cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5599] Optional support for tokens embedded in form payloads
Date Tue, 11 Mar 2014 13:53:16 GMT
Repository: cxf
Updated Branches:
  refs/heads/master e557d6f2c -> c70e021bc


[CXF-5599] Optional support for tokens embedded in form payloads


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c70e021b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c70e021b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c70e021b

Branch: refs/heads/master
Commit: c70e021bc821717a653db28ea09ade8d6c26889e
Parents: e557d6f
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Mar 11 13:52:59 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Mar 11 13:52:59 2014 +0000

----------------------------------------------------------------------
 .../oauth2/filters/OAuthRequestFilter.java      | 41 +++++++++++++++++++-
 .../oauth2/utils/AuthorizationUtils.java        |  8 +++-
 2 files changed, 47 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/c70e021b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
index eb57240..4522512 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
@@ -24,14 +24,20 @@ import java.util.List;
 import java.util.logging.Logger;
 
 import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.HttpMethod;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.container.PreMatching;
+import javax.ws.rs.core.Form;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.ext.Provider;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.security.SimplePrincipal;
+import org.apache.cxf.jaxrs.provider.FormEncodingProvider;
+import org.apache.cxf.jaxrs.utils.FormUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
@@ -42,6 +48,7 @@ import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.services.AbstractAccessTokenValidator;
 import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
 import org.apache.cxf.security.SecurityContext;
 
@@ -56,6 +63,7 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
     
     private boolean useUserSubject;
     private boolean audienceIsEndpointAddress;
+    private boolean checkFormData;
     
     public void filter(ContainerRequestContext context) {
         validateRequest(JAXRSUtils.getCurrentMessage());
@@ -198,7 +206,38 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
         this.audienceIsEndpointAddress = audienceIsEndpointAddress;
     }
     
+    public void setCheckFormData(boolean checkFormData) {
+        this.checkFormData = checkFormData;
+    }
+    
     protected String[] getAuthorizationParts(Message m) {
-        return AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes);
+        if (!checkFormData) {
+            return AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes);
+        } else {
+            return new String[]{OAuthConstants.BEARER_AUTHORIZATION_SCHEME, getTokenFromFormData(m)};
+        }
+    }
+    
+    protected String getTokenFromFormData(Message message) {
+        String method = (String)message.get(Message.HTTP_REQUEST_METHOD);
+        String type = (String)message.get(Message.CONTENT_TYPE);
+        if (type != null && MediaType.APPLICATION_FORM_URLENCODED.startsWith(type)

+            && method != null && (method.equals(HttpMethod.POST) || method.equals(HttpMethod.PUT)))
{
+            try {
+                FormEncodingProvider<Form> provider = new FormEncodingProvider<Form>(true);
+                Form form = FormUtils.readForm(provider, message);
+                MultivaluedMap<String, String> formData = form.asMap();
+                String token = formData.getFirst(OAuthConstants.ACCESS_TOKEN);
+                if (token != null) {
+                    FormUtils.restoreForm(provider, form, message);
+                    return token;
+                }
+            } catch (Exception ex) {
+                // the exception will be thrown below    
+            }       
+        }
+        AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
+        return null;
     }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/c70e021b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
index 8f72b65..21f758c 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
@@ -59,6 +59,12 @@ public final class AuthorizationUtils {
     
     public static String[] getAuthorizationParts(MessageContext mc,
                                                  Set<String> challenges) {
+        return getAuthorizationParts(mc, challenges, null);
+    }
+    
+    public static String[] getAuthorizationParts(MessageContext mc,
+                                                 Set<String> challenges,
+                                                 String realm) {
         List<String> headers = mc.getHttpHeaders().getRequestHeader("Authorization");
         if (headers.size() == 1) {
             String[] parts = headers.get(0).split(" ");
@@ -66,7 +72,7 @@ public final class AuthorizationUtils {
                 return parts;       
             }
         }
-        throwAuthorizationFailure(challenges);
+        throwAuthorizationFailure(challenges, realm);
         return null;
     }
     


Mime
View raw message