cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1565629 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2: filters/OAuthRequestFilter.java filters/OAuthRequestInterceptor.java services/AbstractAccessTokenValidator.java
Date Fri, 07 Feb 2014 12:24:37 GMT
Author: sergeyb
Date: Fri Feb  7 12:24:37 2014
New Revision: 1565629

URL: http://svn.apache.org/r1565629
Log:
Making it possible to register OAuthRequestFilter as the interceptor and also use it on non-JAX-RS
paths

Added:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
  (with props)
Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java?rev=1565629&r1=1565628&r2=1565629&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
Fri Feb  7 12:24:37 2014
@@ -57,7 +57,10 @@ public class OAuthRequestFilter extends 
     private boolean audienceIsEndpointAddress;
     
     public void filter(ContainerRequestContext context) {
-        Message m = JAXRSUtils.getCurrentMessage();
+        validateRequest(JAXRSUtils.getCurrentMessage());
+    }    
+    
+    protected void validateRequest(Message m) {
         if (isCorsRequest(m)) {
             return;
         }

Added: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java?rev=1565629&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
(added)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
Fri Feb  7 12:24:37 2014
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.filters;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.phase.PhaseInterceptor;
+
+
+public class OAuthRequestInterceptor extends OAuthRequestFilter implements PhaseInterceptor<Message>
{
+    
+    public void handleMessage(Message message) throws Fault {
+        validateRequest(message);
+    }
+
+    public Collection<PhaseInterceptor<? extends Message>> getAdditionalInterceptors()
{
+        return null;
+    }
+
+    public Set<String> getAfter() {
+        return Collections.emptySet();
+    }
+
+    public Set<String> getBefore() {
+        return Collections.emptySet();
+    }
+
+    public String getId() {
+        return getClass().getName();
+    }
+
+    public String getPhase() {
+        return Phase.PRE_INVOKE;
+    }
+    
+    public void handleFault(Message message) {
+    }
+
+//    protected String[] getAuthorizationParts() {
+//        // the current message is wrapped in MessageContext    
+//        MessageContext mc = getMessageContext();
+//
+//        // extract the token from the message, example, get 
+//        // WS-Security Binary token put on the message by WSS4JInInterceptor
+//    
+//        String token = getTokenFromCurrentMessage(mc);       
+//        return new String[] {"Bearer", token};    
+//    }
+}

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java?rev=1565629&r1=1565628&r2=1565629&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
Fri Feb  7 12:24:37 2014
@@ -28,6 +28,8 @@ import javax.ws.rs.InternalServerErrorEx
 import javax.ws.rs.core.Context;
 
 import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.jaxrs.ext.MessageContextImpl;
+import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
@@ -73,7 +75,7 @@ public abstract class AbstractAccessToke
     }
     
     public MessageContext getMessageContext() {
-        return mc;
+        return mc != null ? mc : new MessageContextImpl(PhaseInterceptorChain.getCurrentMessage());
     }
 
     protected AccessTokenValidator findTokenValidator(String authScheme) {
@@ -99,7 +101,7 @@ public abstract class AbstractAccessToke
         // Get the scheme and its data, Bearer only is supported by default
         // WWW-Authenticate with the list of supported schemes will be sent back 
         // if the scheme is not accepted
-        String[] authParts = AuthorizationUtils.getAuthorizationParts(mc, supportedSchemes);
+        String[] authParts = getAuthorizationParts();
         String authScheme = authParts[0];
         String authSchemeData = authParts[1];
         
@@ -108,7 +110,7 @@ public abstract class AbstractAccessToke
         if (handler != null) {
             try {
                 // Convert the HTTP Authorization scheme data into a token
-                accessTokenV = handler.validateAccessToken(mc, authScheme, authSchemeData);
+                accessTokenV = handler.validateAccessToken(getMessageContext(), authScheme,
authSchemeData);
             } catch (OAuthServiceException ex) {
                 AuthorizationUtils.throwAuthorizationFailure(
                     Collections.singleton(authScheme), realm);
@@ -163,5 +165,8 @@ public abstract class AbstractAccessToke
         this.audiences = audiences;
     }
     
+    protected String[] getAuthorizationParts() {
+        return AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes);
+    }
     
 }



Mime
View raw message