Return-Path: 
 <commits-return-36447-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 7165417E0E
	for <apmail-cxf-commits-archive@www.apache.org>;
 Thu, 23 Apr 2015 21:11:18 +0000 (UTC)
Received: (qmail 23799 invoked by uid 500); 23 Apr 2015 21:11:18 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 23740 invoked by uid 500); 23 Apr 2015 21:11:18 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 23731 invoked by uid 99); 23 Apr 2015 21:11:18 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Apr 2015 21:11:18 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id 02F2BE17F5; Thu, 23 Apr 2015 21:11:18 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: sergeyb@apache.org
To: commits@cxf.apache.org
Message-Id: <fcbe35fa15144af7a6a844b48ad8ab99@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cxf git commit: [CXF-6280] Adding the actual service prototype
Date: Thu, 23 Apr 2015 21:11:18 +0000 (UTC)

Repository: cxf
Updated Branches:
  refs/heads/master 3656b40f2 -> 70b568a33


[CXF-6280] Adding the actual service prototype


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/70b568a3
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/70b568a3
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/70b568a3

Branch: refs/heads/master
Commit: 70b568a3390bec3498c427264a5f3f4cbcb7f1cc
Parents: 3656b40
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Apr 23 22:11:00 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Apr 23 22:11:00 2015 +0100

----------------------------------------------------------------------
 .../services/DirectAuthorizationService.java    | 137 +++++++++++++++++++
 .../services/RedirectionBasedGrantService.java  |   2 +-
 2 files changed, 138 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/70b568a3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
new file mode 100644
index 0000000..26212d8
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
@@ -0,0 +1,137 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.oauth2.services;
+
+import java.util.List;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.jaxrs.utils.ExceptionUtils;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.provider.SubjectCreator;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+import org.apache.cxf.security.SecurityContext;
+
+
+@Path("/authorize-direct")
+public class DirectAuthorizationService extends AbstractOAuthService {
+    private SubjectCreator subjectCreator;
+    private boolean partialMatchScopeValidation;
+    @POST
+    @Consumes("application/x-www-form-urlencoded")
+    @Produces("text/html")
+    public Response authorize(MultivaluedMap<String, String> params) {
+        SecurityContext sc = getAndValidateSecurityContext(params);
+        // Create a UserSubject representing the end user 
+        UserSubject userSubject = createUserSubject(sc);
+        Client client = getClient(params);
+        
+        AccessTokenRegistration reg = new AccessTokenRegistration();
+        reg.setClient(client);
+        reg.setGrantType(OAuthConstants.DIRECT_TOKEN_GRANT);
+        reg.setSubject(userSubject);
+        
+        String providedScope = params.getFirst(OAuthConstants.SCOPE);
+        List<String> requestedScope = OAuthUtils.getRequestedScopes(client, 
+                                                           providedScope, 
+                                                           partialMatchScopeValidation);
+        
+        reg.setRequestedScope(requestedScope);        
+        reg.setApprovedScope(requestedScope);
+        ServerAccessToken token = getDataProvider().createAccessToken(reg);
+        ClientAccessToken clientToken = OAuthUtils.toClientAccessToken(token, isWriteOptionalParameters());
+        return Response.ok(clientToken).build();
+    }
+    
+    protected SecurityContext getAndValidateSecurityContext(MultivaluedMap<String, String> params) {
+        SecurityContext securityContext =  
+            (SecurityContext)getMessageContext().get(SecurityContext.class.getName());
+        if (securityContext == null || securityContext.getUserPrincipal() == null) {
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
+        }
+        checkTransportSecurity();
+        return securityContext;
+    }
+    protected UserSubject createUserSubject(SecurityContext securityContext) {
+        UserSubject subject = null;
+        if (subjectCreator != null) {
+            subject = subjectCreator.createUserSubject(getMessageContext());
+            if (subject != null) {
+                return subject; 
+            }
+        }
+        
+        subject = getMessageContext().getContent(UserSubject.class);
+        if (subject != null) {
+            return subject;
+        } else {
+            return OAuthUtils.createSubject(securityContext);
+        }
+    }
+
+    public SubjectCreator getSubjectCreator() {
+        return subjectCreator;
+    }
+
+    public void setSubjectCreator(SubjectCreator subjectCreator) {
+        this.subjectCreator = subjectCreator;
+    }
+    protected Client getClient(MultivaluedMap<String, String> params) {
+        return getClient(params.getFirst(OAuthConstants.CLIENT_ID));
+    }
+    protected Client getClient(String clientId) {
+        Client client = null;
+        
+        try {
+            client = getValidClient(clientId);
+        } catch (OAuthServiceException ex) {
+            if (ex.getError() != null) {
+                reportInvalidRequestError(ex.getError(), null);
+            }
+        }
+        
+        if (client == null) {
+            reportInvalidRequestError("Client ID is invalid", null);
+        }
+        return client;
+        
+    }
+
+    public boolean isPartialMatchScopeValidation() {
+        return partialMatchScopeValidation;
+    }
+
+    public void setPartialMatchScopeValidation(boolean partialMatchScopeValidation) {
+        this.partialMatchScopeValidation = partialMatchScopeValidation;
+    }
+}
+
+

http://git-wip-us.apache.org/repos/asf/cxf/blob/70b568a3/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 05ac679..be09cc0 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -429,7 +429,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         
     }
     protected Client getClient(MultivaluedMap<String, String> params) {
-        return getClient(params.getFirst(OAuthConstants.CLIENT_ID));
+        return this.getClient(params.getFirst(OAuthConstants.CLIENT_ID));
     }
     protected String getSupportedGrantType() {
         return this.supportedGrantType;