cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Distinguishing between RS authorization and the initial token validation failures, though returning a dedicated type will probbaly need to be done
Date Fri, 27 Nov 2015 17:08:58 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 590280203 -> 3aaf7d75c


Distinguishing between RS authorization and the initial token validation failures, though
returning a dedicated type will probbaly need to be done


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3aaf7d75
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3aaf7d75
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3aaf7d75

Branch: refs/heads/3.1.x-fixes
Commit: 3aaf7d75c873c990d8e86d27e37f03c47e074175
Parents: 5902802
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Fri Nov 27 17:06:31 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Fri Nov 27 17:08:38 2015 +0000

----------------------------------------------------------------------
 .../rs/security/oauth2/common/AccessTokenValidation.java |  9 +++++++++
 .../rs/security/oauth2/filters/OAuthRequestFilter.java   |  4 +++-
 .../oauth2/services/AccessTokenValidatorService.java     | 11 ++++++++++-
 3 files changed, 22 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/3aaf7d75/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
index f25f286..5fb14a6 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
@@ -36,6 +36,7 @@ import javax.xml.bind.annotation.XmlRootElement;
 // (introduce default constructors, etc) 
 @XmlRootElement
 public class AccessTokenValidation {
+    private boolean initialValidationSuccessful = true;
     private String clientId;
     private String clientIpAddress;
     private UserSubject clientSubject;
@@ -167,5 +168,13 @@ public class AccessTokenValidation {
     public void setClientCodeVerifier(String clientCodeVerifier) {
         this.clientCodeVerifier = clientCodeVerifier;
     }
+
+    public boolean isInitialValidationSuccessful() {
+        return initialValidationSuccessful;
+    }
+
+    public void setInitialValidationSuccessful(boolean localValidationSuccessful) {
+        this.initialValidationSuccessful = localValidationSuccessful;
+    }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/3aaf7d75/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
index c11cbc2..d1a479c 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
@@ -92,7 +92,9 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
         
         // Get the access token
         AccessTokenValidation accessTokenV = getAccessTokenValidation(authScheme, authSchemeData,
null); 
-        
+        if (!accessTokenV.isInitialValidationSuccessful()) {
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
+        }
         // Find the scopes which match the current request
         
         List<OAuthPermission> permissions = accessTokenV.getTokenScopes();

http://git-wip-us.apache.org/repos/asf/cxf/blob/3aaf7d75/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
index 67609fa..d87dd2f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
@@ -22,6 +22,7 @@ import java.util.logging.Logger;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.Encoded;
+import javax.ws.rs.NotAuthorizedException;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
@@ -46,7 +47,15 @@ public class AccessTokenValidatorService extends AbstractAccessTokenValidator
{
         checkSecurityContext();
         String authScheme = params.getFirst(OAuthConstants.AUTHORIZATION_SCHEME_TYPE);
         String authSchemeData  = params.getFirst(OAuthConstants.AUTHORIZATION_SCHEME_DATA);
-        return super.getAccessTokenValidation(authScheme, authSchemeData, params);
+        try {
+            return super.getAccessTokenValidation(authScheme, authSchemeData, params);
+        } catch (NotAuthorizedException ex) {
+            // at this point it does not mean that RS failed to authenticate but that the
basic
+            // local or chained token validation has failed
+            AccessTokenValidation v = new AccessTokenValidation();
+            v.setInitialValidationSuccessful(false);
+            return v;
+        }
     }
 
     private void checkSecurityContext() {


Mime
View raw message