cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1567916 - in /cxf/branches/2.7.x-fixes: ./ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/ rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ rt/rs/secur...
Date Thu, 13 Feb 2014 13:26:04 GMT
Author: sergeyb
Date: Thu Feb 13 13:26:03 2014
New Revision: 1567916

URL: http://svn.apache.org/r1567916
Log:
Merged revisions 1567907-1567908,1567911 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1567907 | sergeyb | 2014-02-13 12:38:36 +0000 (Thu, 13 Feb 2014) | 1 line
  
  [CXF-5561] Updating AccessTokenValidatorService to ensure an authenticated Principal is
available
........
  r1567908 | sergeyb | 2014-02-13 12:44:54 +0000 (Thu, 13 Feb 2014) | 1 line
  
  [CXF-5561] More updates
........
  r1567911 | sergeyb | 2014-02-13 13:02:14 +0000 (Thu, 13 Feb 2014) | 1 line
  
  [CXF-5561] Introducing constants
........

Modified:
    cxf/branches/2.7.x-fixes/   (props changed)
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
    cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java

Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
  Merged /cxf/trunk:r1567907-1567911

Propchange: cxf/branches/2.7.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java?rev=1567916&r1=1567915&r2=1567916&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
Thu Feb 13 13:26:03 2014
@@ -21,7 +21,7 @@ package org.apache.cxf.rs.security.oauth
 import java.util.Collections;
 import java.util.List;
 
-import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Form;
 
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.jaxrs.ext.MessageContext;
@@ -43,8 +43,9 @@ public class AccessTokenValidatorClient 
                                                      String authSchemeData) 
         throws OAuthServiceException {
         WebClient client = WebClient.fromClient(tokenValidatorClient, true);
-        client.header(HttpHeaders.AUTHORIZATION, authScheme + " " + authSchemeData);
-        return client.get(AccessTokenValidation.class);
+        Form form = new Form().param(OAuthConstants.AUTHORIZATION_SCHEME_TYPE, authScheme)
+                              .param(OAuthConstants.AUTHORIZATION_SCHEME_DATA, authSchemeData);
+        return client.post(form, AccessTokenValidation.class);
     }
 
     public void setTokenValidatorClient(WebClient tokenValidatorClient) {

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java?rev=1567916&r1=1567915&r2=1567916&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
Thu Feb 13 13:26:03 2014
@@ -40,6 +40,7 @@ import org.apache.cxf.rs.security.oauth2
 import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.services.AbstractAccessTokenValidator;
+import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 import org.apache.cxf.security.SecurityContext;
 
@@ -63,8 +64,15 @@ public class OAuthRequestFilter extends 
             return;
         }
         
+        // Get the scheme and its data, Bearer only is supported by default
+        // WWW-Authenticate with the list of supported schemes will be sent back 
+        // if the scheme is not accepted
+        String[] authParts = getAuthorizationParts(m);
+        String authScheme = authParts[0];
+        String authSchemeData = authParts[1];
+        
         // Get the access token
-        AccessTokenValidation accessTokenV = getAccessTokenValidation(); 
+        AccessTokenValidation accessTokenV = getAccessTokenValidation(authScheme, authSchemeData);

         
         // Find the scopes which match the current request
         
@@ -188,4 +196,7 @@ public class OAuthRequestFilter extends 
         this.audienceIsEndpointAddress = audienceIsEndpointAddress;
     }
     
+    protected String[] getAuthorizationParts(Message m) {
+        return AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes);
+    }
 }

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java?rev=1567916&r1=1567915&r2=1567916&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestInterceptor.java
Thu Feb 13 13:26:03 2014
@@ -34,6 +34,16 @@ public class OAuthRequestInterceptor ext
         validateRequest(message);
     }
 
+    protected String[] getAuthorizationParts(Message message) {
+        return super.getAuthorizationParts(message);
+        
+//        You can customise it, extract the token from the message, example, get 
+//        WS-Security Binary token put on the message by WSS4JInInterceptor
+//    
+//        String token = getTokenFromCurrentMessage(mc);       
+//        return new String[] {"Bearer", token};    
+    }
+
     public Collection<PhaseInterceptor<? extends Message>> getAdditionalInterceptors()
{
         return null;
     }
@@ -57,14 +67,4 @@ public class OAuthRequestInterceptor ext
     public void handleFault(Message message) {
     }
 
-//    protected String[] getAuthorizationParts() {
-//        // the current message is wrapped in MessageContext    
-//        MessageContext mc = getMessageContext();
-//
-//        // extract the token from the message, example, get 
-//        // WS-Security Binary token put on the message by WSS4JInInterceptor
-//    
-//        String token = getTokenFromCurrentMessage(mc);       
-//        return new String[] {"Bearer", token};    
-//    }
 }

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java?rev=1567916&r1=1567915&r2=1567916&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
Thu Feb 13 13:26:03 2014
@@ -43,16 +43,14 @@ public abstract class AbstractAccessToke
     
     private static final String DEFAULT_AUTH_SCHEME = OAuthConstants.BEARER_AUTHORIZATION_SCHEME;
     
+
+    protected Set<String> supportedSchemes = new HashSet<String>();
+    protected String realm;
     
     private MessageContext mc;
-
     private List<AccessTokenValidator> tokenHandlers = Collections.emptyList();
     private List<String> audiences = new LinkedList<String>();
-    
-    private Set<String> supportedSchemes = new HashSet<String>();
-    
     private OAuthDataProvider dataProvider;
-    private String realm;
     
     public void setTokenValidator(AccessTokenValidator validator) {
         setTokenValidators(Collections.singletonList(validator));
@@ -92,19 +90,12 @@ public abstract class AbstractAccessToke
     /**
      * Get the access token
      */
-    protected AccessTokenValidation getAccessTokenValidation() {
+    protected AccessTokenValidation getAccessTokenValidation(String authScheme, String authSchemeData)
{
         AccessTokenValidation accessTokenV = null;
         if (dataProvider == null && tokenHandlers.isEmpty()) {
             throw ExceptionUtils.toInternalServerErrorException(null, null);
         }
         
-        // Get the scheme and its data, Bearer only is supported by default
-        // WWW-Authenticate with the list of supported schemes will be sent back 
-        // if the scheme is not accepted
-        String[] authParts = getAuthorizationParts();
-        String authScheme = authParts[0];
-        String authSchemeData = authParts[1];
-        
         // Get the registered handler capable of processing the token
         AccessTokenValidator handler = findTokenValidator(authScheme);
         if (handler != null) {
@@ -164,9 +155,4 @@ public abstract class AbstractAccessToke
     public void setAudiences(List<String> audiences) {
         this.audiences = audiences;
     }
-    
-    protected String[] getAuthorizationParts() {
-        return AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes);
-    }
-    
 }

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java?rev=1567916&r1=1567915&r2=1567916&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
Thu Feb 13 13:26:03 2014
@@ -18,18 +18,29 @@
  */
 package org.apache.cxf.rs.security.oauth2.services;
 
-import javax.ws.rs.GET;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.Encoded;
+import javax.ws.rs.FormParam;
+import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
+import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 
 @Path("validate")
 public class AccessTokenValidatorService extends AbstractAccessTokenValidator {
-    @GET
+    @POST
     @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
-    public AccessTokenValidation getTokenValidationInfo() {
-        return super.getAccessTokenValidation();
+    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    public AccessTokenValidation getTokenValidationInfo(
+        @FormParam(OAuthConstants.AUTHORIZATION_SCHEME_TYPE) String authScheme, 
+        @Encoded @FormParam(OAuthConstants.AUTHORIZATION_SCHEME_DATA) String authSchemeData)
{
+        if (getMessageContext().getSecurityContext().getUserPrincipal() == null) {
+            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
+        }
+        return super.getAccessTokenValidation(authScheme, authSchemeData);
     }
 }

Modified: cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1567916&r1=1567915&r2=1567916&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
Thu Feb 13 13:26:03 2014
@@ -106,7 +106,10 @@ public final class OAuthConstants {
     public static final String INVALID_SCOPE = "invalid_scope";
     public static final String ACCESS_DENIED = "access_denied";
     
-    
+    // Authorization scheme constants, used internally by AccessTokenValidation client and
service
+    public static final String AUTHORIZATION_SCHEME_TYPE = "authScheme";
+    public static final String AUTHORIZATION_SCHEME_DATA = "authSchemeData";
+
     private OAuthConstants() {
     }
     



Mime
View raw message