cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Minor updates to AccessTokenValidatorService
Date Mon, 02 Nov 2015 13:21:47 GMT
Repository: cxf
Updated Branches:
  refs/heads/master a1bd8bd7f -> 133f53e74


Minor updates to AccessTokenValidatorService


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/133f53e7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/133f53e7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/133f53e7

Branch: refs/heads/master
Commit: 133f53e7498da0a9a71cfb17937ac6f004d23139
Parents: a1bd8bd
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Nov 2 13:21:33 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Nov 2 13:21:33 2015 +0000

----------------------------------------------------------------------
 .../services/AccessTokenValidatorService.java   | 37 ++++++++++++++++++--
 1 file changed, 34 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/133f53e7/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
index 6cb4a4b..67609fa 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
@@ -18,6 +18,8 @@
  */
 package org.apache.cxf.rs.security.oauth2.services;
 
+import java.util.logging.Logger;
+
 import javax.ws.rs.Consumes;
 import javax.ws.rs.Encoded;
 import javax.ws.rs.POST;
@@ -25,22 +27,51 @@ import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.SecurityContext;
 
+import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
 import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 
 @Path("validate")
 public class AccessTokenValidatorService extends AbstractAccessTokenValidator {
+    private static final Logger LOG = LogUtils.getL7dLogger(AccessTokenValidatorService.class);
+    private boolean blockUnsecureRequests;
+    private boolean blockUnauthorizedRequests = true;
     @POST
     @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
     @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
     public AccessTokenValidation getTokenValidationInfo(@Encoded MultivaluedMap<String,
String> params) {
-        if (getMessageContext().getSecurityContext().getUserPrincipal() == null) {
-            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
-        }
+        checkSecurityContext();
         String authScheme = params.getFirst(OAuthConstants.AUTHORIZATION_SCHEME_TYPE);
         String authSchemeData  = params.getFirst(OAuthConstants.AUTHORIZATION_SCHEME_DATA);
         return super.getAccessTokenValidation(authScheme, authSchemeData, params);
     }
+
+    private void checkSecurityContext() {
+        SecurityContext sc = getMessageContext().getSecurityContext();
+        if (!sc.isSecure() && blockUnsecureRequests) {
+            LOG.warning("Unsecure HTTP, Transport Layer Security is recommended");
+            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
+        }
+        if (sc.getUserPrincipal() == null && blockUnauthorizedRequests) {
+            //TODO: check client certificates
+            LOG.warning("Authenticated Principal is not available");
+            AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm);
+        }
+        
+    }
+
+    public void setBlockUnsecureRequests(boolean blockUnsecureRequests) {
+        this.blockUnsecureRequests = blockUnsecureRequests;
+    }
+
+    public boolean isBlockUnauthorizedRequests() {
+        return blockUnauthorizedRequests;
+    }
+
+    public void setBlockUnauthorizedRequests(boolean blockUnauthorizedRequests) {
+        this.blockUnauthorizedRequests = blockUnauthorizedRequests;
+    }
 }


Mime
View raw message