cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Making sure the pre-registered client scopes can be accumulated with the requested scopes
Date Mon, 18 Jan 2016 16:53:01 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 2d5bc09bd -> 6cc93fb07


Making sure the pre-registered client scopes can be accumulated with the requested scopes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6cc93fb0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6cc93fb0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6cc93fb0

Branch: refs/heads/master
Commit: 6cc93fb07362027d09967932776821352d88b62b
Parents: 2d5bc09
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Mon Jan 18 16:52:44 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Mon Jan 18 16:52:44 2016 +0000

----------------------------------------------------------------------
 .../oauth2/grants/refresh/RefreshTokenGrantHandler.java |  6 ++++++
 .../oauth2/services/DirectAuthorizationService.java     |  6 ++++++
 .../oauth2/services/RedirectionBasedGrantService.java   |  8 +++++++-
 .../apache/cxf/rs/security/oauth2/utils/OAuthUtils.java | 12 +++++++++++-
 4 files changed, 30 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6cc93fb0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
index f64394b..3553736 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
@@ -35,6 +35,7 @@ public class RefreshTokenGrantHandler implements AccessTokenGrantHandler
{
 
     private OAuthDataProvider dataProvider;
     private boolean partialMatchScopeValidation;
+    private boolean useAllClientScopes;
     
     public void setDataProvider(OAuthDataProvider dataProvider) {
         this.dataProvider = dataProvider;
@@ -49,6 +50,7 @@ public class RefreshTokenGrantHandler implements AccessTokenGrantHandler
{
         String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN);
         List<String> requestedScopes = OAuthUtils.getRequestedScopes(client,
                                             params.getFirst(OAuthConstants.SCOPE),
+                                            useAllClientScopes,
                                             partialMatchScopeValidation);
         
         return dataProvider.refreshAccessToken(client, refreshToken, requestedScopes);
@@ -57,4 +59,8 @@ public class RefreshTokenGrantHandler implements AccessTokenGrantHandler
{
     public void setPartialMatchScopeValidation(boolean partialMatchScopeValidation) {
         this.partialMatchScopeValidation = partialMatchScopeValidation;
     }
+
+    public void setUseAllClientScopes(boolean useAllClientScopes) {
+        this.useAllClientScopes = useAllClientScopes;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/6cc93fb0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
index 26212d8..f88a85a 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DirectAuthorizationService.java
@@ -45,6 +45,7 @@ import org.apache.cxf.security.SecurityContext;
 public class DirectAuthorizationService extends AbstractOAuthService {
     private SubjectCreator subjectCreator;
     private boolean partialMatchScopeValidation;
+    private boolean useAllClientScopes;
     @POST
     @Consumes("application/x-www-form-urlencoded")
     @Produces("text/html")
@@ -62,6 +63,7 @@ public class DirectAuthorizationService extends AbstractOAuthService {
         String providedScope = params.getFirst(OAuthConstants.SCOPE);
         List<String> requestedScope = OAuthUtils.getRequestedScopes(client, 
                                                            providedScope, 
+                                                           useAllClientScopes,
                                                            partialMatchScopeValidation);
         
         reg.setRequestedScope(requestedScope);        
@@ -132,6 +134,10 @@ public class DirectAuthorizationService extends AbstractOAuthService
{
     public void setPartialMatchScopeValidation(boolean partialMatchScopeValidation) {
         this.partialMatchScopeValidation = partialMatchScopeValidation;
     }
+
+    public void setUseAllClientScopes(boolean useAllClientScopes) {
+        this.useAllClientScopes = useAllClientScopes;
+    }
 }
 
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/6cc93fb0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 85b4b44..4d24346 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -57,6 +57,7 @@ import org.apache.cxf.security.SecurityContext;
 public abstract class RedirectionBasedGrantService extends AbstractOAuthService {
     private Set<String> supportedResponseTypes;
     private String supportedGrantType;
+    private boolean useAllClientScopes;
     private boolean partialMatchScopeValidation;
     private boolean useRegisteredRedirectUriIfPossible = true;
     private SessionAuthenticityTokenProvider sessionAuthenticityTokenProvider;
@@ -145,7 +146,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         List<String> requestedScope = null;
         try {
             requestedScope = OAuthUtils.getRequestedScopes(client, 
-                                                           providedScope, 
+                                                           providedScope,
+                                                           useAllClientScopes,
                                                            partialMatchScopeValidation);
         } catch (OAuthServiceException ex) {
             return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
@@ -462,6 +464,10 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
     public void setPartialMatchScopeValidation(boolean partialMatchScopeValidation) {
         this.partialMatchScopeValidation = partialMatchScopeValidation;
     }
+    
+    public void setUseAllClientScopes(boolean useAllClientScopes) {
+        this.useAllClientScopes = useAllClientScopes;
+    }
     /**
      * If a client does not include a redirect_uri parameter but has an exactly one
      * pre-registered redirect_uri then use that redirect_uri

http://git-wip-us.apache.org/repos/asf/cxf/blob/6cc93fb0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index d2ae2fa..066cec0 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -213,7 +213,9 @@ public final class OAuthUtils {
         return false;
     }
     
-    public static List<String> getRequestedScopes(Client client, String scopeParameter,

+    public static List<String> getRequestedScopes(Client client, 
+                                                  String scopeParameter,
+                                                  boolean useAllClientScopes,
                                                   boolean partialMatchScopeValidation) {
         List<String> requestScopes = parseScope(scopeParameter);
         List<String> registeredScopes = client.getRegisteredScopes();
@@ -224,6 +226,14 @@ public final class OAuthUtils {
         if (!validateScopes(requestScopes, registeredScopes, partialMatchScopeValidation))
{
             throw new OAuthServiceException("Unexpected scope");
         }
+        if (useAllClientScopes) {
+            for (String registeredScope : registeredScopes) {
+                if (!requestScopes.contains(registeredScope)) {
+                    requestScopes.add(registeredScope);
+                }
+            }
+        }
+        
         return requestScopes;
     }
     


Mime
View raw message