cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1507358 - in /cxf/branches/2.6.x-fixes: ./ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ rt/...
Date Fri, 26 Jul 2013 15:52:12 GMT
Author: sergeyb
Date: Fri Jul 26 15:52:12 2013
New Revision: 1507358

URL: http://svn.apache.org/r1507358
Log:
Merged revisions 1507352 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes

................
  r1507352 | sergeyb | 2013-07-26 16:28:36 +0100 (Fri, 26 Jul 2013) | 9 lines
  
  Merged revisions 1507319 via svnmerge from 
  https://svn.apache.org/repos/asf/cxf/trunk
  
  ........
    r1507319 | sergeyb | 2013-07-26 15:20:44 +0100 (Fri, 26 Jul 2013) | 1 line
    
    [CXF-5162] Updating AccessTokenService to validate if Clients can get the current grant
supported
  ........
................

Modified:
    cxf/branches/2.6.x-fixes/   (props changed)
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
    cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java

Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
  Merged /cxf/branches/2.7.x-fixes:r1507352
  Merged /cxf/trunk:r1507319

Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java?rev=1507358&r1=1507357&r2=1507358&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
Fri Jul 26 15:52:12 2013
@@ -70,11 +70,12 @@ public abstract class AbstractGrantHandl
         return Collections.unmodifiableList(supportedGrants);
     }
     
+    @Deprecated
     protected void checkIfGrantSupported(Client client) {
         checkIfGrantSupported(client, getSingleGrantType());
     }
     
-    protected void checkIfGrantSupported(Client client, String requestedGrant) {
+    private void checkIfGrantSupported(Client client, String requestedGrant) {
         if (!OAuthUtils.isGrantSupportedForClient(client, 
                                                   canSupportPublicClients,
                                                   requestedGrant)) {

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java?rev=1507358&r1=1507357&r2=1507358&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
Fri Jul 26 15:52:12 2013
@@ -39,7 +39,6 @@ public class ClientCredentialsGrantHandl
 
     public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String>
params)
         throws OAuthServiceException {
-        checkIfGrantSupported(client);
         
         return doCreateAccessToken(client, 
                                    client.getSubject(), 

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java?rev=1507358&r1=1507357&r2=1507358&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
Fri Jul 26 15:52:12 2013
@@ -40,7 +40,6 @@ public class AuthorizationCodeGrantHandl
     
     public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String>
params) 
         throws OAuthServiceException {
-        checkIfGrantSupported(client);
                 
         // Get the grant representation from the provider 
         String codeValue = params.getFirst(OAuthConstants.AUTHORIZATION_CODE_VALUE);

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java?rev=1507358&r1=1507357&r2=1507358&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
Fri Jul 26 15:52:12 2013
@@ -40,7 +40,6 @@ public class ResourceOwnerGrantHandler e
 
     public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String>
params)
         throws OAuthServiceException {
-        checkIfGrantSupported(client);
         
         String ownerName = params.getFirst(OAuthConstants.RESOURCE_OWNER_NAME);
         String ownerPassword = params.getFirst(OAuthConstants.RESOURCE_OWNER_PASSWORD);

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java?rev=1507358&r1=1507357&r2=1507358&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
Fri Jul 26 15:52:12 2013
@@ -35,7 +35,6 @@ public class RefreshTokenGrantHandler im
 
     private OAuthDataProvider dataProvider;
     private boolean partialMatchScopeValidation;
-    private boolean canSupportPublicClients;
     
     public void setDataProvider(OAuthDataProvider dataProvider) {
         this.dataProvider = dataProvider;
@@ -47,10 +46,6 @@ public class RefreshTokenGrantHandler im
 
     public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String>
params)
         throws OAuthServiceException {
-        if (!OAuthUtils.isGrantSupportedForClient(client, canSupportPublicClients, 
-                                                  OAuthConstants.REFRESH_TOKEN_GRANT)) {
-            throw new OAuthServiceException(OAuthConstants.UNAUTHORIZED_CLIENT);    
-        }
         String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN);
         List<String> requestedScopes = OAuthUtils.getRequestedScopes(client,
                                             params.getFirst(OAuthConstants.SCOPE),
@@ -62,8 +57,4 @@ public class RefreshTokenGrantHandler im
     public void setPartialMatchScopeValidation(boolean partialMatchScopeValidation) {
         this.partialMatchScopeValidation = partialMatchScopeValidation;
     }
-    
-    public void setCanSupportPublicClients(boolean support) {
-        canSupportPublicClients = support;
-    }
 }

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java?rev=1507358&r1=1507357&r2=1507358&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
Fri Jul 26 15:52:12 2013
@@ -88,6 +88,13 @@ public class AccessTokenService extends 
         // Make sure the client is authenticated
         Client client = authenticateClientIfNeeded(params);
         
+        if (!OAuthUtils.isGrantSupportedForClient(client, 
+                                                  isCanSupportPublicClients(),
+                                                  params.getFirst(OAuthConstants.GRANT_TYPE)))
{
+            return createErrorResponse(params, OAuthConstants.UNAUTHORIZED_CLIENT);    
+        }
+        
+        
         // Find the grant handler
         AccessTokenGrantHandler handler = findGrantHandler(params);
         if (handler == null) {
@@ -195,10 +202,11 @@ public class AccessTokenService extends 
     }
     
     /**
-     * Find the mathcing grant handler
+     * Find the matching grant handler
      */
-    protected AccessTokenGrantHandler findGrantHandler(MultivaluedMap<String, String>
params) {
-        String grantType = params.getFirst(OAuthConstants.GRANT_TYPE);        
+    protected AccessTokenGrantHandler findGrantHandler(MultivaluedMap<String, String>
params) {    
+        String grantType = params.getFirst(OAuthConstants.GRANT_TYPE);
+                
         if (grantType != null) {
             for (AccessTokenGrantHandler handler : grantHandlers) {
                 if (handler.getSupportedGrantTypes().contains(grantType)) {
@@ -231,4 +239,10 @@ public class AccessTokenService extends 
     public void setCanSupportPublicClients(boolean support) {
         this.canSupportPublicClients = support;
     }
+
+    public boolean isCanSupportPublicClients() {
+        return canSupportPublicClients;
+    }
+
+    
 }

Modified: cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java?rev=1507358&r1=1507357&r2=1507358&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java
Fri Jul 26 15:52:12 2013
@@ -36,15 +36,14 @@ import org.junit.Test;
 
 public class TokenGrantHandlerTest extends Assert {
 
+    
+    
     @Test
-    public void testSimpleGrantNotSupported() {
-        try {
-            new SimpleGrantHandler().createAccessToken(createClient("unsupported"), 
-                                                       createMap("a"));
-            fail("Unsupported Grant");
-        } catch (OAuthServiceException ex) {
-            assertEquals(OAuthConstants.UNAUTHORIZED_CLIENT, ex.getMessage());
-        }
+    public void testSimpleGrantSupported() {
+        SimpleGrantHandler handler = new SimpleGrantHandler(); 
+        handler.setDataProvider(new OAuthDataProviderImpl());
+        ServerAccessToken t = handler.createAccessToken(createClient("a"), createMap("a"));
+        assertTrue(t instanceof BearerAccessToken);
     }
     
     @Test
@@ -59,27 +58,10 @@ public class TokenGrantHandlerTest exten
     }
     
     @Test
-    public void testSimpleGrantSupported() {
-        ServerAccessToken t = new SimpleGrantHandler().createAccessToken(createClient("a"),

-                                                                         createMap("a"));
-        assertTrue(t instanceof BearerAccessToken);
-    }
-    
-    @Test
-    public void testComplexGrantNotSupported() {
-        try {
-            new ComplexGrantHandler(Arrays.asList("a", "b"))
-                .createAccessToken(createClient("unsupported"), createMap("a"));
-            fail("Unsupported Grant");
-        } catch (OAuthServiceException ex) {
-            assertEquals(OAuthConstants.UNAUTHORIZED_CLIENT, ex.getMessage());
-        }
-    }
-    
-    @Test
     public void testComplexGrantSupported() {
-        ServerAccessToken t = new ComplexGrantHandler(Arrays.asList("a", "b"))
-            .createAccessToken(createClient("a"), createMap("a"));
+        ComplexGrantHandler handler = new ComplexGrantHandler(Arrays.asList("a", "b")); 
+        handler.setDataProvider(new OAuthDataProviderImpl());
+        ServerAccessToken t = handler.createAccessToken(createClient("a"), createMap("a"));
         assertTrue(t instanceof BearerAccessToken);
     }
     
@@ -109,8 +91,7 @@ public class TokenGrantHandlerTest exten
         
         public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String,
String> params)
             throws OAuthServiceException {
-            super.checkIfGrantSupported(client);
-            return new BearerAccessToken(client, 3600L);
+            return super.doCreateAccessToken(client, client.getSubject(), null);
         } 
         
     }
@@ -123,8 +104,8 @@ public class TokenGrantHandlerTest exten
         
         public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String,
String> params)
             throws OAuthServiceException {
-            super.checkIfGrantSupported(client, params.getFirst(OAuthConstants.GRANT_TYPE));
-            return new BearerAccessToken(client, 3600L);
+            return super.doCreateAccessToken(client, client.getSubject(), 
+                                             params.getFirst(OAuthConstants.GRANT_TYPE),
null);
         } 
         
     }



Mime
View raw message