cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Redirection service code was not saved...
Date Tue, 26 Jan 2016 15:53:36 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes d4f3d8880 -> 1308529e8


Redirection service code was not saved...


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1308529e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1308529e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1308529e

Branch: refs/heads/3.1.x-fixes
Commit: 1308529e8b6a325143fea8256c98e37f79016170
Parents: d4f3d88
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Tue Jan 26 15:48:17 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Tue Jan 26 15:53:22 2016 +0000

----------------------------------------------------------------------
 .../security/oauth2/services/RedirectionBasedGrantService.java  | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/1308529e/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index be1bcc1..6c1a743 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -170,8 +170,9 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
         // Request a new grant only if no pre-authorized token is available
         ServerAccessToken preAuthorizedToken = getDataProvider().getPreauthorizedToken(
             client, requestedScope, userSubject, supportedGrantType);
-        final boolean authorizationCanBeSkipped = 
-            preAuthorizedToken != null 
+        final boolean preAuthorizationComplete = preAuthorizedToken != null
+            && OAuthUtils.convertPermissionsToScopeList(preAuthorizedToken.getScopes()).containsAll(requestedScope);
+        final boolean authorizationCanBeSkipped = preAuthorizationComplete 
             || canAuthorizationBeSkipped(client, userSubject, requestedScope, requestedPermissions);
         
         // Populate the authorization challenge data 


Mime
View raw message