cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1453861 - in /cxf/branches/2.7.x-fixes: ./ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/
Date Thu, 07 Mar 2013 13:39:01 GMT
Author: sergeyb
Date: Thu Mar  7 13:39:00 2013
New Revision: 1453861

URL: http://svn.apache.org/r1453861
Log:
Merged revisions 1453847 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1453847 | sergeyb | 2013-03-07 13:14:33 +0000 (Thu, 07 Mar 2013) | 1 line
  
  [CXF-4883] Strict comparison of OAuth2 redirect URIs
........

Modified:
    cxf/branches/2.7.x-fixes/   (props changed)
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java

Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
  Merged /cxf/trunk:r1453847

Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java?rev=1453861&r1=1453860&r2=1453861&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Client.java
Thu Mar  7 13:39:00 2013
@@ -18,7 +18,6 @@
  */
 package org.apache.cxf.rs.security.oauth2.common;
 
-import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -36,10 +35,10 @@ public class Client {
     private String applicationDescription;
     private String applicationWebUri;
     private String applicationLogoUri;
-    private List<String> redirectUris = Collections.emptyList();
+    private List<String> redirectUris = new LinkedList<String>();
     
     private boolean isConfidential;
-    private List<String> allowedGrantTypes = Collections.emptyList();
+    private List<String> allowedGrantTypes = new LinkedList<String>();
     private List<Property> properties = new LinkedList<Property>();
     private UserSubject subject;
         

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java?rev=1453861&r1=1453860&r2=1453861&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
Thu Mar  7 13:39:00 2013
@@ -303,9 +303,7 @@ public abstract class RedirectionBasedGr
         
         List<String> uris = client.getRedirectUris();
         if (redirectUri != null) {
-            String webUri = client.getApplicationWebUri();
-            if (uris.size() > 0 && !uris.contains(redirectUri)
-                || webUri != null && !redirectUri.startsWith(webUri)) {
+            if (!uris.contains(redirectUri)) {
                 redirectUri = null;
             } 
         } else if (uris.size() == 1) {



Mime
View raw message