Author: sergeyb
Date: Fri Oct 14 10:28:31 2011
New Revision: 1183281
URL: http://svn.apache.org/viewvc?rev=1183281&view=rev
Log:
[CXF-2759] Some more updates to do with the permission enforcement
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java?rev=1183281&r1=1183280&r2=1183281&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
Fri Oct 14 10:28:31 2011
@@ -25,6 +25,7 @@ public class OAuthPermission extends Per
private List<String> roles = Collections.emptyList();
private List<String> httpVerbs = Collections.emptyList();
private String uri;
+ private boolean authorizationKeyRequired = true;
public OAuthPermission(String permission, String description, String role)
{
this(permission, description, Collections.singletonList(role));
@@ -54,6 +55,12 @@ public class OAuthPermission extends Per
public String getUri() {
return uri;
}
-
-
+
+ public void setAuthorizationKeyRequired(boolean authorizationKeyRequired) {
+ this.authorizationKeyRequired = authorizationKeyRequired;
+ }
+
+ public boolean isAuthorizationKeyRequired() {
+ return authorizationKeyRequired;
+ }
}
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1183281&r1=1183280&r2=1183281&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
Fri Oct 14 10:28:31 2011
@@ -88,8 +88,9 @@ public class AbstractAuthFilter {
} else {
String consumerKey =
oAuthMessage.getParameter(OAuth.OAUTH_CONSUMER_KEY);
+ String consumerSecret =
oAuthMessage.getParameter("oauth_consumer_secret");
client = dataProvider.getClient(consumerKey);
- if (client == null) {
+ if (client == null || consumerSecret == null ||
!consumerSecret.equals(client.getSecretKey())) {
throw new OAuthProblemException();
}
}
@@ -103,6 +104,7 @@ public class AbstractAuthFilter {
List<OAuthPermission> permissions = dataProvider.getPermissionsInfo(
getAllScopes(client, accessToken));
+
for (OAuthPermission perm : permissions) {
if (perm.getUri() != null
&& !checkRequestURI(req,
Collections.singletonList(perm.getUri()))) {
@@ -112,11 +114,20 @@ public class AbstractAuthFilter {
&& !perm.getHttpVerbs().contains(req.getMethod())) {
throw new OAuthProblemException();
}
+ checkNoAccessTokenIsAllowed(client, accessToken, perm);
}
+
return new OAuthInfo(client, accessToken, permissions);
}
+ protected void checkNoAccessTokenIsAllowed(Client client, AccessToken
token,
+ OAuthPermission perm) throws OAuthProblemException {
+ if (token == null && perm.isAuthorizationKeyRequired()) {
+ throw new OAuthProblemException();
+ }
+ }
+
protected List<String> getAllScopes(Client client, AccessToken token) {
List<String> scopes = new LinkedList<String>();
if (token != null) {
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1183281&r1=1183280&r2=1183281&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
Fri Oct 14 10:28:31 2011
@@ -38,6 +38,7 @@ import org.apache.cxf.rs.security.oauth.
import org.apache.cxf.rs.security.oauth.data.RequestToken;
import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
public class RequestTokenHandler {
@@ -54,6 +55,8 @@ public class RequestTokenHandler {
};
private long tokenLifetime = 3600L;
+ private String defaultScope;
+ private String defaultURI;
public Response handle(HttpServletRequest request, OAuthDataProvider
dataProvider) {
try {
@@ -77,8 +80,10 @@ public class RequestTokenHandler {
String callback = oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK);
validateCallbackURL(client, callback);
- List<String> scopes =
OAuthUtils.parseScopesFromRequest(oAuthMessage);
- List<String> uris = OAuthUtils.parseUrisFromRequest(oAuthMessage);
+ List<String> scopes = OAuthUtils.parseParamValue(
+ oAuthMessage.getParameter(OAuthConstants.X_OAUTH_SCOPE),
defaultScope);
+ List<String> uris = OAuthUtils.parseParamValue(
+ oAuthMessage.getParameter(OAuthConstants.X_OAUTH_URI),
defaultURI);
RequestTokenRegistration reg = new RequestTokenRegistration();
reg.setClient(client);
@@ -136,5 +141,13 @@ public class RequestTokenHandler {
public void setTokenLifetime(long tokenLifetime) {
this.tokenLifetime = tokenLifetime;
}
+
+ public void setDefaultScope(String defaultScope) {
+ this.defaultScope = defaultScope;
+ }
+
+ public void setDefaultURI(String defaultURI) {
+ this.defaultURI = defaultURI;
+ }
}
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1183281&r1=1183280&r2=1183281&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Fri Oct 14 10:28:31 2011
@@ -19,12 +19,8 @@
package org.apache.cxf.rs.security.oauth.utils;
import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URLEncoder;
import java.util.ArrayList;
-import java.util.Collection;
import java.util.List;
-import java.util.Map;
import java.util.StringTokenizer;
import javax.servlet.ServletContext;
@@ -54,9 +50,6 @@ import org.apache.cxf.rs.security.oauth.
public final class OAuthUtils {
- private static final String PARAMETER_SEPARATOR = "&";
- private static final String NAME_VALUE_SEPARATOR = "=";
-
private OAuthUtils() {
}
@@ -128,7 +121,8 @@ public final class OAuthUtils {
Response.status(status).entity(e.getMessage()).build());
}
- public static List<String> parseParamFromRequest(String paramValue) throws
IOException {
+ public static List<String> parseParamValue(String paramValue, String
defaultValue)
+ throws IOException {
List<String> scopeList = new ArrayList<String>();
@@ -140,56 +134,13 @@ public final class OAuthUtils {
scopeList.add(token);
}
}
+ if (defaultValue != null) {
+ scopeList.add(defaultValue);
+ }
return scopeList;
}
- public static List<String> parseScopesFromRequest(OAuthMessage message)
throws IOException {
- return
parseParamFromRequest(message.getParameter(OAuthConstants.X_OAUTH_SCOPE));
- }
- public static List<String> parseUrisFromRequest(OAuthMessage message)
throws IOException {
- return
parseParamFromRequest(message.getParameter(OAuthConstants.X_OAUTH_URI));
- }
-
- /**
- * Translates parameters into
<code>application/x-www-form-urlencoded</code> String
- *
- * @param parameters parameters to encode
- * @param encoding The name of a supported
- * <a
href="../lang/package-summary.html#charenc">character
- * encoding</a>.
- * @return Translated string
- */
- public static String format(
- final Collection<? extends Map.Entry<String, String>> parameters,
- final String encoding) {
- final StringBuilder result = new StringBuilder();
- for (final Map.Entry<String, String> parameter : parameters) {
- if (!StringUtils.isEmpty(parameter.getKey())
- && !StringUtils.isEmpty(parameter.getValue())) {
- final String encodedName = encode(parameter.getKey(),
encoding);
- final String value = parameter.getValue();
- final String encodedValue = value != null ? encode(value,
encoding) : "";
- if (result.length() > 0) {
- result.append(PARAMETER_SEPARATOR);
- }
- result.append(encodedName);
- result.append(NAME_VALUE_SEPARATOR);
- result.append(encodedValue);
- }
- }
- return result.toString();
- }
-
- private static String encode(final String content, final String encoding) {
- try {
- return URLEncoder.encode(content,
- encoding != null ? encoding : "UTF-8");
- } catch (UnsupportedEncodingException problem) {
- throw new IllegalArgumentException(problem);
- }
- }
-
public static RequestToken handleTokenRejectedException() throws
OAuthProblemException {
OAuthProblemException problemEx = new OAuthProblemException(
OAuth.Problems.TOKEN_REJECTED);
