Author: sergeyb
Date: Wed Nov 9 17:06:34 2011
New Revision: 1199858
URL: http://svn.apache.org/viewvc?rev=1199858&view=rev
Log:
[CXF-3894] Making sure OAuth services can also log the form values captured by
HttpServletRequest parameters
Modified:
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Modified:
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java?rev=1199858&r1=1199857&r2=1199858&view=diff
==============================================================================
---
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java
(original)
+++
cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/FormUtils.java
Wed Nov 9 17:06:34 2011
@@ -107,20 +107,24 @@ public final class FormUtils {
String[] values = request.getParameterValues(paramName);
params.put(HttpUtils.urlDecode(paramName),
Arrays.asList(values));
}
- String chain =
PhaseInterceptorChain.getCurrentMessage().getInterceptorChain().toString();
- if (chain.contains(LoggingInInterceptor.class.getSimpleName())) {
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- try {
- writeMapToOutputStream(params, bos, enc, false);
- LOG.info(bos.toString(enc));
- } catch (IOException ex) {
- // ignore
- }
+ logRequestParametersIfNeeded(params, enc);
+ }
+ }
+
+ public static void logRequestParametersIfNeeded(Map<String, List<String>>
params, String enc) {
+ String chain =
PhaseInterceptorChain.getCurrentMessage().getInterceptorChain().toString();
+ if (chain.contains(LoggingInInterceptor.class.getSimpleName())) {
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ try {
+ writeMapToOutputStream(params, bos, enc, false);
+ LOG.info(bos.toString(enc));
+ } catch (IOException ex) {
+ // ignore
}
}
}
- public static void writeMapToOutputStream(MultivaluedMap<String, String>
map,
+ public static void writeMapToOutputStream(Map<String, List<String>> map,
OutputStream os,
String enc,
boolean encoded) throws
IOException {
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java?rev=1199858&r1=1199857&r2=1199858&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/client/OAuthClientUtils.java
Wed Nov 9 17:06:34 2011
@@ -143,6 +143,20 @@ public final class OAuthClientUtils {
return doGetAuthorizationHeader(accessor, method, requestURI,
parameters);
}
+
+ /**
+ * Creates OAuth Authorization header containing consumer key and secret
values only
+ * @param consumer Consumer bean containing the consumer key and secret
+ * @return the header value
+ */
+ public static String createAuthorizationHeader(Consumer consumer) {
+ StringBuilder sb = new StringBuilder();
+ sb.append("OAuth
").append("oauth_consumer_key=").append(consumer.getKey())
+ .append("oauth_consumer_secret=").append(consumer.getSecret());
+ return sb.toString();
+
+ }
+
private static String doGetAuthorizationHeader(OAuthAccessor accessor,
String method, String requestURI, Map<String, String> parameters) {
try {
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1199858&r1=1199857&r2=1199858&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
Wed Nov 9 17:06:34 2011
@@ -20,7 +20,6 @@ package org.apache.cxf.rs.security.oauth
import java.security.Principal;
import java.util.Collections;
-import java.util.LinkedList;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -115,10 +114,10 @@ public class AbstractAuthFilter {
OAuthUtils.validateMessage(oAuthMessage, client, accessToken,
dataProvider);
//check valid URI
- checkRequestURI(req, getAllUris(client, accessToken));
+ checkRequestURI(req, OAuthUtils.getAllUris(client, accessToken));
List<OAuthPermission> permissions = dataProvider.getPermissionsInfo(
- getAllScopes(client, accessToken));
+ OAuthUtils.getAllScopes(client, accessToken));
for (OAuthPermission perm : permissions) {
if (perm.getUri() != null) {
@@ -144,24 +143,6 @@ public class AbstractAuthFilter {
}
}
- protected List<String> getAllScopes(Client client, AccessToken token) {
- List<String> scopes = new LinkedList<String>();
- if (token != null) {
- scopes.addAll(token.getScopes());
- }
- scopes.addAll(client.getScopes());
- return scopes;
- }
-
- protected List<String> getAllUris(Client client, AccessToken token) {
- List<String> uris = new LinkedList<String>();
- if (token != null) {
- uris.addAll(token.getUris());
- }
- uris.addAll(client.getUris());
- return uris;
- }
-
protected void checkRequestURI(HttpServletRequest request, List<String>
uris)
throws OAuthProblemException {
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1199858&r1=1199857&r2=1199858&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Wed Nov 9 17:06:34 2011
@@ -20,7 +20,12 @@ package org.apache.cxf.rs.security.oauth
import java.io.IOException;
import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedList;
import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
import java.util.StringTokenizer;
import javax.servlet.ServletContext;
@@ -56,6 +61,24 @@ public final class OAuthUtils {
private OAuthUtils() {
}
+ public static List<String> getAllScopes(Client client, Token token) {
+ List<String> scopes = new LinkedList<String>();
+ if (token != null) {
+ scopes.addAll(token.getScopes());
+ }
+ scopes.addAll(client.getScopes());
+ return scopes;
+ }
+
+ public static List<String> getAllUris(Client client, Token token) {
+ List<String> uris = new LinkedList<String>();
+ if (token != null) {
+ uris.addAll(token.getUris());
+ }
+ uris.addAll(client.getUris());
+ return uris;
+ }
+
public static void validateMessage(OAuthMessage oAuthMessage,
Client client,
Token token,
@@ -90,16 +113,29 @@ public final class OAuthUtils {
public static void addParametersIfNeeded(HttpServletRequest request,
OAuthMessage oAuthMessage) throws IOException {
- if (oAuthMessage.getParameters().isEmpty()
+ List<Entry<String, String>> params = oAuthMessage.getParameters();
+ String enc = oAuthMessage.getBodyEncoding();
+ enc = enc == null ? "UTF-8" : enc;
+
+ if (params.isEmpty()
&&
MediaType.APPLICATION_FORM_URLENCODED.equals(oAuthMessage.getBodyType())) {
- String enc = oAuthMessage.getBodyEncoding();
- enc = enc == null ? "UTF-8" : enc;
String body = FormUtils.readBody(oAuthMessage.getBodyAsStream(),
enc);
MultivaluedMap<String, String> map = new MetadataMap<String,
String>();
FormUtils.populateMapFromString(map, body, enc, true, request);
for (String key : map.keySet()) {
oAuthMessage.addParameter(key, map.getFirst(key));
}
+ } else {
+ // This path will most likely work only for the
AuthorizationRequestService
+ // when processing a user confirmation with only 3 parameters
expected
+ String ct = request.getContentType();
+ if (ct != null &&
MediaType.APPLICATION_FORM_URLENCODED.equals(ct)) {
+ Map<String, List<String>> map = new HashMap<String,
List<String>>();
+ for (Entry<String, String> param : params) {
+ map.put(param.getKey(),
Collections.singletonList(param.getValue()));
+ }
+ FormUtils.logRequestParametersIfNeeded(map, enc);
+ }
}
}
