Repository: cxf Updated Branches: refs/heads/master fadc6492c -> 86ad39342
Passing a user preference about hiding already authorized scopes in a form Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/86ad3934 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/86ad3934 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/86ad3934 Branch: refs/heads/master Commit: 86ad393426e77313c34c45b447aad848c6f92be7 Parents: fadc649 Author: Sergey Beryozkin <[email protected]> Authored: Thu Jan 28 16:14:41 2016 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Thu Jan 28 16:14:41 2016 +0000 ---------------------------------------------------------------------- .../rs/security/oauth2/common/OAuthAuthorizationData.java | 9 +++++++++ .../oauth2/services/RedirectionBasedGrantService.java | 10 +++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/86ad3934/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java index d234f31..04618d6 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java @@ -50,6 +50,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser private List<OAuthPermission> permissions; private List<OAuthPermission> alreadyAuthorizedPermissions; + private boolean hidePreauthorizedScopesInForm; public OAuthAuthorizationData() { } @@ -219,4 +220,12 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser this.implicitFlow = implicitFlow; } + public boolean isHidePreauthorizedScopesInForm() { + return hidePreauthorizedScopesInForm; + } + + public void setHidePreauthorizedScopesInForm(boolean hidePreauthorizedScopesInForm) { + this.hidePreauthorizedScopesInForm = hidePreauthorizedScopesInForm; + } + } http://git-wip-us.apache.org/repos/asf/cxf/blob/86ad3934/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java index 133ce30..597f7ea 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java @@ -65,6 +65,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService private ResourceOwnerNameProvider resourceOwnerNameProvider; private int maxDefaultSessionInterval; private boolean matchRedirectUriWithApplicationUri; + private boolean hidePreauthorizedScopesInForm; protected RedirectionBasedGrantService(String supportedResponseType, String supportedGrantType) { @@ -177,6 +178,9 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService alreadyAuthorizedPerms = preAuthorizedToken.getScopes(); preAuthorizationComplete = OAuthUtils.convertPermissionsToScopeList(alreadyAuthorizedPerms).containsAll(requestedScope); + if (!preAuthorizationComplete) { + preAuthorizedToken = null; + } } final boolean authorizationCanBeSkipped = preAuthorizationComplete || canAuthorizationBeSkipped(client, userSubject, requestedScope, requestedPermissions); @@ -190,7 +194,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService if (authorizationCanBeSkipped) { List<OAuthPermission> approvedScopes = - preAuthorizedToken != null ? preAuthorizedToken.getScopes() : requestedPermissions; + preAuthorizationComplete ? preAuthorizedToken.getScopes() : requestedPermissions; return createGrant(data, client, requestedScope, @@ -239,6 +243,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService if (!authorizationCanBeSkipped) { secData.setPermissions(requestedPerms); secData.setAlreadyAuthorizedPermissions(alreadyAuthorizedPerms); + secData.setHidePreauthorizedScopesInForm(hidePreauthorizedScopesInForm); secData.setApplicationName(client.getApplicationName()); secData.setApplicationWebUri(client.getApplicationWebUri()); secData.setApplicationDescription(client.getApplicationDescription()); @@ -503,4 +508,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService public void setMatchRedirectUriWithApplicationUri(boolean matchRedirectUriWithApplicationUri) { this.matchRedirectUriWithApplicationUri = matchRedirectUriWithApplicationUri; } + public void setHidePreauthorizedScopesInForm(boolean hidePreauthorizedScopesInForm) { + this.hidePreauthorizedScopesInForm = hidePreauthorizedScopesInForm; + } }
