cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1514260 - in /cxf/branches/2.7.x-fixes: ./ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/ rt/rs/securit...
Date Thu, 15 Aug 2013 13:28:37 GMT
Author: sergeyb
Date: Thu Aug 15 13:28:37 2013
New Revision: 1514260

URL: http://svn.apache.org/r1514260
Log:
Merged revisions 1514227,1514249 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1514227 | sergeyb | 2013-08-15 13:30:40 +0300 (Thu, 15 Aug 2013) | 1 line
  
  [CXF-5209] Support for OAuth2 audience parameter
........
  r1514249 | sergeyb | 2013-08-15 16:03:14 +0300 (Thu, 15 Aug 2013) | 1 line
  
  [CXF-5209] Making audience parameter visible to data providers
........

Added:
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrant.java
      - copied unchanged from r1514249, cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrant.java
Modified:
    cxf/branches/2.7.x-fixes/   (props changed)
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrant.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrant.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java

Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
  Merged /cxf/trunk:r1514227-1514249

Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenRegistration.java
Thu Aug 15 13:28:37 2013
@@ -30,6 +30,7 @@ public class AccessTokenRegistration {
     private List<String> approvedScope = new LinkedList<String>();
     private String grantType;
     private UserSubject subject;
+    private String audience;
     
     /**
      * Sets the {@link Client} instance
@@ -111,5 +112,13 @@ public class AccessTokenRegistration {
     public String getGrantType() {
         return grantType;
     }
+
+    public String getAudience() {
+        return audience;
+    }
+
+    public void setAudience(String audience) {
+        this.audience = audience;
+    }
     
 }

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
Thu Aug 15 13:28:37 2013
@@ -44,6 +44,7 @@ public class AccessTokenValidation {
     private long tokenLifetime;
     private UserSubject tokenSubject;
     private List<OAuthPermission> tokenScopes = new LinkedList<OAuthPermission>();
+    private String audience;
     
     public AccessTokenValidation() {
         
@@ -60,7 +61,8 @@ public class AccessTokenValidation {
         this.tokenLifetime = token.getExpiresIn();
         
         this.tokenSubject = token.getSubject();
-        this.tokenScopes = token.getScopes();        
+        this.tokenScopes = token.getScopes();
+        this.audience = token.getAudience();
     }
     
     public String getClientId() {
@@ -119,5 +121,13 @@ public class AccessTokenValidation {
     public void setTokenType(String tokenType) {
         this.tokenType = tokenType;
     }
+
+    public String getAudience() {
+        return audience;
+    }
+
+    public void setAudience(String audience) {
+        this.audience = audience;
+    }
     
 }

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
Thu Aug 15 13:28:37 2013
@@ -34,6 +34,7 @@ public class OAuthContext {
     private String tokenGrantType;
     private String clientId;
     private String tokenKey;
+    private String tokenAudience;
     
     public OAuthContext(UserSubject resourceOwnerSubject,
                         UserSubject clientSubject,
@@ -109,4 +110,12 @@ public class OAuthContext {
     public void setTokenKey(String tokenKey) {
         this.tokenKey = tokenKey;
     }
+
+    public String getTokenAudience() {
+        return tokenAudience;
+    }
+
+    public void setTokenAudience(String tokenAudience) {
+        this.tokenAudience = tokenAudience;
+    }
 }

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/ServerAccessToken.java
Thu Aug 15 13:28:37 2013
@@ -29,6 +29,7 @@ public abstract class ServerAccessToken 
     private Client client;
     private List<OAuthPermission> scopes = new LinkedList<OAuthPermission>();
     private UserSubject subject;
+    private String audience;
     
     protected ServerAccessToken(Client client, 
                                         String tokenType,
@@ -108,4 +109,12 @@ public abstract class ServerAccessToken 
         return grantType;
     }
 
+    public String getAudience() {
+        return audience;
+    }
+
+    public void setAudience(String audience) {
+        this.audience = audience;
+    }
+
 }

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
Thu Aug 15 13:28:37 2013
@@ -92,6 +92,7 @@ public class OAuthRequestFilter extends 
         
         oauthContext.setClientId(accessTokenV.getClientId());
         oauthContext.setTokenKey(accessTokenV.getTokenKey());
+        oauthContext.setTokenAudience(accessTokenV.getAudience());
         
         m.setContent(OAuthContext.class, oauthContext);
         

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
Thu Aug 15 13:28:37 2013
@@ -24,6 +24,7 @@ import java.util.List;
 import java.util.logging.Logger;
 
 import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.MultivaluedMap;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
@@ -83,13 +84,6 @@ public abstract class AbstractGrantHandl
         }
     }
     
-    protected ServerAccessToken doCreateAccessToken(Client client,
-                                                    UserSubject subject,
-                                                    List<String> requestedScope) {
-        
-        return doCreateAccessToken(client, subject, getSingleGrantType(), requestedScope);
-    }
-    
     private String getSingleGrantType() {
         if (supportedGrants.size() > 1) {
             String errorMessage = "Request grant type must be specified";
@@ -101,8 +95,41 @@ public abstract class AbstractGrantHandl
     
     protected ServerAccessToken doCreateAccessToken(Client client,
                                                     UserSubject subject,
+                                                    MultivaluedMap<String, String>
params) {
+        
+        return doCreateAccessToken(client, 
+                                   subject, 
+                                   OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)),

+                                   params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
+    }
+    
+    protected ServerAccessToken doCreateAccessToken(Client client,
+                                                    UserSubject subject,
+                                                    List<String> requestedScope) {
+        
+        return doCreateAccessToken(client, subject, getSingleGrantType(), requestedScope,
null);
+    }
+    
+    protected ServerAccessToken doCreateAccessToken(Client client,
+                                                    UserSubject subject,
+                                                    List<String> requestedScope,
+                                                    String audience) {
+        
+        return doCreateAccessToken(client, subject, getSingleGrantType(), requestedScope,
audience);
+    }
+    
+    protected ServerAccessToken doCreateAccessToken(Client client,
+                                                    UserSubject subject,
                                                     String requestedGrant,
                                                     List<String> requestedScope) {
+        return doCreateAccessToken(client, subject, requestedGrant, requestedScope, null);
+    }
+    
+    protected ServerAccessToken doCreateAccessToken(Client client,
+                                                    UserSubject subject,
+                                                    String requestedGrant,
+                                                    List<String> requestedScope,
+                                                    String audience) {
         if (!OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(), 
                                        partialMatchScopeValidation)) {
             throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_SCOPE));
    
@@ -120,6 +147,7 @@ public abstract class AbstractGrantHandl
         reg.setGrantType(requestedGrant);
         reg.setSubject(subject);
         reg.setRequestedScope(requestedScope);        
+        reg.setAudience(audience);
         
         return dataProvider.createAccessToken(reg);
     }

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrant.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrant.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrant.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrant.java
Thu Aug 15 13:28:37 2013
@@ -18,33 +18,20 @@
  */
 package org.apache.cxf.rs.security.oauth2.grants.clientcred;
 
-import javax.ws.rs.core.MultivaluedMap;
-
-import org.apache.cxf.jaxrs.impl.MetadataMap;
-import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
+import org.apache.cxf.rs.security.oauth2.grants.AbstractGrant;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 
-public class ClientCredentialsGrant implements AccessTokenGrant {
-    private String scope;
+public class ClientCredentialsGrant extends AbstractGrant {
     
     public ClientCredentialsGrant() {
+        this(null);
     }
     
     public ClientCredentialsGrant(String scope) {
-        this.scope = scope;
+        this(scope, null);
     }
-    
-    public String getType() {
-        return OAuthConstants.CLIENT_CREDENTIALS_GRANT;
+     
+    public ClientCredentialsGrant(String scope, String audience) {
+        super(OAuthConstants.CLIENT_CREDENTIALS_GRANT, scope, audience);
     }
-
-    public MultivaluedMap<String, String> toMap() {
-        MultivaluedMap<String, String> map = new MetadataMap<String, String>();
-        map.putSingle(OAuthConstants.GRANT_TYPE, OAuthConstants.CLIENT_CREDENTIALS_GRANT);
-        if (scope != null) {
-            map.putSingle(OAuthConstants.SCOPE, scope);
-        }
-        return map;
-    }
-
 }

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
Thu Aug 15 13:28:37 2013
@@ -25,7 +25,6 @@ import org.apache.cxf.rs.security.oauth2
 import org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 
 /**
  * The "client_credentials" grant handler
@@ -42,7 +41,7 @@ public class ClientCredentialsGrantHandl
         
         return doCreateAccessToken(client, 
                                    client.getSubject(), 
-                                   OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)));
+                                   params);
     }
 
 

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
Thu Aug 15 13:28:37 2013
@@ -68,7 +68,10 @@ public class AuthorizationCodeGrantHandl
                 || !client.getRedirectUris().contains(expectedRedirectUri))) {
             throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
         }
-        return doCreateAccessToken(client, grant.getSubject(), grant.getApprovedScopes());
+        return doCreateAccessToken(client, 
+                                   grant.getSubject(), 
+                                   grant.getApprovedScopes(),
+                                   params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
     }
     
     

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrant.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrant.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrant.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrant.java
Thu Aug 15 13:28:37 2013
@@ -20,37 +20,33 @@ package org.apache.cxf.rs.security.oauth
 
 import javax.ws.rs.core.MultivaluedMap;
 
-import org.apache.cxf.jaxrs.impl.MetadataMap;
-import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
+import org.apache.cxf.rs.security.oauth2.grants.AbstractGrant;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 
-public class ResourceOwnerGrant implements AccessTokenGrant {
+public class ResourceOwnerGrant extends AbstractGrant {
     private String ownerName;
     private String ownerPassword;
-    private String scope;
     
     public ResourceOwnerGrant(String name, String password) {
         this(name, password, null);
     }
     
     public ResourceOwnerGrant(String name, String password, String scope) {
+        this(name, password, scope, null);
+    }
+    
+    public ResourceOwnerGrant(String name, String password, 
+                              String scope, String audience) {
+        super(OAuthConstants.RESOURCE_OWNER_GRANT, scope, audience);
         this.ownerName = name;
         this.ownerPassword = password;
-        this.scope = scope;
     }
     
-    public String getType() {
-        return OAuthConstants.RESOURCE_OWNER_GRANT;
-    }
-
     public MultivaluedMap<String, String> toMap() {
-        MultivaluedMap<String, String> map = new MetadataMap<String, String>();
-        map.putSingle(OAuthConstants.GRANT_TYPE, OAuthConstants.RESOURCE_OWNER_GRANT);
+        MultivaluedMap<String, String> map = super.toMap();
         map.putSingle(OAuthConstants.RESOURCE_OWNER_NAME, ownerName);
         map.putSingle(OAuthConstants.RESOURCE_OWNER_PASSWORD, ownerPassword);
-        if (scope != null) {
-            map.putSingle(OAuthConstants.SCOPE, scope);
-        }
+        
         return map;
     }
 

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
Thu Aug 15 13:28:37 2013
@@ -26,7 +26,6 @@ import org.apache.cxf.rs.security.oauth2
 import org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 
 /**
  * The "resource owner" grant handler
@@ -55,8 +54,8 @@ public class ResourceOwnerGrantHandler e
         }
         
         return doCreateAccessToken(client, 
-                                   subject, 
-                                   OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)));
+                                   subject,
+                                   params);
     }
 
     public void setLoginHandler(ResourceOwnerLoginHandler loginHandler) {

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
Thu Aug 15 13:28:37 2013
@@ -20,6 +20,7 @@ package org.apache.cxf.rs.security.oauth
 
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Set;
 
@@ -44,7 +45,10 @@ public abstract class AbstractAccessToke
     private MessageContext mc;
 
     private List<AccessTokenValidator> tokenHandlers = Collections.emptyList();
+    private List<String> audiences = new LinkedList<String>();
+    
     private Set<String> supportedSchemes = new HashSet<String>();
+    
     private OAuthDataProvider dataProvider;
     private String realm;
     
@@ -134,12 +138,28 @@ public abstract class AbstractAccessToke
             }
             AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
         }
+        
+        // Check audiences
+        if (accessTokenV.getAudience() != null 
+            && !audiences.isEmpty()
+            && !audiences.contains(accessTokenV.getAudience())) {
+            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
+        }
+        
         return accessTokenV;
     }
 
     public void setRealm(String realm) {
         this.realm = realm;
     }
+
+    public List<String> getAudiences() {
+        return audiences;
+    }
+
+    public void setAudiences(List<String> audiences) {
+        this.audiences = audiences;
+    }
     
     
 }

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
Thu Aug 15 13:28:37 2013
@@ -19,6 +19,8 @@
 
 package org.apache.cxf.rs.security.oauth2.services;
 
+import java.net.MalformedURLException;
+import java.net.URL;
 import java.security.Principal;
 import java.util.LinkedList;
 import java.util.List;
@@ -52,6 +54,7 @@ import org.apache.cxf.rs.security.oauth2
 @Path("/token")
 public class AccessTokenService extends AbstractOAuthService {
     private List<AccessTokenGrantHandler> grantHandlers = new LinkedList<AccessTokenGrantHandler>();
+    private List<String> audiences = new LinkedList<String>();
     private boolean writeCustomErrors;
     private boolean canSupportPublicClients;
     
@@ -94,7 +97,12 @@ public class AccessTokenService extends 
             return createErrorResponse(params, OAuthConstants.UNAUTHORIZED_CLIENT);    
         }
         
-        
+        try {
+            checkAudience(params);
+        } catch (OAuthServiceException ex) {
+            return createErrorResponseFromBean(ex.getError());
+        }        
+
         // Find the grant handler
         AccessTokenGrantHandler handler = findGrantHandler(params);
         if (handler == null) {
@@ -201,6 +209,28 @@ public class AccessTokenService extends 
         return client;
     }
     
+    protected void checkAudience(MultivaluedMap<String, String> params) { 
+        if (audiences.isEmpty()) {
+            return;
+        }
+        
+        String audienceParam = params.getFirst(OAuthConstants.CLIENT_AUDIENCE);
+        if (audienceParam == null) {
+            throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
+        }
+        // must be URL
+        try {
+            new URL(audienceParam);
+        } catch (MalformedURLException ex) {
+            throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_REQUEST));
+        }
+        
+        if (!audiences.contains(audienceParam)) {
+            throw new OAuthServiceException(new OAuthError(OAuthConstants.ACCESS_DENIED));
+        }
+        
+    }
+
     /**
      * Find the matching grant handler
      */
@@ -264,5 +294,11 @@ public class AccessTokenService extends 
         return canSupportPublicClients;
     }
 
-    
+    public List<String> getAudiences() {
+        return audiences;
+    }
+
+    public void setAudiences(List<String> audiences) {
+        this.audiences = audiences;
+    }   
 }

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
Thu Aug 15 13:28:37 2013
@@ -26,6 +26,7 @@ public final class OAuthConstants {
     // Common OAuth2 constants
     public static final String CLIENT_ID = "client_id";
     public static final String CLIENT_SECRET = "client_secret";
+    public static final String CLIENT_AUDIENCE = "audience";
     public static final String REDIRECT_URI = "redirect_uri";
     public static final String SCOPE = "scope";
     public static final String STATE = "state";

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java?rev=1514260&r1=1514259&r2=1514260&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/grants/TokenGrantHandlerTest.java
Thu Aug 15 13:28:37 2013
@@ -92,7 +92,7 @@ public class TokenGrantHandlerTest exten
         @Override
         public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String,
String> params)
             throws OAuthServiceException {
-            return super.doCreateAccessToken(client, client.getSubject(), null);
+            return super.doCreateAccessToken(client, client.getSubject(), params);
         } 
         
     }



Mime
View raw message