cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Updating the code handler to check for the pre-authorized token only if it was recorded during the code issuance time
Date Tue, 26 Jan 2016 12:48:15 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes bea566fe9 -> c79bb840f


Updating the code handler to check for the pre-authorized token only if it was recorded during
the code issuance time


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c79bb840
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c79bb840
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c79bb840

Branch: refs/heads/3.1.x-fixes
Commit: c79bb840febf402e498c9cec611ae7c3da27cd2f
Parents: bea566f
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Tue Jan 26 12:46:45 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Tue Jan 26 12:47:56 2016 +0000

----------------------------------------------------------------------
 .../code/AuthorizationCodeGrantHandler.java     | 26 +++++++++++---------
 1 file changed, 14 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/c79bb840/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
index 84b654a..96f8360 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java
@@ -104,18 +104,20 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler
{
                                                   String requestedGrant,
                                                   String codeVerifier,
                                                   List<String> audiences) {
-        ServerAccessToken token = getPreAuthorizedToken(client, 
-                                                        grant.getSubject(), 
-                                                        requestedGrant,
-                                                        grant.getRequestedScopes(), 
-                                                        getAudiences(client, grant.getAudience()));
-        if (token != null) {
-            return token;
-        } else if (grant.isPreauthorizedTokenAvailable()) {
-            // the grant was issued based on the authorization time check confirming the
-            // token was available but it has expired by now or been removed then
-            // creating a completely new token can be wrong - though this needs to be reviewed

-            throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
+        if (grant.isPreauthorizedTokenAvailable()) {
+            ServerAccessToken token = getPreAuthorizedToken(client, 
+                                                            grant.getSubject(), 
+                                                            requestedGrant,
+                                                            grant.getRequestedScopes(), 
+                                                            getAudiences(client, grant.getAudience()));
+            if (token != null) {
+                return token;
+            } else {
+                // the grant was issued based on the authorization time check confirming
the
+                // token was available but it has expired by now or been removed then
+                // creating a completely new token can be wrong - though this needs to be
reviewed 
+                throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
+            }
         }
         
         // Delegate to the data provider to create the one


Mime
View raw message