cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Making sure an empty/null secret is not used for getting tokens for public clients
Date Fri, 13 Nov 2015 11:35:34 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 144ee70dc -> 0b8ac3e0e


Making sure an empty/null secret is not used for getting tokens for public clients


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0b8ac3e0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0b8ac3e0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0b8ac3e0

Branch: refs/heads/master
Commit: 0b8ac3e0e2488b015f52d178a33da943ce81ce0e
Parents: 144ee70
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Fri Nov 13 11:35:16 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Fri Nov 13 11:35:16 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/oauth2/client/OAuthClientUtils.java      | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/0b8ac3e0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
index 971b481..17471f8 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
@@ -33,6 +33,7 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 
 import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
@@ -281,7 +282,8 @@ public final class OAuthClientUtils {
             }
         }
         if (consumer != null) {
-            if (setAuthorizationHeader) {
+            boolean secretAvailable = !StringUtils.isEmpty(consumer.getSecret());
+            if (setAuthorizationHeader && secretAvailable) {
                 StringBuilder sb = new StringBuilder();
                 sb.append("Basic ");
                 try {
@@ -293,7 +295,7 @@ public final class OAuthClientUtils {
                 accessTokenService.replaceHeader("Authorization", sb.toString());
             } else {
                 form.param(OAuthConstants.CLIENT_ID, consumer.getKey());
-                if (consumer.getSecret() != null) {
+                if (secretAvailable) {
                     form.param(OAuthConstants.CLIENT_SECRET, consumer.getSecret());
                 }
             }
@@ -315,7 +317,7 @@ public final class OAuthClientUtils {
             } else {
                 return token;
             }
-        } else if (400 == response.getStatus() && map.containsKey(OAuthConstants.ERROR_KEY))
{
+        } else if (response.getStatus() >= 400 && map.containsKey(OAuthConstants.ERROR_KEY))
{
             OAuthError error = new OAuthError(map.get(OAuthConstants.ERROR_KEY),
                                               map.get(OAuthConstants.ERROR_DESCRIPTION_KEY));
             error.setErrorUri(map.get(OAuthConstants.ERROR_URI_KEY));


Mime
View raw message