cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Updating OAuth2 abstract data provider helpers
Date Fri, 08 May 2015 16:15:40 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 6b4951ca4 -> aad0e65c0


Updating OAuth2 abstract data provider helpers


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/aad0e65c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/aad0e65c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/aad0e65c

Branch: refs/heads/3.0.x-fixes
Commit: aad0e65c08ca5f5a48d3a6c0afd865b3258df873
Parents: 6b4951c
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Fri May 8 16:53:24 2015 +0100
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Fri May 8 17:15:09 2015 +0100

----------------------------------------------------------------------
 .../provider/AbstractCodeDataProvider.java      | 51 ++++++++++++++++
 .../provider/AbstractOAuthDataProvider.java     | 63 ++++++++++++--------
 2 files changed, 90 insertions(+), 24 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/aad0e65c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractCodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractCodeDataProvider.java
new file mode 100644
index 0000000..a569176
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractCodeDataProvider.java
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.provider;
+
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider;
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration;
+import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
+
+public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider 
+    implements AuthorizationCodeDataProvider {
+    private long codeLifetime = 3600L;
+    
+    protected AbstractCodeDataProvider() {
+    }
+        
+    @Override
+    public ServerAuthorizationCodeGrant createCodeGrant(AuthorizationCodeRegistration reg)

+        throws OAuthServiceException {
+        ServerAuthorizationCodeGrant grant = new ServerAuthorizationCodeGrant(reg.getClient(),
codeLifetime);
+        grant.setRedirectUri(reg.getRedirectUri());
+        grant.setSubject(reg.getSubject());
+        grant.setRequestedScopes(reg.getRequestedScope());
+        grant.setApprovedScopes(reg.getApprovedScope());
+        saveCodeGrant(grant);
+        return grant;
+    }
+    
+    public void setCodeLifetime(long codeLifetime) {
+        this.codeLifetime = codeLifetime;
+    }
+    
+    protected abstract void saveCodeGrant(ServerAuthorizationCodeGrant grant);
+    
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/aad0e65c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 7494d74..2013d29 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -31,7 +31,7 @@ import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
 
 public abstract class AbstractOAuthDataProvider implements OAuthDataProvider {
     private long accessTokenLifetime = 3600L;
-    private long refreshTokenLifetime = 360000L;
+    private long refreshTokenLifetime = -1;
     
     protected AbstractOAuthDataProvider() {
     }
@@ -39,19 +39,20 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider
{
     @Override
     public ServerAccessToken createAccessToken(AccessTokenRegistration accessToken)
         throws OAuthServiceException {
-        ServerAccessToken serverToken = doCreateAccessToken(accessToken);
-        saveAccessToken(serverToken);
-        return serverToken;
+        return doCreateAccessToken(accessToken);
+    }
+    
+    @Override
+    public void removeAccessToken(ServerAccessToken token) throws OAuthServiceException {
+        revokeAccessToken(token.getTokenKey());
     }
     
     @Override
     public ServerAccessToken refreshAccessToken(Client client, String refreshTokenKey,
-                                                List<String> requestedScopes) throws
OAuthServiceException {
-        RefreshToken oldRefreshToken = revokeRefreshToken(client, refreshTokenKey);
-
-        ServerAccessToken serverToken = doRefreshAccessToken(client, oldRefreshToken, requestedScopes);
-        saveAccessToken(serverToken);
-        return serverToken;
+                                                List<String> restrictedScopes) throws
OAuthServiceException {
+        RefreshToken oldRefreshToken = revokeRefreshAndAccessTokens(client, refreshTokenKey);

+        return doRefreshAccessToken(client, oldRefreshToken, restrictedScopes);
+        
     }
     
     @Override
@@ -59,24 +60,29 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider
{
         if (revokeAccessToken(tokenKey)) {
             return;
         }
+        revokeRefreshAndAccessTokens(client, tokenKey);
+    }
+    protected RefreshToken revokeRefreshAndAccessTokens(Client client, String tokenKey) {
         RefreshToken oldRefreshToken = revokeRefreshToken(client, tokenKey);
         if (oldRefreshToken != null) {
             for (String accessTokenKey : oldRefreshToken.getAccessTokens()) {
                 revokeAccessToken(accessTokenKey);
             }
         }
+        return oldRefreshToken;
     }
+
     
+
     @Override
-    public List<OAuthPermission> convertScopeToPermissions(Client client,
-                                                           List<String> requestedScope)
{ 
+    public List<OAuthPermission> convertScopeToPermissions(Client client, List<String>
requestedScope) {
         if (requestedScope.isEmpty()) {
             return Collections.emptyList();
         } else {
-            throw new OAuthServiceException("Requested scopes can not be mapped to the permissions");
+            throw new OAuthServiceException("Requested scopes can not be mapped");
         }
     }
-    
+
     @Override
     public ServerAccessToken getPreauthorizedToken(Client client, List<String> requestedScopes,
                                                    UserSubject subject, String grantType)
@@ -89,17 +95,21 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider
{
         at.setAudience(accessToken.getAudience());
         at.setGrantType(accessToken.getGrantType());
         List<String> theScopes = accessToken.getApprovedScope();
-        if (theScopes.isEmpty()) {
-            theScopes = accessToken.getRequestedScope();
-        }
         List<OAuthPermission> thePermissions = 
             convertScopeToPermissions(accessToken.getClient(), theScopes);
         at.setScopes(thePermissions);
         at.setSubject(accessToken.getSubject());
-        createNewRefreshToken(at);
+        saveAccessToken(at);
+        if (isRefreshTokenSupported(theScopes)) {
+            createNewRefreshToken(at);
+        }
         return at;
     }
     
+    protected boolean isRefreshTokenSupported(List<String> theScopes) {
+        return true;
+    }
+
     protected ServerAccessToken createNewAccessToken(Client client) {
         return new BearerAccessToken(client, accessTokenLifetime);
     }
@@ -109,6 +119,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider
{
         rt.setAudience(at.getAudience());
         rt.setGrantType(at.getGrantType());
         rt.setScopes(at.getScopes());
+        rt.setSubject(at.getSubject());
         rt.getAccessTokens().add(at.getTokenKey());
         at.setRefreshToken(rt.getTokenKey());
         saveRefreshToken(at, rt);
@@ -117,18 +128,22 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider
{
     
     protected ServerAccessToken doRefreshAccessToken(Client client, 
                                                      RefreshToken oldRefreshToken, 
-                                                     List<String> requestedScopes)
{
+                                                     List<String> restrictedScopes)
{
         ServerAccessToken at = createNewAccessToken(client);
         at.setAudience(oldRefreshToken.getAudience());
         at.setGrantType(oldRefreshToken.getGrantType());
-        List<OAuthPermission> theNewScopes = convertScopeToPermissions(client, requestedScopes);
-        if (theNewScopes.isEmpty()) {
+        at.setSubject(oldRefreshToken.getSubject());
+        if (restrictedScopes.isEmpty()) {
             at.setScopes(oldRefreshToken.getScopes());
-        } else if (oldRefreshToken.getScopes().containsAll(theNewScopes)) {
-            at.setScopes(theNewScopes);
         } else {
-            throw new OAuthServiceException("Invalid scopes");
+            List<OAuthPermission> theNewScopes = convertScopeToPermissions(client,
restrictedScopes);
+            if (oldRefreshToken.getScopes().containsAll(theNewScopes)) {
+                at.setScopes(theNewScopes);
+            } else {
+                throw new OAuthServiceException("Invalid scopes");
+            }
         }
+        saveAccessToken(at);
         createNewRefreshToken(at);
         return at;
     }


Mime
View raw message