Repository: cxf Updated Branches: refs/heads/master 9c7b2bc66 -> 26e8350e1
[CXF-6304] Making AccesstokenRegistration.getApprovedScopes useful in case of the code grant Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/26e8350e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/26e8350e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/26e8350e Branch: refs/heads/master Commit: 26e8350e122ed94155e58aa1f937cace205cfbc5 Parents: 9c7b2bc Author: Sergey Beryozkin <[email protected]> Authored: Wed Mar 18 16:06:49 2015 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Wed Mar 18 16:06:49 2015 +0000 ---------------------------------------------------------------------- .../oauth2/grants/AbstractGrantHandler.java | 16 ++++++++++++---- .../grants/code/AuthorizationCodeGrantHandler.java | 1 + .../grants/code/ServerAuthorizationCodeGrant.java | 9 +++++++++ 3 files changed, 22 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/26e8350e/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java index 58d0bda..f86e2da 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.java @@ -100,6 +100,7 @@ public abstract class AbstractGrantHandler implements AccessTokenGrantHandler { return doCreateAccessToken(client, subject, OAuthUtils.parseScope(params.getFirst(OAuthConstants.SCOPE)), + null, params.getFirst(OAuthConstants.CLIENT_AUDIENCE)); } @@ -107,28 +108,31 @@ public abstract class AbstractGrantHandler implements AccessTokenGrantHandler { UserSubject subject, List<String> requestedScope) { - return doCreateAccessToken(client, subject, getSingleGrantType(), requestedScope, null); + return doCreateAccessToken(client, subject, getSingleGrantType(), requestedScope, + null, null); } protected ServerAccessToken doCreateAccessToken(Client client, UserSubject subject, List<String> requestedScope, + List<String> approvedScope, String audience) { - return doCreateAccessToken(client, subject, getSingleGrantType(), requestedScope, audience); + return doCreateAccessToken(client, subject, getSingleGrantType(), requestedScope, approvedScope, audience); } protected ServerAccessToken doCreateAccessToken(Client client, UserSubject subject, String requestedGrant, List<String> requestedScope) { - return doCreateAccessToken(client, subject, requestedGrant, requestedScope, null); + return doCreateAccessToken(client, subject, requestedGrant, requestedScope, null, null); } protected ServerAccessToken doCreateAccessToken(Client client, UserSubject subject, String requestedGrant, List<String> requestedScope, + List<String> approvedScope, String audience) { if (!OAuthUtils.validateScopes(requestedScope, client.getRegisteredScopes(), partialMatchScopeValidation)) { @@ -150,7 +154,11 @@ public abstract class AbstractGrantHandler implements AccessTokenGrantHandler { reg.setClient(client); reg.setGrantType(requestedGrant); reg.setSubject(subject); - reg.setRequestedScope(requestedScope); + reg.setRequestedScope(requestedScope); + if (approvedScope == null) { + approvedScope = Collections.emptyList(); + } + reg.setApprovedScope(approvedScope); reg.setAudience(audience); return dataProvider.createAccessToken(reg); http://git-wip-us.apache.org/repos/asf/cxf/blob/26e8350e/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java index 7e6972f..76fcbec 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/AuthorizationCodeGrantHandler.java @@ -81,6 +81,7 @@ public class AuthorizationCodeGrantHandler extends AbstractGrantHandler { return doCreateAccessToken(client, grant.getSubject(), + grant.getRequestedScopes(), grant.getApprovedScopes(), grant.getAudience()); } http://git-wip-us.apache.org/repos/asf/cxf/blob/26e8350e/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java index b2b3835..a1aba9f 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/ServerAuthorizationCodeGrant.java @@ -36,6 +36,7 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant { private long expiresIn; private Client client; private List<String> approvedScopes = Collections.emptyList(); + private List<String> requestedScopes = Collections.emptyList(); private UserSubject subject; private String audience; private String clientCodeChallenge; @@ -156,4 +157,12 @@ public class ServerAuthorizationCodeGrant extends AuthorizationCodeGrant { public void setClientCodeChallenge(String clientCodeChallenge) { this.clientCodeChallenge = clientCodeChallenge; } + + public List<String> getRequestedScopes() { + return requestedScopes; + } + + public void setRequestedScopes(List<String> requestedScopes) { + this.requestedScopes = requestedScopes; + } }
