c...

sergeyb Fri, 11 Nov 2011 04:48:15 -0800

Author: sergeyb
Date: Fri Nov 11 12:47:49 2011
New Revision: 1200860

URL: http://svn.apache.org/viewvc?rev=1200860&view=rev
Log:
[CXF-2759] Updating the code checking permission uris


Added:
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/java/org/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/cxf/
    cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/cxf/rs/
    
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/cxf/rs/security/
    
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/cxf/rs/security/oauth/
    
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/cxf/rs/security/oauth/utils/
    
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtilsTest.java
   (with props)
Modified:
    
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
    
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
    
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
    
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java

Modified: 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java?rev=1200860&r1=1200859&r2=1200860&view=diff
==============================================================================
--- 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
 (original)
+++ 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthPermission.java
 Fri Nov 11 12:47:49 2011
@@ -27,7 +27,7 @@ import java.util.List;
 public class OAuthPermission extends Permission {
     private List<String> roles = Collections.emptyList();
     private List<String> httpVerbs = Collections.emptyList();
-    private String uri;
+    private List<String> uri = Collections.emptyList();
     private boolean authorizationKeyRequired = true;
     
     public OAuthPermission(String permission, String description, String role) 
{
@@ -64,18 +64,18 @@ public class OAuthPermission extends Per
     }
 
     /**
-     * Sets an optional URI
-     * @param uri the uri
+     * Sets an optional list of URIs
+     * @param uri the uris
      */
-    public void setUri(String uri) {
-        this.uri = uri;
+    public void setUris(List<String> uris) {
+        this.uri = uris;
     }
 
     /**
-     * Returns an optional URI    
+     * Returns an optional list of URI    
      * @return the uri
      */
-    public String getUri() {
+    public List<String> getUris() {
         return uri;
     }
 

Modified: 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1200860&r1=1200859&r2=1200860&view=diff
==============================================================================
--- 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
 (original)
+++ 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
 Fri Nov 11 12:47:49 2011
@@ -19,7 +19,6 @@
 package org.apache.cxf.rs.security.oauth.filters;
 
 import java.security.Principal;
-import java.util.Collections;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -120,9 +119,7 @@ public class AbstractAuthFilter {
                 OAuthUtils.getAllScopes(client, accessToken));
         
         for (OAuthPermission perm : permissions) {
-            if (perm.getUri() != null) {
-                checkRequestURI(req, Collections.singletonList(perm.getUri()));
-            }
+            checkRequestURI(req, perm.getUris());
             if (!perm.getHttpVerbs().isEmpty() 
                 && !perm.getHttpVerbs().contains(req.getMethod())) {
                 String message = "Invalid http verb";
@@ -152,17 +149,9 @@ public class AbstractAuthFilter {
         String servletPath = request.getPathInfo();
         boolean foundValidScope = false;
         for (String uri : uris) {
-            boolean wildcard = uri.endsWith("*");
-            if (wildcard) {
-                if (servletPath.startsWith(uri.substring(0, uri.length() - 
1))) {
-                    foundValidScope = true;
-                    break;
-                }
-            } else {
-                if (uri.equals(servletPath)) {
-                    foundValidScope = true;
-                    break;
-                }
+            if (OAuthUtils.checkRequestURI(servletPath, uri)) {
+                foundValidScope = true;
+                break;
             }
         }
         if (!foundValidScope) {

Modified: 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1200860&r1=1200859&r2=1200860&view=diff
==============================================================================
--- 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
 (original)
+++ 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
 Fri Nov 11 12:47:49 2011
@@ -133,8 +133,8 @@ public class AuthorizationRequestHandler
         secData.setApplicationURI(token.getClient().getApplicationURI());
         
         secData.setPermissions(
-                dataProvider.getPermissionsInfo(token.getScopes()));
-        secData.setUris(token.getUris());
+                
dataProvider.getPermissionsInfo(OAuthUtils.getAllScopes(token.getClient(), 
token)));
+        secData.setUris(OAuthUtils.getAllUris(token.getClient(), token));
         
         return secData;
     }

Modified: 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1200860&r1=1200859&r2=1200860&view=diff
==============================================================================
--- 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
 (original)
+++ 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
 Fri Nov 11 12:47:49 2011
@@ -46,6 +46,7 @@ import net.oauth.server.OAuthServlet;
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.jaxrs.impl.MetadataMap;
+import org.apache.cxf.jaxrs.model.URITemplate;
 import org.apache.cxf.jaxrs.utils.FormUtils;
 import org.apache.cxf.rs.security.oauth.data.Client;
 import org.apache.cxf.rs.security.oauth.data.RequestToken;
@@ -61,6 +62,24 @@ public final class OAuthUtils {
     private OAuthUtils() {
     }
 
+    public static boolean checkRequestURI(String servletPath, String uri) {
+        boolean wildcard = uri.endsWith("*");
+        String theURI = wildcard ? uri.substring(0, uri.length() - 1) : uri;
+        try {
+            URITemplate template = new URITemplate(theURI);
+            MultivaluedMap<String, String> map = new MetadataMap<String, 
String>();
+            if (template.match(servletPath, map)) {
+                String finalGroup = 
map.getFirst(URITemplate.FINAL_MATCH_GROUP);
+                if (wildcard || StringUtils.isEmpty(finalGroup) || 
"/".equals(finalGroup)) {
+                    return true;
+                }
+            }
+        } catch (Exception ex) {
+            // ignore
+        }
+        return false;
+    }
+    
     public static List<String> getAllScopes(Client client, Token token) {
         List<String> scopes = new LinkedList<String>();
         if (token != null) {

Added: 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtilsTest.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtilsTest.java?rev=1200860&view=auto
==============================================================================
--- 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtilsTest.java
 (added)
+++ 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtilsTest.java
 Fri Nov 11 12:47:49 2011
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.utils;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class OAuthUtilsTest extends Assert {
+    
+    @Test
+    public void testCheckRequestURI() throws Exception {
+        assertTrue(OAuthUtils.checkRequestURI("/a", "/a"));
+        assertTrue(OAuthUtils.checkRequestURI("/a/", "/a/"));
+        assertFalse(OAuthUtils.checkRequestURI("/a/b", "/a"));
+        assertFalse(OAuthUtils.checkRequestURI("/a/b", "/a/b/c"));
+        assertTrue(OAuthUtils.checkRequestURI("/a", "/a*"));
+        assertTrue(OAuthUtils.checkRequestURI("/a/b/c", "/a*"));
+        assertTrue(OAuthUtils.checkRequestURI("/a/1/c", "/a/{id}/c"));
+    }
+}

Propchange: 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtilsTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: 
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/test/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtilsTest.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

svn commit: r1200860 - in /cxf/trunk/rt/rs/security/oauth-parent/oauth/src: main/java/org/apache/cxf/rs/security/oauth/data/ main/java/org/apache/cxf/rs/security/oauth/filters/ main/java/org/apache/cxf/rs/security/oauth/services/ main/java/org/apache/c...

Reply via email to