Repository: cxf Updated Branches: refs/heads/master f8ed98e68 -> 8a3219071
[CXF-5569] Allowing for the unrecognized parameters if they came as a result of the form parameters making into HTTP parameters map Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8a321907 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8a321907 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8a321907 Branch: refs/heads/master Commit: 8a3219071c9bf9e8ee5b46b7e95720e737908930 Parents: f8ed98e Author: Sergey Beryozkin <[email protected]> Authored: Wed Feb 19 17:30:15 2014 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Wed Feb 19 17:30:15 2014 +0000 ---------------------------------------------------------------------- .../oauth/filters/AbstractAuthFilter.java | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/8a321907/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java index b48b367..69ccdff 100644 --- a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java +++ b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java @@ -31,6 +31,7 @@ import java.util.logging.Logger; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; +import javax.ws.rs.core.MediaType; import net.oauth.OAuth; import net.oauth.OAuthMessage; @@ -77,6 +78,7 @@ public class AbstractAuthFilter { ALLOWED_OAUTH_PARAMETERS.add(OAuthConstants.OAUTH_CONSUMER_SECRET); } + private boolean ignoreUnknownParameters; private boolean useUserSubject; private OAuthDataProvider dataProvider; private OAuthValidator validator = new DefaultOAuthValidator(); @@ -274,7 +276,15 @@ public class AbstractAuthFilter { this.validator = validator; } - private static class CustomHttpServletWrapper extends HttpServletRequestWrapper { + public boolean isIgnoreUnknownParameters() { + return ignoreUnknownParameters; + } + + public void setIgnoreUnknownParameters(boolean ignoreUnknownParameters) { + this.ignoreUnknownParameters = ignoreUnknownParameters; + } + + private class CustomHttpServletWrapper extends HttpServletRequestWrapper { public CustomHttpServletWrapper(HttpServletRequest req) { super(req); } @@ -286,9 +296,15 @@ public class AbstractAuthFilter { return params; } + String contentType = super.getRequest().getContentType(); + boolean formPayload = contentType != null && MediaType.APPLICATION_FORM_URLENCODED_TYPE. + isCompatible(MediaType.valueOf(contentType)); + + Map<String, String[]> newParams = new HashMap<String, String[]>(); for (Map.Entry<String, String[]> entry : params.entrySet()) { - if (ALLOWED_OAUTH_PARAMETERS.contains(entry.getKey())) { + if (ALLOWED_OAUTH_PARAMETERS.contains(entry.getKey()) + || formPayload && AbstractAuthFilter.this.isIgnoreUnknownParameters()) { newParams.put(entry.getKey(), entry.getValue()); } }
