cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1364666 - in /cxf/branches/2.5.x-fixes: ./ rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/ rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/
Date Mon, 23 Jul 2012 14:59:46 GMT
Author: sergeyb
Date: Mon Jul 23 14:59:45 2012
New Revision: 1364666

URL: http://svn.apache.org/viewvc?rev=1364666&view=rev
Log:
Merged revisions 1362993 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes

................
  r1362993 | sergeyb | 2012-07-18 17:03:19 +0100 (Wed, 18 Jul 2012) | 13 lines
  
  Merged revisions 1362988,1362991 via svnmerge from 
  https://svn.apache.org/repos/asf/cxf/trunk
  
  ........
    r1362988 | sergeyb | 2012-07-18 16:52:07 +0100 (Wed, 18 Jul 2012) | 1 line
    
    [CXF-4428] Optionally reporting oAuth 1.0 error details, using 400 by default, 401 if
no client is found, mostly in line with the 1.0 spec, consistent with 2.0 too
  ........
    r1362991 | sergeyb | 2012-07-18 16:53:50 +0100 (Wed, 18 Jul 2012) | 1 line
    
    Minor updates to OAuth2 module, with the code to report new invalid_client error condition
to be updated later
  ........
................

Modified:
    cxf/branches/2.5.x-fixes/   (props changed)
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
    cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java

Propchange: cxf/branches/2.5.x-fixes/
------------------------------------------------------------------------------
  Merged /cxf/trunk:r1362988-1362991
  Merged /cxf/branches/2.6.x-fixes:r1362993

Propchange: cxf/branches/2.5.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java?rev=1364666&r1=1364665&r2=1364666&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
Mon Jul 23 14:59:45 2012
@@ -35,13 +35,15 @@ public abstract class AbstractOAuthServi
     
     private OAuthDataProvider dataProvider;
     private OAuthValidator validator = new DefaultOAuthValidator();
-
+    private boolean reportFailureDetails; 
+    
     @Context 
     public void setMessageContext(MessageContext context) {
         this.mc = context;    
     }
     
     public MessageContext getMessageContext() {
+        mc.put(OAuthUtils.REPORT_FAILURE_DETAILS, reportFailureDetails);
         return mc;
     }
     

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java?rev=1364666&r1=1364665&r2=1364666&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
Mon Jul 23 14:59:45 2012
@@ -38,6 +38,7 @@ import org.apache.cxf.rs.security.oauth.
 import org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
 
@@ -97,19 +98,19 @@ public class AccessTokenHandler {
             return Response.ok(responseString).build();
 
         } catch (OAuthProblemException e) {
-            if (LOG.isLoggable(Level.WARNING)) {
-                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
-            }
+            LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
             int code = e.getHttpStatusCode();
-            if (code == 200) {
-                code = HttpServletResponse.SC_UNAUTHORIZED; 
+            if (code == HttpServletResponse.SC_OK) {
+                code = e.getProblem() == OAuth.Problems.CONSUMER_KEY_UNKNOWN
+                    ? 401 : 400;
             }
-            return OAuthUtils.handleException(e, code, String.valueOf(e.getParameters().get("realm")));
+            return OAuthUtils.handleException(mc, e, code);
+        } catch (OAuthServiceException e) {
+            return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_BAD_REQUEST);
         } catch (Exception e) {
-            if (LOG.isLoggable(Level.WARNING)) {
-                LOG.log(Level.WARNING, "Server Exception: {0}", new Object[] {e.fillInStackTrace()});
-            }
-            return OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+            LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
+                new Object[] {e.fillInStackTrace()});
+            return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
         }
     }
 }

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1364666&r1=1364665&r2=1364666&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
Mon Jul 23 14:59:45 2012
@@ -53,6 +53,7 @@ import org.apache.cxf.rs.security.oauth.
 import org.apache.cxf.rs.security.oauth.data.UserSubject;
 import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
 import org.apache.cxf.security.LoginSecurityContext;
@@ -141,19 +142,19 @@ public class AuthorizationRequestHandler
             return Response.seeOther(callback).build();
             
         } catch (OAuthProblemException e) {
-            if (LOG.isLoggable(Level.WARNING)) {
-                LOG.log(Level.WARNING, "An OAuth related problem: {0}", new Object[]{e.fillInStackTrace()});
-            }
+            LOG.log(Level.WARNING, "An OAuth related problem: {0}", new Object[]{e.fillInStackTrace()});
             int code = e.getHttpStatusCode();
-            if (code == 200) {
-                code = HttpServletResponse.SC_UNAUTHORIZED; 
-            }
-            return OAuthUtils.handleException(e, code, String.valueOf(e.getParameters().get("realm")));
+            if (code == HttpServletResponse.SC_OK) {
+                code = e.getProblem() == OAuth.Problems.CONSUMER_KEY_UNKNOWN
+                    ? 401 : 400;
+            }
+            return OAuthUtils.handleException(mc, e, code);
+        } catch (OAuthServiceException e) {
+            return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_BAD_REQUEST);
         } catch (Exception e) {
-            if (LOG.isLoggable(Level.SEVERE)) {
-                LOG.log(Level.SEVERE, "Server exception: {0}", new Object[]{e.fillInStackTrace()});
-            }
-            return OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+            LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
+                new Object[] {e.fillInStackTrace()});
+            return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
         }
     }
 

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1364666&r1=1364665&r2=1364666&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
Mon Jul 23 14:59:45 2012
@@ -39,6 +39,7 @@ import org.apache.cxf.rs.security.oauth.
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
 import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
 import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
 
@@ -104,20 +105,19 @@ public class RequestTokenHandler {
 
             return Response.ok(responseBody).build();
         } catch (OAuthProblemException e) {
-            if (LOG.isLoggable(Level.WARNING)) {
-                LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
-            }
+            LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new Object[] {e.fillInStackTrace()});
             int code = e.getHttpStatusCode();
-            if (code == 200) {
-                code = HttpServletResponse.SC_UNAUTHORIZED; 
+            if (code == HttpServletResponse.SC_OK) {
+                code = e.getProblem() == OAuth.Problems.CONSUMER_KEY_UNKNOWN
+                    ? 401 : 400; 
             }
-            return OAuthUtils.handleException(e, code, String.valueOf(e.getParameters().get("realm")));
+            return OAuthUtils.handleException(mc, e, code);
+        } catch (OAuthServiceException e) {
+            return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_BAD_REQUEST);
         } catch (Exception e) {
-            if (LOG.isLoggable(Level.SEVERE)) {
-                LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
-                    new Object[] {e.fillInStackTrace()});
-            }
-            return OAuthUtils.handleException(e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+            LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
+                new Object[] {e.fillInStackTrace()});
+            return OAuthUtils.handleException(mc, e, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
         }
     }
 

Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1364666&r1=1364665&r2=1364666&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
(original)
+++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Mon Jul 23 14:59:45 2012
@@ -35,6 +35,7 @@ import javax.ws.rs.WebApplicationExcepti
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
 
 import net.oauth.OAuth;
 import net.oauth.OAuthAccessor;
@@ -50,6 +51,7 @@ import org.apache.cxf.jaxrs.ext.MessageC
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.jaxrs.model.URITemplate;
 import org.apache.cxf.jaxrs.utils.FormUtils;
+import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.apache.cxf.rs.security.oauth.data.Client;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
@@ -61,6 +63,7 @@ import org.apache.cxf.rs.security.oauth.
  * Various utility methods 
  */
 public final class OAuthUtils {
+    public static final String REPORT_FAILURE_DETAILS = "report.failure.details";
 
     private OAuthUtils() {
     }
@@ -155,27 +158,14 @@ public final class OAuthUtils {
     }
     
     
-    public static Response handleException(Exception e, int status) {
-        return handleException(e, status, null);
-    }
-
-    public static Response handleException(Exception e, int status,
-                                           String realm) {
-        if (e instanceof OAuthProblemException) {
-            OAuthProblemException problem = (OAuthProblemException) e;
-            OAuthMessage message = new OAuthMessage(null, null, problem
-                    .getParameters().entrySet());
-            try {
-                return
-                        Response.status(status).header("WWW-Authenticate",
-                                message.getAuthorizationHeader(realm)).entity(e.getMessage()).build();
-            } catch (IOException e1) {
-                throw new WebApplicationException(
-                        Response.status(status).entity(e.getMessage()).build());
-            }
+    public static Response handleException(MessageContext mc, 
+                                           Exception e, 
+                                           int status) {
+        ResponseBuilder builder = Response.status(status);
+        if (MessageUtils.isTrue(mc.get(REPORT_FAILURE_DETAILS))) {
+            builder.entity(e.getMessage());
         }
-        throw new WebApplicationException(
-                Response.status(status).entity(e.getMessage()).build());
+        throw new WebApplicationException(builder.build());
     }
 
     public static List<String> parseParamValue(String paramValue, String defaultValue)




Mime
View raw message