cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Minor update to AbstractOAuthProvider to revoke expired refresh tokens if needed
Date Mon, 28 Dec 2015 16:31:11 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 52ff49dd2 -> f8befff00


Minor update to AbstractOAuthProvider to revoke expired refresh tokens if needed


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f8befff0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f8befff0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f8befff0

Branch: refs/heads/master
Commit: f8befff0069769ee9c71ebf845f6c0ec6e801a38
Parents: 52ff49d
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Dec 28 16:30:54 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Dec 28 16:30:54 2015 +0000

----------------------------------------------------------------------
 .../security/oauth2/provider/AbstractOAuthDataProvider.java | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f8befff0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 367997f..edfabb6 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -81,8 +81,13 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
                                                 List<String> restrictedScopes) throws
OAuthServiceException {
         RefreshToken currentRefreshToken = recycleRefreshTokens 
             ? revokeRefreshToken(refreshTokenKey) : getRefreshToken(refreshTokenKey);
-        if (currentRefreshToken == null 
-            || OAuthUtils.isExpired(currentRefreshToken.getIssuedAt(), currentRefreshToken.getExpiresIn()))
{
+        if (currentRefreshToken == null) { 
+            throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
+        }
+        if (OAuthUtils.isExpired(currentRefreshToken.getIssuedAt(), currentRefreshToken.getExpiresIn()))
{
+            if (!recycleRefreshTokens) {
+                revokeRefreshToken(refreshTokenKey);
+            }
             throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
         }
         if (recycleRefreshTokens) {


Mime
View raw message