cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1365541 - in /cxf/branches/2.6.x-fixes: ./ rt/rs/security/oauth-parent/oauth2/ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/se...
Date Wed, 25 Jul 2012 11:55:09 GMT
Author: sergeyb
Date: Wed Jul 25 11:55:08 2012
New Revision: 1365541

URL: http://svn.apache.org/viewvc?rev=1365541&view=rev
Log:
Merged revisions 1365160,1365332 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1365160 | sergeyb | 2012-07-24 17:21:07 +0100 (Tue, 24 Jul 2012) | 1 line
  
  [CXF-4431] Initial OAuth2 MAC token support, applying a modified patch from Sasi M - thanks
........
  r1365332 | sergeyb | 2012-07-24 23:55:49 +0100 (Tue, 24 Jul 2012) | 1 line
  
  [CXF-4431] Aligning the code with the MAC spec draft v5
........

Added:
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/HttpRequestProperties.java
      - copied unchanged from r1365160, cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/HttpRequestProperties.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/
      - copied from r1365160, cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacAlgorithm.java
      - copied unchanged from r1365160, cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacAlgorithm.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacUtils.java
      - copied unchanged from r1365160, cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/HmacUtils.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java
      - copied unchanged from r1365160, cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessToken.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java
      - copied unchanged from r1365160, cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAccessTokenValidator.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
      - copied, changed from r1365160, cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/NonceVerifier.java
      - copied unchanged from r1365160, cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/NonceVerifier.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/
      - copied from r1365160, cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/
      - copied from r1365160, cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java
      - copied unchanged from r1365160, cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/token/mac/MacAccessTokenValidatorTest.java
Modified:
    cxf/branches/2.6.x-fixes/   (props changed)
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/pom.xml
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java

Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
  Merged /cxf/trunk:r1365160,1365332

Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/pom.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/pom.xml?rev=1365541&r1=1365540&r2=1365541&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/pom.xml (original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/pom.xml Wed Jul 25 11:55:08
2012
@@ -53,6 +53,11 @@
             <artifactId>junit</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.easymock</groupId>
+            <artifactId>easymock</artifactId>
+            <scope>test</scope>
+        </dependency>  
     </dependencies>
     
 </project>

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java?rev=1365541&r1=1365540&r2=1365541&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
Wed Jul 25 11:55:08 2012
@@ -36,6 +36,7 @@ import org.apache.cxf.rs.security.oauth2
 import org.apache.cxf.rs.security.oauth2.common.OAuthError;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.tokens.mac.MacAuthorizationScheme;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 
 /**
@@ -212,6 +213,9 @@ public final class OAuthClientUtils {
             if (expiresInStr != null) {
                 token.setExpiresIn(Long.valueOf(expiresInStr));
             }
+            String issuedAtStr = map.remove(OAuthConstants.ACCESS_TOKEN_ISSUED_AT);
+            token.setIssuedAt(issuedAtStr != null ? Long.valueOf(issuedAtStr)
+                                                  : System.currentTimeMillis() / 1000);
             String scope = map.remove(OAuthConstants.SCOPE);
             if (scope != null) {
                 token.setApprovedScope(scope);
@@ -225,7 +229,7 @@ public final class OAuthClientUtils {
     }
     
     /**
-     * Creates OAuth Authorization header for accessing the end user's resources
+     * Creates OAuth Authorization header with Bearer scheme
      * @param consumer represents the registered client
      * @param accessToken the access token  
      * @return the header value
@@ -234,21 +238,46 @@ public final class OAuthClientUtils {
                                                    ClientAccessToken accessToken)
         throws OAuthServiceException {
         StringBuilder sb = new StringBuilder();
-        appendTokenData(sb, accessToken);  
+        appendTokenData(sb, accessToken, null);  
         return sb.toString();
     }
     
-
-    private static void appendTokenData(StringBuilder sb, ClientAccessToken token) 
+    /**
+     * Creates OAuth Authorization header with the scheme that
+     * may require an access to the current HTTP request properties
+     * @param consumer represents the registered client
+     * @param accessToken the access token  
+     * @param httpProps http request properties, can be null for Bearer tokens
+     * @return the header value
+     */
+    public static String createAuthorizationHeader(Consumer consumer,
+                                                   ClientAccessToken accessToken,
+                                                   HttpRequestProperties httpProps)
+        throws OAuthServiceException {
+        StringBuilder sb = new StringBuilder();
+        appendTokenData(sb, accessToken, httpProps);  
+        return sb.toString();
+    }
+    
+    private static void appendTokenData(StringBuilder sb, 
+                                        ClientAccessToken token,
+                                        HttpRequestProperties httpProps) 
         throws OAuthServiceException {
         // this should all be handled by token specific serializers
         if (OAuthConstants.BEARER_TOKEN_TYPE.equals(token.getTokenType())) {
             sb.append(OAuthConstants.BEARER_AUTHORIZATION_SCHEME);
             sb.append(" ");
             sb.append(token.getTokenKey());
+        } else if (OAuthConstants.MAC_TOKEN_TYPE.equals(token.getTokenType())) {
+            if (httpProps == null) {
+                throw new IllegalArgumentException("MAC scheme requires HTTP Request properties");
+            }
+            MacAuthorizationScheme macAuthData = new MacAuthorizationScheme(httpProps, token);
+            String macAlgo = token.getParameters().get(OAuthConstants.MAC_TOKEN_ALGORITHM);
+            String macSecret = token.getParameters().get(OAuthConstants.MAC_TOKEN_SECRET);
+            sb.append(macAuthData.toAuthorizationHeader(macAlgo, macSecret));
         } else {
-            // deal with MAC and other tokens
-            throw new OAuthServiceException("Unsupported token type");
+            throw new ClientWebApplicationException(new OAuthServiceException("Unsupported
token type"));
         }
         
     }

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java?rev=1365541&r1=1365540&r2=1365541&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessToken.java
Wed Jul 25 11:55:08 2012
@@ -18,7 +18,7 @@
  */
 package org.apache.cxf.rs.security.oauth2.common;
 
-import java.util.Collections;
+import java.util.LinkedHashMap;
 import java.util.Map;
 
 /**
@@ -28,12 +28,25 @@ public abstract class AccessToken {
 
     private String tokenKey;
     private String tokenType;
-    private Map<String, String> parameters = Collections.emptyMap();
+    private String refreshToken;
+    private long expiresIn = -1;
+    private long issuedAt = -1;
+    
+    
+    private Map<String, String> parameters = new LinkedHashMap<String, String>();
     
     protected AccessToken(String tokenType, String tokenKey) {
         this.tokenType = tokenType;
         this.tokenKey = tokenKey;
     }
+    
+    protected AccessToken(String tokenType, String tokenKey,
+                          long expiresIn, long issuedAt) {
+        this.tokenType = tokenType;
+        this.tokenKey = tokenKey;
+        this.expiresIn = expiresIn;
+        this.issuedAt = issuedAt;
+    }
 
     /**
      * Returns the token type such as bearer, mac, etc
@@ -52,14 +65,24 @@ public abstract class AccessToken {
     }
 
     /**
-     * Sets token parameters
-     * @param parameters the token parameters
+     * Sets the refresh token key the client can use to obtain a new
+     * access token
+     * @param refreshToken the refresh token
      */
-    public void setParameters(Map<String, String> parameters) {
-        this.parameters = parameters;
+    public void setRefreshToken(String refreshToken) {
+        this.refreshToken = refreshToken;
     }
 
     /**
+     * Gets the refresh token key the client can use to obtain a new
+     * access token
+     * @return the refresh token
+     */
+    public String getRefreshToken() {
+        return refreshToken;
+    }
+    
+    /**
      * Gets token parameters 
      * @return
      */
@@ -67,4 +90,33 @@ public abstract class AccessToken {
         return parameters;
     }
 
+    /**
+     * The token lifetime
+     * @return the lifetime, -1 means no 'expires_in' parameter was returned
+     */
+    public long getExpiresIn() {
+        return expiresIn;
+    }
+
+    public void setExpiresIn(long expiresIn) {
+        this.expiresIn = expiresIn;
+    }
+
+    public long getIssuedAt() {
+        return issuedAt;
+    }
+
+    // Can be set at the server or at the moment 
+    // the token is deserialized on the client
+    public void setIssuedAt(long issuedAt) {
+        this.issuedAt = issuedAt;
+    }
+    
+    /**
+     * Sets additional token parameters
+     * @param parameters the token parameters
+     */
+    public void setParameters(Map<String, String> parameters) {
+        this.parameters = parameters;
+    }
 }

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java?rev=1365541&r1=1365540&r2=1365541&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ClientAccessToken.java
Wed Jul 25 11:55:08 2012
@@ -29,9 +29,7 @@ package org.apache.cxf.rs.security.oauth
 public class ClientAccessToken extends AccessToken {
 
     private String scope;
-    private String rToken;
-    private long expiresIn = -1;
-    
+        
     public ClientAccessToken(String tokenType, String tokenKey) {
         super(tokenType, tokenKey);
     }
@@ -54,34 +52,4 @@ public class ClientAccessToken extends A
         return scope;
     }
 
-    /**
-     * Sets the refresh token key the client can use to obtain a new
-     * access token
-     * @param refreshToken the refresh token
-     */
-    public void setRefreshToken(String refreshToken) {
-        this.rToken = refreshToken;
-    }
-
-    /**
-     * Gets the refresh token key the client can use to obtain a new
-     * access token
-     * @return the refresh token
-     */
-    public String getRefreshToken() {
-        return rToken;
-    }
-
-    /**
-     * The token lifetime
-     * @return the lifetime, -1 means no 'expires_in' parameter was returned
-     */
-    public long getExpiresIn() {
-        return expiresIn;
-    }
-
-    public void setExpiresIn(long expiresIn) {
-        this.expiresIn = expiresIn;
-    }
-
 }

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java?rev=1365541&r1=1365540&r2=1365541&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
Wed Jul 25 11:55:08 2012
@@ -26,8 +26,6 @@ import java.util.List;
  */
 public abstract class ServerAccessToken extends AccessToken {
     private String grantType;
-    private long issuedAt;
-    private long lifetime;
     private Client client;
     private List<OAuthPermission> scopes = Collections.emptyList();
     private UserSubject subject;
@@ -35,12 +33,10 @@ public abstract class ServerAccessToken 
     protected ServerAccessToken(Client client, 
                                         String tokenType,
                                         String tokenKey,
-                                        long lifetime, 
+                                        long expiresIn, 
                                         long issuedAt) {
-        super(tokenType, tokenKey);
+        super(tokenType, tokenKey, expiresIn, issuedAt);
         this.client = client;
-        this.lifetime = lifetime;
-        this.issuedAt = issuedAt;
     }
 
     /**
@@ -51,20 +47,13 @@ public abstract class ServerAccessToken 
         return client;
     }
 
-    /**
-     * Returns the time (in seconds) when this token was issued at
-     * @return the seconds
-     */
-    public long getIssuedAt() {
-        return issuedAt;
-    }
-
+    @Deprecated
     /**
      * Returns the number of seconds this token can be valid after it was issued
      * @return the seconds
      */
     public long getLifetime() {
-        return lifetime;
+        return getExpiresIn();
     }
 
     /**

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java?rev=1365541&r1=1365540&r2=1365541&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
Wed Jul 25 11:55:08 2012
@@ -24,6 +24,7 @@ import java.util.List;
 import javax.ws.rs.core.HttpHeaders;
 
 import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
 import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
@@ -37,7 +38,9 @@ public class AccessTokenValidatorClient 
         return Collections.singletonList(OAuthConstants.ALL_AUTH_SCHEMES);
     }
 
-    public AccessTokenValidation validateAccessToken(String authScheme, String authSchemeData)

+    public AccessTokenValidation validateAccessToken(MessageContext mc,
+                                                     String authScheme, 
+                                                     String authSchemeData) 
         throws OAuthServiceException {
         WebClient client = WebClient.fromClient(tokenValidatorClient, true);
         client.header(HttpHeaders.AUTHORIZATION, authScheme + " " + authSchemeData);

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java?rev=1365541&r1=1365540&r2=1365541&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java
Wed Jul 25 11:55:08 2012
@@ -21,10 +21,13 @@ package org.apache.cxf.rs.security.oauth
 
 import java.util.List;
 
+import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
 
 public interface AccessTokenValidator {
     List<String> getSupportedAuthorizationSchemes();
-    AccessTokenValidation validateAccessToken(String authScheme, String authSchemeData)
+    AccessTokenValidation validateAccessToken(MessageContext mc,
+                                              String authScheme, 
+                                              String authSchemeData)
         throws OAuthServiceException;
 }

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java?rev=1365541&r1=1365540&r2=1365541&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java
Wed Jul 25 11:55:08 2012
@@ -24,7 +24,7 @@ import java.io.OutputStream;
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Type;
 import java.util.Collections;
-import java.util.HashMap;
+import java.util.LinkedHashMap;
 import java.util.Map;
 
 import javax.ws.rs.Consumes;
@@ -160,7 +160,7 @@ public class OAuthJSONProvider implement
         if (!str.startsWith("{") || !str.endsWith("}")) {
             throw new ClientWebApplicationException("JSON Sequence is broken");
         }
-        Map<String, String> map = new HashMap<String, String>();
+        Map<String, String> map = new LinkedHashMap<String, String>();
         
         str = str.substring(1, str.length() - 1).trim();
         String[] jsonPairs = str.split(",");

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java?rev=1365541&r1=1365540&r2=1365541&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
Wed Jul 25 11:55:08 2012
@@ -103,7 +103,7 @@ public abstract class AbstractAccessToke
         if (handler != null) {
             try {
                 // Convert the HTTP Authorization scheme data into a token
-                accessTokenV = handler.validateAccessToken(authScheme, authSchemeData);
+                accessTokenV = handler.validateAccessToken(mc, authScheme, authSchemeData);
             } catch (OAuthServiceException ex) {
                 AuthorizationUtils.throwAuthorizationFailure(
                     Collections.singleton(authScheme));
@@ -136,9 +136,5 @@ public abstract class AbstractAccessToke
         return accessTokenV;
     }
     
-    @Deprecated
-    public void setGrantHandlers(List<AccessTokenValidator> validators) {
-        setTokenValidators(validators);
-    }
     
 }

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java?rev=1365541&r1=1365540&r2=1365541&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
Wed Jul 25 11:55:08 2012
@@ -108,8 +108,9 @@ public class AccessTokenService extends 
         // Extract the information to be of use for the client
         ClientAccessToken clientToken = new ClientAccessToken(serverToken.getTokenType(),
                                                               serverToken.getTokenKey());
+        clientToken.setRefreshToken(serverToken.getRefreshToken());
         if (writeOptionalParameters) {
-            clientToken.setExpiresIn(serverToken.getLifetime());
+            clientToken.setExpiresIn(serverToken.getExpiresIn());
             List<OAuthPermission> perms = serverToken.getScopes();
             if (!perms.isEmpty()) {
                 clientToken.setApprovedScope(OAuthUtils.convertPermissionsToScope(perms));
   
@@ -117,8 +118,6 @@ public class AccessTokenService extends 
             clientToken.setParameters(serverToken.getParameters());
         }
         
-        //TODO: also set a refresh token if any
-        
         // Return it to the client
         return Response.ok(clientToken)
                        .header(HttpHeaders.CACHE_CONTROL, "no-store")

Copied: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
(from r1365160, cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java)
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java?p2=cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java&p1=cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java&r1=1365160&r2=1365541&rev=1365541&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/mac/MacAuthorizationScheme.java
Wed Jul 25 11:55:08 2012
@@ -40,14 +40,14 @@ public class MacAuthorizationScheme {
         this.props = props;
         this.macKey = token.getTokenKey();
         this.timestamp = Long.toString(System.currentTimeMillis());
-        this.nonce = generateNonce();
+        this.nonce = generateNonce(token.getIssuedAt());
     }
     
     public MacAuthorizationScheme(HttpRequestProperties props,
                                   Map<String, String> schemeParams) {
         this.props = props;
-        this.macKey = schemeParams.get(OAuthConstants.MAC_TOKEN_KEY);
-        this.timestamp = schemeParams.get(OAuthConstants.MAC_TOKEN_TIMESTAMP);
+        this.macKey = schemeParams.get(OAuthConstants.MAC_TOKEN_ID);
+        this.timestamp = schemeParams.get(OAuthConstants.MAC_TOKEN_EXTENSION);
         this.nonce = schemeParams.get(OAuthConstants.MAC_TOKEN_NONCE);
     }
     
@@ -70,10 +70,12 @@ public class MacAuthorizationScheme {
         
         StringBuilder sb = new StringBuilder();
         sb.append(OAuthConstants.MAC_AUTHORIZATION_SCHEME).append(" ");
-        addParameter(sb, OAuthConstants.MAC_TOKEN_KEY, macKey, false);
-        addParameter(sb, OAuthConstants.MAC_TOKEN_TIMESTAMP, timestamp, false);
+        addParameter(sb, OAuthConstants.MAC_TOKEN_ID, macKey, false);
         addParameter(sb, OAuthConstants.MAC_TOKEN_NONCE, nonce, false);
-        addParameter(sb, OAuthConstants.MAC_TOKEN_SIGNATURE, signature, true);
+        addParameter(sb, OAuthConstants.MAC_TOKEN_SIGNATURE, signature, false);
+        // lets pass a timestamp via an extension parameter
+        addParameter(sb, OAuthConstants.MAC_TOKEN_EXTENSION, timestamp, false);
+        
         
         return sb.toString();
     }
@@ -87,20 +89,20 @@ public class MacAuthorizationScheme {
     }
     
     public String getNormalizedRequestString() {
+        String requestURI = props.getRequestPath();
+        if (!StringUtils.isEmpty(props.getRequestQuery())) {
+            requestURI += "?" + normalizeQuery(props.getRequestQuery());
+        }
+        
         
-        String value = macKey + SEPARATOR 
-            + timestamp + SEPARATOR 
-            + nonce + SEPARATOR 
-            + props.getHttpMethod().toUpperCase() + SEPARATOR 
+        String value = nonce + SEPARATOR
+            + props.getHttpMethod().toUpperCase() + SEPARATOR
+            + requestURI + SEPARATOR 
             + props.getHostName() + SEPARATOR 
             + props.getPort() + SEPARATOR
-            + props.getRequestPath() + SEPARATOR;
+            + "" + SEPARATOR
+            + timestamp + SEPARATOR;
 
-        if (!StringUtils.isEmpty(props.getRequestQuery())) {
-            value += normalizeQuery(props.getRequestQuery()) + SEPARATOR;
-        }
-            
-        value += SEPARATOR;
         return value;
     }
     
@@ -108,10 +110,16 @@ public class MacAuthorizationScheme {
         return query;
     }
     
-    private static String generateNonce() {
+    private static String generateNonce(long issuedAt) {
+        long ageInSecs = System.currentTimeMillis() / 1000 - issuedAt;
+        if (ageInSecs == 0) {
+            ageInSecs = 1;
+        }
         byte[] randomBytes = new byte[20];
         new SecureRandom().nextBytes(randomBytes);
-        return Base64Utility.encode(randomBytes);
+        String random = Base64Utility.encode(randomBytes);
+        
+        return Long.toString(ageInSecs) + ":" + random;
     }
 
 }

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1365541&r1=1365540&r2=1365541&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
Wed Jul 25 11:55:08 2012
@@ -48,11 +48,25 @@ public final class OAuthConstants {
     public static final String BEARER_TOKEN_TYPE = "bearer";
     public static final String MAC_TOKEN_TYPE = "mac";
     
+    // MAC token parameters
+    // Set by Access Token Service
+    public static final String MAC_TOKEN_SECRET = "secret";
+    public static final String MAC_TOKEN_ALGORITHM = "algorithm";
+    public static final String MAC_TOKEN_ALGO_HMAC_SHA_1 = "hmac-sha-1";
+    public static final String MAC_TOKEN_ALGO_HMAC_SHA_256 = "hmac-sha-256";
+    
+    // Set in Authorization header
+    public static final String MAC_TOKEN_ID = "id";
+    public static final String MAC_TOKEN_EXTENSION = "ext";
+    public static final String MAC_TOKEN_NONCE = "nonce";
+    public static final String MAC_TOKEN_SIGNATURE = "mac";
+    
     // Token Authorization schemes
     public static final String BEARER_AUTHORIZATION_SCHEME = "Bearer";
-    public static final String MAC_AUTHORIZATION_SCHEME = "Mac";
+    public static final String MAC_AUTHORIZATION_SCHEME = "MAC";
     public static final String ALL_AUTH_SCHEMES = "*";
 
+    
     // Default Client Authentication Scheme
     public static final String BASIC_SCHEME = "Basic";
     
@@ -83,6 +97,12 @@ public final class OAuthConstants {
     public static final String INVALID_SCOPE = "invalid_scope";
     public static final String ACCESS_DENIED = "access_denied";
     
+    // CXF-Specific parameters
+    public static final String ACCESS_TOKEN_ISSUED_AT = "issued_at";
+    // End Of CXF-Specific
+    
+    
+    
     private OAuthConstants() {
     }
     

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java?rev=1365541&r1=1365540&r2=1365541&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProviderTest.java
Wed Jul 25 11:55:08 2012
@@ -22,12 +22,14 @@ import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.lang.annotation.Annotation;
 import java.util.Collections;
+import java.util.LinkedHashMap;
 import java.util.Map;
 
 import javax.ws.rs.core.MediaType;
 
 import org.apache.cxf.jaxrs.impl.MetadataMap;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 
 import org.junit.Assert;
 import org.junit.Test;
@@ -35,8 +37,8 @@ import org.junit.Test;
 public class OAuthJSONProviderTest extends Assert {
 
     @Test
-    public void testWriteClientAccessToken() throws Exception {
-        ClientAccessToken token = new ClientAccessToken("bearer", "1234");
+    public void testWriteBearerClientAccessToken() throws Exception {
+        ClientAccessToken token = new ClientAccessToken(OAuthConstants.BEARER_TOKEN_TYPE,
"1234");
         token.setExpiresIn(12345);
         token.setRefreshToken("5678");
         token.setApprovedScope("read");
@@ -51,11 +53,11 @@ public class OAuthJSONProviderTest exten
                          MediaType.APPLICATION_JSON_TYPE, 
                          new MetadataMap<String, Object>(), 
                          bos);
-        doReadClientAccessToken(bos.toString());
+        doReadClientAccessToken(bos.toString(), OAuthConstants.BEARER_TOKEN_TYPE, token.getParameters());
     }
     
     @Test
-    public void testReadClientAccessToken() throws Exception {
+    public void testReadBearerClientAccessToken() throws Exception {
         String response = 
             "{"
             + "\"access_token\":\"1234\","
@@ -65,13 +67,17 @@ public class OAuthJSONProviderTest exten
             + "\"scope\":\"read\","
             + "\"my_parameter\":\"abc\""
             + "}";
-        doReadClientAccessToken(response);
+        doReadClientAccessToken(response, OAuthConstants.BEARER_TOKEN_TYPE,
+                                Collections.singletonMap("my_parameter", "abc"));
     }
     
     @SuppressWarnings({
         "unchecked", "rawtypes"
     })
-    public void doReadClientAccessToken(String response) throws Exception {
+    
+    public ClientAccessToken doReadClientAccessToken(String response, 
+                                        String expectedTokenType,
+                                        Map<String, String> expectedParams) throws
Exception {
         OAuthJSONProvider provider = new OAuthJSONProvider();
         ClientAccessToken token = (ClientAccessToken)provider.readFrom((Class)ClientAccessToken.class,

                           ClientAccessToken.class, 
@@ -80,15 +86,54 @@ public class OAuthJSONProviderTest exten
                           new MetadataMap<String, String>(), 
                           new ByteArrayInputStream(response.getBytes()));
         assertEquals("1234", token.getTokenKey());
-        assertEquals("bearer", token.getTokenType());
+        assertEquals(expectedTokenType, token.getTokenType());
         assertEquals("5678", token.getRefreshToken());
         assertEquals(12345, token.getExpiresIn());
         assertEquals("read", token.getApprovedScope());
         Map<String, String> extraParams = token.getParameters();
-        assertEquals(1, extraParams.size());
+        if (expectedParams != null) {
+            assertEquals(expectedParams, extraParams);
+        }
         assertEquals("abc", extraParams.get("my_parameter"));
+        
+        return token;
+        
     }
     
+    @Test
+    public void testWriteMacClientAccessToken() throws Exception {
+        ClientAccessToken token = new ClientAccessToken("mac", "1234");
+        token.setExpiresIn(12345);
+        token.setRefreshToken("5678");
+        token.setApprovedScope("read");
+        Map<String, String> params = new LinkedHashMap<String, String>();
+        params.put(OAuthConstants.MAC_TOKEN_SECRET, "test_mac_secret");
+        params.put(OAuthConstants.MAC_TOKEN_ALGORITHM, OAuthConstants.MAC_TOKEN_ALGO_HMAC_SHA_1);
+        params.put("my_parameter", "abc");
+        
+        token.setParameters(params);
+        
+        OAuthJSONProvider provider = new OAuthJSONProvider();
+        ByteArrayOutputStream bos = new ByteArrayOutputStream();
+        provider.writeTo(token, ClientAccessToken.class, ClientAccessToken.class, new Annotation[]
{},
+                         MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, Object>(),
bos);
+        doReadClientAccessToken(bos.toString(), 
+                                OAuthConstants.MAC_TOKEN_TYPE,
+                                params);
+        
+    }
     
+    @Test
+    public void testReadMacClientAccessToken() throws Exception {
+        String response = "{" + "\"access_token\":\"1234\"," + "\"token_type\":\"mac\","
+            + "\"refresh_token\":\"5678\"," + "\"expires_in\":12345," + "\"scope\":\"read\","
+            + "\"secret\":\"adijq39jdlaska9asud\"," + "\"algorithm\":\"hmac-sha-256\","
+            + "\"my_parameter\":\"abc\"" + "}";
+        ClientAccessToken macToken = doReadClientAccessToken(response, "mac", null);
+        assertEquals("adijq39jdlaska9asud", 
+                     macToken.getParameters().get(OAuthConstants.MAC_TOKEN_SECRET));
+        assertEquals("hmac-sha-256",
+                     macToken.getParameters().get(OAuthConstants.MAC_TOKEN_ALGORITHM));
+    }
     
 }



Mime
View raw message