Author: sergeyb
Date: Tue Sep 27 16:17:49 2011
New Revision: 1176457
URL: http://svn.apache.org/viewvc?rev=1176457&view=rev
Log:
[CXF-2759] Removing optional HTTP verbs from Token
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java?rev=1176457&r1=1176456&r2=1176457&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/Token.java
Tue Sep 27 16:17:49 2011
@@ -30,7 +30,6 @@ public abstract class Token {
protected Client client;
protected List<String> scopes;
protected List<String> uris;
- private List<String> httpVerbs;
protected Token(Client client, String tokenString,
String tokenSecret, long lifetime) {
@@ -86,14 +85,5 @@ public abstract class Token {
public void setUris(List<String> uris) {
this.uris = uris;
}
-
- public void setHttpVerbs(List<String> httpVerbs) {
- this.httpVerbs = httpVerbs;
- }
-
- public List<String> getHttpVerbs() {
- return httpVerbs;
- }
-
}
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1176457&r1=1176456&r2=1176457&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
Tue Sep 27 16:17:49 2011
@@ -34,6 +34,7 @@ import org.apache.cxf.common.logging.Log
import org.apache.cxf.common.security.SimplePrincipal;
import org.apache.cxf.rs.security.oauth.data.AccessToken;
import org.apache.cxf.rs.security.oauth.data.Client;
+import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
import org.apache.cxf.security.SecurityContext;
@@ -81,19 +82,18 @@ public class AbstractAuthFilter {
if (accessToken == null) {
throw new OAuthProblemException();
}
- //check valid scope
+ //check valid URI
if (!checkRequestURI(req, accessToken.getUris())) {
throw new OAuthProblemException();
}
- if (accessToken.getHttpVerbs() != null
- && !accessToken.getHttpVerbs().contains(req.getMethod())) {
- throw new OAuthProblemException();
- }
authInfo = accessToken.getClient();
} else {
String consumerKey =
oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY);
authInfo = dataProvider.getClient(consumerKey);
+ if (authInfo == null) {
+ throw new OAuthProblemException();
+ }
if (!checkRequestURI(req, authInfo.getUris())) {
throw new OAuthProblemException();
}
@@ -101,7 +101,19 @@ public class AbstractAuthFilter {
OAuthUtils.validateMessage(oAuthMessage, authInfo, accessToken);
- return new OAuthInfo(authInfo, accessToken, dataProvider);
+ List<OAuthPermission> permissions = dataProvider.getPermissionsInfo(
+ accessToken != null ? accessToken.getScopes() :
authInfo.getScopes());
+ boolean matched = false;
+ for (OAuthPermission perm : permissions) {
+ if (perm.getHttpVerbs() == null
+ || perm.getHttpVerbs().contains(req.getMethod())) {
+ matched = true;
+ }
+ }
+ if (!matched) {
+ throw new OAuthProblemException();
+ }
+ return new OAuthInfo(authInfo, accessToken, permissions);
}
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java?rev=1176457&r1=1176456&r2=1176457&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthInfo.java
Tue Sep 27 16:17:49 2011
@@ -24,16 +24,15 @@ import java.util.List;
import org.apache.cxf.rs.security.oauth.data.AccessToken;
import org.apache.cxf.rs.security.oauth.data.Client;
import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
-import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
public class OAuthInfo {
private Client client;
private AccessToken token;
- private OAuthDataProvider provider;
- public OAuthInfo(Client client, AccessToken token, OAuthDataProvider
provider) {
+ private List<OAuthPermission> permissions;
+ public OAuthInfo(Client client, AccessToken token, List<OAuthPermission>
permissions) {
this.client = client;
this.token = token;
- this.provider = provider;
+ this.permissions = permissions;
}
public Client getClient() {
return client;
@@ -43,8 +42,6 @@ public class OAuthInfo {
}
public List<String> getRoles() {
- List<OAuthPermission> permissions = provider.getPermissionsInfo(
- token != null ? token.getScopes() : client.getScopes());
List<String> authorities = new ArrayList<String>();
if (permissions != null) {
for (OAuthPermission permission : permissions) {