cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1567907 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2: filters/ services/
Date Thu, 13 Feb 2014 12:38:36 GMT
Author: sergeyb
Date: Thu Feb 13 12:38:36 2014
New Revision: 1567907

URL: http://svn.apache.org/r1567907
Log:
[CXF-5561] Updating AccessTokenValidatorService to ensure an authenticated Principal is available

Modified:
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
    cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java?rev=1567907&r1=1567906&r2=1567907&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
Thu Feb 13 12:38:36 2014
@@ -41,6 +41,7 @@ import org.apache.cxf.rs.security.oauth2
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.services.AbstractAccessTokenValidator;
+import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 import org.apache.cxf.security.SecurityContext;
 
@@ -65,8 +66,15 @@ public class OAuthRequestFilter extends 
             return;
         }
         
+        // Get the scheme and its data, Bearer only is supported by default
+        // WWW-Authenticate with the list of supported schemes will be sent back 
+        // if the scheme is not accepted
+        String[] authParts = getAuthorizationParts(m);
+        String authScheme = authParts[0];
+        String authSchemeData = authParts[1];
+        
         // Get the access token
-        AccessTokenValidation accessTokenV = getAccessTokenValidation(); 
+        AccessTokenValidation accessTokenV = getAccessTokenValidation(authScheme, authSchemeData);

         
         // Find the scopes which match the current request
         
@@ -190,4 +198,7 @@ public class OAuthRequestFilter extends 
         this.audienceIsEndpointAddress = audienceIsEndpointAddress;
     }
     
+    protected String[] getAuthorizationParts(Message m) {
+        return AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes);
+    }
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java?rev=1567907&r1=1567906&r2=1567907&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
Thu Feb 13 12:38:36 2014
@@ -34,6 +34,16 @@ public class OAuthRequestInterceptor ext
         validateRequest(message);
     }
 
+    protected String[] getAuthorizationParts(Message message) {
+        return super.getAuthorizationParts(message);
+        
+//        You can customise it, extract the token from the message, example, get 
+//        WS-Security Binary token put on the message by WSS4JInInterceptor
+//    
+//        String token = getTokenFromCurrentMessage(mc);       
+//        return new String[] {"Bearer", token};    
+    }
+
     public Collection<PhaseInterceptor<? extends Message>> getAdditionalInterceptors()
{
         return null;
     }
@@ -57,14 +67,4 @@ public class OAuthRequestInterceptor ext
     public void handleFault(Message message) {
     }
 
-//    protected String[] getAuthorizationParts() {
-//        // the current message is wrapped in MessageContext    
-//        MessageContext mc = getMessageContext();
-//
-//        // extract the token from the message, example, get 
-//        // WS-Security Binary token put on the message by WSS4JInInterceptor
-//    
-//        String token = getTokenFromCurrentMessage(mc);       
-//        return new String[] {"Bearer", token};    
-//    }
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java?rev=1567907&r1=1567906&r2=1567907&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
Thu Feb 13 12:38:36 2014
@@ -43,16 +43,14 @@ public abstract class AbstractAccessToke
     
     private static final String DEFAULT_AUTH_SCHEME = OAuthConstants.BEARER_AUTHORIZATION_SCHEME;
     
+
+    protected Set<String> supportedSchemes = new HashSet<String>();
+    protected String realm;
     
     private MessageContext mc;
-
     private List<AccessTokenValidator> tokenHandlers = Collections.emptyList();
     private List<String> audiences = new LinkedList<String>();
-    
-    private Set<String> supportedSchemes = new HashSet<String>();
-    
     private OAuthDataProvider dataProvider;
-    private String realm;
     
     public void setTokenValidator(AccessTokenValidator validator) {
         setTokenValidators(Collections.singletonList(validator));
@@ -92,19 +90,12 @@ public abstract class AbstractAccessToke
     /**
      * Get the access token
      */
-    protected AccessTokenValidation getAccessTokenValidation() {
+    protected AccessTokenValidation getAccessTokenValidation(String authScheme, String authSchemeData)
{
         AccessTokenValidation accessTokenV = null;
         if (dataProvider == null && tokenHandlers.isEmpty()) {
             throw ExceptionUtils.toInternalServerErrorException(null, null);
         }
         
-        // Get the scheme and its data, Bearer only is supported by default
-        // WWW-Authenticate with the list of supported schemes will be sent back 
-        // if the scheme is not accepted
-        String[] authParts = getAuthorizationParts();
-        String authScheme = authParts[0];
-        String authSchemeData = authParts[1];
-        
         // Get the registered handler capable of processing the token
         AccessTokenValidator handler = findTokenValidator(authScheme);
         if (handler != null) {
@@ -164,9 +155,4 @@ public abstract class AbstractAccessToke
     public void setAudiences(List<String> audiences) {
         this.audiences = audiences;
     }
-    
-    protected String[] getAuthorizationParts() {
-        return AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes);
-    }
-    
 }

Modified: cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java?rev=1567907&r1=1567906&r2=1567907&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
(original)
+++ cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
Thu Feb 13 12:38:36 2014
@@ -18,18 +18,25 @@
  */
 package org.apache.cxf.rs.security.oauth2.services;
 
+import javax.ws.rs.Encoded;
+import javax.ws.rs.FormParam;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
+import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
 
 @Path("validate")
 public class AccessTokenValidatorService extends AbstractAccessTokenValidator {
     @GET
     @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public AccessTokenValidation getTokenValidationInfo() {
-        return super.getAccessTokenValidation();
+    public AccessTokenValidation getTokenValidationInfo(@FormParam("authScheme") String authScheme,

+                                                        @Encoded @FormParam("authScheme")
String authSchemeData) {
+        if (getMessageContext().getSecurityContext().getUserPrincipal() == null) {
+            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
+        }
+        return super.getAccessTokenValidation(authScheme, authSchemeData);
     }
 }



Mime
View raw message