Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 57C68EB60 for ; Wed, 5 Dec 2012 13:31:08 +0000 (UTC) Received: (qmail 7539 invoked by uid 500); 5 Dec 2012 13:31:08 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 7389 invoked by uid 500); 5 Dec 2012 13:31:06 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 7375 invoked by uid 99); 5 Dec 2012 13:31:06 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Dec 2012 13:31:06 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Dec 2012 13:31:03 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id BFF0923888EA; Wed, 5 Dec 2012 13:30:41 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1417413 - in /cxf/branches/2.6.x-fixes: ./ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/ rt/rs/... Date: Wed, 05 Dec 2012 13:30:41 -0000 To: commits@cxf.apache.org From: sergeyb@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20121205133041.BFF0923888EA@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: sergeyb Date: Wed Dec 5 13:30:40 2012 New Revision: 1417413 URL: http://svn.apache.org/viewvc?rev=1417413&view=rev Log: Merged revisions 1417399-1417400 via svnmerge from https://svn.apache.org/repos/asf/cxf/trunk ........ r1417399 | sergeyb | 2012-12-05 13:02:07 +0000 (Wed, 05 Dec 2012) | 1 line [CXF-4673] Updating OAuthDataProvider to accept requested scopes for refreshing tokens and getting pre-authorized tokens ........ r1417400 | sergeyb | 2012-12-05 13:05:54 +0000 (Wed, 05 Dec 2012) | 1 line Updating refresh grant handler not to enforce the refreshed token scope - up to the provider ........ Modified: cxf/branches/2.6.x-fixes/ (props changed) cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java Propchange: cxf/branches/2.6.x-fixes/ ------------------------------------------------------------------------------ Merged /cxf/trunk:r1417399-1417400 Propchange: cxf/branches/2.6.x-fixes/ ------------------------------------------------------------------------------ Binary property 'svnmerge-integrated' - no diff available. Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java?rev=1417413&r1=1417412&r2=1417413&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java (original) +++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java Wed Dec 5 13:30:40 2012 @@ -68,7 +68,7 @@ public abstract class AbstractGrantHandl List requestedScope) { // Check if a pre-authorized token available ServerAccessToken token = dataProvider.getPreauthorizedToken( - client, subject, supportedGrant); + client, requestedScope, subject, supportedGrant); if (token != null) { return token; } Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java?rev=1417413&r1=1417412&r2=1417413&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java (original) +++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java Wed Dec 5 13:30:40 2012 @@ -49,20 +49,8 @@ public class RefreshTokenGrantHandler im throw new OAuthServiceException(OAuthConstants.UNAUTHORIZED_CLIENT); } String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN); + List requestedScopes = OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)); - ServerAccessToken token = dataProvider.refreshAccessToken(client.getClientId(), - refreshToken); - if (token == null) { - return null; - } - String scope = params.getFirst(OAuthConstants.SCOPE); - if (scope != null) { - List tokenScopes = OAuthUtils.convertPermissionsToScopeList(token.getScopes()); - if (!tokenScopes.containsAll(OAuthUtils.parseScope(scope))) { - throw new OAuthServiceException(OAuthConstants.INVALID_SCOPE); - } - } - - return token; + return dataProvider.refreshAccessToken(client, refreshToken, requestedScopes); } } Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java?rev=1417413&r1=1417412&r2=1417413&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java (original) +++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java Wed Dec 5 13:30:40 2012 @@ -61,21 +61,29 @@ public interface OAuthDataProvider { /** * Get preauthorized access token * @param client Client + * @param requestedScopes the scopes requested by the client * @param subject End User subject * @return AccessToken access token * @throws OAuthServiceException */ - ServerAccessToken getPreauthorizedToken(Client client, UserSubject subject, String grantType) + ServerAccessToken getPreauthorizedToken(Client client, + List requestedScopes, + UserSubject subject, + String grantType) throws OAuthServiceException; /** * Refresh access token - * @param clientId the client id + * @param client the client * @param refreshToken refresh token key + * @param requestedScopes the scopes requested by the client * @return AccessToken * @throws OAuthServiceException */ - ServerAccessToken refreshAccessToken(String clientId, String refreshToken) throws OAuthServiceException; + ServerAccessToken refreshAccessToken(Client client, + String refreshToken, + List requestedScopes) + throws OAuthServiceException; /** * Removes the token Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java?rev=1417413&r1=1417412&r2=1417413&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java (original) +++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java Wed Dec 5 13:30:40 2012 @@ -133,7 +133,7 @@ public abstract class RedirectionBasedGr // Request a new grant only if no pre-authorized token is available ServerAccessToken preauthorizedToken = getDataProvider().getPreauthorizedToken( - client, userSubject, supportedGrantType); + client, requestedScope, userSubject, supportedGrantType); if (preauthorizedToken != null) { return createGrant(params, client,