Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5A29818B74 for ; Fri, 4 Dec 2015 17:11:32 +0000 (UTC) Received: (qmail 21072 invoked by uid 500); 4 Dec 2015 17:11:13 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 20970 invoked by uid 500); 4 Dec 2015 17:11:13 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 20859 invoked by uid 99); 4 Dec 2015 17:11:13 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Dec 2015 17:11:13 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 279F9E083A; Fri, 4 Dec 2015 17:11:13 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Fri, 04 Dec 2015 17:11:13 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [1/5] cxf git commit: Make sure the default scopes are returned to the user Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 48ecb0fce -> 85a45a8bc Make sure the default scopes are returned to the user Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4efd6b4c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4efd6b4c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4efd6b4c Branch: refs/heads/3.1.x-fixes Commit: 4efd6b4c188c7e7c94feb6afc943df831da43180 Parents: 48ecb0f Author: Colm O hEigeartaigh Authored: Fri Dec 4 16:13:13 2015 +0000 Committer: Colm O hEigeartaigh Committed: Fri Dec 4 17:04:06 2015 +0000 ---------------------------------------------------------------------- .../oauth2/services/AuthorizationCodeGrantService.java | 6 ++++-- .../security/oauth2/services/ImplicitGrantService.java | 4 +++- .../oauth2/services/RedirectionBasedGrantService.java | 13 ++++++++++--- 3 files changed, 17 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/4efd6b4c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java index b95eae7..36615e7 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java @@ -68,10 +68,12 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService MultivaluedMap params, String redirectUri, UserSubject subject, + List requestedScopes, List perms, boolean authorizationCanBeSkipped) { OAuthAuthorizationData data = - super.createAuthorizationData(client, params, redirectUri, subject, perms, authorizationCanBeSkipped); + super.createAuthorizationData(client, params, redirectUri, subject, + requestedScopes, perms, authorizationCanBeSkipped); setCodeQualifier(data, params); return data; } @@ -105,7 +107,7 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService codeReg.setClient(client); codeReg.setRedirectUri(state.getRedirectUri()); codeReg.setRequestedScope(requestedScope); - if (approvedScope != null && approvedScope.isEmpty()) { + if (approvedScope == null || approvedScope.isEmpty()) { // no down-scoping done by a user, all of the requested scopes have been authorized codeReg.setApprovedScope(requestedScope); } else { http://git-wip-us.apache.org/repos/asf/cxf/blob/4efd6b4c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java index 057c59d..bec3714 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java @@ -55,10 +55,12 @@ public class ImplicitGrantService extends AbstractImplicitGrantService { MultivaluedMap params, String redirectUri, UserSubject subject, + List requestedScopes, List perms, boolean authorizationCanBeSkipped) { OAuthAuthorizationData data = - super.createAuthorizationData(client, params, redirectUri, subject, perms, authorizationCanBeSkipped); + super.createAuthorizationData(client, params, redirectUri, subject, + requestedScopes, perms, authorizationCanBeSkipped); data.setImplicitFlow(true); return data; } http://git-wip-us.apache.org/repos/asf/cxf/blob/4efd6b4c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java index cc9baba..53cedaf 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java @@ -172,8 +172,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService // Populate the authorization challenge data OAuthAuthorizationData data = - createAuthorizationData(client, params, redirectUri, userSubject, requestedPermissions, - authorizationCanBeSkipped); + createAuthorizationData(client, params, redirectUri, userSubject, requestedScope, + requestedPermissions, authorizationCanBeSkipped); if (authorizationCanBeSkipped) { List approvedScopes = @@ -203,6 +203,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService MultivaluedMap params, String redirectUri, UserSubject subject, + List requestedScope, List perms, boolean authorizationCanBeSkipped) { @@ -213,7 +214,13 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService secData.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE)); secData.setNonce(params.getFirst(OAuthConstants.NONCE)); secData.setClientId(client.getClientId()); - secData.setProposedScope(params.getFirst(OAuthConstants.SCOPE)); + if (requestedScope != null && !requestedScope.isEmpty()) { + StringBuilder builder = new StringBuilder(); + for (String scope : requestedScope) { + builder.append(scope + " "); + } + secData.setProposedScope(builder.toString().trim()); + } if (!authorizationCanBeSkipped) { secData.setPermissions(perms); secData.setApplicationName(client.getApplicationName());