Repository: cxf Updated Branches: refs/heads/master f8834cf0d -> 81f1f76a7
Return a correct error if a composite oAuth AS can not find the right service Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/81f1f76a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/81f1f76a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/81f1f76a Branch: refs/heads/master Commit: 81f1f76a71b23a38798b4dc6e266a707f8e0e44b Parents: f8834cf Author: Sergey Beryozkin <[email protected]> Authored: Mon Feb 8 12:05:34 2016 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Mon Feb 8 12:05:34 2016 +0000 ---------------------------------------------------------------------- .../oauth2/services/AuthorizationService.java | 34 +++++++++++++++----- 1 file changed, 26 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/81f1f76a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java index 376f74d..6f98b85 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java @@ -34,7 +34,8 @@ import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import org.apache.cxf.jaxrs.ext.MessageContext; -import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; +import org.apache.cxf.jaxrs.utils.JAXRSUtils; +import org.apache.cxf.rs.security.oauth2.common.OAuthError; import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; @Path("authorize") @@ -52,13 +53,23 @@ public class AuthorizationService { @GET @Produces({"application/xhtml+xml", "text/html", "application/xml", "application/json" }) public Response authorize(@QueryParam(OAuthConstants.RESPONSE_TYPE) String responseType) { - return getService(responseType).authorize(); + RedirectionBasedGrantService service = getService(responseType); + if (service != null) { + return service.authorize(); + } else { + return reportInvalidResponseType(); + } } @GET @Path("/decision") public Response authorizeDecision(@QueryParam(OAuthConstants.RESPONSE_TYPE) String responseType) { - return getService(responseType).authorizeDecision(); + RedirectionBasedGrantService service = getService(responseType); + if (service != null) { + return service.authorizeDecision(); + } else { + return reportInvalidResponseType(); + } } /** @@ -70,14 +81,16 @@ public class AuthorizationService { @Consumes("application/x-www-form-urlencoded") public Response authorizeDecisionForm(MultivaluedMap<String, String> params) { String responseType = params.getFirst(OAuthConstants.RESPONSE_TYPE); - return getService(responseType).authorizeDecisionForm(params); + RedirectionBasedGrantService service = getService(responseType); + if (service != null) { + return service.authorizeDecisionForm(params); + } else { + return reportInvalidResponseType(); + } } private RedirectionBasedGrantService getService(String responseType) { - if (responseType == null || !servicesMap.containsKey(responseType)) { - throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST); - } - return servicesMap.get(responseType); + return responseType == null ? null : servicesMap.get(responseType); } public void setServices(List<RedirectionBasedGrantService> services) { @@ -88,4 +101,9 @@ public class AuthorizationService { } } + + protected Response reportInvalidResponseType() { + return JAXRSUtils.toResponseBuilder(400) + .type("application/json").entity(new OAuthError(OAuthConstants.UNSUPPORTED_RESPONSE_TYPE)).build(); + } }
