[GitHub] cxf pull request: [CXF-6561] [CXF-6562] ResourceOwnerGrantHandler ...

Wed, 26 Aug 2015 16:49:32 -0700 

GitHub user karlvr opened a pull request:

    https://github.com/apache/cxf/pull/83

    [CXF-6561] [CXF-6562] ResourceOwnerGrantHandler improvements

    ResourceOwnerGrantHandler calls a customisable ResourceOwnerLoginHandler 
instance, however the `createSubject(String, String)` method declares no 
exceptions, and a null return value is not handled. This can possibly result in 
the issuing of an access token if the DataProvider doesn't check for the null 
subject.
    ResourceOwnerGrantHandler.createAccessToken(...) appears to expect that the 
ResourceOwnerLoginHandler will throw an `Exception` (literally any Exception), 
however the method signature of the ResourceOwnerLoginHandler interface doesn't 
allow that.
    
    Also, ResourceOwnerGrantHandler has a setter for loginHandler but not a 
getter. Minor, but perhaps we should add one for completeness?

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/karlvr/cxf resource-owner-grant

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cxf/pull/83.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #83
    
----
commit e407bc91bb0e48bf6feb6c4b12b3c7ced87a9732
Author: Karl von Randow <[email protected]>
Date:   2015-08-26T23:45:06Z

    [CXF-6561] ResourceOwnerGrantHandler: handle null result from loginHandler
    
    Document that ResourceOwnerLoginHandler should return null in the event 
that the user credentials are not valid.
    
    There is no need to catch a RuntimeException, or any Exception, as only 
RuntimeExceptions (or Errors) can be thrown by the createSubject method as it 
has no declared exceptions.

commit 62ebe027a7d0e24f4eca5da0fff93bcdea692776
Author: Karl von Randow <[email protected]>
Date:   2015-08-26T23:47:36Z

    [CXF-6562] ResourceOwnerGrantHandler: add getter for loginHandler

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

Reply via email to