cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Minor update to oauth access_denied check
Date Mon, 09 Nov 2015 16:34:31 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes b7562ded6 -> 1e82efba0


Minor update to oauth access_denied check


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1e82efba
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1e82efba
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1e82efba

Branch: refs/heads/3.1.x-fixes
Commit: 1e82efba0035a15afe84ada2d3fd0791733800a7
Parents: b7562de
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Nov 9 16:33:06 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Nov 9 16:34:08 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/1e82efba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index bd49445..49df2d6 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -113,7 +113,8 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
         SecurityContext sc = rc.getSecurityContext();
         if (sc == null || sc.getUserPrincipal() == null) {
             if (codeParam == null 
-                && requestParams.containsKey(OAuthConstants.ACCESS_DENIED)
+                && requestParams.containsKey(OAuthConstants.ERROR_KEY)
+                && OAuthConstants.ACCESS_DENIED.equals(requestParams.get(OAuthConstants.ERROR_KEY))
                 && !faultAccessDeniedResponses) {
                 if (!applicationCanHandleAccessDenied) {
                     rc.abortWith(Response.ok(new AccessDeniedResponse()).build());    


Mime
View raw message