cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Updating the code handler to check for the pre-authorized token only if it was recorded during the code issuance time
Date Tue, 26 Jan 2016 12:47:04 GMT
Repository: cxf
Updated Branches:
  refs/heads/master b490940ac -> 75d475ba8


Updating the code handler to check for the pre-authorized token only if it was recorded during
the code issuance time


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/75d475ba
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/75d475ba
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/75d475ba

Branch: refs/heads/master
Commit: 75d475ba8def388e6e768ef3ffb39c3e724e0e41
Parents: b490940
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Tue Jan 26 12:46:45 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Tue Jan 26 12:46:45 2016 +0000

----------------------------------------------------------------------
 .../code/AuthorizationCodeGrantHandler.java     | 26 +++++++++++---------
 1 file changed, 14 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/75d475ba/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index 4a01328..c8e6655 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -104,18 +104,20 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler
{
                                                   String requestedGrant,
                                                   String codeVerifier,
                                                   List<String> audiences) {
-        ServerAccessToken token = getPreAuthorizedToken(client, 
-                                                        grant.getSubject(), 
-                                                        requestedGrant,
-                                                        grant.getRequestedScopes(), 
-                                                        getAudiences(client, grant.getAudience()));
-        if (token != null) {
-            return token;
-        } else if (grant.isPreauthorizedTokenAvailable()) {
-            // the grant was issued based on the authorization time check confirming the
-            // token was available but it has expired by now or been removed then
-            // creating a completely new token can be wrong - though this needs to be reviewed

-            throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
+        if (grant.isPreauthorizedTokenAvailable()) {
+            ServerAccessToken token = getPreAuthorizedToken(client, 
+                                                            grant.getSubject(), 
+                                                            requestedGrant,
+                                                            grant.getRequestedScopes(), 
+                                                            getAudiences(client, grant.getAudience()));
+            if (token != null) {
+                return token;
+            } else {
+                // the grant was issued based on the authorization time check confirming
the
+                // token was available but it has expired by now or been removed then
+                // creating a completely new token can be wrong - though this needs to be
reviewed 
+                throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
+            }
         }
         
         // Delegate to the data provider to create the one


Mime
View raw message