Repository: cxf Updated Branches: refs/heads/master 728e60aa5 -> 8595d5ce7
Minor updates to the way the registration access token is checked Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8595d5ce Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8595d5ce Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8595d5ce Branch: refs/heads/master Commit: 8595d5ce7bdd5bf4760f9c233083ac774e38ecc6 Parents: 728e60a Author: Sergey Beryozkin <[email protected]> Authored: Tue Sep 27 13:23:23 2016 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Sep 27 13:23:23 2016 +0100 ---------------------------------------------------------------------- .../services/DynamicRegistrationService.java | 35 ++++++++++---------- .../idp/OidcDynamicRegistrationService.java | 4 +-- 2 files changed, 20 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/8595d5ce/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java index ab6cb46..090c84d 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java @@ -53,33 +53,35 @@ public class DynamicRegistrationService extends AbstractOAuthService { @POST @Consumes("application/json") @Produces("application/json") - public ClientRegistrationResponse register(ClientRegistration request) { + public Response register(ClientRegistration request) { checkInitialAccessToken(); Client client = createNewClient(request); createRegAccessToken(client); clientProvider.setClient(client); - return fromClientToRegistrationResponse(client); + return Response.status(201).entity(fromClientToRegistrationResponse(client)).build(); } protected void checkInitialAccessToken() { if (initialAccessToken != null) { - checkCurrentAccessToken(initialAccessToken); + String accessToken = getRequestAccessToken(); + if (!initialAccessToken.equals(accessToken)) { + throw ExceptionUtils.toNotAuthorizedException(null, null); + } } } protected String createRegAccessToken(Client client) { - //TODO: Passing AccessTokenRegistration to OAuthDataProvider may be needed String regAccessToken = OAuthUtils.generateRandomTokenKey(); client.getProperties().put(ClientRegistrationResponse.REG_ACCESS_TOKEN, regAccessToken); return regAccessToken; } - protected void checkCurrentAccessToken(String accessToken) { - String[] authParts = AuthorizationUtils.getAuthorizationParts(getMessageContext(), - Collections.singleton(OAuthConstants.BEARER_AUTHORIZATION_SCHEME)); - if (authParts.length != 2 || !authParts[1].equals(accessToken)) { + protected void checkRegistrationAccessToken(Client c, String accessToken) { + String regAccessToken = c.getProperties().get(ClientRegistrationResponse.REG_ACCESS_TOKEN); + + if (!regAccessToken.equals(accessToken)) { throw ExceptionUtils.toNotAuthorizedException(null, null); } } @@ -153,22 +155,17 @@ public class DynamicRegistrationService extends AbstractOAuthService { } protected Client readClient(String clientId) { + String accessToken = getRequestAccessToken(); + Client c = clientProvider.getClient(clientId); if (c == null) { throw ExceptionUtils.toNotAuthorizedException(null, null); } - String regAccessToken = c.getProperties().get(ClientRegistrationResponse.REG_ACCESS_TOKEN); - // Or check OAuthDataProvider.getAccessToken - // if OAuthDataProvider.createAccessToken was used - - validateRegistrationAccessToken(regAccessToken); + checkRegistrationAccessToken(c, accessToken); return c; } - protected void validateRegistrationAccessToken(String accessToken) { - checkCurrentAccessToken(accessToken); - } - + public String getInitialAccessToken() { return initialAccessToken; } @@ -277,6 +274,10 @@ public class DynamicRegistrationService extends AbstractOAuthService { getClientSecretSizeInBytes(request))); } + protected String getRequestAccessToken() { + return AuthorizationUtils.getAuthorizationParts(getMessageContext(), + Collections.singleton(OAuthConstants.BEARER_AUTHORIZATION_SCHEME))[1]; + } protected int getClientSecretSizeInBytes(ClientRegistration request) { return 16; } http://git-wip-us.apache.org/repos/asf/cxf/blob/8595d5ce/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcDynamicRegistrationService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcDynamicRegistrationService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcDynamicRegistrationService.java index e4d9840..66a2baf 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcDynamicRegistrationService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcDynamicRegistrationService.java @@ -21,10 +21,10 @@ package org.apache.cxf.rs.security.oidc.idp; import javax.ws.rs.Consumes; import javax.ws.rs.POST; import javax.ws.rs.Produces; +import javax.ws.rs.core.Response; import org.apache.cxf.rs.security.oauth2.common.Client; import org.apache.cxf.rs.security.oauth2.services.ClientRegistration; -import org.apache.cxf.rs.security.oauth2.services.ClientRegistrationResponse; import org.apache.cxf.rs.security.oauth2.services.DynamicRegistrationService; public class OidcDynamicRegistrationService extends DynamicRegistrationService { @@ -33,7 +33,7 @@ public class OidcDynamicRegistrationService extends DynamicRegistrationService { @POST @Consumes("application/json") @Produces("application/json") - public ClientRegistrationResponse register(OidcClientRegistration request) { + public Response register(OidcClientRegistration request) { return super.register(request); }
