cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1562773 - /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
Date Thu, 30 Jan 2014 10:48:40 GMT
Author: sergeyb
Date: Thu Jan 30 10:48:40 2014
New Revision: 1562773

URL: http://svn.apache.org/r1562773
Log:
[CXF-5530] Reporting invalid_request if client id is null, invalid_client - if the id doee
not identify a valid client

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java?rev=1562773&r1=1562772&r2=1562773&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
Thu Jan 30 10:48:40 2014
@@ -22,8 +22,10 @@ package org.apache.cxf.rs.security.oauth
 import java.security.Principal;
 
 import javax.ws.rs.NotAuthorizedException;
+import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
 import javax.ws.rs.core.SecurityContext;
 
 import org.apache.cxf.rs.security.oauth2.common.Client;
@@ -78,7 +80,7 @@ public class AbstractTokenService extend
         }
         
         if (client == null) {
-            throw new NotAuthorizedException(Response.status(401).build());
+            reportInvalidClient();
         }
         return client;
     }
@@ -125,20 +127,32 @@ public class AbstractTokenService extend
      * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found
      */
     protected Client getClient(String clientId) {
+        if (clientId == null) {
+            reportInvalidRequestError("Client ID is null");
+            return null;
+        }
         Client client = null;
         try {
             client = getValidClient(clientId);
         } catch (OAuthServiceException ex) {
             if (ex.getError() != null) {
-                reportInvalidRequestError(ex.getError());
+                reportInvalidClient(ex.getError());
                 return null;
             }
         }
         if (client == null) {
-            reportInvalidRequestError("Client ID is invalid");
+            reportInvalidClient();
         }
         return client;
-        
+    }
+    
+    protected void reportInvalidClient() {
+        reportInvalidClient(new OAuthError(OAuthConstants.INVALID_CLIENT));
+    }
+    
+    protected void reportInvalidClient(OAuthError error) {
+        ResponseBuilder rb = Response.status(401);
+        throw new NotAuthorizedException(rb.type(MediaType.APPLICATION_JSON_TYPE).entity(error).build());
     }
     
     public void setCanSupportPublicClients(boolean support) {



Mime
View raw message