cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-7274] Support for removing the preauthorized tokens which will be duplicated otherise with new tokens and tha larget scope space
Date Fri, 07 Jul 2017 16:09:03 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 44b04b36d -> a055d7bd3


[CXF-7274] Support for removing the preauthorized tokens which will be duplicated otherise
with new tokens and tha larget scope space


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a055d7bd
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a055d7bd
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a055d7bd

Branch: refs/heads/master
Commit: a055d7bd3ce27c5501fbf9a22961fd7599aa5634
Parents: 44b04b3
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Fri Jul 7 17:08:48 2017 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Fri Jul 7 17:08:48 2017 +0100

----------------------------------------------------------------------
 .../oauth2/common/OAuthAuthorizationData.java   |  8 ++++++++
 .../provider/AbstractOAuthDataProvider.java     |  3 ++-
 .../services/RedirectionBasedGrantService.java  | 20 +++++++++++++++++---
 3 files changed, 27 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/a055d7bd/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
index 01aeded..6d879fe 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java
@@ -53,6 +53,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
 
     private List<OAuthPermission> permissions;
     private List<OAuthPermission> alreadyAuthorizedPermissions;
+    private String preauthorizedTokenKey;
     private boolean hidePreauthorizedScopesInForm;
     private boolean applicationRegisteredDynamically;
     private boolean supportSinglePageApplications;
@@ -275,5 +276,12 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements
Ser
         this.supportSinglePageApplications = supportSinglePageApplications;
     }
 
+    public void setPreauthorizedTokenKey(String preauthorizedTokenKey) {
+        this.preauthorizedTokenKey = preauthorizedTokenKey;
+    }
+
+    public String getPreauthorizedTokenKey() {
+        return this.preauthorizedTokenKey;
+    }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a055d7bd/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
index 7dcac57..07ac41f 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.java
@@ -310,7 +310,8 @@ public abstract class AbstractOAuthDataProvider implements OAuthDataProvider,
Cl
         for (ServerAccessToken at : getAccessTokens(client, sub)) {
             if (at.getClient().getClientId().equals(client.getClientId())
                 && at.getGrantType().equals(grantType)
-                && (sub == null || at.getSubject().getLogin().equals(sub.getLogin())))
{
+                && (sub == null && at.getSubject() == null 
+                || sub != null && at.getSubject().getLogin().equals(sub.getLogin())))
{
                 token = at;
                 break;
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/a055d7bd/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index 6798323..dcb9a88 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -58,6 +58,7 @@ import org.apache.cxf.security.SecurityContext;
  */
 public abstract class RedirectionBasedGrantService extends AbstractOAuthService {
     private static final String AUTHORIZATION_REQUEST_PARAMETERS = "authorization.request.parameters";
+    private static final String PREAUTHORIZED_TOKEN_KEY = "preauthorized.token.key";
     private Set<String> supportedResponseTypes;
     private String supportedGrantType;
     private boolean useAllClientScopes;
@@ -72,6 +73,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
     private AuthorizationRequestFilter authorizationFilter;
     private List<String> scopesRequiringNoConsent;
     private boolean supportSinglePageApplications = true;
+    private boolean revokePreauthorizedTokenOnApproval = true;
 
     protected RedirectionBasedGrantService(String supportedResponseType,
                                            String supportedGrantType) {
@@ -192,9 +194,6 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
             alreadyAuthorizedPerms = preAuthorizedToken.getScopes();
             preAuthorizationComplete =
                 OAuthUtils.convertPermissionsToScopeList(alreadyAuthorizedPerms).containsAll(requestedScope);
-            if (!preAuthorizationComplete) {
-                preAuthorizedToken = null;
-            }
         }
 
         Response finalResponse = null;
@@ -219,6 +218,9 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
                                             userSubject,
                                             preAuthorizedToken);
             } else {
+                if (preAuthorizedToken != null) {
+                    data.setPreauthorizedTokenKey(preAuthorizedToken.getTokenKey());
+                }
                 finalResponse = Response.ok(data).build();
             }
         } catch (OAuthServiceException ex) {
@@ -389,6 +391,11 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
             return createErrorResponse(params, redirectUri, OAuthConstants.INVALID_SCOPE);
         }
         getMessageContext().put(AUTHORIZATION_REQUEST_PARAMETERS, params);
+        
+        String preAuthorizedTokenKey = params.getFirst(PREAUTHORIZED_TOKEN_KEY);
+        if (preAuthorizedTokenKey != null && isRevokePreauthorizedTokenOnApproval())
{
+            getDataProvider().revokeToken(client, preAuthorizedTokenKey, OAuthConstants.ACCESS_TOKEN);
+        }
         // Request a new grant
         return createGrant(state,
                            client,
@@ -399,6 +406,13 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService
 
     }
 
+    public boolean isRevokePreauthorizedTokenOnApproval() {
+        return revokePreauthorizedTokenOnApproval;
+    }
+    public void setRevokePreauthorizedTokenOnApproval(boolean revoke) {
+        this.revokePreauthorizedTokenOnApproval = revoke;
+    }
+    
     public void setSessionAuthenticityTokenProvider(SessionAuthenticityTokenProvider sessionAuthenticityTokenProvider)
{
         this.sessionAuthenticityTokenProvider = sessionAuthenticityTokenProvider;
     }


Mime
View raw message