cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: More OAuth2 token management updates
Date Wed, 23 Dec 2015 13:23:51 GMT
Repository: cxf
Updated Branches:
  refs/heads/master d887fef43 -> 92a87246b


More OAuth2 token management updates


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/92a87246
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/92a87246
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/92a87246

Branch: refs/heads/master
Commit: 92a87246bc4cac50cf5174313614294c45b3694c
Parents: d887fef
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Dec 23 13:23:33 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Dec 23 13:23:33 2015 +0000

----------------------------------------------------------------------
 .../grants/code/AbstractCodeDataProvider.java   |  9 +++++--
 .../code/DefaultEHCacheCodeDataProvider.java    | 21 +++++++++++++--
 .../code/DefaultEncryptingCodeDataProvider.java | 22 +++++++++++++---
 .../provider/AbstractOAuthDataProvider.java     | 25 ++++++++++++------
 .../DefaultEHCacheOAuthDataProvider.java        | 27 ++++++++++++--------
 .../DefaultEncryptingOAuthDataProvider.java     | 21 ++++++++++-----
 6 files changed, 93 insertions(+), 32 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/92a87246/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
index 14858c1..23fd17e 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AbstractCodeDataProvider.java
@@ -20,6 +20,7 @@ package org.apache.cxf.rs.security.oauth2.grants.code;
 
 import java.util.List;
 
+import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.provider.AbstractOAuthDataProvider;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 
@@ -46,7 +47,11 @@ public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider
     public void setCodeLifetime(long codeLifetime) {
         this.codeLifetime = codeLifetime;
     }
-    
+    protected void removeClientCodeGrants(Client c) {
+        for (ServerAuthorizationCodeGrant grant : getCodeGrants(c)) {
+            removeCodeGrant(grant.getCode());
+        }
+    }
     public static ServerAuthorizationCodeGrant initCodeGrant(AuthorizationCodeRegistration
reg, long lifetime) {
         ServerAuthorizationCodeGrant grant = new ServerAuthorizationCodeGrant(reg.getClient(),
lifetime);
         grant.setRedirectUri(reg.getRedirectUri());
@@ -59,5 +64,5 @@ public abstract class AbstractCodeDataProvider extends AbstractOAuthDataProvider
         return grant;
     }
     protected abstract void saveCodeGrant(ServerAuthorizationCodeGrant grant);
-    public abstract List<ServerAuthorizationCodeGrant> getCodeGrants();
+    public abstract List<ServerAuthorizationCodeGrant> getCodeGrants(Client c);
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/92a87246/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
index de86647..768b969 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEHCacheCodeDataProvider.java
@@ -26,6 +26,7 @@ import net.sf.ehcache.Ehcache;
 import org.apache.cxf.Bus;
 import org.apache.cxf.BusFactory;
 import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.provider.DefaultEHCacheOAuthDataProvider;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 
@@ -56,6 +57,19 @@ public class DefaultEHCacheCodeDataProvider extends DefaultEHCacheOAuthDataProvi
     }
 
     @Override
+    public Client removeClient(String clientId) {
+        Client c = super.removeClient(clientId);
+        removeClientCodeGrants(c);
+        return c;
+    }
+    
+    protected void removeClientCodeGrants(Client c) {
+        for (ServerAuthorizationCodeGrant grant : getCodeGrants(c)) {
+            removeCodeGrant(grant.getCode());
+        }
+    }
+    
+    @Override
     public ServerAuthorizationCodeGrant createCodeGrant(AuthorizationCodeRegistration reg)
         throws OAuthServiceException {
         ServerAuthorizationCodeGrant grant = doCreateCodeGrant(reg);
@@ -68,12 +82,15 @@ public class DefaultEHCacheCodeDataProvider extends DefaultEHCacheOAuthDataProvi
         return AbstractCodeDataProvider.initCodeGrant(reg, codeLifetime);
     }
 
-    public List<ServerAuthorizationCodeGrant> getCodeGrants() {
+    public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c) {
         List<String> keys = CastUtils.cast(codeGrantCache.getKeys());
         List<ServerAuthorizationCodeGrant> grants = 
             new ArrayList<ServerAuthorizationCodeGrant>(keys.size());
         for (String key : keys) {
-            grants.add(getCodeGrant(key));
+            ServerAuthorizationCodeGrant grant = getCodeGrant(key);
+            if (grant.getClient().getClientId().equals(c.getClientId())) {
+                grants.add(grant);
+            }
         }
         return grants;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/92a87246/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
index a96659b..63c1e26 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/DefaultEncryptingCodeDataProvider.java
@@ -26,6 +26,7 @@ import java.util.Set;
 
 import javax.crypto.SecretKey;
 
+import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.provider.DefaultEncryptingOAuthDataProvider;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
@@ -46,6 +47,18 @@ public class DefaultEncryptingCodeDataProvider extends DefaultEncryptingOAuthDat
         super(key);
     }
     @Override
+    public Client removeClient(String clientId) {
+        Client c = super.removeClient(clientId);
+        removeClientCodeGrants(c);
+        return c;
+    }
+    
+    protected void removeClientCodeGrants(Client c) {
+        for (ServerAuthorizationCodeGrant grant : getCodeGrants(c)) {
+            removeCodeGrant(grant.getCode());
+        }
+    }
+    @Override
     public ServerAuthorizationCodeGrant createCodeGrant(AuthorizationCodeRegistration reg)
         throws OAuthServiceException {
         ServerAuthorizationCodeGrant grant = doCreateCodeGrant(reg);
@@ -53,11 +66,14 @@ public class DefaultEncryptingCodeDataProvider extends DefaultEncryptingOAuthDat
         return grant;
     }
 
-    public List<ServerAuthorizationCodeGrant> getCodeGrants() {
+    public List<ServerAuthorizationCodeGrant> getCodeGrants(Client c) {
         List<ServerAuthorizationCodeGrant> list = 
             new ArrayList<ServerAuthorizationCodeGrant>(grants.size());
-        for (String grant : grants) {
-            list.add(getCodeGrant(grant));
+        for (String key : grants) {
+            ServerAuthorizationCodeGrant grant = getCodeGrant(key);
+            if (grant.getClient().getClientId().equals(c.getClientId())) {
+                list.add(grant);
+            }
         }
         return list;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/92a87246/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index df3cb31..b586a22 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -80,7 +80,7 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
     public ServerAccessToken refreshAccessToken(Client client, String refreshTokenKey,
                                                 List<String> restrictedScopes) throws
OAuthServiceException {
         RefreshToken currentRefreshToken = recycleRefreshTokens 
-            ? revokeRefreshToken(client, refreshTokenKey) : getRefreshToken(client, refreshTokenKey);
+            ? revokeRefreshToken(refreshTokenKey) : getRefreshToken(refreshTokenKey);
         if (currentRefreshToken == null 
             || OAuthUtils.isExpired(currentRefreshToken.getIssuedAt(), currentRefreshToken.getExpiresIn()))
{
             throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
@@ -108,20 +108,20 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
         if (accessToken != null) {
             handleLinkedRefreshToken(accessToken);
         } else if (!OAuthConstants.ACCESS_TOKEN.equals(tokenTypeHint)) {
-            RefreshToken currentRefreshToken = revokeRefreshToken(client, tokenKey);
+            RefreshToken currentRefreshToken = revokeRefreshToken(tokenKey);
             revokeAccessTokens(currentRefreshToken);
         }
     }
     protected void handleLinkedRefreshToken(ServerAccessToken accessToken) {
         if (accessToken != null && accessToken.getRefreshToken() != null) {
-            RefreshToken rt = getRefreshToken(accessToken.getClient(), accessToken.getRefreshToken());
+            RefreshToken rt = getRefreshToken(accessToken.getRefreshToken());
             if (rt == null) {
                 return;
             }
             
             unlinkRefreshAccessToken(rt, accessToken.getTokenKey());
             if (rt.getAccessTokens().isEmpty()) {
-                revokeRefreshToken(accessToken.getClient(), rt.getTokenKey());
+                revokeRefreshToken(rt.getTokenKey());
             } else {
                 saveRefreshToken(null, rt);
             }
@@ -270,12 +270,21 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
         this.messageContext = messageContext;
     }
     
+    protected void removeClientTokens(Client c) {
+        for (RefreshToken rt : getRefreshTokens(c)) {
+            revokeRefreshToken(rt.getTokenKey());
+        }
+        for (ServerAccessToken at : getAccessTokens(c)) {
+            revokeAccessToken(at.getTokenKey());
+        }
+    }
+    
     protected abstract void saveAccessToken(ServerAccessToken serverToken);
     protected abstract void saveRefreshToken(ServerAccessToken at, RefreshToken refreshToken);
     protected abstract ServerAccessToken revokeAccessToken(String accessTokenKey);
-    protected abstract List<ServerAccessToken> getAccessTokens();
-    protected abstract List<RefreshToken> getRefreshTokens();
-    protected abstract RefreshToken revokeRefreshToken(Client client, String refreshTokenKey);
-    protected abstract RefreshToken getRefreshToken(Client client, String refreshTokenKey);
+    protected abstract List<ServerAccessToken> getAccessTokens(Client c);
+    protected abstract List<RefreshToken> getRefreshTokens(Client c);
+    protected abstract RefreshToken revokeRefreshToken(String refreshTokenKey);
+    protected abstract RefreshToken getRefreshToken(String refreshTokenKey);
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/92a87246/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
index 5d78d87..b87a7f5 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEHCacheOAuthDataProvider.java
@@ -83,6 +83,7 @@ public class DefaultEHCacheOAuthDataProvider extends AbstractOAuthDataProvider
{
     public Client removeClient(String clientId) {
         Client c = getClient(clientId);
         clientCache.remove(clientId);
+        removeClientTokens(c);
         return c;
     }
 
@@ -97,21 +98,27 @@ public class DefaultEHCacheOAuthDataProvider extends AbstractOAuthDataProvider
{
     }
 
     @Override
-    protected List<ServerAccessToken> getAccessTokens() {
+    protected List<ServerAccessToken> getAccessTokens(Client c) {
         List<String> keys = CastUtils.cast(accessTokenCache.getKeys());
         List<ServerAccessToken> tokens = new ArrayList<ServerAccessToken>(keys.size());
         for (String key : keys) {
-            tokens.add(getAccessToken(key));
+            ServerAccessToken token = getAccessToken(key);
+            if (token.getClient().getClientId().equals(c.getClientId())) {
+                tokens.add(token);
+            }
         }
         return tokens;
     }
 
     @Override
-    protected List<RefreshToken> getRefreshTokens() {
+    protected List<RefreshToken> getRefreshTokens(Client c) {
         List<String> keys = CastUtils.cast(refreshTokenCache.getKeys());
         List<RefreshToken> tokens = new ArrayList<RefreshToken>(keys.size());
         for (String key : keys) {
-            tokens.add(getRefreshToken(null, key));
+            RefreshToken token = getRefreshToken(key);
+            if (token.getClient().getClientId().equals(c.getClientId())) {
+                tokens.add(token);
+            }
         }
         return tokens;
     }
@@ -120,7 +127,7 @@ public class DefaultEHCacheOAuthDataProvider extends AbstractOAuthDataProvider
{
     public ServerAccessToken getAccessToken(String accessToken) throws OAuthServiceException
{
         return getCacheValue(accessTokenCache, accessToken, ServerAccessToken.class);
     }
-
+    @Override
     protected ServerAccessToken revokeAccessToken(String accessTokenKey) {
         ServerAccessToken at = getAccessToken(accessTokenKey);
         if (at != null) {
@@ -128,13 +135,13 @@ public class DefaultEHCacheOAuthDataProvider extends AbstractOAuthDataProvider
{
         }
         return at;
     }
-    
-    protected RefreshToken getRefreshToken(Client client, String refreshTokenKey) { 
+    @Override
+    protected RefreshToken getRefreshToken(String refreshTokenKey) { 
         return getCacheValue(refreshTokenCache, refreshTokenKey, RefreshToken.class);
     }
-    
-    protected RefreshToken revokeRefreshToken(Client client, String refreshTokenKey) { 
-        RefreshToken refreshToken = getRefreshToken(client, refreshTokenKey);
+    @Override
+    protected RefreshToken revokeRefreshToken(String refreshTokenKey) { 
+        RefreshToken refreshToken = getRefreshToken(refreshTokenKey);
         if (refreshToken != null) {
             refreshTokenCache.remove(refreshTokenKey);
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/92a87246/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
index bdb63a2..dd7dffb 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/DefaultEncryptingOAuthDataProvider.java
@@ -64,6 +64,7 @@ public class DefaultEncryptingOAuthDataProvider extends AbstractOAuthDataProvide
     public Client removeClient(String clientId) {
         Client client = getClient(clientId);
         clientsMap.remove(clientId);
+        removeClientTokens(client);
         return client;
     }
     @Override
@@ -75,18 +76,24 @@ public class DefaultEncryptingOAuthDataProvider extends AbstractOAuthDataProvide
         return clients;
     }
     @Override
-    protected List<ServerAccessToken> getAccessTokens() {
+    protected List<ServerAccessToken> getAccessTokens(Client c) {
         List<ServerAccessToken> list = new ArrayList<ServerAccessToken>(tokens.size());
         for (String tokenKey : tokens) {
-            list.add(getAccessToken(tokenKey));
+            ServerAccessToken token = getAccessToken(tokenKey);
+            if (token.getClient().getClientId().equals(c.getClientId())) {
+                list.add(token);
+            }
         }
         return list;
     }
     @Override
-    protected List<RefreshToken> getRefreshTokens() {
+    protected List<RefreshToken> getRefreshTokens(Client c) {
         List<RefreshToken> list = new ArrayList<RefreshToken>(refreshTokens.size());
         for (String tokenKey : tokens) {
-            list.add(getRefreshToken(null, tokenKey));
+            RefreshToken token = getRefreshToken(tokenKey);
+            if (token.getClient().getClientId().equals(c.getClientId())) {
+                list.add(token);
+            }
         }
         return list;
     }
@@ -118,10 +125,10 @@ public class DefaultEncryptingOAuthDataProvider extends AbstractOAuthDataProvide
     }
 
     @Override
-    protected RefreshToken revokeRefreshToken(Client client, String refreshTokenKey) {
+    protected RefreshToken revokeRefreshToken(String refreshTokenKey) {
         RefreshToken rt = null;
         if (refreshTokens.containsKey(refreshTokenKey)) {
-            rt = getRefreshToken(client, refreshTokenKey);
+            rt = getRefreshToken(refreshTokenKey);
             refreshTokens.remove(refreshTokenKey);
         }
         return rt;
@@ -135,7 +142,7 @@ public class DefaultEncryptingOAuthDataProvider extends AbstractOAuthDataProvide
         token.setTokenKey(encryptedToken);
     }
     @Override
-    protected RefreshToken getRefreshToken(Client client, String refreshTokenKey) {
+    protected RefreshToken getRefreshToken(String refreshTokenKey) {
         try {
             return ModelEncryptionSupport.decryptRefreshToken(this, refreshTokenKey, key);
         } catch (SecurityException ex) {


Mime
View raw message