This is an automated email from the ASF dual-hosted git repository.
buhhunyx pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new aca3a18 cxf-rt-rs-security-oauth2: check response mediatype (#539)
aca3a18 is described below
commit aca3a18b2fb5cae542d8a34f3c804fb0dc02ce73
Author: Alexey Markevich <[email protected]>
AuthorDate: Wed Apr 10 15:16:33 2019 +0300
cxf-rt-rs-security-oauth2: check response mediatype (#539)
* cxf-rt-rs-security-oauth2: check response mediatype
* check for missing mediatype
---
.../security/oauth2/client/OAuthClientUtils.java | 21 +++---
.../oauth2/client/OAuthClientUtilsTest.java | 78 ++++++++++++++++++++++
2 files changed, 89 insertions(+), 10 deletions(-)
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
index 620e5c5..0698797 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java
@@ -18,7 +18,6 @@
*/
package org.apache.cxf.rs.security.oauth2.client;
-import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
@@ -29,6 +28,7 @@ import javax.ws.rs.ProcessingException;
import javax.ws.rs.client.ResponseProcessingException;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
@@ -287,8 +287,7 @@ public final class OAuthClientUtils {
if (consumer != null) {
boolean secretAvailable =
!StringUtils.isEmpty(consumer.getClientSecret());
if (setAuthorizationHeader && secretAvailable) {
- StringBuilder sb = new StringBuilder();
- sb.append("Basic ");
+ StringBuilder sb = new StringBuilder("Basic ");
try {
String data = consumer.getClientId() + ":" +
consumer.getClientSecret();
sb.append(Base64Utility.encode(data.getBytes(StandardCharsets.UTF_8)));
@@ -307,10 +306,13 @@ public final class OAuthClientUtils {
// the authenticated credentials and the client registration id
}
Response response = accessTokenService.form(form);
- Map<String, String> map = null;
+ final Map<String, String> map;
try {
- map = new
OAuthJSONProvider().readJSONResponse((InputStream)response.getEntity());
- } catch (IOException ex) {
+ map = response.getMediaType() == null
+ ||
response.getMediaType().isCompatible(MediaType.APPLICATION_JSON_TYPE)
+ ? new
OAuthJSONProvider().readJSONResponse((InputStream) response.getEntity())
+ : Collections.emptyMap();
+ } catch (Exception ex) {
throw new ResponseProcessingException(response, ex);
}
if (200 == response.getStatus()) {
@@ -334,16 +336,15 @@ public final class OAuthClientUtils {
public static ClientAccessToken fromMapToClientToken(Map<String, String>
map,
String
defaultTokenType) {
- if (map.containsKey(OAuthConstants.ACCESS_TOKEN)) {
+ final String tokenKey = map.remove(OAuthConstants.ACCESS_TOKEN);
+ if (tokenKey != null) {
String tokenType = map.remove(OAuthConstants.ACCESS_TOKEN_TYPE);
if (tokenType == null) {
tokenType = defaultTokenType;
}
if (tokenType != null) {
- ClientAccessToken token = new ClientAccessToken(
- tokenType,
-
map.remove(OAuthConstants.ACCESS_TOKEN));
+ ClientAccessToken token = new ClientAccessToken(tokenType,
tokenKey);
String refreshToken = map.remove(OAuthConstants.REFRESH_TOKEN);
if (refreshToken != null) {
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtilsTest.java
b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtilsTest.java
new file mode 100644
index 0000000..a50c057
--- /dev/null
+++
b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtilsTest.java
@@ -0,0 +1,78 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.oauth2.client;
+
+import java.io.ByteArrayInputStream;
+
+import javax.ws.rs.core.Form;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
+import org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrant;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+
+import org.junit.Test;
+
+import static org.easymock.EasyMock.anyObject;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.mock;
+import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.verify;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+
+public class OAuthClientUtilsTest {
+
+ @Test
+ public void getAccessToken() {
+ WebClient accessTokenService = mock(WebClient.class);
+ String tokenKey = "tokenKey";
+ String response = "{\"" + OAuthConstants.ACCESS_TOKEN + "\":\"" +
tokenKey + "\"}";
+ expect(accessTokenService.form(anyObject(Form.class))).andReturn(
+ Response.ok(new ByteArrayInputStream(response.getBytes()),
MediaType.APPLICATION_JSON).build());
+ replay(accessTokenService);
+
+ ClientAccessToken cat =
OAuthClientUtils.getAccessToken(accessTokenService, null, new
RefreshTokenGrant(""),
+ null, "defaultTokenType", false);
+ assertEquals(tokenKey, cat.getTokenKey());
+
+ verify(accessTokenService);
+ }
+
+ @Test
+ public void getAccessTokenInternalServerError() {
+ WebClient accessTokenService = mock(WebClient.class);
+ expect(accessTokenService.form(anyObject(Form.class)))
+ .andReturn(Response.serverError().type(MediaType.TEXT_PLAIN)
+ .entity(new ByteArrayInputStream("Unrecoverable error
in the server.".getBytes())).build());
+ replay(accessTokenService);
+
+ try {
+ OAuthClientUtils.getAccessToken(accessTokenService, null, new
RefreshTokenGrant(""), null, null, false);
+ fail();
+ } catch (OAuthServiceException e) {
+ assertEquals(OAuthConstants.SERVER_ERROR, e.getMessage());
+ } finally {
+ verify(accessTokenService);
+ }
+ }
+}
\ No newline at end of file
