Author: sergeyb
Date: Mon May 21 21:45:15 2012
New Revision: 1341215
URL: http://svn.apache.org/viewvc?rev=1341215&view=rev
Log:
[CXF-4332] Adding a token validator against the remote AccessToken service
Added:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
(with props)
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
(with props)
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
(with props)
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
(with props)
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/UserSubject.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
Added:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java?rev=1341215&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
(added)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
Mon May 21 21:45:15 2012
@@ -0,0 +1,123 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.common;
+
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+// Represents the information about the validated ServerAccessToken.
+// The problem with reading specific ServerAccessToken instances is that
+// the (JAXB) reader needs to be specifically aware of the concrete token
+// classes like BearerAccessToken, etc, even though classes like
BearerAccessToken
+// will not add anything useful to the filter protecting the application.
+
+//TODO: consider simply extending ServerAccessToken,
+// though this will require relaxing a bit the ServerAccessToken model
+// (introduce default constructors, etc)
+@XmlRootElement
+public class AccessTokenValidation {
+ private String clientId;
+ private UserSubject clientSubject;
+
+ private String tokenKey;
+ private String tokenType;
+ private String tokenGrantType;
+ private long tokenIssuedAt;
+ private long tokenLifetime;
+ private UserSubject tokenSubject;
+ private List<OAuthPermission> tokenScopes = new
LinkedList<OAuthPermission>();
+
+ public AccessTokenValidation() {
+
+ }
+
+ public AccessTokenValidation(ServerAccessToken token) {
+ this.clientId = token.getClient().getClientId();
+ this.clientSubject = token.getClient().getSubject();
+
+ this.tokenKey = token.getTokenKey();
+ this.tokenType = token.getTokenType();
+ this.tokenGrantType = token.getGrantType();
+ this.tokenIssuedAt = token.getIssuedAt();
+ this.tokenLifetime = token.getLifetime();
+
+ this.tokenSubject = token.getSubject();
+ this.tokenScopes = token.getScopes();
+ }
+
+ public String getClientId() {
+ return clientId;
+ }
+ public void setClientId(String clientId) {
+ this.clientId = clientId;
+ }
+ public UserSubject getClientSubject() {
+ return clientSubject;
+ }
+ public void setClientSubject(UserSubject clientSubject) {
+ this.clientSubject = clientSubject;
+ }
+ public String getTokenKey() {
+ return tokenKey;
+ }
+ public void setTokenKey(String tokenId) {
+ this.tokenKey = tokenId;
+ }
+ public UserSubject getTokenSubject() {
+ return tokenSubject;
+ }
+ public void setTokenSubject(UserSubject tokenSubject) {
+ this.tokenSubject = tokenSubject;
+ }
+ public List<OAuthPermission> getTokenScopes() {
+ return tokenScopes;
+ }
+ public void setTokenScopes(List<OAuthPermission> tokenPermissions) {
+ this.tokenScopes = tokenPermissions;
+ }
+ public String getTokenGrantType() {
+ return tokenGrantType;
+ }
+ public void setTokenGrantType(String tokenGrantType) {
+ this.tokenGrantType = tokenGrantType;
+ }
+ public long getTokenIssuedAt() {
+ return tokenIssuedAt;
+ }
+ public void setTokenIssuedAt(long tokenIssuedAt) {
+ this.tokenIssuedAt = tokenIssuedAt;
+ }
+ public long getTokenLifetime() {
+ return tokenLifetime;
+ }
+ public void setTokenLifetime(long tokenLifetime) {
+ this.tokenLifetime = tokenLifetime;
+ }
+
+ public String getTokenType() {
+ return tokenType;
+ }
+
+ public void setTokenType(String tokenType) {
+ this.tokenType = tokenType;
+ }
+
+}
Propchange:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/AccessTokenValidation.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
Mon May 21 21:45:15 2012
@@ -21,6 +21,8 @@ package org.apache.cxf.rs.security.oauth
import java.util.Collections;
import java.util.List;
+import javax.xml.bind.annotation.XmlRootElement;
+
/**
* Provides the complete information about a given opaque permission.
* For example, a scope parameter such as "read_calendar" will be
@@ -28,10 +30,15 @@ import java.util.List;
* the human readable description and optionally restrict it to
* a limited set of HTTP verbs and request URIs
*/
+@XmlRootElement
public class OAuthPermission extends Permission {
private List<String> httpVerbs = Collections.emptyList();
private List<String> uris = Collections.emptyList();
+ public OAuthPermission() {
+
+ }
+
public OAuthPermission(String permission, String description) {
super(permission, description);
}
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/UserSubject.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/UserSubject.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/UserSubject.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/UserSubject.java
Mon May 21 21:45:15 2012
@@ -21,15 +21,22 @@ package org.apache.cxf.rs.security.oauth
import java.util.Collections;
import java.util.List;
+import javax.xml.bind.annotation.XmlRootElement;
+
/**
* Represents a login name which AuthorizationService
* may capture after the end user approved a given third party request
*/
+@XmlRootElement
public class UserSubject {
private String login;
private List<String> roles = Collections.emptyList();
+ public UserSubject() {
+
+ }
+
public UserSubject(String login) {
this.login = login;
}
@@ -40,20 +47,37 @@ public class UserSubject {
}
/**
- * Returns the user login name
+ * Return the user login name
* @return the login name
*/
public String getLogin() {
return login;
}
+
+ /**
+ * Set the user login name
+ * @param login the login name
+ */
+ public void setLogin(String login) {
+ this.login = login;
+ }
/**
- * Returns the optional list of user roles which may have
+ * Return the optional list of user roles which may have
* been captured during the authentication process
* @return the list of roles
*/
public List<String> getRoles() {
- return Collections.unmodifiableList(roles);
+ return roles;
+ }
+
+ /**
+ * Set the optional list of user roles which may have
+ * been captured during the authentication process
+ * @param roles the list of roles
+ */
+ public void setRoles(List<String> roles) {
+ this.roles = roles;
}
Added:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java?rev=1341215&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
(added)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
Mon May 21 21:45:15 2012
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.filters;
+
+import java.util.Collections;
+import java.util.List;
+
+import javax.ws.rs.core.HttpHeaders;
+
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
+import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+public class AccessTokenValidatorClient implements AccessTokenValidator {
+
+ private WebClient tokenValidatorClient;
+
+ public List<String> getSupportedAuthorizationSchemes() {
+ return Collections.singletonList(OAuthConstants.ALL_AUTH_SCHEMES);
+ }
+
+ public AccessTokenValidation validateAccessToken(String authScheme, String
authSchemeData)
+ throws OAuthServiceException {
+ WebClient client = WebClient.fromClient(tokenValidatorClient, true);
+ client.header(HttpHeaders.AUTHORIZATION, authScheme + " " +
authSchemeData);
+ return client.get(AccessTokenValidation.class);
+ }
+
+ public void setTokenValidatorClient(WebClient tokenValidatorClient) {
+ this.tokenValidatorClient = tokenValidatorClient;
+ }
+
+}
Propchange:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
Mon May 21 21:45:15 2012
@@ -20,33 +20,24 @@ package org.apache.cxf.rs.security.oauth
import java.security.Principal;
import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashSet;
import java.util.List;
-import java.util.Set;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.security.SimplePrincipal;
-import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
import org.apache.cxf.rs.security.oauth2.common.OAuthContext;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
-import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.services.AbstractAccessTokenValidator;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.apache.cxf.security.SecurityContext;
@@ -54,35 +45,21 @@ import org.apache.cxf.security.SecurityC
* JAX-RS OAuth2 filter which can be used to protect the end-user endpoints
*/
@Provider
-public class OAuthRequestFilter implements RequestHandler {
+public class OAuthRequestFilter extends AbstractAccessTokenValidator
implements RequestHandler {
private static final Logger LOG =
LogUtils.getL7dLogger(OAuthRequestFilter.class);
- private static final String DEFAULT_AUTH_SCHEME =
OAuthConstants.BEARER_AUTHORIZATION_SCHEME;
-
- private MessageContext mc;
-
- private List<AccessTokenValidator> tokenHandlers = Collections.emptyList();
- private Set<String> supportedSchemes = new HashSet<String>();
private boolean useUserSubject;
- private OAuthDataProvider dataProvider;
-
- public void setGrantHandlers(List<AccessTokenValidator> handlers) {
- tokenHandlers = handlers;
- for (AccessTokenValidator handler : handlers) {
-
supportedSchemes.addAll(handler.getSupportedAuthorizationSchemes());
- }
- }
public Response handleRequest(Message m, ClassResourceInfo resourceClass) {
// Get the access token
- ServerAccessToken accessToken = getAccessToken();
+ AccessTokenValidation accessTokenV = getAccessTokenValidation();
// Find the scopes which match the current request
- List<OAuthPermission> permissions = accessToken.getScopes();
+ List<OAuthPermission> permissions = accessTokenV.getTokenScopes();
List<OAuthPermission> matchingPermissions = new
ArrayList<OAuthPermission>();
- HttpServletRequest req = mc.getHttpServletRequest();
+ HttpServletRequest req = getMessageContext().getHttpServletRequest();
for (OAuthPermission perm : permissions) {
boolean uriOK = checkRequestURI(req, perm.getUris());
boolean verbOK = checkHttpVerb(req, perm.getHttpVerbs());
@@ -98,13 +75,13 @@ public class OAuthRequestFilter implemen
}
// Create the security context and make it available on the message
- SecurityContext sc = createSecurityContext(req, accessToken);
+ SecurityContext sc = createSecurityContext(req, accessTokenV);
m.put(SecurityContext.class, sc);
// Also set the OAuthContext
- m.setContent(OAuthContext.class, new
OAuthContext(accessToken.getSubject(),
+ m.setContent(OAuthContext.class, new
OAuthContext(accessTokenV.getTokenSubject(),
matchingPermissions,
-
accessToken.getGrantType()));
+
accessTokenV.getTokenGrantType()));
return null;
}
@@ -139,79 +116,15 @@ public class OAuthRequestFilter implemen
return foundValidScope;
}
- public void setDataProvider(OAuthDataProvider provider) {
- dataProvider = provider;
- }
-
public void setUseUserSubject(boolean useUserSubject) {
this.useUserSubject = useUserSubject;
}
- @Context
- public void setMessageContext(MessageContext context) {
- this.mc = context;
- }
-
- protected AccessTokenValidator findTokenHandler(String authScheme) {
- for (AccessTokenValidator handler : tokenHandlers) {
- if
(handler.getSupportedAuthorizationSchemes().contains(authScheme)) {
- return handler;
- }
- }
- return null;
- }
-
- /**
- * Get the access token
- */
- protected ServerAccessToken getAccessToken() {
- ServerAccessToken accessToken = null;
- if (dataProvider == null && tokenHandlers.isEmpty()) {
- throw new WebApplicationException(500);
- }
-
- // Get the scheme and its data, Bearer only is supported by default
- // WWW-Authenticate with the list of supported schemes will be sent
back
- // if the scheme is not accepted
- String[] authParts = AuthorizationUtils.getAuthorizationParts(mc,
supportedSchemes);
- String authScheme = authParts[0];
- String authSchemeData = authParts[1];
-
- // Get the registered handler capable of processing the token
- AccessTokenValidator handler = findTokenHandler(authScheme);
- if (handler != null) {
- try {
- // Convert the HTTP Authorization scheme data into a token
- accessToken = handler.getAccessToken(authSchemeData);
- } catch (OAuthServiceException ex) {
- AuthorizationUtils.throwAuthorizationFailure(
- Collections.singleton(authScheme));
- }
- }
- // Default processing if no registered providers available
- if (accessToken == null && authScheme.equals(DEFAULT_AUTH_SCHEME)) {
- try {
- accessToken = dataProvider.getAccessToken(authSchemeData);
- } catch (OAuthServiceException ex) {
- AuthorizationUtils.throwAuthorizationFailure(
- Collections.singleton(authScheme));
- }
- }
- if (accessToken == null) {
- AuthorizationUtils.throwAuthorizationFailure(supportedSchemes);
- }
- // Check if token is still valid
- if (OAuthUtils.isExpired(accessToken.getIssuedAt(),
accessToken.getLifetime())) {
- dataProvider.removeAccessToken(accessToken);
- AuthorizationUtils.throwAuthorizationFailure(supportedSchemes);
- }
- return accessToken;
- }
protected SecurityContext createSecurityContext(HttpServletRequest
request,
- ServerAccessToken token) {
- UserSubject endUserSubject = token.getSubject();
- UserSubject clientSubject = token.getClient().getSubject();
+ AccessTokenValidation
accessTokenV) {
+ UserSubject endUserSubject = accessTokenV.getTokenSubject();
+ UserSubject clientSubject = accessTokenV.getClientSubject();
final UserSubject theSubject =
OAuthRequestFilter.this.useUserSubject ? endUserSubject :
clientSubject;
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrantHandler.java
Mon May 21 21:45:15 2012
@@ -50,7 +50,8 @@ public class RefreshTokenGrantHandler im
}
String refreshToken = params.getFirst(OAuthConstants.REFRESH_TOKEN);
- ServerAccessToken token =
dataProvider.refreshAccessToken(client.getClientId(), refreshToken);
+ ServerAccessToken token =
dataProvider.refreshAccessToken(client.getClientId(),
+
refreshToken);
if (token == null) {
return null;
}
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java
Mon May 21 21:45:15 2012
@@ -21,10 +21,10 @@ package org.apache.cxf.rs.security.oauth
import java.util.List;
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
public interface AccessTokenValidator {
List<String> getSupportedAuthorizationSchemes();
- ServerAccessToken getAccessToken(String schemeData)
+ AccessTokenValidation validateAccessToken(String authScheme, String
authSchemeData)
throws OAuthServiceException;
}
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthDataProvider.java
Mon May 21 21:45:15 2012
@@ -79,7 +79,7 @@ public interface OAuthDataProvider {
/**
* Removes the token
- * @param token the token
+ * @param accessToken the token
* @throws OAuthServiceException
*/
void removeAccessToken(ServerAccessToken accessToken) throws
OAuthServiceException;
Added:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java?rev=1341215&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
(added)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
Mon May 21 21:45:15 2012
@@ -0,0 +1,141 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.services;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
+
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
+
+public abstract class AbstractAccessTokenValidator {
+
+ private static final String DEFAULT_AUTH_SCHEME =
OAuthConstants.BEARER_AUTHORIZATION_SCHEME;
+
+
+ private MessageContext mc;
+
+ private List<AccessTokenValidator> tokenHandlers = Collections.emptyList();
+ private Set<String> supportedSchemes = new HashSet<String>();
+ private OAuthDataProvider dataProvider;
+
+ public void setTokenValidator(AccessTokenValidator validator) {
+ setTokenValidators(Collections.singletonList(validator));
+ }
+
+ public void setTokenValidators(List<AccessTokenValidator> validators) {
+ tokenHandlers = validators;
+ for (AccessTokenValidator handler : validators) {
+
supportedSchemes.addAll(handler.getSupportedAuthorizationSchemes());
+ }
+ }
+
+ public void setDataProvider(OAuthDataProvider provider) {
+ dataProvider = provider;
+ }
+
+ @Context
+ public void setMessageContext(MessageContext context) {
+ this.mc = context;
+ }
+
+ public MessageContext getMessageContext() {
+ return mc;
+ }
+
+ protected AccessTokenValidator findTokenValidator(String authScheme) {
+ for (AccessTokenValidator handler : tokenHandlers) {
+ List<String> handlerSchemes =
handler.getSupportedAuthorizationSchemes();
+ if (handlerSchemes.size() == 1 &&
OAuthConstants.ALL_AUTH_SCHEMES.equals(handlerSchemes.get(0))
+ || handlerSchemes.contains(authScheme)) {
+ return handler;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Get the access token
+ */
+ protected AccessTokenValidation getAccessTokenValidation() {
+ AccessTokenValidation accessTokenV = null;
+ if (dataProvider == null && tokenHandlers.isEmpty()) {
+ throw new WebApplicationException(500);
+ }
+
+ // Get the scheme and its data, Bearer only is supported by default
+ // WWW-Authenticate with the list of supported schemes will be sent
back
+ // if the scheme is not accepted
+ String[] authParts = AuthorizationUtils.getAuthorizationParts(mc,
supportedSchemes);
+ String authScheme = authParts[0];
+ String authSchemeData = authParts[1];
+
+ // Get the registered handler capable of processing the token
+ AccessTokenValidator handler = findTokenValidator(authScheme);
+ if (handler != null) {
+ try {
+ // Convert the HTTP Authorization scheme data into a token
+ accessTokenV = handler.validateAccessToken(authScheme,
authSchemeData);
+ } catch (OAuthServiceException ex) {
+ AuthorizationUtils.throwAuthorizationFailure(
+ Collections.singleton(authScheme));
+ }
+ }
+ // Default processing if no registered providers available
+ ServerAccessToken localAccessToken = null;
+ if (accessTokenV == null && dataProvider != null &&
authScheme.equals(DEFAULT_AUTH_SCHEME)) {
+ try {
+ localAccessToken = dataProvider.getAccessToken(authSchemeData);
+ accessTokenV = new AccessTokenValidation(localAccessToken);
+ } catch (OAuthServiceException ex) {
+ AuthorizationUtils.throwAuthorizationFailure(
+ Collections.singleton(authScheme));
+ }
+ }
+ if (accessTokenV == null) {
+ AuthorizationUtils.throwAuthorizationFailure(supportedSchemes);
+ }
+ // Check if token is still valid
+ if (OAuthUtils.isExpired(accessTokenV.getTokenIssuedAt(),
accessTokenV.getTokenLifetime())) {
+ if (localAccessToken != null) {
+ dataProvider.removeAccessToken(localAccessToken);
+ }
+ AuthorizationUtils.throwAuthorizationFailure(supportedSchemes);
+ }
+ return accessTokenV;
+ }
+
+ @Deprecated
+ public void setGrantHandlers(List<AccessTokenValidator> validators) {
+ setTokenValidators(validators);
+ }
+
+}
Propchange:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java?rev=1341215&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
(added)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
Mon May 21 21:45:15 2012
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.services;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
+
+@Path("validate")
+public class AccessTokenValidatorService extends AbstractAccessTokenValidator {
+ @GET
+ @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+ public AccessTokenValidation getTokenValidationInfo() {
+ return super.getAccessTokenValidation();
+ }
+}
Propchange:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java
Mon May 21 21:45:15 2012
@@ -70,14 +70,18 @@ public final class AuthorizationUtils {
}
public static void throwAuthorizationFailure(Set<String> challenges) {
+ ResponseBuilder rb = Response.status(401);
+
StringBuilder sb = new StringBuilder();
for (String challenge : challenges) {
+ if ("*".equals(challenge)) {
+ continue;
+ }
if (sb.length() > 0) {
sb.append(",");
}
sb.append(challenge);
}
- ResponseBuilder rb = Response.status(401);
if (sb.length() > 0) {
rb.header(HttpHeaders.WWW_AUTHENTICATE, sb.toString());
}
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1341215&r1=1341214&r2=1341215&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
Mon May 21 21:45:15 2012
@@ -51,6 +51,8 @@ public final class OAuthConstants {
// Token Authorization schemes
public static final String BEARER_AUTHORIZATION_SCHEME = "Bearer";
public static final String MAC_AUTHORIZATION_SCHEME = "Mac";
+ public static final String ALL_AUTH_SCHEMES = "*";
+
// Authorization Code grant constants
public static final String AUTHORIZATION_CODE_VALUE = "code";
