cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Revert "Make sure the State is always returned to the client on an error"
Date Mon, 14 Dec 2015 11:21:21 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes b6fd55076 -> f3646c600


Revert "Make sure the State is always returned to the client on an error"

This reverts commit 08068c8a6c784e866ba9bb9b2b16e5b35d569e1b.


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f3646c60
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f3646c60
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f3646c60

Branch: refs/heads/3.1.x-fixes
Commit: f3646c6009d16093b0fc42f2efa229fe7ba12272
Parents: b6fd550
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Dec 14 11:17:14 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Dec 14 11:18:55 2015 +0000

----------------------------------------------------------------------
 .../oauth2/client/OAuthClientUtils.java         | 11 ++-
 .../oauth2/services/AbstractOAuthService.java   |  9 +--
 .../oauth2/services/AbstractTokenService.java   | 81 ++++++++------------
 .../oauth2/services/AccessTokenService.java     |  3 +-
 .../services/DirectAuthorizationService.java    | 41 ++++------
 .../services/RedirectionBasedGrantService.java  | 79 +++++++++----------
 .../oauth2/services/TokenRevocationService.java |  3 +-
 7 files changed, 95 insertions(+), 132 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f3646c60/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
index 0f6807d..e00ce0b 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
@@ -68,11 +68,18 @@ public final class OAuthClientUtils {
                                           String redirectUri,
                                           String state,
                                           String scope) {
-        return getAuthorizationURIBuilder(authorizationServiceURI, 
+        UriBuilder ub = getAuthorizationURIBuilder(authorizationServiceURI, 
                                                    clientId,
                                                    redirectUri,
                                                    state,
-                                                   scope).build();
+                                                   scope);
+        if (redirectUri != null) {
+            ub.queryParam(OAuthConstants.REDIRECT_URI, redirectUri);
+        }
+        if (state != null) {
+            ub.queryParam(OAuthConstants.STATE, state);
+        }
+        return ub.build();
     }
     
     public static UriBuilder getAuthorizationURIBuilder(String authorizationServiceURI, 

http://git-wip-us.apache.org/repos/asf/cxf/blob/f3646c60/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
index 56121d3..994f0d7 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java
@@ -123,14 +123,13 @@ public abstract class AbstractOAuthService {
         }
     }
     
-    protected void reportInvalidRequestError(String errorDescription, String state) {
-        reportInvalidRequestError(errorDescription, state, MediaType.APPLICATION_JSON_TYPE);
+    protected void reportInvalidRequestError(String errorDescription) {
+        reportInvalidRequestError(errorDescription, MediaType.APPLICATION_JSON_TYPE);
     }
     
-    protected void reportInvalidRequestError(String errorDescription, String state, MediaType
mt) {
+    protected void reportInvalidRequestError(String errorDescription, MediaType mt) {
         OAuthError error = 
             new OAuthError(OAuthConstants.INVALID_REQUEST, errorDescription);
-        error.setState(state);
         reportInvalidRequestError(error, mt);
     }
     
@@ -145,7 +144,7 @@ public abstract class AbstractOAuthService {
         }
         throw ExceptionUtils.toBadRequestException(null, rb.entity(entity).build());
     }
-    
+
     /**
      * HTTPS is the default transport for OAuth 2.0 services, this property 
      * can be used to block all the requests issued over HTTP

http://git-wip-us.apache.org/repos/asf/cxf/blob/f3646c60/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
index 7fd1ed9..a31fb5d 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java
@@ -63,30 +63,29 @@ public class AbstractTokenService extends AbstractOAuthService {
             String clientId = retrieveClientId(params);
             if (clientId != null) {
                 client = getAndValidateClientFromIdAndSecret(clientId,
-                                              params.getFirst(OAuthConstants.CLIENT_SECRET),
-                                              params);
+                                              params.getFirst(OAuthConstants.CLIENT_SECRET));
             }
         } else {
             String clientId = retrieveClientId(params);
             if (clientId != null) {
-                client = getClient(clientId, params);
+                client = getClient(clientId);
             } else if (principal.getName() != null) {
-                client = getClient(principal.getName(), params);
+                client = getClient(principal.getName());
             } 
         }
         if (client == null) {
-            client = getClientFromTLSCertificates(sc, getTlsSessionInfo(), params);
+            client = getClientFromTLSCertificates(sc, getTlsSessionInfo());
             if (client == null) {
                 // Basic Authentication is expected by default
-                client = getClientFromBasicAuthScheme(params);
+                client = getClientFromBasicAuthScheme();
             }
         }
         if (client != null && !client.getApplicationCertificates().isEmpty()) {
             // Validate the client application certificates
-            compareTlsCertificates(getTlsSessionInfo(), client.getApplicationCertificates(),
params);
+            compareTlsCertificates(getTlsSessionInfo(), client.getApplicationCertificates());
         }
         if (client == null) {
-            reportInvalidClient(params.getFirst(OAuthConstants.STATE));
+            reportInvalidClient();
         }
         return client;
     }
@@ -108,22 +107,21 @@ public class AbstractTokenService extends AbstractOAuthService {
     }
     
     // Get the Client and check the id and secret
-    protected Client getAndValidateClientFromIdAndSecret(String clientId, String providedClientSecret,
-                                                         MultivaluedMap<String, String>
params) {
-        Client client = getClient(clientId, params);
+    protected Client getAndValidateClientFromIdAndSecret(String clientId, String providedClientSecret)
{
+        Client client = getClient(clientId);
         if (!client.getClientId().equals(clientId)) {
-            reportInvalidClient(params.getFirst(OAuthConstants.STATE));
+            reportInvalidClient();
         }
         if (isValidPublicClient(client, clientId, providedClientSecret)) {
             return client;
         }
         if (!client.isConfidential()
-            || !isConfidentialClientSecretValid(client, providedClientSecret)) {
-            reportInvalidClient(params.getFirst(OAuthConstants.STATE));
+            || !isConfidenatialClientSecretValid(client, providedClientSecret)) {
+            reportInvalidClient();
         }
         return client;
     }
-    protected boolean isConfidentialClientSecretValid(Client client, String providedClientSecret)
{
+    protected boolean isConfidenatialClientSecretValid(Client client, String providedClientSecret)
{
         if (clientSecretVerifier != null) {
             return clientSecretVerifier.validateClientSecret(client, providedClientSecret);
         } else {
@@ -138,23 +136,22 @@ public class AbstractTokenService extends AbstractOAuthService {
             && clientSecret == null;
     }
     
-    protected Client getClientFromBasicAuthScheme(MultivaluedMap<String, String> params)
{
+    protected Client getClientFromBasicAuthScheme() {
         String[] userInfo = AuthorizationUtils.getBasicAuthUserInfo(getMessageContext());
         if (userInfo != null && userInfo.length == 2) {
-            return getAndValidateClientFromIdAndSecret(userInfo[0], userInfo[1], params);
+            return getAndValidateClientFromIdAndSecret(userInfo[0], userInfo[1]);
         } else {
             return null;
         }
     }
     
-    protected Client getClientFromTLSCertificates(SecurityContext sc, TLSSessionInfo tlsSessionInfo,
-                                                  MultivaluedMap<String, String> params)
{
+    protected Client getClientFromTLSCertificates(SecurityContext sc, TLSSessionInfo tlsSessionInfo)
{
         Client client = null;
         if (tlsSessionInfo != null && StringUtils.isEmpty(sc.getAuthenticationScheme()))
{
             // Pure 2-way TLS authentication
             String clientId = getClientIdFromTLSCertificates(sc, tlsSessionInfo);
             if (!StringUtils.isEmpty(clientId)) {
-                client = getClient(clientId, params);
+                client = getClient(clientId);
             }
         }
         return client;
@@ -170,8 +167,7 @@ public class AbstractTokenService extends AbstractOAuthService {
     }
     
     protected void compareTlsCertificates(TLSSessionInfo tlsInfo, 
-                                          List<String> base64EncodedCerts,
-                                          MultivaluedMap<String, String> params) {
+                                          List<String> base64EncodedCerts) {
         if (tlsInfo != null) {
             Certificate[] clientCerts = tlsInfo.getPeerCertificates();
             if (clientCerts.length == base64EncodedCerts.size()) {
@@ -181,7 +177,7 @@ public class AbstractTokenService extends AbstractOAuthService {
                         byte[] encodedKey = x509Cert.getEncoded();
                         byte[] clientKey = Base64Utility.decode(base64EncodedCerts.get(i));
                         if (!Arrays.equals(encodedKey, clientKey)) {
-                            reportInvalidClient(params.getFirst(OAuthConstants.STATE));
+                            reportInvalidClient();
                         }
                     }
                     return;
@@ -190,28 +186,23 @@ public class AbstractTokenService extends AbstractOAuthService {
                 }    
             }
         }
-        reportInvalidClient(params.getFirst(OAuthConstants.STATE));
+        reportInvalidClient();
     }
     
     
     
-    protected Response handleException(OAuthServiceException ex, String error, String state)
{
+    protected Response handleException(OAuthServiceException ex, String error) {
         OAuthError customError = ex.getError();
         if (writeCustomErrors && customError != null) {
-            customError.setState(state);
             return createErrorResponseFromBean(customError);
         } else {
-            OAuthError oauthError = new OAuthError(error);
-            oauthError.setState(state);
-            return createErrorResponseFromBean(oauthError);
+            return createErrorResponseFromBean(new OAuthError(error));
         }
     }
     
     protected Response createErrorResponse(MultivaluedMap<String, String> params,
                                            String error) {
-        OAuthError oauthError = new OAuthError(error);
-        oauthError.setState(params.getFirst(OAuthConstants.STATE));
-        return createErrorResponseFromBean(oauthError);
+        return createErrorResponseFromBean(new OAuthError(error));
     }
     
     protected Response createErrorResponseFromBean(OAuthError errorBean) {
@@ -220,44 +211,32 @@ public class AbstractTokenService extends AbstractOAuthService {
     
     /**
      * Get the {@link Client} reference
-     * @param clientId The Client Id
-     * @param params request parameters
+     * @param clientId the provided client id
      * @return Client the client reference 
-     * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found,

-     *         the error is returned directly to the end user without 
-     *         following the redirect URI if any
+     * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found
      */
-    protected Client getClient(String clientId, MultivaluedMap<String, String> params)
{
-        String state = null;
-        if (params != null) {
-            state = params.getFirst(OAuthConstants.STATE);
-        }
-        
+    protected Client getClient(String clientId) {
         if (clientId == null) {
-            reportInvalidRequestError("Client ID is null", state);
+            reportInvalidRequestError("Client ID is null");
             return null;
         }
-        
         Client client = null;
         try {
             client = getValidClient(clientId);
         } catch (OAuthServiceException ex) {
             if (ex.getError() != null) {
-                ex.getError().setState(state);
                 reportInvalidClient(ex.getError());
                 return null;
             }
         }
         if (client == null) {
-            reportInvalidClient(state);
+            reportInvalidClient();
         }
         return client;
     }
     
-    protected void reportInvalidClient(String state) {
-        OAuthError error = new OAuthError(OAuthConstants.INVALID_CLIENT);
-        error.setState(state);
-        reportInvalidClient(error);
+    protected void reportInvalidClient() {
+        reportInvalidClient(new OAuthError(OAuthConstants.INVALID_CLIENT));
     }
     
     protected void reportInvalidClient(OAuthError error) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/f3646c60/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
index 27cf21a..8af601a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenService.java
@@ -119,8 +119,7 @@ public class AccessTokenService extends AbstractTokenService {
             // restriction on a number of return statements 
             OAuthServiceException oauthEx = ex instanceof OAuthServiceException 
                 ? (OAuthServiceException)ex : new OAuthServiceException(ex);
-            return handleException(oauthEx, OAuthConstants.INVALID_GRANT,
-                                   params.getFirst(OAuthConstants.STATE));
+            return handleException(oauthEx, OAuthConstants.INVALID_GRANT);
         }
         if (serverToken == null) {
             return createErrorResponse(params, OAuthConstants.INVALID_GRANT);

http://git-wip-us.apache.org/repos/asf/cxf/blob/f3646c60/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
index 5e0abe1..26212d8 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
@@ -52,7 +52,7 @@ public class DirectAuthorizationService extends AbstractOAuthService {
         SecurityContext sc = getAndValidateSecurityContext(params);
         // Create a UserSubject representing the end user 
         UserSubject userSubject = createUserSubject(sc);
-        Client client = getClient(params.getFirst(OAuthConstants.CLIENT_ID), params);
+        Client client = getClient(params);
         
         AccessTokenRegistration reg = new AccessTokenRegistration();
         reg.setClient(client);
@@ -96,48 +96,35 @@ public class DirectAuthorizationService extends AbstractOAuthService {
             return OAuthUtils.createSubject(securityContext);
         }
     }
-    
-    /**
-     * Get the {@link Client} reference
-     * @param clientId The Client Id
-     * @param params request parameters
-     * @return Client the client reference 
-     * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found,

-     *         the error is returned directly to the end user without 
-     *         following the redirect URI if any
-     */
-    protected Client getClient(String clientId, MultivaluedMap<String, String> params)
{
+
+    public SubjectCreator getSubjectCreator() {
+        return subjectCreator;
+    }
+
+    public void setSubjectCreator(SubjectCreator subjectCreator) {
+        this.subjectCreator = subjectCreator;
+    }
+    protected Client getClient(MultivaluedMap<String, String> params) {
+        return getClient(params.getFirst(OAuthConstants.CLIENT_ID));
+    }
+    protected Client getClient(String clientId) {
         Client client = null;
-        String state = null;
-        
-        if (params != null) {
-            state = params.getFirst(OAuthConstants.STATE);
-        }
         
         try {
             client = getValidClient(clientId);
         } catch (OAuthServiceException ex) {
             if (ex.getError() != null) {
-                ex.getError().setState(state);
                 reportInvalidRequestError(ex.getError(), null);
             }
         }
         
         if (client == null) {
-            reportInvalidRequestError("Client ID is invalid", state, null);
+            reportInvalidRequestError("Client ID is invalid", null);
         }
         return client;
         
     }
 
-    public SubjectCreator getSubjectCreator() {
-        return subjectCreator;
-    }
-
-    public void setSubjectCreator(SubjectCreator subjectCreator) {
-        this.subjectCreator = subjectCreator;
-    }
-
     public boolean isPartialMatchScopeValidation() {
         return partialMatchScopeValidation;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f3646c60/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 442c625..53cedaf 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -118,7 +118,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         SecurityContext sc = getAndValidateSecurityContext(params);
         // Create a UserSubject representing the end user 
         UserSubject userSubject = createUserSubject(sc);
-        Client client = getClient(params.getFirst(OAuthConstants.CLIENT_ID), params);
+        Client client = getClient(params);
         return startAuthorization(params, userSubject, client);
     }
         
@@ -128,8 +128,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         
         // Validate the provided request URI, if any, against the ones Client provided
         // during the registration
-        String redirectUri = validateRedirectUri(client, params.getFirst(OAuthConstants.REDIRECT_URI),
-                                                 params.getFirst(OAuthConstants.STATE));

+        String redirectUri = validateRedirectUri(client, params.getFirst(OAuthConstants.REDIRECT_URI));

         
         // Enforce the client confidentiality requirements
         if (!OAuthUtils.isGrantSupportedForClient(client, canSupportPublicClient(client),
supportedGrantType)) {
@@ -287,9 +286,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         
         OAuthRedirectionState state = 
             recreateRedirectionStateFromSession(userSubject, params, sessionToken);
-        Client client = getClient(state.getClientId(), params);
-        String redirectUri = validateRedirectUri(client, state.getRedirectUri(),
-                                                 params.getFirst(OAuthConstants.STATE));
+        Client client = getClient(state.getClientId());
+        String redirectUri = validateRedirectUri(client, state.getRedirectUri());
         
         // Get the end user decision value
         String decision = params.getFirst(OAuthConstants.AUTHORIZATION_DECISION_KEY);
@@ -370,60 +368,27 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         return securityContext;
     }
     
-    protected String validateRedirectUri(Client client, String redirectUri, String state)
{
+    protected String validateRedirectUri(Client client, String redirectUri) {
         
         List<String> uris = client.getRedirectUris();
         if (redirectUri != null) {
             if (!uris.contains(redirectUri)) {
-                reportInvalidRequestError("Client Redirect Uri is invalid", state);
+                reportInvalidRequestError("Client Redirect Uri is invalid");
             } 
         } else if (uris.size() == 1 && useRegisteredRedirectUriIfPossible) {
             redirectUri = uris.get(0);
         }
         if (redirectUri == null && uris.size() == 0 && !canRedirectUriBeEmpty(client))
{
-            reportInvalidRequestError("Client Redirect Uri is invalid", state);    
+            reportInvalidRequestError("Client Redirect Uri is invalid");    
         }
         if (redirectUri != null && matchRedirectUriWithApplicationUri
             && client.getApplicationWebUri() != null
             && !redirectUri.startsWith(client.getApplicationWebUri())) {
-            reportInvalidRequestError("Client Redirect Uri is invalid", state);
+            reportInvalidRequestError("Client Redirect Uri is invalid");
         }
         return redirectUri;
     }
     
-    /**
-     * Get the {@link Client} reference
-     * @param clientId The Client Id
-     * @param params request parameters
-     * @return Client the client reference 
-     * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found,

-     *         the error is returned directly to the end user without 
-     *         following the redirect URI if any
-     */
-    protected Client getClient(String clientId, MultivaluedMap<String, String> params)
{
-        Client client = null;
-        String state = null;
-        
-        if (params != null) {
-            state = params.getFirst(OAuthConstants.STATE);
-        }
-        
-        try {
-            client = getValidClient(clientId);
-        } catch (OAuthServiceException ex) {
-            if (ex.getError() != null) {
-                ex.getError().setState(state);
-                reportInvalidRequestError(ex.getError(), null);
-            }
-        }
-        
-        if (client == null) {
-            reportInvalidRequestError("Client ID is invalid", state, null);
-        }
-        return client;
-        
-    }
-    
     private void addAuthenticityTokenToSession(OAuthAuthorizationData secData,
                                                MultivaluedMap<String, String> params,
                                                UserSubject subject) {
@@ -457,6 +422,34 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         }
     }
     
+    /**
+     * Get the {@link Client} reference
+     * @param params request parameters
+     * @return Client the client reference 
+     * @throws {@link javax.ws.rs.WebApplicationException} if no matching Client is found,

+     *         the error is returned directly to the end user without 
+     *         following the redirect URI if any
+     */
+    protected Client getClient(String clientId) {
+        Client client = null;
+        
+        try {
+            client = getValidClient(clientId);
+        } catch (OAuthServiceException ex) {
+            if (ex.getError() != null) {
+                reportInvalidRequestError(ex.getError(), null);
+            }
+        }
+        
+        if (client == null) {
+            reportInvalidRequestError("Client ID is invalid", null);
+        }
+        return client;
+        
+    }
+    protected Client getClient(MultivaluedMap<String, String> params) {
+        return this.getClient(params.getFirst(OAuthConstants.CLIENT_ID));
+    }
     protected String getSupportedGrantType() {
         return this.supportedGrantType;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f3646c60/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/TokenRevocationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/TokenRevocationService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/TokenRevocationService.java
index 16d6ce7..092b9ec 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/TokenRevocationService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/TokenRevocationService.java
@@ -56,8 +56,7 @@ public class TokenRevocationService extends AbstractTokenService {
         try {
             getDataProvider().revokeToken(client, token, tokenTypeHint);
         } catch (OAuthServiceException ex) {
-            return handleException(ex, OAuthConstants.UNSUPPORTED_TOKEN_TYPE,
-                                   params.getFirst(OAuthConstants.STATE));
+            return handleException(ex, OAuthConstants.UNSUPPORTED_TOKEN_TYPE);
         }
         return Response.ok().build();
     }


Mime
View raw message