oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raymond Feng <enjoyj...@gmail.com>
Subject Re: svn commit: r1332515 - /incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java
Date Wed, 09 May 2012 14:50:21 GMT
I don't see any issues as I use both query and header style.

Raymond Feng
Sent from my iPhone

On May 9, 2012, at 7:23 AM, Antonio Sanso <asanso@adobe.com> wrote:

> Hi Raymond
> 
> On May 2, 2012, at 5:23 PM, Raymond Feng wrote:
> 
>> Hi,
>> 
>> It's probably in the same area but not the same. My fix solves the issue that the
validator/extractor accidentally destructs the HTTP POST/PUT payload when the Content-Type
is application/x-www-form-urlencoded as the HttpServletRequest's parameter related methods
try to decode the parameters from the body.
>> 
>> For AMBER-15, there are two things to consider:
>> 
>> 1) We need to make sure the list of parameter style validators/extractors don't interfere
with each other
>> 2) We also want to make sure that only one access token is used.
> 
> so what you would do if more than style is used at the same time? At the moment an  exception
is thrown if I do not get wrong.
> 
> Regards
> 
> Antonio
> 
> 
>> 
>> The current seems to be fine even though we try to construct the exception instances.
I tested Query/Header styles but not the body one.
>> 
>> Do we have a test case showing the problem?
>> 
>> Thanks,
>> Raymond
>> 
>> On May 2, 2012, at 8:12 AM, Antonio Sanso wrote:
>> 
>>> Good stuff Raymond.
>>> 
>>> Does this fix/is related to AMBER-15?
>>> 
>>> Thanks
>>> 
>>> Antonio
>>> 
>>> On May 1, 2012, at 5:34 AM, <rfeng@apache.org> <rfeng@apache.org>
wrote:
>>> 
>>>> Author: rfeng
>>>> Date: Tue May  1 03:34:41 2012
>>>> New Revision: 1332515
>>>> 
>>>> URL: http://svn.apache.org/viewvc?rev=1332515&view=rev
>>>> Log:
>>>> Fix the code to not mess up with HTTP POST body
>>>> 
>>>> Modified:
>>>> incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java
>>>> 
>>>> Modified: incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java
>>>> URL: http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java?rev=1332515&r1=1332514&r2=1332515&view=diff
>>>> ==============================================================================
>>>> --- incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java
(original)
>>>> +++ incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java
Tue May  1 03:34:41 2012
>>>> @@ -21,6 +21,9 @@
>>>> 
>>>> package org.apache.amber.oauth2.rs.extractor;
>>>> 
>>>> +import java.io.UnsupportedEncodingException;
>>>> +import java.net.URLDecoder;
>>>> +
>>>> import javax.servlet.http.HttpServletRequest;
>>>> 
>>>> import org.apache.amber.oauth2.common.OAuth;
>>>> @@ -34,16 +37,48 @@ public class BearerQueryTokenExtractor i
>>>> 
>>>>  @Override
>>>>  public String getAccessToken(HttpServletRequest request) {
>>>> -        String token = request.getParameter(OAuth.OAUTH_BEARER_TOKEN);
>>>> +        String token = getQueryParameter(request, OAuth.OAUTH_BEARER_TOKEN);
>>>>      if (token == null) {
>>>> -            token = request.getParameter(OAuth.OAUTH_TOKEN);
>>>> +            token = getQueryParameter(request, OAuth.OAUTH_TOKEN);
>>>>      }
>>>>      return token;
>>>>  }
>>>> 
>>>>  @Override
>>>>  public String getAccessToken(HttpServletRequest request, String tokenName)
{
>>>> -        return request.getParameter(tokenName);
>>>> +        return getQueryParameter(request, tokenName);
>>>> +    }
>>>> +
>>>> +    /**
>>>> +     * A replacement for HttpServletRequest.getParameter() as it will mess
up with HTTP POST body
>>>> +     * @param request
>>>> +     * @param name
>>>> +     * @return
>>>> +     */
>>>> +    private String getQueryParameter(HttpServletRequest request, String
name) {
>>>> +        String query = request.getQueryString();
>>>> +        if (query == null) {
>>>> +            return null;
>>>> +        }
>>>> +        String[] params = query.split("&");
>>>> +        for (String param : params) {
>>>> +            try {
>>>> +                param = URLDecoder.decode(param, "UTF-8");
>>>> +            } catch (UnsupportedEncodingException e) {
>>>> +                // Ignore
>>>> +            }
>>>> +            int index = param.indexOf('=');
>>>> +            String key = param;
>>>> +            String value = null;
>>>> +            if (index != -1) {
>>>> +                key = param.substring(0, index);
>>>> +                value = param.substring(index + 1);
>>>> +            }
>>>> +            if (key.equals(name)) {
>>>> +                return value;
>>>> +            }
>>>> +        }
>>>> +        return null;
>>>>  }
>>>> 
>>>> }
>>>> 
>>>> 
>>> 
>> 
> 

Mime
View raw message