Repository: cxf Updated Branches: refs/heads/master f24ad7978 -> 6b3ff95e2
Starting with a dynamic registration service test, more to follow Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6b3ff95e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6b3ff95e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6b3ff95e Branch: refs/heads/master Commit: 6b3ff95e2ce646140d436dbaf020479ede748230 Parents: f24ad79 Author: Sergey Beryozkin <[email protected]> Authored: Fri Sep 23 12:48:59 2016 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Fri Sep 23 12:48:59 2016 +0100 ---------------------------------------------------------------------- .../rs/security/oauth2/services/DynamicRegistrationService.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/6b3ff95e/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java index a0d6bc7..78b971d 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java @@ -80,7 +80,7 @@ public class DynamicRegistrationService extends AbstractOAuthService { String[] authParts = AuthorizationUtils.getAuthorizationParts(getMessageContext(), Collections.singleton(OAuthConstants.BEARER_AUTHORIZATION_SCHEME)); if (authParts.length != 2 || !authParts[1].equals(accessToken)) { - throw ExceptionUtils.toForbiddenException(null, null); + throw ExceptionUtils.toNotAuthorizedException(null, null); } } @@ -141,6 +141,9 @@ public class DynamicRegistrationService extends AbstractOAuthService { protected Client readClient(String clientId) { Client c = clientProvider.getClient(clientId); + if (c == null) { + throw ExceptionUtils.toNotAuthorizedException(null, null); + } String regAccessToken = c.getProperties().get(ClientRegistrationResponse.REG_ACCESS_TOKEN); // Or check OAuthDataProvider.getAccessToken // if OAuthDataProvider.createAccessToken was used
