cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Minor updates to OAuth abstract provider
Date Fri, 27 Nov 2015 14:40:41 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 9ef24a17c -> 3912113d9


Minor updates to OAuth abstract provider


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3912113d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3912113d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3912113d

Branch: refs/heads/3.1.x-fixes
Commit: 3912113d9f0d45505987d36b95395a833bcbe4f4
Parents: 9ef24a1
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Fri Nov 27 14:39:46 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Fri Nov 27 14:40:28 2015 +0000

----------------------------------------------------------------------
 .../provider/AbstractOAuthDataProvider.java     | 27 ++++++++++++--------
 1 file changed, 16 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/3912113d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index c951c6e..7fac0b4 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -86,21 +86,17 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider
{
     public void revokeToken(Client client, String tokenKey, String tokenTypeHint) throws
OAuthServiceException {
         ServerAccessToken accessToken = revokeAccessToken(tokenKey);
         if (accessToken == null) {
+            // Revoke refresh token            
             doRevokeRefreshAndAccessTokens(client, tokenKey, true);
         } else {
+            // Revoke access token
             if (accessToken.getRefreshToken() != null) {
                 RefreshToken rt = getRefreshToken(client, accessToken.getRefreshToken());
                 if (rt == null) {
                     return;
                 }
                 
-                List<String> accessTokenKeys = rt.getAccessTokens();
-                for (int i = 0; i < accessTokenKeys.size(); i++) {
-                    if (accessTokenKeys.get(i).equals(accessToken.getTokenKey())) {
-                        accessTokenKeys.remove(i);
-                        break;
-                    }
-                }
+                unlinkRefreshAccessToken(rt, accessToken.getTokenKey());
                 if (rt.getAccessTokens().isEmpty()) {
                     revokeRefreshToken(client, rt.getTokenKey());
                 } else {
@@ -109,6 +105,16 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider
{
             }
         }
     }
+    protected void unlinkRefreshAccessToken(RefreshToken rt, String tokenKey) {
+        List<String> accessTokenKeys = rt.getAccessTokens();
+        for (int i = 0; i < accessTokenKeys.size(); i++) {
+            if (accessTokenKeys.get(i).equals(tokenKey)) {
+                accessTokenKeys.remove(i);
+                break;
+            }
+        }
+    }
+
     protected RefreshToken revokeRefreshAndAccessTokens(Client client, String tokenKey) {
         return doRevokeRefreshAndAccessTokens(client, tokenKey, recycleRefreshTokens);
     }
@@ -119,11 +125,10 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider
{
             || OAuthUtils.isExpired(currentRefreshToken.getIssuedAt(), currentRefreshToken.getExpiresIn()))
{
             throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
         }
-        for (String accessTokenKey : currentRefreshToken.getAccessTokens()) {
-            revokeAccessToken(accessTokenKey);
-        }
         if (recycle) {
-            currentRefreshToken.getAccessTokens().clear();
+            for (String accessTokenKey : currentRefreshToken.getAccessTokens()) {
+                revokeAccessToken(accessTokenKey);
+            }
         }
         return currentRefreshToken;
     }


Mime
View raw message