cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Some updates around checking the scheme in Oauth2 filter
Date Mon, 02 Nov 2015 16:01:05 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 133f53e74 -> 6fb4b95f7


Some updates around checking the scheme in Oauth2 filter


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6fb4b95f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6fb4b95f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6fb4b95f

Branch: refs/heads/master
Commit: 6fb4b95f7710277c889825ddc0d5713fc6015379
Parents: 133f53e
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Nov 2 16:00:47 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Nov 2 16:00:47 2015 +0000

----------------------------------------------------------------------
 .../oauth2/filters/AccessTokenValidatorClient.java     | 13 +++++++++++--
 .../rs/security/oauth2/utils/AuthorizationUtils.java   |  4 +++-
 2 files changed, 14 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6fb4b95f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
index 984995b..71bb021 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.rs.security.oauth2.filters;
 
 import java.util.Collections;
+import java.util.LinkedList;
 import java.util.List;
 
 import javax.ws.rs.core.MultivaluedMap;
@@ -34,9 +35,11 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 public class AccessTokenValidatorClient implements AccessTokenValidator {
 
     private WebClient tokenValidatorClient;
-    
+    private List<String> supportedSchemes = new LinkedList<String>();
     public List<String> getSupportedAuthorizationSchemes() {
-        return Collections.singletonList(OAuthConstants.ALL_AUTH_SCHEMES);
+        return supportedSchemes.isEmpty() 
+            ? Collections.singletonList(OAuthConstants.ALL_AUTH_SCHEMES) 
+            : Collections.unmodifiableList(supportedSchemes);
     }
 
     public AccessTokenValidation validateAccessToken(MessageContext mc,
@@ -57,5 +60,11 @@ public class AccessTokenValidatorClient implements AccessTokenValidator
{
     public void setTokenValidatorClient(WebClient tokenValidatorClient) {
         this.tokenValidatorClient = tokenValidatorClient;
     }
+    public void setSupportedSchemes(List<String> schemes) {
+        this.supportedSchemes.addAll(schemes);
+    }
+    public void setSupportedScheme(String scheme) {
+        this.supportedSchemes.add(scheme);
+    }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/6fb4b95f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
index 09df5ef..51446a2 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
@@ -76,7 +76,9 @@ public final class AuthorizationUtils {
         if (headers != null && headers.size() == 1) {
             String[] parts = headers.get(0).split(" ");
             if (parts.length > 0 
-                && (challenges == null || challenges.isEmpty() || challenges.contains(parts[0])))
{
+                && (challenges == null || challenges.isEmpty() 
+                || challenges.contains(parts[0])
+                || challenges.size() == 1 && challenges.contains("*"))) {
                 return parts;       
             }
         }


Mime
View raw message