cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-7480] ClientCredsGrantHandler must enforce the client is confidential, also removing the unused code which is already done in AccessTokenService
Date Fri, 18 Aug 2017 11:14:44 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes a4f10e2ba -> e5c1bea95


[CXF-7480] ClientCredsGrantHandler must enforce the client is confidential, also removing
the unused code which is already done in AccessTokenService


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e5c1bea9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e5c1bea9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e5c1bea9

Branch: refs/heads/3.1.x-fixes
Commit: e5c1bea9524b03ae05c5a967629a08c503413d36
Parents: a4f10e2
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Fri Aug 18 12:05:36 2017 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Fri Aug 18 12:14:24 2017 +0100

----------------------------------------------------------------------
 .../security/oauth2/grants/AbstractGrantHandler.java | 15 +--------------
 .../clientcred/ClientCredentialsGrantHandler.java    |  5 +++++
 2 files changed, 6 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e5c1bea9/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
index afe2ba6..c2a9e27 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java
@@ -70,20 +70,7 @@ public abstract class AbstractGrantHandler implements AccessTokenGrantHandler
{
     public List<String> getSupportedGrantTypes() {
         return Collections.unmodifiableList(supportedGrants);
     }
-    
-    @Deprecated
-    protected void checkIfGrantSupported(Client client) {
-        checkIfGrantSupported(client, getSingleGrantType());
-    }
-    
-    private void checkIfGrantSupported(Client client, String requestedGrant) {
-        if (!OAuthUtils.isGrantSupportedForClient(client, 
-                                                  canSupportPublicClients,
-                                                  requestedGrant)) {
-            throw new OAuthServiceException(OAuthConstants.UNAUTHORIZED_CLIENT);    
-        }
-    }
-    
+
     protected String getSingleGrantType() {
         if (supportedGrants.size() > 1) {
             String errorMessage = "Request grant type must be specified";

http://git-wip-us.apache.org/repos/asf/cxf/blob/e5c1bea9/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
index 800a5fb..cff57ff 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
@@ -21,6 +21,7 @@ package org.apache.cxf.rs.security.oauth2.grants.clientcred;
 import javax.ws.rs.core.MultivaluedMap;
 
 import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.OAuthError;
 import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
 import org.apache.cxf.rs.security.oauth2.grants.AbstractGrantHandler;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
@@ -38,6 +39,10 @@ public class ClientCredentialsGrantHandler extends AbstractGrantHandler
{
 
     public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String>
params)
         throws OAuthServiceException {
+
+        if (!client.isConfidential()) {
+            throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_CLIENT));
+        }
         
         ServerAccessToken at = doCreateAccessToken(client, client.getSubject(), params);
         if (at.getRefreshToken() != null) {


Mime
View raw message