cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Pass the already approved scopes/permissions, if any, to the authorization form for the more optimal UI challenge be possible
Date Thu, 28 Jan 2016 13:24:35 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 39c2acb41 -> c9a2f0d2e


Pass the already approved scopes/permissions, if any, to the authorization form for the more
optimal UI challenge be possible


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c9a2f0d2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c9a2f0d2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c9a2f0d2

Branch: refs/heads/3.1.x-fixes
Commit: c9a2f0d2e292c9e11728453fd4da910f9f1609a4
Parents: 39c2acb
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Jan 28 13:13:47 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Jan 28 13:24:14 2016 +0000

----------------------------------------------------------------------
 .../oauth2/common/OAuthAuthorizationData.java   | 53 +++++++++++++-------
 .../services/AuthorizationCodeGrantService.java |  6 +--
 .../oauth2/services/ImplicitGrantService.java   |  6 +--
 .../services/RedirectionBasedGrantService.java  | 29 +++++++----
 4 files changed, 60 insertions(+), 34 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/c9a2f0d2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
index 383cd3b..d234f31 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
@@ -48,13 +48,14 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
     private Map<String, String> extraApplicationProperties = new HashMap<String,
String>();
     private boolean implicitFlow;
     
-    private List<? extends Permission> permissions;
+    private List<OAuthPermission> permissions;
+    private List<OAuthPermission> alreadyAuthorizedPermissions;
     
     public OAuthAuthorizationData() {
     }
 
     /**
-     * Sets the client application name
+     * Get the client application name
      * @return application name
      */
     public String getApplicationName() {
@@ -62,7 +63,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
     }
 
     /**
-     * Sets the client application name
+     * Set the client application name
      * @param applicationName application name
      */
     public void setApplicationName(String applicationName) {
@@ -70,24 +71,40 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
     }
 
     /**
-     * Gets the list of scopes translated to {@link Permission} instances
+     * Get the list of scopes translated to {@link Permission} instances
      * requested by the client application
      * @return the list of scopes
      */
-    public List<? extends Permission> getPermissions() {
+    public List<OAuthPermission> getPermissions() {
         return permissions;
     }
 
     /**
-     * Gets the list of scopes translated to {@link Permission} instances
-     * @return the list of scopses
+     * Set the list of scopes translated to {@link OAuthPermission} instances
+     * @return the list of scopes
      **/
-    public void setPermissions(List<? extends Permission> permissions) {
+    public void setPermissions(List<OAuthPermission> permissions) {
         this.permissions = permissions;
     }
+    
+    /** 
+     * Get the list of scopes already approved by a user
+     * @return the list of approved scopes
+     */
+    public List<OAuthPermission> getAlreadyAuthorizedPermissions() {
+        return alreadyAuthorizedPermissions;
+    }
+
+    /**
+     * Set the list of scopes already approved by a user
+     * @param permissions the list of approved scopes
+     */
+    public void setAlreadyAuthorizedPermissions(List<OAuthPermission> perms) {
+        this.alreadyAuthorizedPermissions = perms;
+    }
 
     /**
-     * Sets the authenticity token linking the authorization 
+     * Set the authenticity token linking the authorization 
      * challenge to the current end user session
      * 
      * @param authenticityToken the session authenticity token 
@@ -97,7 +114,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
     }
 
     /**
-     * Gets the authenticity token linking the authorization 
+     * Get the authenticity token linking the authorization 
      * challenge to the current end user session
      * @return the session authenticity token
      */
@@ -106,7 +123,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
     }
 
     /**
-     * Sets the application description
+     * Set the application description
      * @param applicationDescription the description
      */
     public void setApplicationDescription(String applicationDescription) {
@@ -114,7 +131,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
     }
 
     /**
-     * Gets the application description
+     * Get the application description
      * @return the description
      */
     public String getApplicationDescription() {
@@ -122,7 +139,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
     }
 
     /**
-     * Sets the application web URI
+     * Set the application web URI
      * @param applicationWebUri the application URI
      */
     public void setApplicationWebUri(String applicationWebUri) {
@@ -130,7 +147,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
     }
 
     /**
-     * Gets the application web URI
+     * Get the application web URI
      * @return the application URI
      */
     public String getApplicationWebUri() {
@@ -138,7 +155,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
     }
 
     /**
-     * Sets the application logo URI
+     * Set the application logo URI
      * @param applicationLogoUri the logo URI
      */
     public void setApplicationLogoUri(String applicationLogoUri) {
@@ -146,7 +163,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
     }
 
     /**
-     * Gets the application logo URI
+     * Get the application logo URI
      * @return the logo URI
      */
     public String getApplicationLogoUri() {
@@ -154,7 +171,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
     }
 
     /**
-     * Sets the absolute URI where the authorization decision data 
+     * Set the absolute URI where the authorization decision data 
      * will need to be sent to
      * @param replyTo authorization decision handler URI
      */
@@ -163,7 +180,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
     }
 
     /**
-     * Gets the absolute URI where the authorization decision data 
+     * Get the absolute URI where the authorization decision data 
      * will need to be sent to
      * @return authorization decision handler URI
      */

http://git-wip-us.apache.org/repos/asf/cxf/blob/c9a2f0d2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index 9a8609a..138a600 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -68,12 +68,12 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
                                                              MultivaluedMap<String, String>
params,
                                                              String redirectUri,
                                                              UserSubject subject,
-                                                             List<String> requestedScopes,
-                                                             List<OAuthPermission>
perms,
+                                                             List<OAuthPermission>
requestedPerms,
+                                                             List<OAuthPermission>
alreadyAuthorizedPerms,
                                                              boolean authorizationCanBeSkipped)
{
         OAuthAuthorizationData data = 
             super.createAuthorizationData(client, params, redirectUri, subject, 
-                                          requestedScopes, perms, authorizationCanBeSkipped);
+                                          requestedPerms, alreadyAuthorizedPerms, authorizationCanBeSkipped);
         setCodeQualifier(data, params);
         return data;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/c9a2f0d2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
index bec3714..50aa491 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
@@ -55,12 +55,12 @@ public class ImplicitGrantService extends AbstractImplicitGrantService
{
                                                              MultivaluedMap<String, String>
params,
                                                              String redirectUri,
                                                              UserSubject subject,
-                                                             List<String> requestedScopes,
-                                                             List<OAuthPermission>
perms,
+                                                             List<OAuthPermission>
requestedPerms,
+                                                             List<OAuthPermission>
alreadyAuthorizedPerms,
                                                              boolean authorizationCanBeSkipped)
{
         OAuthAuthorizationData data = 
             super.createAuthorizationData(client, params, redirectUri, subject, 
-                                          requestedScopes, perms, authorizationCanBeSkipped);
+                                          requestedPerms, alreadyAuthorizedPerms, authorizationCanBeSkipped);
         data.setImplicitFlow(true);
         return data;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/c9a2f0d2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 6c1a743..133ce30 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -170,15 +170,23 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         // Request a new grant only if no pre-authorized token is available
         ServerAccessToken preAuthorizedToken = getDataProvider().getPreauthorizedToken(
             client, requestedScope, userSubject, supportedGrantType);
-        final boolean preAuthorizationComplete = preAuthorizedToken != null
-            && OAuthUtils.convertPermissionsToScopeList(preAuthorizedToken.getScopes()).containsAll(requestedScope);
+        
+        List<OAuthPermission> alreadyAuthorizedPerms = null;
+        boolean preAuthorizationComplete = false;
+        if (preAuthorizedToken != null) {
+            alreadyAuthorizedPerms = preAuthorizedToken.getScopes();
+            preAuthorizationComplete = 
+                OAuthUtils.convertPermissionsToScopeList(alreadyAuthorizedPerms).containsAll(requestedScope);
+        }
         final boolean authorizationCanBeSkipped = preAuthorizationComplete 
             || canAuthorizationBeSkipped(client, userSubject, requestedScope, requestedPermissions);
         
         // Populate the authorization challenge data 
         OAuthAuthorizationData data = 
-            createAuthorizationData(client, params, redirectUri, userSubject, requestedScope,

-                                    requestedPermissions, authorizationCanBeSkipped);
+            createAuthorizationData(client, params, redirectUri, userSubject,  
+                                    requestedPermissions, 
+                                    alreadyAuthorizedPerms, 
+                                    authorizationCanBeSkipped);
         
         if (authorizationCanBeSkipped) {
             List<OAuthPermission> approvedScopes = 
@@ -209,8 +217,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
                                                              MultivaluedMap<String, String>
params,
                                                              String redirectUri, 
                                                              UserSubject subject,
-                                                             List<String> requestedScope,
-                                                             List<OAuthPermission>
perms,
+                                                             List<OAuthPermission>
requestedPerms,
+                                                             List<OAuthPermission>
alreadyAuthorizedPerms,
                                                              boolean authorizationCanBeSkipped)
{
         
         OAuthAuthorizationData secData = new OAuthAuthorizationData();
@@ -221,15 +229,16 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         secData.setNonce(params.getFirst(OAuthConstants.NONCE));
         secData.setClientId(client.getClientId());
         secData.setResponseType(params.getFirst(OAuthConstants.RESPONSE_TYPE));
-        if (requestedScope != null && !requestedScope.isEmpty()) {
+        if (requestedPerms != null && !requestedPerms.isEmpty()) {
             StringBuilder builder = new StringBuilder();
-            for (String scope : requestedScope) {
-                builder.append(scope + " ");
+            for (OAuthPermission perm : requestedPerms) {
+                builder.append(perm.getPermission() + " ");
             }
             secData.setProposedScope(builder.toString().trim());
         }
         if (!authorizationCanBeSkipped) {
-            secData.setPermissions(perms);
+            secData.setPermissions(requestedPerms);
+            secData.setAlreadyAuthorizedPermissions(alreadyAuthorizedPerms);
             secData.setApplicationName(client.getApplicationName()); 
             secData.setApplicationWebUri(client.getApplicationWebUri());
             secData.setApplicationDescription(client.getApplicationDescription());


Mime
View raw message