cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1514227 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2: common/ filters/ services/ utils/
Date Thu, 15 Aug 2013 10:30:41 GMT
Author: sergeyb
Date: Thu Aug 15 10:30:40 2013
New Revision: 1514227

URL: http://svn.apache.org/r1514227
Log:
[CXF-5209] Support for OAuth2 audience parameter

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java?rev=1514227&r1=1514226&r2=1514227&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
Thu Aug 15 10:30:40 2013
@@ -44,6 +44,7 @@ public class AccessTokenValidation {
     private long tokenLifetime;
     private UserSubject tokenSubject;
     private List<OAuthPermission> tokenScopes = new LinkedList<OAuthPermission>();
+    private String audience;
     
     public AccessTokenValidation() {
         
@@ -60,7 +61,8 @@ public class AccessTokenValidation {
         this.tokenLifetime = token.getExpiresIn();
         
         this.tokenSubject = token.getSubject();
-        this.tokenScopes = token.getScopes();        
+        this.tokenScopes = token.getScopes();
+        this.audience = token.getAudience();
     }
     
     public String getClientId() {
@@ -119,5 +121,13 @@ public class AccessTokenValidation {
     public void setTokenType(String tokenType) {
         this.tokenType = tokenType;
     }
+
+    public String getAudience() {
+        return audience;
+    }
+
+    public void setAudience(String audience) {
+        this.audience = audience;
+    }
     
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java?rev=1514227&r1=1514226&r2=1514227&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
Thu Aug 15 10:30:40 2013
@@ -34,6 +34,7 @@ public class OAuthContext {
     private String tokenGrantType;
     private String clientId;
     private String tokenKey;
+    private String tokenAudience;
     
     public OAuthContext(UserSubject resourceOwnerSubject,
                         UserSubject clientSubject,
@@ -109,4 +110,12 @@ public class OAuthContext {
     public void setTokenKey(String tokenKey) {
         this.tokenKey = tokenKey;
     }
+
+    public String getTokenAudience() {
+        return tokenAudience;
+    }
+
+    public void setTokenAudience(String tokenAudience) {
+        this.tokenAudience = tokenAudience;
+    }
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java?rev=1514227&r1=1514226&r2=1514227&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
Thu Aug 15 10:30:40 2013
@@ -29,6 +29,7 @@ public abstract class ServerAccessToken 
     private Client client;
     private List<OAuthPermission> scopes = new LinkedList<OAuthPermission>();
     private UserSubject subject;
+    private String audience;
     
     protected ServerAccessToken(Client client, 
                                         String tokenType,
@@ -108,4 +109,12 @@ public abstract class ServerAccessToken 
         return grantType;
     }
 
+    public String getAudience() {
+        return audience;
+    }
+
+    public void setAudience(String audience) {
+        this.audience = audience;
+    }
+
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java?rev=1514227&r1=1514226&r2=1514227&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
Thu Aug 15 10:30:40 2013
@@ -95,6 +95,7 @@ public class OAuthRequestFilter extends 
         
         oauthContext.setClientId(accessTokenV.getClientId());
         oauthContext.setTokenKey(accessTokenV.getTokenKey());
+        oauthContext.setTokenAudience(accessTokenV.getAudience());
         
         m.setContent(OAuthContext.class, oauthContext);
     }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java?rev=1514227&r1=1514226&r2=1514227&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
Thu Aug 15 10:30:40 2013
@@ -20,6 +20,7 @@ package org.apache.cxf.rs.security.oauth
 
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Set;
 
@@ -44,7 +45,10 @@ public abstract class AbstractAccessToke
     private MessageContext mc;
 
     private List<AccessTokenValidator> tokenHandlers = Collections.emptyList();
+    private List<String> audiences = new LinkedList<String>();
+    
     private Set<String> supportedSchemes = new HashSet<String>();
+    
     private OAuthDataProvider dataProvider;
     private String realm;
     
@@ -134,12 +138,28 @@ public abstract class AbstractAccessToke
             }
             AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
         }
+        
+        // Check audiences
+        if (accessTokenV.getAudience() != null 
+            && !audiences.isEmpty()
+            && !audiences.contains(accessTokenV.getAudience())) {
+            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
+        }
+        
         return accessTokenV;
     }
 
     public void setRealm(String realm) {
         this.realm = realm;
     }
+
+    public List<String> getAudiences() {
+        return audiences;
+    }
+
+    public void setAudiences(List<String> audiences) {
+        this.audiences = audiences;
+    }
     
     
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java?rev=1514227&r1=1514226&r2=1514227&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
Thu Aug 15 10:30:40 2013
@@ -19,6 +19,8 @@
 
 package org.apache.cxf.rs.security.oauth2.services;
 
+import java.net.MalformedURLException;
+import java.net.URL;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -32,6 +34,7 @@ import javax.ws.rs.core.Response;
 
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.OAuthError;
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider;
@@ -47,6 +50,7 @@ import org.apache.cxf.rs.security.oauth2
 @Path("/token")
 public class AccessTokenService extends AbstractTokenService {
     private List<AccessTokenGrantHandler> grantHandlers = new LinkedList<AccessTokenGrantHandler>();
+    private List<String> audiences = new LinkedList<String>();
     
     /**
      * Sets the list of optional grant handlers
@@ -83,6 +87,11 @@ public class AccessTokenService extends 
             return createErrorResponse(params, OAuthConstants.UNAUTHORIZED_CLIENT);    
         }
         
+        try {
+            checkAudience(params);
+        } catch (OAuthServiceException ex) {
+            return super.createErrorResponseFromBean(ex.getError());
+        }
         
         // Find the grant handler
         AccessTokenGrantHandler handler = findGrantHandler(params);
@@ -121,6 +130,28 @@ public class AccessTokenService extends 
                         .build();
     }
     
+    protected void checkAudience(MultivaluedMap<String, String> params) { 
+        if (audiences.isEmpty()) {
+            return;
+        }
+        
+        String audienceParam = params.getFirst(OAuthConstants.CLIENT_AUDIENCE);
+        if (audienceParam == null) {
+            throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
+        }
+        // must be URL
+        try {
+            new URL(audienceParam);
+        } catch (MalformedURLException ex) {
+            throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
+        }
+        
+        if (!audiences.contains(audienceParam)) {
+            throw new OAuthServiceException(new OAuthError(OAuthConstants.ACCESS_DENIED));
+        }
+        
+    }
+    
     /**
      * Find the matching grant handler
      */
@@ -146,4 +177,12 @@ public class AccessTokenService extends 
         
         return null;
     }
+
+    public List<String> getAudiences() {
+        return audiences;
+    }
+
+    public void setAudiences(List<String> audiences) {
+        this.audiences = audiences;
+    }
 }
\ No newline at end of file

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1514227&r1=1514226&r2=1514227&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
Thu Aug 15 10:30:40 2013
@@ -26,6 +26,7 @@ public final class OAuthConstants {
     // Common OAuth2 constants
     public static final String CLIENT_ID = "client_id";
     public static final String CLIENT_SECRET = "client_secret";
+    public static final String CLIENT_AUDIENCE = "audience";
     public static final String REDIRECT_URI = "redirect_uri";
     public static final String SCOPE = "scope";
     public static final String STATE = "state";



Mime
View raw message