cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] cxf git commit: Make sure the default scopes are returned to the user
Date Fri, 04 Dec 2015 16:38:34 GMT
Make sure the default scopes are returned to the user


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/796fda4c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/796fda4c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/796fda4c

Branch: refs/heads/master
Commit: 796fda4c78788994686f2cad961b5bbdf8bcb4ef
Parents: 0b9ce1c
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Dec 4 16:13:13 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Dec 4 16:35:04 2015 +0000

----------------------------------------------------------------------
 .../oauth2/services/AuthorizationCodeGrantService.java |  6 ++++--
 .../security/oauth2/services/ImplicitGrantService.java |  4 +++-
 .../oauth2/services/RedirectionBasedGrantService.java  | 13 ++++++++++---
 3 files changed, 17 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/796fda4c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index b95eae7..36615e7 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -68,10 +68,12 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
                                                              MultivaluedMap<String, String>
params,
                                                              String redirectUri,
                                                              UserSubject subject,
+                                                             List<String> requestedScopes,
                                                              List<OAuthPermission>
perms,
                                                              boolean authorizationCanBeSkipped)
{
         OAuthAuthorizationData data = 
-            super.createAuthorizationData(client, params, redirectUri, subject, perms, authorizationCanBeSkipped);
+            super.createAuthorizationData(client, params, redirectUri, subject, 
+                                          requestedScopes, perms, authorizationCanBeSkipped);
         setCodeQualifier(data, params);
         return data;
     }
@@ -105,7 +107,7 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
         codeReg.setClient(client);
         codeReg.setRedirectUri(state.getRedirectUri());
         codeReg.setRequestedScope(requestedScope);
-        if (approvedScope != null && approvedScope.isEmpty()) {
+        if (approvedScope == null || approvedScope.isEmpty()) {
             // no down-scoping done by a user, all of the requested scopes have been authorized
             codeReg.setApprovedScope(requestedScope);
         } else {

http://git-wip-us.apache.org/repos/asf/cxf/blob/796fda4c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
index 057c59d..bec3714 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
@@ -55,10 +55,12 @@ public class ImplicitGrantService extends AbstractImplicitGrantService
{
                                                              MultivaluedMap<String, String>
params,
                                                              String redirectUri,
                                                              UserSubject subject,
+                                                             List<String> requestedScopes,
                                                              List<OAuthPermission>
perms,
                                                              boolean authorizationCanBeSkipped)
{
         OAuthAuthorizationData data = 
-            super.createAuthorizationData(client, params, redirectUri, subject, perms, authorizationCanBeSkipped);
+            super.createAuthorizationData(client, params, redirectUri, subject, 
+                                          requestedScopes, perms, authorizationCanBeSkipped);
         data.setImplicitFlow(true);
         return data;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/796fda4c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index cc9baba..53cedaf 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -172,8 +172,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         
         // Populate the authorization challenge data 
         OAuthAuthorizationData data = 
-            createAuthorizationData(client, params, redirectUri, userSubject, requestedPermissions,

-                                    authorizationCanBeSkipped);
+            createAuthorizationData(client, params, redirectUri, userSubject, requestedScope,

+                                    requestedPermissions, authorizationCanBeSkipped);
         
         if (authorizationCanBeSkipped) {
             List<OAuthPermission> approvedScopes = 
@@ -203,6 +203,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
                                                              MultivaluedMap<String, String>
params,
                                                              String redirectUri, 
                                                              UserSubject subject,
+                                                             List<String> requestedScope,
                                                              List<OAuthPermission>
perms,
                                                              boolean authorizationCanBeSkipped)
{
         
@@ -213,7 +214,13 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         secData.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
         secData.setNonce(params.getFirst(OAuthConstants.NONCE));
         secData.setClientId(client.getClientId());
-        secData.setProposedScope(params.getFirst(OAuthConstants.SCOPE));
+        if (requestedScope != null && !requestedScope.isEmpty()) {
+            StringBuilder builder = new StringBuilder();
+            for (String scope : requestedScope) {
+                builder.append(scope + " ");
+            }
+            secData.setProposedScope(builder.toString().trim());
+        }
         if (!authorizationCanBeSkipped) {
             secData.setPermissions(perms);
             secData.setApplicationName(client.getApplicationName()); 


Mime
View raw message