git commit: [CXF-5569] Making it simpler to support unrecognized parameters

Tue, 01 Apr 2014 03:05:31 -0700 

Repository: cxf
Updated Branches:
  refs/heads/master 242ffb176 -> 09204993f


[CXF-5569] Making it simpler to support unrecognized parameters


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/09204993
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/09204993
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/09204993

Branch: refs/heads/master
Commit: 09204993f205a7f2ce05166b025bc215c8aed724
Parents: 242ffb1
Author: Sergey Beryozkin <[email protected]>
Authored: Tue Apr 1 10:52:59 2014 +0100
Committer: Sergey Beryozkin <[email protected]>
Committed: Tue Apr 1 10:52:59 2014 +0100

----------------------------------------------------------------------
 .../oauth/filters/AbstractAuthFilter.java       | 21 +++++---------------
 .../saml/sso/AbstractServiceProviderFilter.java |  1 -
 2 files changed, 5 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/09204993/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
 
b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
index 69ccdff..04517a5 100644
--- 
a/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
+++ 
b/rt/rs/security/oauth-parent/oauth/src/main/java/org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.java
@@ -31,7 +31,6 @@ import java.util.logging.Logger;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
-import javax.ws.rs.core.MediaType;
 
 import net.oauth.OAuth;
 import net.oauth.OAuthMessage;
@@ -78,7 +77,7 @@ public class AbstractAuthFilter {
         ALLOWED_OAUTH_PARAMETERS.add(OAuthConstants.OAUTH_CONSUMER_SECRET);
     }
     
-    private boolean ignoreUnknownParameters;
+    private boolean supportUnknownParameters;
     private boolean useUserSubject;
     private OAuthDataProvider dataProvider;
     private OAuthValidator validator = new DefaultOAuthValidator();
@@ -276,12 +275,8 @@ public class AbstractAuthFilter {
         this.validator = validator;
     }
 
-    public boolean isIgnoreUnknownParameters() {
-        return ignoreUnknownParameters;
-    }
-
-    public void setIgnoreUnknownParameters(boolean ignoreUnknownParameters) {
-        this.ignoreUnknownParameters = ignoreUnknownParameters;
+    public void setSupportUnknownParameters(boolean supportUnknownParameters) {
+        this.supportUnknownParameters = supportUnknownParameters;
     }
 
     private class CustomHttpServletWrapper extends HttpServletRequestWrapper {
@@ -292,19 +287,13 @@ public class AbstractAuthFilter {
         public Map<String, String[]> getParameterMap() {
             Map<String, String[]> params = super.getParameterMap();
             
-            if (ALLOWED_OAUTH_PARAMETERS.containsAll(params.keySet())) {
+            if (supportUnknownParameters || 
ALLOWED_OAUTH_PARAMETERS.containsAll(params.keySet())) {
                 return params;
             }
             
-            String contentType = super.getRequest().getContentType();
-            boolean formPayload = contentType != null && 
MediaType.APPLICATION_FORM_URLENCODED_TYPE.
-                isCompatible(MediaType.valueOf(contentType));
-            
-                        
             Map<String, String[]> newParams = new HashMap<String, String[]>();
             for (Map.Entry<String, String[]> entry : params.entrySet()) {
-                if (ALLOWED_OAUTH_PARAMETERS.contains(entry.getKey())
-                    || formPayload && 
AbstractAuthFilter.this.isIgnoreUnknownParameters()) {    
+                if (ALLOWED_OAUTH_PARAMETERS.contains(entry.getKey())) {    
                     newParams.put(entry.getKey(), entry.getValue());
                 }
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/09204993/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
 
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
index 597d6a8..21b5c46 100644
--- 
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
+++ 
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/AbstractServiceProviderFilter.java
@@ -182,7 +182,6 @@ public abstract class AbstractServiceProviderFilter extends 
AbstractSSOSpHandler
     }
     
     protected void setSecurityContext(Message m, SamlAssertionWrapper 
assertionWrapper) {
-        // don't worry about roles/claims for now, just set a basic 
SecurityContext
         Subject subject = SAMLUtils.getSubject(m, assertionWrapper);
         final String name = subject.getName();

Reply via email to