cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Minor updates to oAuth2 Redirection services
Date Mon, 23 Mar 2015 16:42:51 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 85e210f7f -> f388bc160


Minor updates to oAuth2 Redirection services


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f388bc16
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f388bc16
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f388bc16

Branch: refs/heads/3.0.x-fixes
Commit: f388bc160dbb9013dc8b1539f2d5bf85d273683e
Parents: 85e210f
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Mon Mar 23 16:34:32 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Mon Mar 23 16:42:32 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/oauth2/client/OAuthClientUtils.java       | 2 +-
 .../oauth2/services/AuthorizationCodeGrantService.java        | 7 ++++++-
 .../cxf/rs/security/oauth2/services/ImplicitGrantService.java | 7 ++++++-
 .../oauth2/services/RedirectionBasedGrantService.java         | 3 +--
 4 files changed, 14 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f388bc16/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
index 5a4bf78..f8738ae 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
@@ -270,7 +270,7 @@ public final class OAuthClientUtils {
                 } catch (Exception ex) {
                     throw new ProcessingException(ex);
                 }
-                accessTokenService.header("Authorization", sb.toString());
+                accessTokenService.replaceHeader("Authorization", sb.toString());
             } else {
                 form.param(OAuthConstants.CLIENT_ID, consumer.getKey());
                 if (consumer.getSecret() != null) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/f388bc16/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index 70f97f2..edbbe51 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -96,7 +96,12 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
         codeReg.setClient(client);
         codeReg.setRedirectUri(redirectUri);
         codeReg.setRequestedScope(requestedScope);
-        codeReg.setApprovedScope(approvedScope);
+        if (approvedScope != null && approvedScope.isEmpty()) {
+            // no down-scoping done by a user, all of the requested scopes have been authorized
+            codeReg.setApprovedScope(requestedScope);
+        } else {
+            codeReg.setApprovedScope(approvedScope);
+        }
         codeReg.setSubject(userSubject);
         codeReg.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
         codeReg.setClientCodeChallenge(params.getFirst(OAuthConstants.AUTHORIZATION_CODE_CHALLENGE));

http://git-wip-us.apache.org/repos/asf/cxf/blob/f388bc16/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
index f6e42f5..e0cda91 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
@@ -73,7 +73,12 @@ public class ImplicitGrantService extends RedirectionBasedGrantService
{
             reg.setGrantType(OAuthConstants.IMPLICIT_GRANT);
             reg.setSubject(userSubject);
             reg.setRequestedScope(requestedScope);        
-            reg.setApprovedScope(approvedScope);
+            if (approvedScope != null && approvedScope.isEmpty()) {
+                // no down-scoping done by a user, all of the requested scopes have been
authorized
+                reg.setApprovedScope(requestedScope);
+            } else {
+                reg.setApprovedScope(approvedScope);
+            }
             reg.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
             token = getDataProvider().createAccessToken(reg);
         } else {

http://git-wip-us.apache.org/repos/asf/cxf/blob/f388bc16/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 0834e2e..b7c3385 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -19,7 +19,6 @@
 
 package org.apache.cxf.rs.security.oauth2.services;
 
-import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
@@ -153,7 +152,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
                                client, 
                                redirectUri,
                                requestedScope,
-                               Collections.<String>emptyList(),
+                               OAuthUtils.convertPermissionsToScopeList(preauthorizedToken.getScopes()),
                                userSubject,
                                preauthorizedToken);
         }


Mime
View raw message