cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: OAuth2 implicit services may also need the request pre-processing
Date Thu, 11 Feb 2016 17:14:42 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 95eab4372 -> 1a8d70ddf


OAuth2 implicit services may also need the request pre-processing


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1a8d70dd
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1a8d70dd
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1a8d70dd

Branch: refs/heads/master
Commit: 1a8d70ddf1e7892d96d7ba6710028f35978a5075
Parents: 95eab43
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Feb 11 17:14:23 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Feb 11 17:14:23 2016 +0000

----------------------------------------------------------------------
 .../grants/code/JwtRequestCodeFilter.java       |  4 +--
 .../AuthorizationCodeRequestFilter.java         | 11 ++-----
 .../provider/AuthorizationRequestFilter.java    | 30 ++++++++++++++++++++
 .../services/AuthorizationCodeGrantService.java | 13 ++-------
 .../services/RedirectionBasedGrantService.java  |  9 ++++++
 5 files changed, 46 insertions(+), 21 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/1a8d70dd/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
index 652f7f8..0017850 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JwtRequestCodeFilter.java
@@ -36,12 +36,12 @@ import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.provider.AuthorizationCodeRequestFilter;
+import org.apache.cxf.rs.security.oauth2.provider.AuthorizationRequestFilter;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthJoseJwtConsumer;
 import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
 import org.apache.cxf.rt.security.crypto.CryptoUtils;
 
-public class JwtRequestCodeFilter extends OAuthJoseJwtConsumer implements AuthorizationCodeRequestFilter
{
+public class JwtRequestCodeFilter extends OAuthJoseJwtConsumer implements AuthorizationRequestFilter
{
     private static final String REQUEST_PARAM = "request";
     private static final String REQUEST_URI_PARAM = "request_uri";
     private boolean verifyWithClientCertificates;

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a8d70dd/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java
index 646861c..56f285d 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java
@@ -18,13 +18,6 @@
  */
 package org.apache.cxf.rs.security.oauth2.provider;
 
-import javax.ws.rs.core.MultivaluedMap;
-
-import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-
-public interface AuthorizationCodeRequestFilter {
-    MultivaluedMap<String, String> process(MultivaluedMap<String, String> params,

-                                           UserSubject endUser,
-                                           Client client);
+@Deprecated
+public interface AuthorizationCodeRequestFilter extends AuthorizationRequestFilter {
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a8d70dd/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationRequestFilter.java
new file mode 100644
index 0000000..26c1709
--- /dev/null
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationRequestFilter.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.provider;
+
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+
+public interface AuthorizationRequestFilter {
+    MultivaluedMap<String, String> process(MultivaluedMap<String, String> params,

+                                           UserSubject endUser,
+                                           Client client);
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a8d70dd/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index d8191e8..86d229f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -51,13 +51,13 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
  * redirect End User back to the Client, supplying 
  * the authorization code.
  */
+@SuppressWarnings("deprecation")
 @Path("/authorize")
 public class AuthorizationCodeGrantService extends RedirectionBasedGrantService {
     private static final long RECOMMENDED_CODE_EXPIRY_TIME_SECS = 10L * 60L;
     private boolean canSupportPublicClients;
     private boolean canSupportEmptyRedirectForPrivateClients;
     private OOBResponseDeliverer oobDeliverer;
-    private AuthorizationCodeRequestFilter codeRequestFilter;
     private AuthorizationCodeResponseFilter codeResponseFilter;
     
     public AuthorizationCodeGrantService() {
@@ -86,14 +86,6 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
     private static void setCodeQualifier(OAuthRedirectionState data, MultivaluedMap<String,
String> params) {
         data.setClientCodeChallenge(params.getFirst(OAuthConstants.AUTHORIZATION_CODE_CHALLENGE));
     }
-    protected Response startAuthorization(MultivaluedMap<String, String> params, 
-                                          UserSubject userSubject,
-                                          Client client) {
-        if (codeRequestFilter != null) {
-            params = codeRequestFilter.process(params, userSubject, client);
-        }
-        return super.startAuthorization(params, userSubject, client);
-    }
     protected Response createGrant(OAuthRedirectionState state,
                                    Client client,
                                    List<String> requestedScope,
@@ -193,8 +185,9 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService
         this.codeResponseFilter = filter;
     }
 
+    @Deprecated
     public void setCodeRequestFilter(AuthorizationCodeRequestFilter codeRequestFilter) {
-        this.codeRequestFilter = codeRequestFilter;
+        super.setAuthorizationFilter(codeRequestFilter);
     }
     public void setCanSupportEmptyRedirectForPrivateClients(boolean canSupportEmptyRedirectForPrivateClients)
{
         this.canSupportEmptyRedirectForPrivateClients = canSupportEmptyRedirectForPrivateClients;

http://git-wip-us.apache.org/repos/asf/cxf/blob/1a8d70dd/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 094c5af..40a6771 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -42,6 +42,7 @@ import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
 import org.apache.cxf.rs.security.oauth2.common.OAuthRedirectionState;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.provider.AuthorizationRequestFilter;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
 import org.apache.cxf.rs.security.oauth2.provider.ResourceOwnerNameProvider;
 import org.apache.cxf.rs.security.oauth2.provider.SessionAuthenticityTokenProvider;
@@ -66,6 +67,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
     private int maxDefaultSessionInterval;
     private boolean matchRedirectUriWithApplicationUri;
     private boolean hidePreauthorizedScopesInForm;
+    private AuthorizationRequestFilter authorizationFilter;
     
     protected RedirectionBasedGrantService(String supportedResponseType,
                                            String supportedGrantType) {
@@ -128,6 +130,10 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
                                           UserSubject userSubject,
                                           Client client) {    
         
+        if (authorizationFilter != null) {
+            params = authorizationFilter.process(params, userSubject, client);
+        }
+        
         // Validate the provided request URI, if any, against the ones Client provided
         // during the registration
         String redirectUri = validateRedirectUri(client, params.getFirst(OAuthConstants.REDIRECT_URI));

@@ -533,4 +539,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
     public void setHidePreauthorizedScopesInForm(boolean hidePreauthorizedScopesInForm) {
         this.hidePreauthorizedScopesInForm = hidePreauthorizedScopesInForm;
     }
+    public void setAuthorizationFilter(AuthorizationRequestFilter authorizationFilter) {
+        this.authorizationFilter = authorizationFilter;
+    }
 }


Mime
View raw message