cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1414831 - in /cxf/branches/2.6.x-fixes: ./ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/ rt/rs/securit...
Date Wed, 28 Nov 2012 17:20:09 GMT
Author: sergeyb
Date: Wed Nov 28 17:20:08 2012
New Revision: 1414831

URL: http://svn.apache.org/viewvc?rev=1414831&view=rev
Log:
Merged revisions 1414658,1414699 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1414658 | sergeyb | 2012-11-28 13:02:27 +0000 (Wed, 28 Nov 2012) | 1 line
  
  Minor modifications to the Oauth2 code
........
  r1414699 | sergeyb | 2012-11-28 14:08:28 +0000 (Wed, 28 Nov 2012) | 1 line
  
  Updating the client cred grant to use the clients subject as the resource owner subject
........

Modified:
    cxf/branches/2.6.x-fixes/   (props changed)
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrant.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthContextUtils.java

Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
  Merged /cxf/trunk:r1414658,1414699

Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java?rev=1414831&r1=1414830&r2=1414831&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
Wed Nov 28 17:20:08 2012
@@ -28,27 +28,37 @@ import java.util.List;
  */
 public class OAuthContext {
 
-    private UserSubject subject;
-    private List<OAuthPermission> permissions;
+    private UserSubject resourceOwnerSubject;
+    private UserSubject clientSubject;
+    private List<OAuthPermission> tokenPermissions;
     private String tokenGrantType;
     private String clientId;
     private String tokenKey;
     
-    public OAuthContext(UserSubject subject, 
+    public OAuthContext(UserSubject resourceOwnerSubject,
+                        UserSubject clientSubject,
                         List<OAuthPermission> perms,
                         String tokenGrantType) {
-        this.subject = subject;
-        this.permissions = perms;
+        this.resourceOwnerSubject = resourceOwnerSubject;
+        this.clientSubject = clientSubject;
+        this.tokenPermissions = perms;
         this.tokenGrantType = tokenGrantType;
     }
    
     /**
-     * Gets the {@link UserSubject} representing the end user authorizing the client 
-     * at the authorization grant creation time 
+     * Gets the {@link UserSubject} representing the resource owner
      * @return the subject
      */
     public UserSubject getSubject() {
-        return subject;
+        return resourceOwnerSubject;
+    }
+    
+    /**
+     * Gets the {@link UserSubject} representing the client
+     * @return the subject
+     */
+    public UserSubject getClientSubject() {
+        return clientSubject;
     }
     
     /**
@@ -56,7 +66,7 @@ public class OAuthContext {
      * @return the permissions
      */
     public List<OAuthPermission> getPermissions() {
-        return Collections.unmodifiableList(permissions);
+        return Collections.unmodifiableList(tokenPermissions);
     }
 
     /**

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java?rev=1414831&r1=1414830&r2=1414831&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
Wed Nov 28 17:20:08 2012
@@ -86,6 +86,7 @@ public class OAuthRequestFilter extends 
         
         // Also set the OAuthContext
         OAuthContext oauthContext = new OAuthContext(accessTokenV.getTokenSubject(),
+                                                     accessTokenV.getClientSubject(),
                                                      matchingPermissions,
                                                      accessTokenV.getTokenGrantType());
         
@@ -134,11 +135,11 @@ public class OAuthRequestFilter extends 
     
     protected SecurityContext createSecurityContext(HttpServletRequest request, 
                                                     AccessTokenValidation accessTokenV) {
-        UserSubject endUserSubject = accessTokenV.getTokenSubject();
+        UserSubject resourceOwnerSubject = accessTokenV.getTokenSubject();
         UserSubject clientSubject = accessTokenV.getClientSubject();
 
         final UserSubject theSubject = 
-            OAuthRequestFilter.this.useUserSubject ? endUserSubject : clientSubject;
+            OAuthRequestFilter.this.useUserSubject ? resourceOwnerSubject : clientSubject;
                     
         return new SecurityContext() {
 

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java?rev=1414831&r1=1414830&r2=1414831&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
Wed Nov 28 17:20:08 2012
@@ -41,10 +41,8 @@ public class ClientCredentialsGrantHandl
         throws OAuthServiceException {
         checkIfGrantSupported(client);
         
-        // the OAuth filter will use Client.getUserSubject() 
-        // to initialize the request security context
         return doCreateAccessToken(client, 
-                                   null, 
+                                   client.getSubject(), 
                                    OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)));
     }
 

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrant.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrant.java?rev=1414831&r1=1414830&r2=1414831&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrant.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrant.java
Wed Nov 28 17:20:08 2012
@@ -26,11 +26,17 @@ import org.apache.cxf.rs.security.oauth2
 
 public class RefreshTokenGrant implements AccessTokenGrant {
     private String refreshToken;
+    private String scope;
     
     public RefreshTokenGrant(String refreshToken) {
         this.refreshToken = refreshToken;
     }
     
+    public RefreshTokenGrant(String refreshToken, String scope) {
+        this.refreshToken = refreshToken;
+        this.scope = scope;
+    }
+    
     public String getType() {
         return OAuthConstants.REFRESH_TOKEN_GRANT;
     }
@@ -39,6 +45,9 @@ public class RefreshTokenGrant implement
         MultivaluedMap<String, String> map = new MetadataMap<String, String>();
         map.putSingle(OAuthConstants.GRANT_TYPE, OAuthConstants.REFRESH_TOKEN_GRANT);
         map.putSingle(OAuthConstants.REFRESH_TOKEN, refreshToken);
+        if (scope != null) {
+            map.putSingle(OAuthConstants.SCOPE, scope);
+        }
         return map;
     }
 

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthContextUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthContextUtils.java?rev=1414831&r1=1414830&r2=1414831&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthContextUtils.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthContextUtils.java
Wed Nov 28 17:20:08 2012
@@ -33,7 +33,7 @@ public final class OAuthContextUtils {
     
     /**
      * @param mc the {@link MessageContext}
-     * @return the name of the UserSubject of the logged in user
+     * @return the name of the UserSubject of the logged in user or resource owner
      * @throws WebApplicationException with Status 401 if not authenticated
      */
     public static String resolveUserName(final MessageContext mc) {
@@ -43,7 +43,7 @@ public final class OAuthContextUtils {
 
     /**
      * @param mc the {@link MessageContext}
-     * @return the list of roles of the logged in user
+     * @return the list of roles of the logged in user or resource owner
      * @throws WebApplicationException with Status 401 if not authenticated
      */
     public static List<String> resolveUserRoles(final MessageContext mc) {
@@ -96,7 +96,7 @@ public final class OAuthContextUtils {
 
     /**
      * @param mc the {@link MessageContext}
-     * @return the client the user is using to access
+     * @return the client registration id
      * @throws WebApplicationException with Status 401 if not authenticated
      */
     public static String resolveClient(MessageContext mc) {
@@ -106,9 +106,8 @@ public final class OAuthContextUtils {
 
     /**
      * @param mc the {@link MessageContext}
-     * @param client the desired client
-     * @throws WebApplicationException with Status 401 if not authenticated
-     * @throws WebApplicationException with Status 403 if user doesn't have needed role
+     * @param client the desired client registration id
+     * @throws WebApplicationException with Status 403 if the current client id is not valid
      */
     public static void assertClient(MessageContext mc, String client) {
         String cl = resolveClient(mc);



Mime
View raw message