Author: sergeyb Date: Mon Jul 23 14:23:35 2012 New Revision: 1364642 URL: http://svn.apache.org/viewvc?rev=1364642&view=rev Log: Merged revisions 1362118 via svnmerge from https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes
................ r1362118 | sergeyb | 2012-07-16 17:25:59 +0100 (Mon, 16 Jul 2012) | 9 lines Merged revisions 1362114 via svnmerge from https://svn.apache.org/repos/asf/cxf/trunk ........ r1362114 | sergeyb | 2012-07-16 17:20:32 +0100 (Mon, 16 Jul 2012) | 1 line [CXF-4225] Reusing default validator instance between requests, making it possible to customize the validation ........ ................ Modified: cxf/branches/2.5.x-fixes/ (props changed) cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java Propchange: cxf/branches/2.5.x-fixes/ ------------------------------------------------------------------------------ --- svn:mergeinfo (added) +++ svn:mergeinfo Mon Jul 23 14:23:35 2012 @@ -0,0 +1,2 @@ +/cxf/branches/2.6.x-fixes:1362118 +/cxf/trunk:1362114 Propchange: cxf/branches/2.5.x-fixes/ ------------------------------------------------------------------------------ Binary property 'svnmerge-integrated' - no diff available. Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java?rev=1364642&r1=1364641&r2=1364642&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java Mon Jul 23 14:23:35 2012 @@ -35,6 +35,7 @@ import javax.servlet.http.HttpServletReq import net.oauth.OAuth; import net.oauth.OAuthMessage; import net.oauth.OAuthProblemException; +import net.oauth.OAuthValidator; import net.oauth.server.OAuthServlet; import org.apache.cxf.common.logging.LogUtils; @@ -47,6 +48,7 @@ import org.apache.cxf.rs.security.oauth. import org.apache.cxf.rs.security.oauth.data.OAuthContext; import org.apache.cxf.rs.security.oauth.data.OAuthPermission; import org.apache.cxf.rs.security.oauth.data.UserSubject; +import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator; import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider; import org.apache.cxf.rs.security.oauth.utils.OAuthConstants; import org.apache.cxf.rs.security.oauth.utils.OAuthUtils; @@ -77,7 +79,8 @@ public class AbstractAuthFilter { private boolean useUserSubject; private OAuthDataProvider dataProvider; - + private OAuthValidator validator = new DefaultOAuthValidator(); + protected AbstractAuthFilter() { } @@ -130,7 +133,8 @@ public class AbstractAuthFilter { } client = accessToken.getClient(); - OAuthUtils.validateMessage(oAuthMessage, client, accessToken, dataProvider); + OAuthUtils.validateMessage(oAuthMessage, client, accessToken, + dataProvider, validator); } else { String consumerKey = null; String consumerSecret = null; @@ -161,7 +165,8 @@ public class AbstractAuthFilter { LOG.warning("Client secret is invalid"); throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN); } else { - OAuthUtils.validateMessage(oAuthMessage, client, null, dataProvider); + OAuthUtils.validateMessage(oAuthMessage, client, null, + dataProvider, validator); } accessToken = client.getPreAuthorizedToken(); if (accessToken == null || !accessToken.isPreAuthorized()) { @@ -265,6 +270,10 @@ public class AbstractAuthFilter { return new OAuthContext(subject, info.getMatchedPermissions()); } + public void setValidator(OAuthValidator validator) { + this.validator = validator; + } + private static class CustomHttpServletWrapper extends HttpServletRequestWrapper { public CustomHttpServletWrapper(HttpServletRequest req) { super(req); Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java?rev=1364642&r1=1364641&r2=1364642&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/OAuthServletFilter.java Mon Jul 23 14:23:35 2012 @@ -48,6 +48,7 @@ public class OAuthServletFilter extends public void init(FilterConfig filterConfig) throws ServletException { ServletContext servletContext = filterConfig.getServletContext(); super.setDataProvider(OAuthUtils.getOAuthDataProvider(servletContext)); + super.setValidator(OAuthUtils.getOAuthValidator(servletContext)); super.setUseUserSubject(MessageUtils.isTrue(servletContext.getInitParameter(USE_USER_SUBJECT))); } Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java?rev=1364642&r1=1364641&r2=1364642&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java Mon Jul 23 14:23:35 2012 @@ -20,7 +20,10 @@ package org.apache.cxf.rs.security.oauth import javax.ws.rs.core.Context; +import net.oauth.OAuthValidator; + import org.apache.cxf.jaxrs.ext.MessageContext; +import org.apache.cxf.rs.security.oauth.provider.DefaultOAuthValidator; import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider; import org.apache.cxf.rs.security.oauth.utils.OAuthUtils; @@ -31,6 +34,7 @@ public abstract class AbstractOAuthServi private MessageContext mc; private OAuthDataProvider dataProvider; + private OAuthValidator validator = new DefaultOAuthValidator(); @Context public void setMessageContext(MessageContext context) { @@ -48,6 +52,14 @@ public abstract class AbstractOAuthServi protected OAuthDataProvider getDataProvider() { return OAuthUtils.getOAuthDataProvider(dataProvider, mc.getServletContext()); } + + public OAuthValidator getValidator() { + return validator; + } + + public void setValidator(OAuthValidator validator) { + this.validator = validator; + } } Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java?rev=1364642&r1=1364641&r2=1364642&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenHandler.java Mon Jul 23 14:23:35 2012 @@ -29,6 +29,7 @@ import javax.ws.rs.core.Response; import net.oauth.OAuth; import net.oauth.OAuthMessage; import net.oauth.OAuthProblemException; +import net.oauth.OAuthValidator; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; @@ -54,7 +55,9 @@ public class AccessTokenHandler { OAuth.OAUTH_NONCE }; - public Response handle(MessageContext mc, OAuthDataProvider dataProvider) { + public Response handle(MessageContext mc, + OAuthDataProvider dataProvider, + OAuthValidator validator) { try { OAuthMessage oAuthMessage = OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS); @@ -75,8 +78,11 @@ public class AccessTokenHandler { throw new OAuthProblemException(OAuthConstants.VERIFIER_INVALID); } - OAuthUtils.validateMessage(oAuthMessage, requestToken.getClient(), requestToken, - dataProvider); + OAuthUtils.validateMessage(oAuthMessage, + requestToken.getClient(), + requestToken, + dataProvider, + validator); AccessTokenRegistration reg = new AccessTokenRegistration(); reg.setRequestToken(requestToken); Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java?rev=1364642&r1=1364641&r2=1364642&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AccessTokenService.java Mon Jul 23 14:23:35 2012 @@ -49,6 +49,8 @@ public class AccessTokenService extends @POST @Produces("application/x-www-form-urlencoded") public Response getAccessToken() { - return handler.handle(getMessageContext(), getDataProvider()); + return handler.handle(getMessageContext(), + getDataProvider(), + getValidator()); } } Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1364642&r1=1364641&r2=1364642&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java Mon Jul 23 14:23:35 2012 @@ -30,6 +30,7 @@ import javax.ws.rs.core.Response; import net.oauth.OAuth; import net.oauth.OAuthMessage; import net.oauth.OAuthProblemException; +import net.oauth.OAuthValidator; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; @@ -57,7 +58,9 @@ public class RequestTokenHandler { private long tokenLifetime = 3600L; private String defaultScope; - public Response handle(MessageContext mc, OAuthDataProvider dataProvider) { + public Response handle(MessageContext mc, + OAuthDataProvider dataProvider, + OAuthValidator validator) { try { OAuthMessage oAuthMessage = OAuthUtils.getOAuthMessage(mc, mc.getHttpServletRequest(), REQUIRED_PARAMETERS); @@ -69,7 +72,8 @@ public class RequestTokenHandler { throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN); } - OAuthUtils.validateMessage(oAuthMessage, client, null, dataProvider); + OAuthUtils.validateMessage(oAuthMessage, client, null, + dataProvider, validator); String callback = oAuthMessage.getParameter(OAuth.OAUTH_CALLBACK); validateCallbackURL(client, callback); Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java?rev=1364642&r1=1364641&r2=1364642&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenService.java Mon Jul 23 14:23:35 2012 @@ -48,6 +48,8 @@ public class RequestTokenService extends @POST @Produces("application/x-www-form-urlencoded") public Response getRequestToken() { - return handler.handle(getMessageContext(), getDataProvider()); + return handler.handle(getMessageContext(), + getDataProvider(), + getValidator()); } } Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java?rev=1364642&r1=1364641&r2=1364642&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java Mon Jul 23 14:23:35 2012 @@ -25,8 +25,9 @@ package org.apache.cxf.rs.security.oauth public final class OAuthConstants { public static final String OAUTH_DATA_PROVIDER_CLASS = "oauth.data.provider-class"; - public static final String OAUTH_DATA_VALIDATOR_CLASS = "oauth.data.validator-class"; + public static final String OAUTH_VALIDATOR_CLASS = "oauth.data.validator-class"; public static final String OAUTH_DATA_PROVIDER_INSTANCE_KEY = "oauth.data.provider-instance.key"; + public static final String OAUTH_VALIDATOR_INSTANCE_KEY = "oauth.data.validator-instance.key"; public static final String VERIFIER_INVALID = "verifier_invalid"; Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1364642&r1=1364641&r2=1364642&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java Mon Jul 23 14:23:35 2012 @@ -41,6 +41,7 @@ import net.oauth.OAuthAccessor; import net.oauth.OAuthConsumer; import net.oauth.OAuthMessage; import net.oauth.OAuthProblemException; +import net.oauth.OAuthValidator; import net.oauth.server.OAuthServlet; import org.apache.cxf.common.classloader.ClassLoaderUtils; @@ -85,7 +86,8 @@ public final class OAuthUtils { public static void validateMessage(OAuthMessage oAuthMessage, Client client, Token token, - OAuthDataProvider provider) + OAuthDataProvider provider, + OAuthValidator validator) throws Exception { OAuthConsumer consumer = new OAuthConsumer(null, client.getConsumerKey(), client.getSecretKey(), null); @@ -98,11 +100,16 @@ public final class OAuthUtils { } accessor.tokenSecret = token.getTokenSecret(); } - - DefaultOAuthValidator validator = new DefaultOAuthValidator(); - validator.validateMessage(oAuthMessage, accessor); - if (token != null) { - validator.validateToken(token, provider); + try { + validator.validateMessage(oAuthMessage, accessor); + } catch (Exception ex) { + if (token != null) { + provider.removeToken(token); + throw ex; + } + } + if (token != null && validator instanceof DefaultOAuthValidator) { + ((DefaultOAuthValidator)validator).validateToken(token, provider); } } @@ -228,14 +235,6 @@ public final class OAuthUtils { + " ] context init param in web.xml"); } - String oauthValidatorClassName = servletContext - .getInitParameter(OAuthConstants.OAUTH_DATA_VALIDATOR_CLASS); - - if (StringUtils.isEmpty(oauthValidatorClassName)) { - //if no validator was provided fallback to default validator - oauthValidatorClassName = DefaultOAuthValidator.class.getName(); - } - try { dataProvider = (OAuthDataProvider) OAuthUtils .instantiateClass(dataProviderClassName); @@ -250,4 +249,32 @@ public final class OAuthUtils { return dataProvider; } + + public static synchronized OAuthValidator getOAuthValidator(ServletContext servletContext) { + + OAuthValidator dataProvider = (OAuthValidator) servletContext + .getAttribute(OAuthConstants.OAUTH_VALIDATOR_INSTANCE_KEY); + + if (dataProvider == null) { + String dataProviderClassName = servletContext + .getInitParameter(OAuthConstants.OAUTH_VALIDATOR_CLASS); + + if (!StringUtils.isEmpty(dataProviderClassName)) { + + try { + dataProvider = (OAuthValidator) OAuthUtils + .instantiateClass(dataProviderClassName); + + servletContext + .setAttribute(OAuthConstants.OAUTH_VALIDATOR_INSTANCE_KEY, dataProvider); + } catch (Exception e) { + throw new RuntimeException( + "Cannot instantiate OAuthValidator class: " + dataProviderClassName, e); + } + } + } + + return dataProvider == null ? new DefaultOAuthValidator() : dataProvider; + } + }
