cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Minor updates to oAuth2 Redirection services
Date Mon, 23 Mar 2015 16:34:50 GMT
Repository: cxf
Updated Branches:
  refs/heads/master ba2d7b85d -> 00a5a1d6b


Minor updates to oAuth2 Redirection services


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/00a5a1d6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/00a5a1d6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/00a5a1d6

Branch: refs/heads/master
Commit: 00a5a1d6b1da5f3b679c25d4bd988d1277ee62e7
Parents: ba2d7b8
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Mon Mar 23 16:34:32 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Mon Mar 23 16:34:32 2015 +0000

----------------------------------------------------------------------
 .../oauth2/services/AuthorizationCodeGrantService.java        | 7 ++++++-
 .../cxf/rs/security/oauth2/services/ImplicitGrantService.java | 7 ++++++-
 .../oauth2/services/RedirectionBasedGrantService.java         | 3 +--
 3 files changed, 13 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/00a5a1d6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index 60e9f0d..9b7239a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -104,7 +104,12 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
         codeReg.setClient(client);
         codeReg.setRedirectUri(state.getRedirectUri());
         codeReg.setRequestedScope(requestedScope);
-        codeReg.setApprovedScope(approvedScope);
+        if (approvedScope != null && approvedScope.isEmpty()) {
+            // no down-scoping done by a user, all of the requested scopes have been authorized
+            codeReg.setApprovedScope(requestedScope);
+        } else {
+            codeReg.setApprovedScope(approvedScope);
+        }
         codeReg.setSubject(userSubject);
         codeReg.setAudience(state.getAudience());
         codeReg.setClientCodeChallenge(state.getClientCodeChallenge());

http://git-wip-us.apache.org/repos/asf/cxf/blob/00a5a1d6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
index 9602dd1..10542b8 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
@@ -72,7 +72,12 @@ public class ImplicitGrantService extends RedirectionBasedGrantService
{
             reg.setGrantType(OAuthConstants.IMPLICIT_GRANT);
             reg.setSubject(userSubject);
             reg.setRequestedScope(requestedScope);        
-            reg.setApprovedScope(approvedScope);
+            if (approvedScope != null && approvedScope.isEmpty()) {
+                // no down-scoping done by a user, all of the requested scopes have been
authorized
+                reg.setApprovedScope(requestedScope);
+            } else {
+                reg.setApprovedScope(approvedScope);
+            }
             reg.setAudience(state.getAudience());
             token = getDataProvider().createAccessToken(reg);
         } else {

http://git-wip-us.apache.org/repos/asf/cxf/blob/00a5a1d6/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 147101b..306df30 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -19,7 +19,6 @@
 
 package org.apache.cxf.rs.security.oauth2.services;
 
-import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
@@ -172,7 +171,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
             return createGrant(data,
                                client, 
                                requestedScope,
-                               Collections.<String>emptyList(),
+                               OAuthUtils.convertPermissionsToScopeList(preAuthorizedToken.getScopes()),
                                userSubject,
                                preAuthorizedToken);
         }


Mime
View raw message