 

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java?rev=1364642&r1=1364641&r2=1364642&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
Mon Jul 23 14:23:35 2012
@@ -20,7 +20,10 @@ package org.apache.cxf.rs.security.oauth
 
 import javax.ws.rs.core.Context;
 
+import net.oauth.OAuthValidator;
+
 import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
 import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
 
@@ -31,6 +34,7 @@ public abstract class AbstractOAuthServi
     private MessageContext mc;
     
     private OAuthDataProvider dataProvider;
+    private OAuthValidator validator = new DefaultOAuthValidator();
 
     @Context 
     public void setMessageContext(MessageContext context) {
@@ -48,6 +52,14 @@ public abstract class AbstractOAuthServi
     protected OAuthDataProvider getDataProvider() {
         return OAuthUtils.getOAuthDataProvider(dataProvider, mc.getServletContext());
     }
+
+    public OAuthValidator getValidator() {
+        return validator;
+    }
+
+    public void setValidator(OAuthValidator validator) {
+        this.validator = validator;
+    }
     
     
 }

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java?rev=1364642&r1=1364641&r2=1364642&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
Mon Jul 23 14:23:35 2012
@@ -29,6 +29,7 @@ import javax.ws.rs.core.Response;
 import net.oauth.OAuth;
 import net.oauth.OAuthMessage;
 import net.oauth.OAuthProblemException;
+import net.oauth.OAuthValidator;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
@@ -54,7 +55,9 @@ public class AccessTokenHandler {
             OAuth.OAUTH_NONCE
         };
     
-    public Response handle(MessageContext mc, OAuthDataProvider dataProvider) {
+    public Response handle(MessageContext mc, 
+                           OAuthDataProvider dataProvider,
+                           OAuthValidator validator) {
         try {
             OAuthMessage oAuthMessage = 
                 OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS);
@@ -75,8 +78,11 @@ public class AccessTokenHandler {
                 throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID);
             }
             
-            OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken,
-                                       dataProvider);
+            OAuthUtils.validateMessage(oAuthMessage, 
+                                       requestToken.getClient(), 
+                                       requestToken,
+                                       dataProvider,
+                                       validator);
 
             AccessTokenRegistration reg = new AccessTokenRegistration();
             reg.setRequestToken(requestToken);

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java?rev=1364642&r1=1364641&r2=1364642&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java
Mon Jul 23 14:23:35 2012
@@ -49,6 +49,8 @@ public class AccessTokenService extends 
     @POST
     @Produces("application/x-www-form-urlencoded")
     public Response getAccessToken() {
-        return handler.handle(getMessageContext(), getDataProvider());
+        return handler.handle(getMessageContext(), 
+                              getDataProvider(),
+                              getValidator());
     }
 }

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1364642&r1=1364641&r2=1364642&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
Mon Jul 23 14:23:35 2012
@@ -30,6 +30,7 @@ import javax.ws.rs.core.Response;
 import net.oauth.OAuth;
 import net.oauth.OAuthMessage;
 import net.oauth.OAuthProblemException;
+import net.oauth.OAuthValidator;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
@@ -57,7 +58,9 @@ public class RequestTokenHandler {
     private long tokenLifetime = 3600L;
     private String defaultScope;
     
-    public Response handle(MessageContext mc, OAuthDataProvider dataProvider) {
+    public Response handle(MessageContext mc, 
+                           OAuthDataProvider dataProvider,
+                           OAuthValidator validator) {
         try {
             OAuthMessage oAuthMessage = 
                 OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS);
@@ -69,7 +72,8 @@ public class RequestTokenHandler {
                 throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
             }
 
-            OAuthUtils.validateMessage(oAuthMessage, client, null, dataProvider);
+            OAuthUtils.validateMessage(oAuthMessage, client, null, 
+                                       dataProvider, validator);
 
             String callback = oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK);
             validateCallbackURL(client, callback);

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java?rev=1364642&r1=1364641&r2=1364642&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java
Mon Jul 23 14:23:35 2012
@@ -48,6 +48,8 @@ public class RequestTokenService extends
     @POST
     @Produces("application/x-www-form-urlencoded")
     public Response getRequestToken() {
-        return handler.handle(getMessageContext(), getDataProvider());
+        return handler.handle(getMessageContext(), 
+                              getDataProvider(),
+                              getValidator());
     }
 }

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java?rev=1364642&r1=1364641&r2=1364642&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
Mon Jul 23 14:23:35 2012
@@ -25,8 +25,9 @@ package org.apache.cxf.rs.security.oauth
 public final class OAuthConstants {
     
     public static final String OAUTH_DATA_PROVIDER_CLASS = "oauth.data.provider-class";
-    public static final String OAUTH_DATA_VALIDATOR_CLASS = "oauth.data.validator-class";
+    public static final String OAUTH_VALIDATOR_CLASS = "oauth.data.validator-class";
     public static final String OAUTH_DATA_PROVIDER_INSTANCE_KEY = "oauth.data.provider-instance.key";
+    public static final String OAUTH_VALIDATOR_INSTANCE_KEY = "oauth.data.validator-instance.key";
 
     public static final String VERIFIER_INVALID = "verifier_invalid";
 

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1364642&r1=1364641&r2=1364642&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Mon Jul 23 14:23:35 2012
@@ -41,6 +41,7 @@ import net.oauth.OAuthAccessor;
 import net.oauth.OAuthConsumer;
 import net.oauth.OAuthMessage;
 import net.oauth.OAuthProblemException;
+import net.oauth.OAuthValidator;
 import net.oauth.server.OAuthServlet;
 
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
@@ -85,7 +86,8 @@ public final class OAuthUtils {
     public static void validateMessage(OAuthMessage oAuthMessage, 
                                        Client client, 
                                        Token token,
-                                       OAuthDataProvider provider) 
+                                       OAuthDataProvider provider,
+                                       OAuthValidator validator) 
         throws Exception {
         OAuthConsumer consumer = new OAuthConsumer(null, client.getConsumerKey(),
             client.getSecretKey(), null);
@@ -98,11 +100,16 @@ public final class OAuthUtils {
             }
             accessor.tokenSecret = token.getTokenSecret();
         }
-        
-        DefaultOAuthValidator validator = new DefaultOAuthValidator(); 
-        validator.validateMessage(oAuthMessage, accessor);
-        if (token != null) {
-            validator.validateToken(token, provider);
+        try {
+            validator.validateMessage(oAuthMessage, accessor);
+        } catch (Exception ex) {
+            if (token != null) {
+                provider.removeToken(token);
+                throw ex;
+            }
+        }
+        if (token != null && validator instanceof DefaultOAuthValidator) {
+            ((DefaultOAuthValidator)validator).validateToken(token, provider);
         }
     }
     
@@ -228,14 +235,6 @@ public final class OAuthUtils {
                                 + " ] context init param in web.xml");
             }
             
-            String oauthValidatorClassName = servletContext
-                    .getInitParameter(OAuthConstants.OAUTH_DATA_VALIDATOR_CLASS);
-
-            if (StringUtils.isEmpty(oauthValidatorClassName)) {
-                //if no validator was provided fallback to default validator
-                oauthValidatorClassName = DefaultOAuthValidator.class.getName();
-            }
-
             try {
                 dataProvider = (OAuthDataProvider) OAuthUtils
                         .instantiateClass(dataProviderClassName);
@@ -250,4 +249,32 @@ public final class OAuthUtils {
 
         return dataProvider;
     }
+    
+    public static synchronized OAuthValidator getOAuthValidator(ServletContext servletContext)
{
+
+        OAuthValidator dataProvider = (OAuthValidator) servletContext
+              .getAttribute(OAuthConstants.OAUTH_VALIDATOR_INSTANCE_KEY);
+    
+        if (dataProvider == null) {
+            String dataProviderClassName = servletContext
+                .getInitParameter(OAuthConstants.OAUTH_VALIDATOR_CLASS);
+    
+            if (!StringUtils.isEmpty(dataProviderClassName)) {
+            
+                try {
+                    dataProvider = (OAuthValidator) OAuthUtils
+                        .instantiateClass(dataProviderClassName);
+                 
+                    servletContext
+                        .setAttribute(OAuthConstants.OAUTH_VALIDATOR_INSTANCE_KEY, dataProvider);
+                } catch (Exception e) {
+                    throw new RuntimeException(
+                        "Cannot instantiate OAuthValidator class: " + dataProviderClassName,
e);
+                }
+            }
+        }
+    
+        return dataProvider == null ? new DefaultOAuthValidator() : dataProvider;
+    }
+    
 }



Mime
View raw message