Author: sergeyb
Date: Wed Jul 18 23:03:28 2012
New Revision: 1363166
URL: http://svn.apache.org/viewvc?rev=1363166&view=rev
Log:
[CXF-4428,CXF-4432] Turning error-related properties into contextual ones,
fixing the test; restoring the original support for oob callbacks with few
updates
Added:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
(with props)
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java
cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java
Wed Jul 18 23:03:28 2012
@@ -36,6 +36,7 @@ public class OAuthAuthorizationData impl
private String authenticityToken;
private String applicationName;
private String applicationURI;
+ private String callbackURI;
private String applicationDescription;
private String logoUri;
private String replyTo;
@@ -111,4 +112,12 @@ public class OAuthAuthorizationData impl
public String getLogoUri() {
return logoUri;
}
+
+ public String getCallbackURI() {
+ return callbackURI;
+ }
+
+ public void setCallbackURI(String callbackURI) {
+ this.callbackURI = callbackURI;
+ }
}
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java
Wed Jul 18 23:03:28 2012
@@ -35,7 +35,6 @@ public abstract class AbstractOAuthServi
private OAuthDataProvider dataProvider;
private OAuthValidator validator = new DefaultOAuthValidator();
- private boolean reportFailureDetails;
@Context
public void setMessageContext(MessageContext context) {
@@ -43,7 +42,6 @@ public abstract class AbstractOAuthServi
}
public MessageContext getMessageContext() {
- mc.put(OAuthUtils.REPORT_FAILURE_DETAILS, reportFailureDetails);
return mc;
}
@@ -63,5 +61,4 @@ public abstract class AbstractOAuthServi
this.validator = validator;
}
-
}
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java
Wed Jul 18 23:03:28 2012
@@ -36,6 +36,7 @@ import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
@@ -138,8 +139,14 @@ public class AuthorizationRequestHandler
if (token.getState() != null) {
queryParams.put("state", token.getState());
}
- URI callback = buildCallbackURI(getCallbackURI(token),
queryParams);
- return Response.seeOther(callback).build();
+ String callbackValue = getCallbackValue(token);
+ if (OAuthConstants.OAUTH_CALLBACK_OOB.equals(callbackValue)) {
+ OOBAuthorizationResponse bean =
convertQueryParamsToOOB(queryParams);
+ return
Response.ok().type(MediaType.TEXT_HTML).entity(bean).build();
+ } else {
+ URI callbackURI = buildCallbackURI(callbackValue, queryParams);
+ return Response.seeOther(callbackURI).build();
+ }
} catch (OAuthProblemException e) {
LOG.log(Level.WARNING, "An OAuth related problem: {0}", new
Object[]{e.fillInStackTrace()});
@@ -158,7 +165,7 @@ public class AuthorizationRequestHandler
}
}
- protected String getCallbackURI(RequestToken token) throws
OAuthProblemException {
+ protected String getCallbackValue(RequestToken token) throws
OAuthProblemException {
String callback = token.getCallback();
if (callback == null) {
callback = token.getClient().getApplicationURI();
@@ -179,12 +186,22 @@ public class AuthorizationRequestHandler
return builder.build();
}
+ private OOBAuthorizationResponse convertQueryParamsToOOB(Map<String,
String> queryParams) {
+
+ OOBAuthorizationResponse oob = new OOBAuthorizationResponse();
+ oob.setRequestToken(queryParams.get(OAuth.OAUTH_TOKEN));
+ oob.setVerifier(queryParams.get(OAuth.OAUTH_VERIFIER));
+ oob.setState(queryParams.get("state"));
+ return oob;
+ }
+
protected OAuthAuthorizationData
addAdditionalParams(OAuthAuthorizationData secData,
OAuthDataProvider
dataProvider,
- RequestToken token) {
+ RequestToken token)
throws OAuthProblemException {
secData.setOauthToken(token.getTokenKey());
secData.setApplicationName(token.getClient().getApplicationName());
secData.setApplicationURI(token.getClient().getApplicationURI());
+ secData.setCallbackURI(getCallbackValue(token));
secData.setApplicationDescription(token.getClient().getApplicationDescription());
secData.setLogoUri(token.getClient().getLogoUri());
secData.setPermissions(token.getScopes());
Added:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java?rev=1363166&view=auto
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
(added)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
Wed Jul 18 23:03:28 2012
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth.services;
+
+public class OOBAuthorizationResponse {
+ private String requestToken;
+ private String verifier;
+ private String state;
+ public String getRequestToken() {
+ return requestToken;
+ }
+ public void setRequestToken(String requestToken) {
+ this.requestToken = requestToken;
+ }
+ public String getVerifier() {
+ return verifier;
+ }
+ public void setVerifier(String verifier) {
+ this.verifier = verifier;
+ }
+ public String getState() {
+ return state;
+ }
+ public void setState(String state) {
+ this.state = state;
+ }
+}
Propchange:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java
Wed Jul 18 23:03:28 2012
@@ -123,21 +123,22 @@ public class RequestTokenHandler {
protected void validateCallbackURL(Client client,
String oauthCallback) throws
OAuthProblemException {
-
- if (StringUtils.isEmpty(oauthCallback)
- || client.getCallbackURI() != null
- && !oauthCallback.equals(client.getCallbackURI())
- || client.getApplicationURI() != null
- && !oauthCallback.startsWith(client.getApplicationURI())) {
- OAuthProblemException problemEx = new OAuthProblemException(
- OAuth.Problems.PARAMETER_REJECTED + " - " +
OAuth.OAUTH_CALLBACK);
- problemEx
- .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
- HttpServletResponse.SC_BAD_REQUEST);
- throw problemEx;
-
+ // the callback must not be empty or null, and it should either match
+ // the pre-registered callback URI or have the common root with the
+ // the pre-registered application URI
+ if (!StringUtils.isEmpty(oauthCallback)
+ && (!StringUtils.isEmpty(client.getCallbackURI())
+ && oauthCallback.equals(client.getCallbackURI())
+ || !StringUtils.isEmpty(client.getApplicationURI())
+ && oauthCallback.startsWith(client.getApplicationURI()))) {
+ return;
}
-
+ OAuthProblemException problemEx = new OAuthProblemException(
+ OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK);
+ problemEx
+ .setParameter(OAuthProblemException.HTTP_STATUS_CODE,
+ HttpServletResponse.SC_BAD_REQUEST);
+ throw problemEx;
}
public void setTokenLifetime(long tokenLifetime) {
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java
Wed Jul 18 23:03:28 2012
@@ -40,6 +40,8 @@ public final class OAuthConstants {
public static final String X_OAUTH_SCOPE = "scope";
public static final String OAUTH_CONSUMER_SECRET = "oauth_consumer_secret";
+ public static final String OAUTH_CALLBACK_OOB = "oob";
+
private OAuthConstants() {
}
Modified:
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
---
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
(original)
+++
cxf/trunk/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java
Wed Jul 18 23:03:28 2012
@@ -64,7 +64,8 @@ import org.apache.cxf.rs.security.oauth.
*/
public final class OAuthUtils {
public static final String REPORT_FAILURE_DETAILS =
"report.failure.details";
-
+ public static final String REPORT_FAILURE_DETAILS_AS_HEADER =
"report.failure.details.as.header";
+
private OAuthUtils() {
}
@@ -162,8 +163,24 @@ public final class OAuthUtils {
Exception e,
int status) {
ResponseBuilder builder = Response.status(status);
- if (MessageUtils.isTrue(mc.get(REPORT_FAILURE_DETAILS))) {
- builder.entity(e.getMessage());
+ if
(MessageUtils.isTrue(mc.getContextualProperty(REPORT_FAILURE_DETAILS))) {
+ boolean asHeader = MessageUtils.isTrue(
+ mc.getContextualProperty(REPORT_FAILURE_DETAILS_AS_HEADER));
+ String text = null;
+ if (e instanceof OAuthProblemException) {
+ OAuthProblemException problem = (OAuthProblemException)e;
+ if (asHeader && problem.getProblem() != null) {
+ text = problem.getProblem();
+ }
+ }
+ if (text == null) {
+ text = e.getMessage();
+ }
+ if (asHeader) {
+ builder.header("oauth_problem", text);
+ } else {
+ builder.entity(e.getMessage());
+ }
}
throw new WebApplicationException(builder.build());
}
Modified:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java
(original)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java
Wed Jul 18 23:03:28 2012
@@ -101,12 +101,8 @@ public class TemporaryCredentialServiceT
//test wrong client id
parameters.put(OAuth.OAUTH_CONSUMER_KEY, "wrong");
message = invokeRequestToken(parameters, style,
OAuthServer.PORT);
-
- wwwHeader = message.getHeader(HttpHeaders.WWW_AUTHENTICATE);
- List<OAuth.Parameter> list =
OAuthMessage.decodeAuthorization(wwwHeader);
-
- String oauthProblem = OAuthTestUtils.findOAuthParameter(list,
"oauth_problem").getValue();
- Assert.assertEquals(OAuth.Problems.CONSUMER_KEY_UNKNOWN,
oauthProblem);
+ String response = message.getHeader("oauth_problem");
+ Assert.assertEquals(OAuth.Problems.CONSUMER_KEY_UNKNOWN,
response);
}
}
}
Modified:
cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml?rev=1363166&r1=1363165&r2=1363166&view=diff
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml
(original)
+++
cxf/trunk/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml
Wed Jul 18 23:03:28 2012
@@ -29,6 +29,10 @@ under the License.
<jaxrs:serviceBeans>
<ref bean="temporaryCredentialService"/>
</jaxrs:serviceBeans>
+ <jaxrs:properties>
+ <entry key="report.failure.details" value="true"/>
+ <entry key="report.failure.details.as.header" value="true"/>
+ </jaxrs:properties>
</jaxrs:server>
<bean id="temporaryCredentialService"
