cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Minor update to oauth access_denied check
Date Mon, 09 Nov 2015 16:33:22 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 2e7d95de8 -> b71f22c12


Minor update to oauth access_denied check


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b71f22c1
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b71f22c1
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b71f22c1

Branch: refs/heads/master
Commit: b71f22c125b4e65048caf6fdaf50496403ab57a1
Parents: 2e7d95d
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Nov 9 16:33:06 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Nov 9 16:33:06 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/b71f22c1/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
index bd49445..49df2d6 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java
@@ -113,7 +113,8 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter
{
         SecurityContext sc = rc.getSecurityContext();
         if (sc == null || sc.getUserPrincipal() == null) {
             if (codeParam == null 
-                && requestParams.containsKey(OAuthConstants.ACCESS_DENIED)
+                && requestParams.containsKey(OAuthConstants.ERROR_KEY)
+                && OAuthConstants.ACCESS_DENIED.equals(requestParams.get(OAuthConstants.ERROR_KEY))
                 && !faultAccessDeniedResponses) {
                 if (!applicationCanHandleAccessDenied) {
                     rc.abortWith(Response.ok(new AccessDeniedResponse()).build());    


Mime
View raw message