cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [1/2] cxf git commit: Adding an OAuth2 code request preprocessor
Date Fri, 14 Nov 2014 16:23:36 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 2d131122c -> 855ab395b


Adding an OAuth2 code request preprocessor


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a1243805
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a1243805
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a1243805

Branch: refs/heads/master
Commit: a1243805cb50b6f38c2f74188d8686b1d6457255
Parents: 969cdb0
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Fri Nov 14 16:22:30 2014 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Fri Nov 14 16:22:30 2014 +0000

----------------------------------------------------------------------
 .../AuthorizationCodeRequestFilter.java         | 27 ++++++++++++++++++++
 .../services/AuthorizationCodeGrantService.java | 13 +++++++++-
 .../services/RedirectionBasedGrantService.java  | 14 +++++-----
 3 files changed, 47 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/a1243805/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java
new file mode 100644
index 0000000..d9d4442
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java
@@ -0,0 +1,27 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.provider;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+
+public interface AuthorizationCodeRequestFilter {
+    MultivaluedMap<String, String> process(MultivaluedMap<String, String> params,
UserSubject endUser);
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/a1243805/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index d7092a5..ec2bf75 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -34,6 +34,7 @@ import org.apache.cxf.rs.security.oauth2.common.UserSubject;
 import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider;
 import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
 import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
+import org.apache.cxf.rs.security.oauth2.provider.AuthorizationCodeRequestFilter;
 import org.apache.cxf.rs.security.oauth2.provider.AuthorizationCodeResponseFilter;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.provider.OOBResponseDeliverer;
@@ -51,12 +52,18 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 public class AuthorizationCodeGrantService extends RedirectionBasedGrantService {
     private boolean canSupportPublicClients;
     private OOBResponseDeliverer oobDeliverer;
+    private AuthorizationCodeRequestFilter codeRequestFilter;
     private AuthorizationCodeResponseFilter codeResponseFilter;
     
     public AuthorizationCodeGrantService() {
         super(OAuthConstants.CODE_RESPONSE_TYPE, OAuthConstants.AUTHORIZATION_CODE_GRANT);
     }
-    
+    protected Response startAuthorization(MultivaluedMap<String, String> params, UserSubject
userSubject) {
+        if (codeRequestFilter != null) {
+            params = codeRequestFilter.process(params, userSubject);
+        }
+        return super.startAuthorization(params, userSubject);
+    }
     protected Response createGrant(MultivaluedMap<String, String> params,
                                    Client client,
                                    String redirectUri,
@@ -148,6 +155,10 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
     public void setCodeResponseFilter(AuthorizationCodeResponseFilter filter) {
         this.codeResponseFilter = filter;
     }
+
+    public void setCodeRequestFilter(AuthorizationCodeRequestFilter codeRequestFilter) {
+        this.codeRequestFilter = codeRequestFilter;
+    }
     
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a1243805/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index b42d6c3..351993c 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -108,8 +108,13 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
      */
     protected Response startAuthorization(MultivaluedMap<String, String> params) {
         // Make sure the end user has authenticated, check if HTTPS is used
-        SecurityContext sc = getAndValidateSecurityContext();
+        SecurityContext sc = getAndValidateSecurityContext(params);
+        // Create a UserSubject representing the end user 
+        UserSubject userSubject = createUserSubject(sc);
+        return startAuthorization(params, userSubject);
+    }
         
+    protected Response startAuthorization(MultivaluedMap<String, String> params, UserSubject
userSubject) {    
         Client client = getClient(params);
         
         // Validate the provided request URI, if any, against the ones Client provided
@@ -138,9 +143,6 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         }
         
         
-        // Create a UserSubject representing the end user 
-        UserSubject userSubject = createUserSubject(sc);
-        
         // Request a new grant only if no pre-authorized token is available
         ServerAccessToken preauthorizedToken = getDataProvider().getPreauthorizedToken(
             client, requestedScope, userSubject, supportedGrantType);
@@ -217,7 +219,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
      */
     protected Response completeAuthorization(MultivaluedMap<String, String> params)
{
         // Make sure the end user has authenticated, check if HTTPS is used
-        SecurityContext securityContext = getAndValidateSecurityContext();
+        SecurityContext securityContext = getAndValidateSecurityContext(params);
         UserSubject userSubject = createUserSubject(securityContext);
         
         // Make sure the session is valid
@@ -307,7 +309,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
                                             UserSubject userSubject,
                                             ServerAccessToken preAuthorizedToken);
     
-    private SecurityContext getAndValidateSecurityContext() {
+    protected SecurityContext getAndValidateSecurityContext(MultivaluedMap<String, String>
params) {
         SecurityContext securityContext =  
             (SecurityContext)getMessageContext().get(SecurityContext.class.getName());
         if (securityContext == null || securityContext.getUserPrincipal() == null) {


Mime
View raw message