cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1496504 - in /cxf/branches/2.7.x-fixes: ./ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ rt/rs/securi...
Date Tue, 25 Jun 2013 14:54:46 GMT
Author: sergeyb
Date: Tue Jun 25 14:54:45 2013
New Revision: 1496504

URL: http://svn.apache.org/r1496504
Log:
Merged revisions 1495553 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1495553 | sergeyb | 2013-06-21 20:26:11 +0100 (Fri, 21 Jun 2013) | 1 line
  
  Support for a realm parameter in OAuth2 filter
........

Modified:
    cxf/branches/2.7.x-fixes/   (props changed)
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java

Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
  Merged /cxf/trunk:r1495553

Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java?rev=1496504&r1=1496503&r2=1496504&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
Tue Jun 25 14:54:45 2013
@@ -225,7 +225,9 @@ public final class OAuthClientUtils {
                 accessTokenService.header("Authorization", sb.toString());
             } else {
                 form.set(OAuthConstants.CLIENT_ID, consumer.getKey());
-                form.set(OAuthConstants.CLIENT_SECRET, consumer.getSecret());
+                if (consumer.getSecret() != null) {
+                    form.set(OAuthConstants.CLIENT_SECRET, consumer.getSecret());
+                } 
             }
         } else {
             // in this case the AccessToken service is expected to find a mapping between

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java?rev=1496504&r1=1496503&r2=1496504&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
Tue Jun 25 14:54:45 2013
@@ -46,6 +46,7 @@ public abstract class AbstractAccessToke
     private List<AccessTokenValidator> tokenHandlers = Collections.emptyList();
     private Set<String> supportedSchemes = new HashSet<String>();
     private OAuthDataProvider dataProvider;
+    private String realm;
     
     public void setTokenValidator(AccessTokenValidator validator) {
         setTokenValidators(Collections.singletonList(validator));
@@ -106,7 +107,7 @@ public abstract class AbstractAccessToke
                 accessTokenV = handler.validateAccessToken(mc, authScheme, authSchemeData);
             } catch (OAuthServiceException ex) {
                 AuthorizationUtils.throwAuthorizationFailure(
-                    Collections.singleton(authScheme));
+                    Collections.singleton(authScheme), realm);
             }
         }
         // Default processing if no registered providers available
@@ -119,22 +120,26 @@ public abstract class AbstractAccessToke
             }
             if (localAccessToken == null) {
                 AuthorizationUtils.throwAuthorizationFailure(
-                    Collections.singleton(authScheme));
+                    Collections.singleton(authScheme), realm);
             }
             accessTokenV = new AccessTokenValidation(localAccessToken);
         }
         if (accessTokenV == null) {
-            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes);
+            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
         }
         // Check if token is still valid
         if (OAuthUtils.isExpired(accessTokenV.getTokenIssuedAt(), accessTokenV.getTokenLifetime()))
{
             if (localAccessToken != null) {
                 dataProvider.removeAccessToken(localAccessToken);
             }
-            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes);
+            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
         }
         return accessTokenV;
     }
+
+    public void setRealm(String realm) {
+        this.realm = realm;
+    }
     
     
 }

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java?rev=1496504&r1=1496503&r2=1496504&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
Tue Jun 25 14:54:45 2013
@@ -70,6 +70,10 @@ public final class AuthorizationUtils {
     }
     
     public static void throwAuthorizationFailure(Set<String> challenges) {
+        throwAuthorizationFailure(challenges, null);
+    }
+    
+    public static void throwAuthorizationFailure(Set<String> challenges, String realm)
{
         ResponseBuilder rb = Response.status(401);
         
         StringBuilder sb = new StringBuilder();
@@ -83,6 +87,9 @@ public final class AuthorizationUtils {
             sb.append(challenge);
         }
         if (sb.length() > 0) {
+            if (realm != null) {
+                sb.append(" realm=\"" + realm + "\"");
+            }
             rb.header(HttpHeaders.WWW_AUTHENTICATE, sb.toString());
         }
         Response r = rb.build();



Mime
View raw message