Author: sergeyb Date: Mon Jul 23 15:03:23 2012 New Revision: 1364667 URL: http://svn.apache.org/viewvc?rev=1364667&view=rev Log: Merged revisions 1363169 via svnmerge from https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes
................ r1363169 | sergeyb | 2012-07-19 00:17:35 +0100 (Thu, 19 Jul 2012) | 13 lines Merged revisions 1363166-1363167 via svnmerge from https://svn.apache.org/repos/asf/cxf/trunk ........ r1363166 | sergeyb | 2012-07-19 00:03:28 +0100 (Thu, 19 Jul 2012) | 1 line [CXF-4428,CXF-4432] Turning error-related properties into contextual ones, fixing the test; restoring the original support for oob callbacks with few updates ........ r1363167 | sergeyb | 2012-07-19 00:06:23 +0100 (Thu, 19 Jul 2012) | 1 line Updating the spnego handler to use message.getContextualProperty when checking for the credential ........ ................ Added: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java - copied unchanged from r1363169, cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/OOBAuthorizationResponse.java Modified: cxf/branches/2.5.x-fixes/ (props changed) cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java cxf/branches/2.5.x-fixes/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml Propchange: cxf/branches/2.5.x-fixes/ ------------------------------------------------------------------------------ Merged /cxf/trunk:r1363166-1363167 Merged /cxf/branches/2.6.x-fixes:r1363169 Propchange: cxf/branches/2.5.x-fixes/ ------------------------------------------------------------------------------ Binary property 'svnmerge-integrated' - no diff available. Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java?rev=1364667&r1=1364666&r2=1364667&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/data/OAuthAuthorizationData.java Mon Jul 23 15:03:23 2012 @@ -35,6 +35,7 @@ public class OAuthAuthorizationData impl private String authenticityToken; private String applicationName; private String applicationURI; + private String callbackURI; private String applicationDescription; private String logoUri; private String replyTo; @@ -110,4 +111,12 @@ public class OAuthAuthorizationData impl public String getLogoUri() { return logoUri; } + + public String getCallbackURI() { + return callbackURI; + } + + public void setCallbackURI(String callbackURI) { + this.callbackURI = callbackURI; + } } Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java?rev=1364667&r1=1364666&r2=1364667&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AbstractOAuthService.java Mon Jul 23 15:03:23 2012 @@ -35,7 +35,6 @@ public abstract class AbstractOAuthServi private OAuthDataProvider dataProvider; private OAuthValidator validator = new DefaultOAuthValidator(); - private boolean reportFailureDetails; @Context public void setMessageContext(MessageContext context) { @@ -43,7 +42,6 @@ public abstract class AbstractOAuthServi } public MessageContext getMessageContext() { - mc.put(OAuthUtils.REPORT_FAILURE_DETAILS, reportFailureDetails); return mc; } @@ -63,5 +61,4 @@ public abstract class AbstractOAuthServi this.validator = validator; } - } Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java?rev=1364667&r1=1364666&r2=1364667&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/AuthorizationRequestHandler.java Mon Jul 23 15:03:23 2012 @@ -36,6 +36,7 @@ import java.util.logging.Logger; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; @@ -138,8 +139,14 @@ public class AuthorizationRequestHandler if (token.getState() != null) { queryParams.put("state", token.getState()); } - URI callback = buildCallbackURI(getCallbackURI(token), queryParams); - return Response.seeOther(callback).build(); + String callbackValue = getCallbackValue(token); + if (OAuthConstants.OAUTH_CALLBACK_OOB.equals(callbackValue)) { + OOBAuthorizationResponse bean = convertQueryParamsToOOB(queryParams); + return Response.ok().type(MediaType.TEXT_HTML).entity(bean).build(); + } else { + URI callbackURI = buildCallbackURI(callbackValue, queryParams); + return Response.seeOther(callbackURI).build(); + } } catch (OAuthProblemException e) { LOG.log(Level.WARNING, "An OAuth related problem: {0}", new Object[]{e.fillInStackTrace()}); @@ -158,7 +165,7 @@ public class AuthorizationRequestHandler } } - protected String getCallbackURI(RequestToken token) throws OAuthProblemException { + protected String getCallbackValue(RequestToken token) throws OAuthProblemException { String callback = token.getCallback(); if (callback == null) { callback = token.getClient().getApplicationURI(); @@ -179,12 +186,22 @@ public class AuthorizationRequestHandler return builder.build(); } + private OOBAuthorizationResponse convertQueryParamsToOOB(Map<String, String> queryParams) { + + OOBAuthorizationResponse oob = new OOBAuthorizationResponse(); + oob.setRequestToken(queryParams.get(OAuth.OAUTH_TOKEN)); + oob.setVerifier(queryParams.get(OAuth.OAUTH_VERIFIER)); + oob.setState(queryParams.get("state")); + return oob; + } + protected OAuthAuthorizationData addAdditionalParams(OAuthAuthorizationData secData, OAuthDataProvider dataProvider, - RequestToken token) { + RequestToken token) throws OAuthProblemException { secData.setOauthToken(token.getTokenKey()); secData.setApplicationName(token.getClient().getApplicationName()); secData.setApplicationURI(token.getClient().getApplicationURI()); + secData.setCallbackURI(getCallbackValue(token)); secData.setApplicationDescription(token.getClient().getApplicationDescription()); secData.setLogoUri(token.getClient().getLogoUri()); secData.setPermissions(token.getScopes()); Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java?rev=1364667&r1=1364666&r2=1364667&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/services/RequestTokenHandler.java Mon Jul 23 15:03:23 2012 @@ -123,21 +123,22 @@ public class RequestTokenHandler { protected void validateCallbackURL(Client client, String oauthCallback) throws OAuthProblemException { - - if (StringUtils.isEmpty(oauthCallback) - || client.getCallbackURI() != null - && !oauthCallback.equals(client.getCallbackURI()) - || client.getApplicationURI() != null - && !oauthCallback.startsWith(client.getApplicationURI())) { - OAuthProblemException problemEx = new OAuthProblemException( - OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK); - problemEx - .setParameter(OAuthProblemException.HTTP_STATUS_CODE, - HttpServletResponse.SC_BAD_REQUEST); - throw problemEx; - + // the callback must not be empty or null, and it should either match + // the pre-registered callback URI or have the common root with the + // the pre-registered application URI + if (!StringUtils.isEmpty(oauthCallback) + && (!StringUtils.isEmpty(client.getCallbackURI()) + && oauthCallback.equals(client.getCallbackURI()) + || !StringUtils.isEmpty(client.getApplicationURI()) + && oauthCallback.startsWith(client.getApplicationURI()))) { + return; } - + OAuthProblemException problemEx = new OAuthProblemException( + OAuth.Problems.PARAMETER_REJECTED + " - " + OAuth.OAUTH_CALLBACK); + problemEx + .setParameter(OAuthProblemException.HTTP_STATUS_CODE, + HttpServletResponse.SC_BAD_REQUEST); + throw problemEx; } public void setTokenLifetime(long tokenLifetime) { Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java?rev=1364667&r1=1364666&r2=1364667&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthConstants.java Mon Jul 23 15:03:23 2012 @@ -40,6 +40,8 @@ public final class OAuthConstants { public static final String X_OAUTH_SCOPE = "scope"; public static final String OAUTH_CONSUMER_SECRET = "oauth_consumer_secret"; + public static final String OAUTH_CALLBACK_OOB = "oob"; + private OAuthConstants() { } Modified: cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java?rev=1364667&r1=1364666&r2=1364667&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java (original) +++ cxf/branches/2.5.x-fixes/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/utils/OAuthUtils.java Mon Jul 23 15:03:23 2012 @@ -64,7 +64,8 @@ import org.apache.cxf.rs.security.oauth. */ public final class OAuthUtils { public static final String REPORT_FAILURE_DETAILS = "report.failure.details"; - + public static final String REPORT_FAILURE_DETAILS_AS_HEADER = "report.failure.details.as.header"; + private OAuthUtils() { } @@ -162,8 +163,24 @@ public final class OAuthUtils { Exception e, int status) { ResponseBuilder builder = Response.status(status); - if (MessageUtils.isTrue(mc.get(REPORT_FAILURE_DETAILS))) { - builder.entity(e.getMessage()); + if (MessageUtils.isTrue(mc.getContextualProperty(REPORT_FAILURE_DETAILS))) { + boolean asHeader = MessageUtils.isTrue( + mc.getContextualProperty(REPORT_FAILURE_DETAILS_AS_HEADER)); + String text = null; + if (e instanceof OAuthProblemException) { + OAuthProblemException problem = (OAuthProblemException)e; + if (asHeader && problem.getProblem() != null) { + text = problem.getProblem(); + } + } + if (text == null) { + text = e.getMessage(); + } + if (asHeader) { + builder.header("oauth_problem", text); + } else { + builder.entity(e.getMessage()); + } } throw new WebApplicationException(builder.build()); } Modified: cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java?rev=1364667&r1=1364666&r2=1364667&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java (original) +++ cxf/branches/2.5.x-fixes/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth/TemporaryCredentialServiceTest.java Mon Jul 23 15:03:23 2012 @@ -101,12 +101,8 @@ public class TemporaryCredentialServiceT //test wrong client id parameters.put(OAuth.OAUTH_CONSUMER_KEY, "wrong"); message = invokeRequestToken(parameters, style, OAuthServer.PORT); - - wwwHeader = message.getHeader(HttpHeaders.WWW_AUTHENTICATE); - List<OAuth.Parameter> list = OAuthMessage.decodeAuthorization(wwwHeader); - - String oauthProblem = OAuthTestUtils.findOAuthParameter(list, "oauth_problem").getValue(); - Assert.assertEquals(OAuth.Problems.CONSUMER_KEY_UNKNOWN, oauthProblem); + String response = message.getHeader("oauth_problem"); + Assert.assertEquals(OAuth.Problems.CONSUMER_KEY_UNKNOWN, response); } } } Modified: cxf/branches/2.5.x-fixes/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml?rev=1364667&r1=1364666&r2=1364667&view=diff ============================================================================== --- cxf/branches/2.5.x-fixes/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml (original) +++ cxf/branches/2.5.x-fixes/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/oauth/server/WEB-INF/oauth-beans.xml Mon Jul 23 15:03:23 2012 @@ -29,6 +29,10 @@ under the License. <jaxrs:serviceBeans> <ref bean="temporaryCredentialService"/> </jaxrs:serviceBeans> + <jaxrs:properties> + <entry key="report.failure.details" value="true"/> + <entry key="report.failure.details.as.header" value="true"/> + </jaxrs:properties> </jaxrs:server> <bean id="temporaryCredentialService"
