cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1417413 - in /cxf/branches/2.6.x-fixes: ./ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/ rt/rs/...
Date Wed, 05 Dec 2012 13:30:41 GMT
Author: sergeyb
Date: Wed Dec  5 13:30:40 2012
New Revision: 1417413

URL: http://svn.apache.org/viewvc?rev=1417413&view=rev
Log:
Merged revisions 1417399-1417400 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1417399 | sergeyb | 2012-12-05 13:02:07 +0000 (Wed, 05 Dec 2012) | 1 line
  
  [CXF-4673] Updating OAuthDataProvider to accept requested scopes for refreshing tokens and
getting pre-authorized tokens
........
  r1417400 | sergeyb | 2012-12-05 13:05:54 +0000 (Wed, 05 Dec 2012) | 1 line
  
  Updating refresh grant handler not to enforce the refreshed token scope - up to the provider
........

Modified:
    cxf/branches/2.6.x-fixes/   (props changed)
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java

Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
  Merged /cxf/trunk:r1417399-1417400

Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java?rev=1417413&r1=1417412&r2=1417413&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
Wed Dec  5 13:30:40 2012
@@ -68,7 +68,7 @@ public abstract class AbstractGrantHandl
                                                     List<String> requestedScope) {
         // Check if a pre-authorized  token available
         ServerAccessToken token = dataProvider.getPreauthorizedToken(
-                                     client, subject, supportedGrant);
+                                     client, requestedScope, subject, supportedGrant);
         if (token != null) {
             return token;
         }

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java?rev=1417413&r1=1417412&r2=1417413&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
Wed Dec  5 13:30:40 2012
@@ -49,20 +49,8 @@ public class RefreshTokenGrantHandler im
             throw new OAuthServiceException(OAuthConstants.UNAUTHORIZED_CLIENT);    
         }
         String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN);
+        List<String> requestedScopes = OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE));
         
-        ServerAccessToken token = dataProvider.refreshAccessToken(client.getClientId(), 
-                                                                  refreshToken);
-        if (token == null) {
-            return null;
-        }
-        String scope = params.getFirst(OAuthConstants.SCOPE);
-        if (scope != null) {
-            List<String> tokenScopes = OAuthUtils.convertPermissionsToScopeList(token.getScopes());
-            if (!tokenScopes.containsAll(OAuthUtils.parseScope(scope))) {            
-                throw new OAuthServiceException(OAuthConstants.INVALID_SCOPE);
-            }
-        }
-        
-        return token;
+        return dataProvider.refreshAccessToken(client, refreshToken, requestedScopes);
     }
 }

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java?rev=1417413&r1=1417412&r2=1417413&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
Wed Dec  5 13:30:40 2012
@@ -61,21 +61,29 @@ public interface OAuthDataProvider {
     /**
      * Get preauthorized access token 
      * @param client Client
+     * @param requestedScopes the scopes requested by the client
      * @param subject End User subject 
      * @return AccessToken access token
      * @throws OAuthServiceException
      */
-    ServerAccessToken getPreauthorizedToken(Client client, UserSubject subject, String grantType)

+    ServerAccessToken getPreauthorizedToken(Client client,
+                                            List<String> requestedScopes,
+                                            UserSubject subject, 
+                                            String grantType) 
         throws OAuthServiceException;
     
     /**
      * Refresh access token 
-     * @param clientId the client id
+     * @param client the client
      * @param refreshToken refresh token key 
+     * @param requestedScopes the scopes requested by the client  
      * @return AccessToken
      * @throws OAuthServiceException
      */
-    ServerAccessToken refreshAccessToken(String clientId, String refreshToken) throws OAuthServiceException;
+    ServerAccessToken refreshAccessToken(Client client, 
+                                         String refreshToken, 
+                                         List<String> requestedScopes) 
+        throws OAuthServiceException;
 
     /**
      * Removes the token

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java?rev=1417413&r1=1417412&r2=1417413&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
Wed Dec  5 13:30:40 2012
@@ -133,7 +133,7 @@ public abstract class RedirectionBasedGr
         
         // Request a new grant only if no pre-authorized token is available
         ServerAccessToken preauthorizedToken = getDataProvider().getPreauthorizedToken(
-            client, userSubject, supportedGrantType);
+            client, requestedScope, userSubject, supportedGrantType);
         if (preauthorizedToken != null) {
             return createGrant(params,
                                client, 



Mime
View raw message