cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5764] Checking ClientIdProvider too if Principal is null
Date Wed, 04 Jun 2014 13:21:14 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 8c138e035 -> 7012de652


[CXF-5764] Checking ClientIdProvider too if Principal is null


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7012de65
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7012de65
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7012de65

Branch: refs/heads/master
Commit: 7012de652898cd3a7ac9b2858bc6265a6e1054e0
Parents: 8c138e0
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Wed Jun 4 14:20:57 2014 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Wed Jun 4 14:20:57 2014 +0100

----------------------------------------------------------------------
 .../oauth2/services/AbstractTokenService.java   | 33 ++++++++++++--------
 1 file changed, 20 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/7012de65/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
index ad3cdda..7b50586 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
@@ -55,24 +55,20 @@ public class AbstractTokenService extends AbstractOAuthService {
         Client client = null;
         SecurityContext sc = getMessageContext().getSecurityContext();
         Principal principal = sc.getUserPrincipal();
-        String clientIdParameter = params.getFirst(OAuthConstants.CLIENT_ID);
         
-        if (principal == null && clientIdParameter != null) {
-            // Both client_id and client_secret are expected in the form payload
-            client = getAndValidateClientFromIdAndSecret(clientIdParameter,
-                                          params.getFirst(OAuthConstants.CLIENT_SECRET));
-        } else if (principal != null) {
+        if (principal == null) {
+            String clientId = retrieveClientId(params);
+            if (clientId != null) {
+                client = getAndValidateClientFromIdAndSecret(clientId,
+                                              params.getFirst(OAuthConstants.CLIENT_SECRET));
+            }
+        } else {
             // Client has already been authenticated
             if (principal.getName() != null) {
                 client = getClient(principal.getName());
             } else {
-                String clientId = clientIdParameter != null ? clientIdParameter 
-                    : (String)getMessageContext().get(OAuthConstants.CLIENT_ID);
-                if (StringUtils.isEmpty(clientId) && clientIdProvider != null) {
-                    // Check Custom ClientIdProvider
-                    clientId = clientIdProvider.getClientId(getMessageContext());
-                }
-                if (!StringUtils.isEmpty(clientId)) {
+                String clientId = retrieveClientId(params);
+                if (clientId != null) {
                     client = getClient(clientId);
                 } 
             }
@@ -98,6 +94,17 @@ public class AbstractTokenService extends AbstractOAuthService {
         return client;
     }
     
+    protected String retrieveClientId(MultivaluedMap<String, String> params) {
+        String clientId = params.getFirst(OAuthConstants.CLIENT_ID);
+        if (clientId == null) {
+            clientId = (String)getMessageContext().get(OAuthConstants.CLIENT_ID);
+        }
+        if (clientId == null && clientIdProvider != null) {
+            clientId = clientIdProvider.getClientId(getMessageContext());
+        }
+        return clientId;
+    }
+    
     // Get the Client and check the id and secret
     protected Client getAndValidateClientFromIdAndSecret(String clientId, String clientSecret)
{
         Client client = getClient(clientId);


Mime
View raw message