Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes 90789cc21 -> 92b2da359
Add equals/hashCode methods for OAuthPermission so that the containsAll call in
AbstractOAuthDataProvider.doRefreshAccessToken works
Conflicts:
rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
Conflicts:
rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dae28f01
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dae28f01
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dae28f01
Branch: refs/heads/3.0.x-fixes
Commit: dae28f01e97a63e4915efad30036cce20ffda54f
Parents: 90789cc
Author: Colm O hEigeartaigh <[email protected]>
Authored: Fri Dec 4 16:34:03 2015 +0000
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Fri Dec 4 17:11:35 2015 +0000
----------------------------------------------------------------------
.../security/oauth2/common/OAuthPermission.java | 124 +++++++++++++++++++
.../services/AbstractImplicitGrantService.java | 19 +++
2 files changed, 143 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/dae28f01/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
----------------------------------------------------------------------
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
index 0aaf300..f23e2ad 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthPermission.java
@@ -77,4 +77,128 @@ public class OAuthPermission extends Permission {
return uris;
}
+<<<<<<< HEAD
+=======
+ /**
+ * Gets the permission description
+ * @return the description
+ */
+ public String getDescription() {
+ return description;
+ }
+
+ /**
+ * Sets the permission description
+ * @param description
+ */
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ /**
+ * Get the permission value such as "read_calendar"
+ * @return the value
+ */
+ public String getPermission() {
+ return permission;
+ }
+
+ /**
+ * Sets the permission value such as "read_calendar"
+ * @param permission the permission value
+ */
+ public void setPermission(String permission) {
+ this.permission = permission;
+ }
+
+ /**
+ * Indicates if this permission has been allocated by default or not.
+ * Authorization View handlers may use this property to optimize the way
the user selects the
+ * scopes.
+ * For example, assume that read', 'add' and 'update' scopes are supported
and the
+ * 'read' scope is always allocated. This can be presented at the UI level
as follows:
+ * the read-only check-box control will represent a 'read' scope and a
user will be able to
+ * optionally select 'add' and/or 'update' scopes, in addition to the
default 'read' one.
+ * @param isDefault true if the permission has been allocated by default
+ */
+ public void setDefault(boolean value) {
+ this.isDefault = value;
+ }
+
+ public boolean isDefault() {
+ return isDefault;
+ }
+
+ public boolean isInvisibleToClient() {
+ return invisibleToClient;
+ }
+
+ /**
+ * Set the visibility status; by default all the scopes approved by a user
can
+ * be optionally reported to the client in access token responses. Some
scopes may need
+ * to stay 'invisible' to client.
+ * @param invisibleToClient
+ */
+ public void setInvisibleToClient(boolean invisibleToClient) {
+ this.invisibleToClient = invisibleToClient;
+ }
+
+ @Override
+ public boolean equals(Object object) {
+ if (!(object instanceof OAuthPermission)) {
+ return false;
+ }
+
+ OAuthPermission that = (OAuthPermission)object;
+ if (this.httpVerbs != null && that.httpVerbs == null
+ || this.httpVerbs == null && that.httpVerbs != null
+ || this.httpVerbs != null &&
!this.httpVerbs.equals(that.httpVerbs)) {
+ return false;
+ }
+ if (this.uris != null && that.uris == null
+ || this.uris == null && that.uris != null
+ || this.uris != null && !this.uris.equals(that.uris)) {
+ return false;
+ }
+ if (this.permission != null && that.permission == null
+ || this.permission == null && that.permission != null
+ || this.permission != null &&
!this.permission.equals(that.permission)) {
+ return false;
+ }
+ if (this.description != null && that.description == null
+ || this.description == null && that.description != null
+ || this.description != null &&
!this.description.equals(that.description)) {
+ return false;
+ }
+ if (this.invisibleToClient != that.invisibleToClient) {
+ return false;
+ }
+ if (this.isDefault != that.isDefault) {
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ int hashCode = 17;
+ if (httpVerbs != null) {
+ hashCode = 31 * hashCode + httpVerbs.hashCode();
+ }
+ if (uris != null) {
+ hashCode = 31 * hashCode + uris.hashCode();
+ }
+ if (permission != null) {
+ hashCode = 31 * hashCode + permission.hashCode();
+ }
+ if (description != null) {
+ hashCode = 31 * hashCode + description.hashCode();
+ }
+ hashCode = 31 * hashCode + Boolean.hashCode(invisibleToClient);
+ hashCode = 31 * hashCode + Boolean.hashCode(isDefault);
+
+ return hashCode;
+ }
+>>>>>>> 8583a24... Add equals/hashCode methods for OAuthPermission so that the
containsAll call in AbstractOAuthDataProvider.doRefreshAccessToken works
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/dae28f01/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
----------------------------------------------------------------------
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
index ad09e75..636768f 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractImplicitGrantService.java
@@ -59,6 +59,7 @@ public abstract class AbstractImplicitGrantService extends
RedirectionBasedGrant
ServerAccessToken preAuthorizedToken) {
ServerAccessToken token = null;
if (preAuthorizedToken == null) {
+<<<<<<< HEAD
AccessTokenRegistration reg = new AccessTokenRegistration();
reg.setClient(client);
reg.setGrantType(OAuthConstants.IMPLICIT_GRANT);
@@ -69,6 +70,24 @@ public abstract class AbstractImplicitGrantService extends
RedirectionBasedGrant
reg.setApprovedScope(requestedScope);
} else {
reg.setApprovedScope(approvedScope);
+=======
+ tokenCanBeReturned = canAccessTokenBeReturned(requestedScope,
approvedScope);
+ if (tokenCanBeReturned) {
+ AccessTokenRegistration reg = new AccessTokenRegistration();
+ reg.setClient(client);
+ reg.setGrantType(super.getSupportedGrantType());
+ reg.setSubject(userSubject);
+ reg.setRequestedScope(requestedScope);
+ if (approvedScope == null || approvedScope.isEmpty()) {
+ // no down-scoping done by a user, all of the requested
scopes have been authorized
+ reg.setApprovedScope(requestedScope);
+ } else {
+ reg.setApprovedScope(approvedScope);
+ }
+ reg.setAudience(state.getAudience());
+ reg.setNonce(state.getNonce());
+ token = getDataProvider().createAccessToken(reg);
+>>>>>>> b7d3336... Add equals/hashCode methods for OAuthPermission so that the
containsAll call in AbstractOAuthDataProvider.doRefreshAccessToken works
}
reg.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
token = getDataProvider().createAccessToken(reg);
