Author: sergeyb
Date: Wed Jul 18 16:03:19 2012
New Revision: 1362993
URL: http://svn.apache.org/viewvc?rev=1362993&view=rev
Log:
Merged revisions 1362988,1362991 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1362988 | sergeyb | 2012-07-18 16:52:07 +0100 (Wed, 18 Jul 2012) | 1 line
[CXF-4428] Optionally reporting oAuth 1.0 error details, using 400 by
default, 401 if no client is found, mostly in line with the 1.0 spec,
consistent with 2.0 too
........
r1362991 | sergeyb | 2012-07-18 16:53:50 +0100 (Wed, 18 Jul 2012) | 1 line
Minor updates to OAuth2 module, with the code to report new invalid_client
error condition to be updated later
........
Modified:
cxf/branches/2.6.x-fixes/ (props changed)
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Merged /cxf/trunk:r1362988-1362991
Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified:
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java?rev=1362993&r1=1362992&r2=1362993&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
Wed Jul 18 16:03:19 2012
@@ -35,13 +35,15 @@ public abstract class AbstractOAuthServi
private OAuthDataProvider dataProvider;
private OAuthValidator validator = new DefaultOAuthValidator();
-
+ private boolean reportFailureDetails;
+
@Context
public void setMessageContext(MessageContext context) {
this.mc = context;
}
public MessageContext getMessageContext() {
+ mc.put(OAuthUtils.REPORT_FAILURE_DETAILS, reportFailureDetails);
return mc;
}
Modified:
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java?rev=1362993&r1=1362992&r2=1362993&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java
Wed Jul 18 16:03:19 2012
@@ -38,6 +38,7 @@ import org.apache.cxf.rs.security.oauth.
import org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth.data.RequestToken;
import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
@@ -97,19 +98,19 @@ public class AccessTokenHandler {
return Response.ok(responseString).build();
} catch (OAuthProblemException e) {
- if (LOG.isLoggable(Level.WARNING)) {
- LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new
Object[] {e.fillInStackTrace()});
- }
+ LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new
Object[] {e.fillInStackTrace()});
int code = e.getHttpStatusCode();
- if (code == 200) {
- code = HttpServletResponse.SC_UNAUTHORIZED;
+ if (code == HttpServletResponse.SC_OK) {
+ code = e.getProblem() == OAuth.Problems.CONSUMER_KEY_UNKNOWN
+ ? 401 : 400;
}
- return OAuthUtils.handleException(e, code,
String.valueOf(e.getParameters().get("realm")));
+ return OAuthUtils.handleException(mc, e, code);
+ } catch (OAuthServiceException e) {
+ return OAuthUtils.handleException(mc, e,
HttpServletResponse.SC_BAD_REQUEST);
} catch (Exception e) {
- if (LOG.isLoggable(Level.WARNING)) {
- LOG.log(Level.WARNING, "Server Exception: {0}", new Object[]
{e.fillInStackTrace()});
- }
- return OAuthUtils.handleException(e,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
+ new Object[] {e.fillInStackTrace()});
+ return OAuthUtils.handleException(mc, e,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
}
Modified:
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1362993&r1=1362992&r2=1362993&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
Wed Jul 18 16:03:19 2012
@@ -53,6 +53,7 @@ import org.apache.cxf.rs.security.oauth.
import org.apache.cxf.rs.security.oauth.data.UserSubject;
import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator;
import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
import org.apache.cxf.security.LoginSecurityContext;
@@ -141,19 +142,19 @@ public class AuthorizationRequestHandler
return Response.seeOther(callback).build();
} catch (OAuthProblemException e) {
- if (LOG.isLoggable(Level.WARNING)) {
- LOG.log(Level.WARNING, "An OAuth related problem: {0}", new
Object[]{e.fillInStackTrace()});
- }
+ LOG.log(Level.WARNING, "An OAuth related problem: {0}", new
Object[]{e.fillInStackTrace()});
int code = e.getHttpStatusCode();
- if (code == 200) {
- code = HttpServletResponse.SC_UNAUTHORIZED;
- }
- return OAuthUtils.handleException(e, code,
String.valueOf(e.getParameters().get("realm")));
+ if (code == HttpServletResponse.SC_OK) {
+ code = e.getProblem() == OAuth.Problems.CONSUMER_KEY_UNKNOWN
+ ? 401 : 400;
+ }
+ return OAuthUtils.handleException(mc, e, code);
+ } catch (OAuthServiceException e) {
+ return OAuthUtils.handleException(mc, e,
HttpServletResponse.SC_BAD_REQUEST);
} catch (Exception e) {
- if (LOG.isLoggable(Level.SEVERE)) {
- LOG.log(Level.SEVERE, "Server exception: {0}", new
Object[]{e.fillInStackTrace()});
- }
- return OAuthUtils.handleException(e,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
+ new Object[] {e.fillInStackTrace()});
+ return OAuthUtils.handleException(mc, e,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
Modified:
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1362993&r1=1362992&r2=1362993&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
Wed Jul 18 16:03:19 2012
@@ -39,6 +39,7 @@ import org.apache.cxf.rs.security.oauth.
import org.apache.cxf.rs.security.oauth.data.RequestToken;
import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
@@ -104,20 +105,19 @@ public class RequestTokenHandler {
return Response.ok(responseBody).build();
} catch (OAuthProblemException e) {
- if (LOG.isLoggable(Level.WARNING)) {
- LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new
Object[] {e.fillInStackTrace()});
- }
+ LOG.log(Level.WARNING, "An OAuth-related problem: {0}", new
Object[] {e.fillInStackTrace()});
int code = e.getHttpStatusCode();
- if (code == 200) {
- code = HttpServletResponse.SC_UNAUTHORIZED;
+ if (code == HttpServletResponse.SC_OK) {
+ code = e.getProblem() == OAuth.Problems.CONSUMER_KEY_UNKNOWN
+ ? 401 : 400;
}
- return OAuthUtils.handleException(e, code,
String.valueOf(e.getParameters().get("realm")));
+ return OAuthUtils.handleException(mc, e, code);
+ } catch (OAuthServiceException e) {
+ return OAuthUtils.handleException(mc, e,
HttpServletResponse.SC_BAD_REQUEST);
} catch (Exception e) {
- if (LOG.isLoggable(Level.SEVERE)) {
- LOG.log(Level.SEVERE, "Unexpected internal server exception:
{0}",
- new Object[] {e.fillInStackTrace()});
- }
- return OAuthUtils.handleException(e,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ LOG.log(Level.SEVERE, "Unexpected internal server exception: {0}",
+ new Object[] {e.fillInStackTrace()});
+ return OAuthUtils.handleException(mc, e,
HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
}
Modified:
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1362993&r1=1362992&r2=1362993&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Wed Jul 18 16:03:19 2012
@@ -35,6 +35,7 @@ import javax.ws.rs.WebApplicationExcepti
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
@@ -50,6 +51,7 @@ import org.apache.cxf.jaxrs.ext.MessageC
import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.jaxrs.model.URITemplate;
import org.apache.cxf.jaxrs.utils.FormUtils;
+import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rs.security.oauth.data.Client;
import org.apache.cxf.rs.security.oauth.data.RequestToken;
@@ -61,6 +63,7 @@ import org.apache.cxf.rs.security.oauth.
* Various utility methods
*/
public final class OAuthUtils {
+ public static final String REPORT_FAILURE_DETAILS =
"report.failure.details";
private OAuthUtils() {
}
@@ -155,27 +158,14 @@ public final class OAuthUtils {
}
- public static Response handleException(Exception e, int status) {
- return handleException(e, status, null);
- }
-
- public static Response handleException(Exception e, int status,
- String realm) {
- if (e instanceof OAuthProblemException) {
- OAuthProblemException problem = (OAuthProblemException) e;
- OAuthMessage message = new OAuthMessage(null, null, problem
- .getParameters().entrySet());
- try {
- return
- Response.status(status).header("WWW-Authenticate",
-
message.getAuthorizationHeader(realm)).entity(e.getMessage()).build();
- } catch (IOException e1) {
- throw new WebApplicationException(
-
Response.status(status).entity(e.getMessage()).build());
- }
+ public static Response handleException(MessageContext mc,
+ Exception e,
+ int status) {
+ ResponseBuilder builder = Response.status(status);
+ if (MessageUtils.isTrue(mc.get(REPORT_FAILURE_DETAILS))) {
+ builder.entity(e.getMessage());
}
- throw new WebApplicationException(
- Response.status(status).entity(e.getMessage()).build());
+ throw new WebApplicationException(builder.build());
}
public static List<String> parseParamValue(String paramValue, String
defaultValue)
Modified:
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java?rev=1362993&r1=1362992&r2=1362993&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/owner/ResourceOwnerGrantHandler.java
Wed Jul 18 16:03:19 2012
@@ -45,14 +45,14 @@ public class ResourceOwnerGrantHandler e
String ownerName = params.getFirst(OAuthConstants.RESOURCE_OWNER_NAME);
String ownerPassword =
params.getFirst(OAuthConstants.RESOURCE_OWNER_PASSWORD);
if (ownerName == null || ownerPassword == null) {
- throw new
OAuthServiceException(OAuthConstants.UNAUTHORIZED_CLIENT);
+ throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
}
UserSubject subject = null;
try {
subject = loginHandler.createSubject(ownerName, ownerPassword);
} catch (Exception ex) {
- throw new
OAuthServiceException(OAuthConstants.UNAUTHORIZED_CLIENT);
+ throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST);
}
return doCreateAccessToken(client,
Modified:
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java?rev=1362993&r1=1362992&r2=1362993&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthConstants.java
Wed Jul 18 16:03:19 2012
@@ -79,6 +79,7 @@ public final class OAuthConstants {
public static final String UNSUPPORTED_GRANT_TYPE =
"unsupported_grant_type";
public static final String UNSUPPORTED_RESPONSE_TYPE =
"unsupported_response_type";
public static final String UNAUTHORIZED_CLIENT = "unauthorized_client";
+ public static final String INVALID_CLIENT = "invalid_client";
public static final String INVALID_SCOPE = "invalid_scope";
public static final String ACCESS_DENIED = "access_denied";
