cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1562776 - in /cxf/branches/2.7.x-fixes: ./ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
Date Thu, 30 Jan 2014 11:01:36 GMT
Author: sergeyb
Date: Thu Jan 30 11:01:36 2014
New Revision: 1562776

URL: http://svn.apache.org/r1562776
Log:
Merged revisions 1562773 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1562773 | sergeyb | 2014-01-30 10:48:40 +0000 (Thu, 30 Jan 2014) | 1 line
  
  [CXF-5530] Reporting invalid_request if client id is null, invalid_client - if the id doee
not identify a valid client
........

Modified:
    cxf/branches/2.7.x-fixes/   (props changed)
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java

Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
  Merged /cxf/trunk:r1562773

Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java?rev=1562776&r1=1562775&r2=1562776&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
Thu Jan 30 11:01:36 2014
@@ -31,8 +31,10 @@ import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
 import javax.ws.rs.core.SecurityContext;
 
 import org.apache.cxf.rs.security.oauth2.common.Client;
@@ -272,21 +274,34 @@ public class AccessTokenService extends 
      * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found
      */
     protected Client getClient(String clientId) {
+        if (clientId == null) {
+            reportInvalidRequestError("Client ID is null");
+            return null;
+        }
         Client client = null;
         try {
             client = getValidClient(clientId);
         } catch (OAuthServiceException ex) {
             if (ex.getError() != null) {
-                reportInvalidRequestError(ex.getError());
+                reportInvalidClient(ex.getError());
                 return null;
             }
         }
         if (client == null) {
-            reportInvalidRequestError("Client ID is invalid");
+            reportInvalidClient();
         }
         return client;
         
     }
+
+    protected void reportInvalidClient() {
+        reportInvalidClient(new OAuthError(OAuthConstants.INVALID_CLIENT));
+    }
+    
+    protected void reportInvalidClient(OAuthError error) {
+        ResponseBuilder rb = Response.status(401);
+        throw new NotAuthorizedException(rb.type(MediaType.APPLICATION_JSON_TYPE).entity(error).build());
+    }
     
     public void setCanSupportPublicClients(boolean support) {
         this.canSupportPublicClients = support;



Mime
View raw message