Author: sergeyb
Date: Wed Nov 28 17:20:08 2012
New Revision: 1414831
URL: http://svn.apache.org/viewvc?rev=1414831&view=rev
Log:
Merged revisions 1414658,1414699 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1414658 | sergeyb | 2012-11-28 13:02:27 +0000 (Wed, 28 Nov 2012) | 1 line
Minor modifications to the Oauth2 code
........
r1414699 | sergeyb | 2012-11-28 14:08:28 +0000 (Wed, 28 Nov 2012) | 1 line
Updating the client cred grant to use the clients subject as the resource
owner subject
........
Modified:
cxf/branches/2.6.x-fixes/ (props changed)
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrant.java
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthContextUtils.java
Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Merged /cxf/trunk:r1414658,1414699
Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified:
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java?rev=1414831&r1=1414830&r2=1414831&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthContext.java
Wed Nov 28 17:20:08 2012
@@ -28,27 +28,37 @@ import java.util.List;
*/
public class OAuthContext {
- private UserSubject subject;
- private List<OAuthPermission> permissions;
+ private UserSubject resourceOwnerSubject;
+ private UserSubject clientSubject;
+ private List<OAuthPermission> tokenPermissions;
private String tokenGrantType;
private String clientId;
private String tokenKey;
- public OAuthContext(UserSubject subject,
+ public OAuthContext(UserSubject resourceOwnerSubject,
+ UserSubject clientSubject,
List<OAuthPermission> perms,
String tokenGrantType) {
- this.subject = subject;
- this.permissions = perms;
+ this.resourceOwnerSubject = resourceOwnerSubject;
+ this.clientSubject = clientSubject;
+ this.tokenPermissions = perms;
this.tokenGrantType = tokenGrantType;
}
/**
- * Gets the {@link UserSubject} representing the end user authorizing the
client
- * at the authorization grant creation time
+ * Gets the {@link UserSubject} representing the resource owner
* @return the subject
*/
public UserSubject getSubject() {
- return subject;
+ return resourceOwnerSubject;
+ }
+
+ /**
+ * Gets the {@link UserSubject} representing the client
+ * @return the subject
+ */
+ public UserSubject getClientSubject() {
+ return clientSubject;
}
/**
@@ -56,7 +66,7 @@ public class OAuthContext {
* @return the permissions
*/
public List<OAuthPermission> getPermissions() {
- return Collections.unmodifiableList(permissions);
+ return Collections.unmodifiableList(tokenPermissions);
}
/**
Modified:
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java?rev=1414831&r1=1414830&r2=1414831&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
Wed Nov 28 17:20:08 2012
@@ -86,6 +86,7 @@ public class OAuthRequestFilter extends
// Also set the OAuthContext
OAuthContext oauthContext = new
OAuthContext(accessTokenV.getTokenSubject(),
+
accessTokenV.getClientSubject(),
matchingPermissions,
accessTokenV.getTokenGrantType());
@@ -134,11 +135,11 @@ public class OAuthRequestFilter extends
protected SecurityContext createSecurityContext(HttpServletRequest
request,
AccessTokenValidation
accessTokenV) {
- UserSubject endUserSubject = accessTokenV.getTokenSubject();
+ UserSubject resourceOwnerSubject = accessTokenV.getTokenSubject();
UserSubject clientSubject = accessTokenV.getClientSubject();
final UserSubject theSubject =
- OAuthRequestFilter.this.useUserSubject ? endUserSubject :
clientSubject;
+ OAuthRequestFilter.this.useUserSubject ? resourceOwnerSubject :
clientSubject;
return new SecurityContext() {
Modified:
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java?rev=1414831&r1=1414830&r2=1414831&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/clientcred/ClientCredentialsGrantHandler.java
Wed Nov 28 17:20:08 2012
@@ -41,10 +41,8 @@ public class ClientCredentialsGrantHandl
throws OAuthServiceException {
checkIfGrantSupported(client);
- // the OAuth filter will use Client.getUserSubject()
- // to initialize the request security context
return doCreateAccessToken(client,
- null,
+ client.getSubject(),
OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)));
}
Modified:
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrant.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrant.java?rev=1414831&r1=1414830&r2=1414831&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrant.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/refresh/RefreshTokenGrant.java
Wed Nov 28 17:20:08 2012
@@ -26,11 +26,17 @@ import org.apache.cxf.rs.security.oauth2
public class RefreshTokenGrant implements AccessTokenGrant {
private String refreshToken;
+ private String scope;
public RefreshTokenGrant(String refreshToken) {
this.refreshToken = refreshToken;
}
+ public RefreshTokenGrant(String refreshToken, String scope) {
+ this.refreshToken = refreshToken;
+ this.scope = scope;
+ }
+
public String getType() {
return OAuthConstants.REFRESH_TOKEN_GRANT;
}
@@ -39,6 +45,9 @@ public class RefreshTokenGrant implement
MultivaluedMap<String, String> map = new MetadataMap<String, String>();
map.putSingle(OAuthConstants.GRANT_TYPE,
OAuthConstants.REFRESH_TOKEN_GRANT);
map.putSingle(OAuthConstants.REFRESH_TOKEN, refreshToken);
+ if (scope != null) {
+ map.putSingle(OAuthConstants.SCOPE, scope);
+ }
return map;
}
Modified:
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthContextUtils.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthContextUtils.java?rev=1414831&r1=1414830&r2=1414831&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthContextUtils.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthContextUtils.java
Wed Nov 28 17:20:08 2012
@@ -33,7 +33,7 @@ public final class OAuthContextUtils {
/**
* @param mc the {@link MessageContext}
- * @return the name of the UserSubject of the logged in user
+ * @return the name of the UserSubject of the logged in user or resource
owner
* @throws WebApplicationException with Status 401 if not authenticated
*/
public static String resolveUserName(final MessageContext mc) {
@@ -43,7 +43,7 @@ public final class OAuthContextUtils {
/**
* @param mc the {@link MessageContext}
- * @return the list of roles of the logged in user
+ * @return the list of roles of the logged in user or resource owner
* @throws WebApplicationException with Status 401 if not authenticated
*/
public static List<String> resolveUserRoles(final MessageContext mc) {
@@ -96,7 +96,7 @@ public final class OAuthContextUtils {
/**
* @param mc the {@link MessageContext}
- * @return the client the user is using to access
+ * @return the client registration id
* @throws WebApplicationException with Status 401 if not authenticated
*/
public static String resolveClient(MessageContext mc) {
@@ -106,9 +106,8 @@ public final class OAuthContextUtils {
/**
* @param mc the {@link MessageContext}
- * @param client the desired client
- * @throws WebApplicationException with Status 401 if not authenticated
- * @throws WebApplicationException with Status 403 if user doesn't have
needed role
+ * @param client the desired client registration id
+ * @throws WebApplicationException with Status 403 if the current client
id is not valid
*/
public static void assertClient(MessageContext mc, String client) {
String cl = resolveClient(mc);
