cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [1/2] cxf git commit: Adding OAuthInvoker which can react to the expired access token token by refreshing the token and reinvoking
Date Mon, 23 Nov 2015 10:54:28 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 5d23a4f75 -> cfd0b515b


Adding OAuthInvoker which can react to the expired access token token by refreshing the token
and reinvoking


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/66f36563
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/66f36563
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/66f36563

Branch: refs/heads/master
Commit: 66f365638fc416ae41d4e6f179ffa90e921e940c
Parents: 3e625ec
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Nov 23 10:53:52 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Nov 23 10:53:52 2015 +0000

----------------------------------------------------------------------
 .../oauth2/client/ClientCodeRequestFilter.java  |  6 +-
 .../client/MemoryClientTokenContextManager.java |  9 ++-
 .../rs/security/oauth2/client/OAuthInvoker.java | 71 ++++++++++++++++++++
 3 files changed, 79 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/66f36563/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index a880dbd..c54a992 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -311,10 +311,8 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
             if (ctx != null) {
                 ClientAccessToken newAt = refreshAccessTokenIfExpired(ctx.getToken());
                 if (newAt != null) {
-                    clientTokenContextManager.removeClientTokenContext(mc);
-                    ClientTokenContext newCtx = initializeClientTokenContext(rc, newAt, ctx.getState());
           
-                    clientTokenContextManager.setClientTokenContext(mc, newCtx);
-                    ctx = newCtx;
+                    ((ClientTokenContextImpl)ctx).setToken(newAt);           
+                    clientTokenContextManager.setClientTokenContext(mc, ctx);
                 }
             }
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/66f36563/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
index da85e11..5ffb810 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/MemoryClientTokenContextManager.java
@@ -29,9 +29,12 @@ public class MemoryClientTokenContextManager implements ClientTokenContextManage
 
     @Override
     public void setClientTokenContext(MessageContext mc, ClientTokenContext request) {
-        String stateParam = OAuthUtils.generateRandomTokenKey();
-        OAuthUtils.setSessionToken(mc, stateParam, "org.apache.cxf.websso.context", 0);
-        map.put(stateParam, request);
+        String key = getKey(mc, false);
+        if (key == null) {
+            key = OAuthUtils.generateRandomTokenKey();
+            OAuthUtils.setSessionToken(mc, key, "org.apache.cxf.websso.context", 0);
+        }
+        map.put(key, request);
         
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/66f36563/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthInvoker.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthInvoker.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthInvoker.java
new file mode 100644
index 0000000..1b8aa72
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthInvoker.java
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import javax.ws.rs.NotAuthorizedException;
+
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.jaxrs.JAXRSInvoker;
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.jaxrs.ext.MessageContextImpl;
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+
+public class OAuthInvoker extends JAXRSInvoker {
+    private WebClient accessTokenServiceClient;
+    private Consumer consumer;
+    @Override
+    public Object invoke(Exchange exchange, Object requestParams, Object resourceObject)
{
+        try {
+            return super.invoke(exchange, requestParams, resourceObject);
+        } catch (Fault ex) {
+            if (ex.getCause() instanceof NotAuthorizedException) {
+                Message inMessage = exchange.getInMessage();
+                ClientTokenContext tokenContext = inMessage.getContent(ClientTokenContext.class);
+                ClientAccessToken accessToken = tokenContext.getToken();
+                String refreshToken  = accessToken.getRefreshToken();
+                if (refreshToken != null) {
+                    accessToken = OAuthClientUtils.refreshAccessToken(accessTokenServiceClient,

+                                                        consumer, 
+                                                        accessToken);
+                    ClientTokenContextManager contextManager = 
+                        exchange.getInMessage().getContent(ClientTokenContextManager.class);
+                    MessageContext mc = new MessageContextImpl(inMessage);
+                    ((ClientTokenContextImpl)tokenContext).setToken(accessToken);       
   
+                    contextManager.setClientTokenContext(mc, tokenContext);
+                    
+                    //retry
+                    return super.invoke(exchange, requestParams, resourceObject);
+                }
+            }
+            throw ex;
+        }
+    }
+    
+    public void setAccessTokenServiceClient(WebClient accessTokenServiceClient) {
+        this.accessTokenServiceClient = accessTokenServiceClient;
+    }
+
+    
+    public void setConsumer(Consumer consumer) {
+        this.consumer = consumer;
+    }
+}


Mime
View raw message