cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5764] Initial update, enforce cliend id and secret only if no Pricnipal is already available
Date Fri, 23 May 2014 15:46:49 GMT
Repository: cxf
Updated Branches:
  refs/heads/master cc02c01f3 -> f206aab7a


[CXF-5764] Initial update, enforce cliend id and secret only if no Pricnipal is already available


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f206aab7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f206aab7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f206aab7

Branch: refs/heads/master
Commit: f206aab7a0b641388e608af91866b5ddb317bdd4
Parents: cc02c01
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Fri May 23 16:46:33 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Fri May 23 16:46:33 2014 +0100

----------------------------------------------------------------------
 .../oauth2/services/AbstractTokenService.java     | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f206aab7/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
index 6f6594a..ad3cdda 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
@@ -54,20 +54,20 @@ public class AbstractTokenService extends AbstractOAuthService {
     protected Client authenticateClientIfNeeded(MultivaluedMap<String, String> params)
{
         Client client = null;
         SecurityContext sc = getMessageContext().getSecurityContext();
+        Principal principal = sc.getUserPrincipal();
+        String clientIdParameter = params.getFirst(OAuthConstants.CLIENT_ID);
         
-        if (params.containsKey(OAuthConstants.CLIENT_ID)) {
+        if (principal == null && clientIdParameter != null) {
             // Both client_id and client_secret are expected in the form payload
-            client = getAndValidateClientFromIdAndSecret(params.getFirst(OAuthConstants.CLIENT_ID),
+            client = getAndValidateClientFromIdAndSecret(clientIdParameter,
                                           params.getFirst(OAuthConstants.CLIENT_SECRET));
-        } else if (sc.getUserPrincipal() != null) {
+        } else if (principal != null) {
             // Client has already been authenticated
-            Principal p = sc.getUserPrincipal();
-            if (p.getName() != null) {
-                client = getClient(p.getName());
+            if (principal.getName() != null) {
+                client = getClient(principal.getName());
             } else {
-                // Most likely a container-level authentication, possibly 2-way TLS, 
-                // Check if the mapping between Principal and Client Id has been done in
a filter
-                String clientId = (String)getMessageContext().get(OAuthConstants.CLIENT_ID);
+                String clientId = clientIdParameter != null ? clientIdParameter 
+                    : (String)getMessageContext().get(OAuthConstants.CLIENT_ID);
                 if (StringUtils.isEmpty(clientId) && clientIdProvider != null) {
                     // Check Custom ClientIdProvider
                     clientId = clientIdProvider.getClientId(getMessageContext());


Mime
View raw message