cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Minor updates to OAuth2 Redirection service
Date Wed, 18 Mar 2015 13:17:10 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 7e8d0b4b1 -> 1dec7e3bd


Minor updates to OAuth2 Redirection service


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1dec7e3b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1dec7e3b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1dec7e3b

Branch: refs/heads/master
Commit: 1dec7e3bd3956d5a0fba3c79a9a897e87941e9b6
Parents: 7e8d0b4
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Wed Mar 18 13:16:48 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Wed Mar 18 13:16:48 2015 +0000

----------------------------------------------------------------------
 .../rs/security/oauth2/services/AbstractOAuthService.java |  2 +-
 .../oauth2/services/AuthorizationCodeGrantService.java    |  4 ++++
 .../oauth2/services/RedirectionBasedGrantService.java     | 10 ++++++++++
 3 files changed, 15 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/1dec7e3b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
index c0a4207..994f0d7 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
@@ -40,7 +40,7 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
  * Abstract OAuth service
  */
 public abstract class AbstractOAuthService {
-    private static final Logger LOG = LogUtils.getL7dLogger(AbstractOAuthService.class);
+    protected static final Logger LOG = LogUtils.getL7dLogger(AbstractOAuthService.class);
     private MessageContext mc;
     private OAuthDataProvider dataProvider;
     private boolean blockUnsecureRequests;

http://git-wip-us.apache.org/repos/asf/cxf/blob/1dec7e3b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index 185cb0f..4747f5a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -53,6 +53,7 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
  */
 @Path("/authorize")
 public class AuthorizationCodeGrantService extends RedirectionBasedGrantService {
+    private static final Integer RECOMMENDED_CODE_EXPIRY_TIME_MINS = 10;
     private boolean canSupportPublicClients;
     private OOBResponseDeliverer oobDeliverer;
     private AuthorizationCodeRequestFilter codeRequestFilter;
@@ -112,6 +113,9 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
         } catch (OAuthServiceException ex) {
             return createErrorResponse(state.getState(), state.getRedirectUri(), OAuthConstants.ACCESS_DENIED);
         }
+        if (grant.getExpiresIn() / 60 > RECOMMENDED_CODE_EXPIRY_TIME_MINS) {
+            LOG.warning("Code expiry time exceeds 10 minutes");
+        }
         String grantCode = processCodeGrant(client, grant.getCode(), grant.getSubject());
         if (state.getRedirectUri() == null) {
             OOBAuthorizationResponse oobResponse = new OOBAuthorizationResponse();

http://git-wip-us.apache.org/repos/asf/cxf/blob/1dec7e3b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index e680bc3..30bbdae 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -62,6 +62,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
     private SubjectCreator subjectCreator;
     private ResourceOwnerNameProvider resourceOwnerNameProvider;
     private int maxDefaultSessionInterval;
+    private boolean matchRedirectUriWithApplicationUri;
     
     protected RedirectionBasedGrantService(String supportedResponseType,
                                            String supportedGrantType) {
@@ -360,6 +361,11 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         if (redirectUri == null && uris.size() == 0 && !canRedirectUriBeEmpty(client))
{
             reportInvalidRequestError("Client Redirect Uri is invalid");    
         }
+        if (redirectUri != null && matchRedirectUriWithApplicationUri
+            && client.getApplicationWebUri() != null
+            && !redirectUri.startsWith(client.getApplicationWebUri())) {
+            reportInvalidRequestError("Client Redirect Uri is invalid");
+        }
         return redirectUri;
     }
     
@@ -448,4 +454,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
     public void setMaxDefaultSessionInterval(int maxDefaultSessionInterval) {
         this.maxDefaultSessionInterval = maxDefaultSessionInterval;
     }
+
+    public void setMatchRedirectUriWithApplicationUri(boolean matchRedirectUriWithApplicationUri)
{
+        this.matchRedirectUriWithApplicationUri = matchRedirectUriWithApplicationUri;
+    }
 }


Mime
View raw message