cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1453847 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2: common/Client.java services/RedirectionBasedGrantService.java
Date Thu, 07 Mar 2013 13:14:33 GMT
Author: sergeyb
Date: Thu Mar  7 13:14:33 2013
New Revision: 1453847

URL: http://svn.apache.org/r1453847
Log:
[CXF-4883] Strict comparison of OAuth2 redirect URIs

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java?rev=1453847&r1=1453846&r2=1453847&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
Thu Mar  7 13:14:33 2013
@@ -18,7 +18,6 @@
  */
 package org.apache.cxf.rs.security.oauth2.common;
 
-import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -36,10 +35,10 @@ public class Client {
     private String applicationDescription;
     private String applicationWebUri;
     private String applicationLogoUri;
-    private List<String> redirectUris = Collections.emptyList();
+    private List<String> redirectUris = new LinkedList<String>();
     
     private boolean isConfidential;
-    private List<String> allowedGrantTypes = Collections.emptyList();
+    private List<String> allowedGrantTypes = new LinkedList<String>();
     private List<Property> properties = new LinkedList<Property>();
     private UserSubject subject;
         

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java?rev=1453847&r1=1453846&r2=1453847&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
Thu Mar  7 13:14:33 2013
@@ -303,9 +303,7 @@ public abstract class RedirectionBasedGr
         
         List<String> uris = client.getRedirectUris();
         if (redirectUri != null) {
-            String webUri = client.getApplicationWebUri();
-            if (uris.size() > 0 && !uris.contains(redirectUri)
-                || webUri != null && !redirectUri.startsWith(webUri)) {
+            if (!uris.contains(redirectUri)) {
                 redirectUri = null;
             } 
         } else if (uris.size() == 1) {



Mime
View raw message