Repository: cxf Updated Branches: refs/heads/master bf52c1759 -> 144ee70dc
Makaing sure the code filter can catch all code response errors Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/144ee70d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/144ee70d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/144ee70d Branch: refs/heads/master Commit: 144ee70dc163a1dbcfbfa891a3fed0b98b7edf21 Parents: bf52c17 Author: Sergey Beryozkin <[email protected]> Authored: Fri Nov 13 10:56:58 2015 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Fri Nov 13 10:56:58 2015 +0000 ---------------------------------------------------------------------- .../cxf/rs/security/oauth2/client/AccessDeniedResponse.java | 8 +++++++- .../rs/security/oauth2/client/ClientCodeRequestFilter.java | 4 ++-- .../oauth2/provider/AbstractOAuthJoseJwtProducer.java | 5 +++-- 3 files changed, 12 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/144ee70d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java index 9ec28ab..16a87bf 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/AccessDeniedResponse.java @@ -19,5 +19,11 @@ package org.apache.cxf.rs.security.oauth2.client; public class AccessDeniedResponse { - + private String error; + public AccessDeniedResponse(String error) { + this.error = error; + } + public String getError() { + return error; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/144ee70d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java index 3e312a3..18285a6 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/ClientCodeRequestFilter.java @@ -115,10 +115,10 @@ public class ClientCodeRequestFilter implements ContainerRequestFilter { if (sc == null || sc.getUserPrincipal() == null) { if (codeParam == null && requestParams.containsKey(OAuthConstants.ERROR_KEY) - && OAuthConstants.ACCESS_DENIED.equals(requestParams.getFirst(OAuthConstants.ERROR_KEY)) && !faultAccessDeniedResponses) { if (!applicationCanHandleAccessDenied) { - rc.abortWith(Response.ok(new AccessDeniedResponse()).build()); + String error = requestParams.getFirst(OAuthConstants.ERROR_KEY); + rc.abortWith(Response.ok(new AccessDeniedResponse(error)).build()); } } else { throw ExceptionUtils.toNotAuthorizedException(null, null); http://git-wip-us.apache.org/repos/asf/cxf/blob/144ee70d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java index b0a7414..fec38bc 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthJoseJwtProducer.java @@ -22,6 +22,7 @@ import java.util.Properties; import javax.crypto.SecretKey; +import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; @@ -44,7 +45,7 @@ public abstract class AbstractOAuthJoseJwtProducer extends AbstractJoseJwtProduc } protected JwsSignatureProvider getInitializedSignatureProvider(String clientSecret) { - if (signWithClientSecret) { + if (signWithClientSecret && !StringUtils.isEmpty(clientSecret)) { Properties props = JwsUtils.loadSignatureOutProperties(false); SignatureAlgorithm sigAlgo = JwsUtils.getSignatureAlgorithm(props, SignatureAlgorithm.HS256); if (AlgorithmUtils.isHmacSign(sigAlgo)) { @@ -54,7 +55,7 @@ public abstract class AbstractOAuthJoseJwtProducer extends AbstractJoseJwtProduc return null; } protected JweEncryptionProvider getInitializedEncryptionProvider(String clientSecret) { - if (encryptWithClientSecret) { + if (encryptWithClientSecret && !StringUtils.isEmpty(clientSecret)) { SecretKey key = CryptoUtils.decodeSecretKey(clientSecret); Properties props = JweUtils.loadEncryptionOutProperties(false); ContentAlgorithm ctAlgo = JweUtils.getContentEncryptionAlgorithm(props, ContentAlgorithm.A128GCM);
