This is an automated email from the ASF dual-hosted git repository.
buhhunyx pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 9d363d1 cxf-rt-rs-security-oauth2: fix 'Potential null dereference'
(#534)
9d363d1 is described below
commit 9d363d1a2b7090bb67b9b362b1b9effdec351347
Author: Alexey Markevich <buhhu...@gmail.com>
AuthorDate: Wed Apr 3 16:28:19 2019 +0300
cxf-rt-rs-security-oauth2: fix 'Potential null dereference' (#534)
* cxf-rt-rs-security-oauth2: fix 'Potential null dereference'
* typo
---
.../oauth2/grants/code/JPACodeDataProvider.java | 4 +-
.../oauth2/provider/JPAOAuthDataProvider.java | 72 ++++++++--------------
.../security/oauth2/tokens/hawk/HmacAlgorithm.java | 11 ++--
3 files changed, 34 insertions(+), 53 deletions(-)
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACodeDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACodeDataProvider.java
index a0b2001..f7f01f1 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACodeDataProvider.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/grants/code/JPACodeDataProvider.java
@@ -143,13 +143,13 @@ public class JPACodeDataProvider extends
JPAOAuthDataProvider implements Authori
if (c == null && resourceOwnerSubject == null) {
return em.createQuery("SELECT c FROM ServerAuthorizationCodeGrant
c",
ServerAuthorizationCodeGrant.class);
- } else if (c == null) {
+ } else if (c == null && resourceOwnerSubject != null) {
return em.createQuery(
"SELECT c FROM ServerAuthorizationCodeGrant"
+ " c JOIN c.subject s"
+ " WHERE s.login = :login",
ServerAuthorizationCodeGrant.class)
.setParameter("login", resourceOwnerSubject.getLogin());
- } else if (resourceOwnerSubject == null) {
+ } else if (c != null && resourceOwnerSubject == null) {
return em.createQuery(
"SELECT code FROM ServerAuthorizationCodeGrant code"
+ " JOIN code.client c"
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
index ae45789..b69b4be 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/JPAOAuthDataProvider.java
@@ -22,6 +22,7 @@ import java.util.ArrayList;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
+import java.util.Map;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
@@ -324,56 +325,37 @@ public class JPAOAuthDataProvider extends
AbstractOAuthDataProvider {
protected TypedQuery<BearerAccessToken> getTokensQuery(Client c,
UserSubject resourceOwnerSubject,
EntityManager
entityManager) {
- if (c == null && resourceOwnerSubject == null) {
- return entityManager.createQuery("SELECT t FROM BearerAccessToken
t", BearerAccessToken.class);
- } else if (c == null) {
- return entityManager.createQuery(
- "SELECT t FROM BearerAccessToken t"
- + " JOIN t.subject s"
- + " WHERE s.login = :login",
BearerAccessToken.class)
- .setParameter("login", resourceOwnerSubject.getLogin());
- } else if (resourceOwnerSubject == null) {
- return entityManager.createQuery(
- "SELECT t FROM BearerAccessToken t"
- + " JOIN t.client c"
- + " WHERE c.clientId = :clientId",
BearerAccessToken.class)
- .setParameter("clientId", c.getClientId());
- } else {
- return entityManager.createQuery(
- "SELECT t FROM BearerAccessToken t"
- + " JOIN t.subject s"
- + " JOIN t.client c"
- + " WHERE s.login = :login AND c.clientId =
:clientId", BearerAccessToken.class)
- .setParameter("login", resourceOwnerSubject.getLogin())
- .setParameter("clientId", c.getClientId());
- }
+ return getQuery("BearerAccessToken", c, resourceOwnerSubject,
entityManager, BearerAccessToken.class);
}
protected TypedQuery<RefreshToken> getRefreshTokensQuery(Client c,
UserSubject resourceOwnerSubject,
EntityManager
entityManager) {
- if (c == null && resourceOwnerSubject == null) {
- return entityManager.createQuery("SELECT t FROM RefreshToken t",
RefreshToken.class);
- } else if (c == null) {
- return entityManager.createQuery(
- "SELECT t FROM RefreshToken t"
- + " JOIN t.subject s"
- + " WHERE s.login = :login", RefreshToken.class)
- .setParameter("login", resourceOwnerSubject.getLogin());
- } else if (resourceOwnerSubject == null) {
- return entityManager.createQuery(
- "SELECT t FROM RefreshToken t"
- + " JOIN t.client c"
- + " WHERE c.clientId = :clientId",
RefreshToken.class)
- .setParameter("clientId", c.getClientId());
- } else {
- return entityManager.createQuery(
- "SELECT t FROM RefreshToken t"
- + " JOIN t.subject s"
- + " JOIN t.client c"
- + " WHERE s.login = :login AND c.clientId =
:clientId", RefreshToken.class)
- .setParameter("login", resourceOwnerSubject.getLogin())
- .setParameter("clientId", c.getClientId());
+ return getQuery("RefreshToken", c, resourceOwnerSubject,
entityManager, RefreshToken.class);
+ }
+
+ private static <T> TypedQuery<T> getQuery(String table, Client c,
UserSubject resourceOwnerSubject,
+ EntityManager entityManager, Class<T> resultClass) {
+ StringBuilder query = new StringBuilder("SELECT t FROM
").append(table).append(" t");
+ Map<String, Object> parameterMap = new HashMap<>();
+ if (c != null || resourceOwnerSubject != null) {
+ query.append(" WHERE");
+ if (c != null) {
+ query.append(" t.client.clientId = :clientId");
+ parameterMap.put("clientId", c.getClientId());
+ }
+ if (resourceOwnerSubject != null) {
+ if (!parameterMap.isEmpty()) {
+ query.append(" AND");
+ }
+ query.append(" t.subject.login = :login");
+ parameterMap.put("login", resourceOwnerSubject.getLogin());
+ }
+ }
+ TypedQuery<T> typedQuery = entityManager.createQuery(query.toString(),
resultClass);
+ for (Map.Entry<String, Object> entry : parameterMap.entrySet()) {
+ typedQuery.setParameter(entry.getKey(), entry.getValue());
}
+ return typedQuery;
}
/**
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HmacAlgorithm.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HmacAlgorithm.java
index 9d91ce7..9396dcc 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HmacAlgorithm.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HmacAlgorithm.java
@@ -41,13 +41,12 @@ public enum HmacAlgorithm {
}
public static HmacAlgorithm toHmacAlgorithm(String value) {
- if (OAuthConstants.HMAC_ALGO_SHA_1.equals(value)) {
- return HmacSHA1;
+ for (HmacAlgorithm ha : HmacAlgorithm.values()) {
+ if (ha.oauthName.equals(value)) {
+ return ha;
+ }
}
- if (OAuthConstants.HMAC_ALGO_SHA_256.equals(value)) {
- return HmacSHA256;
- }
- return null;
+ throw new IllegalArgumentException(value);
}
}
\ No newline at end of file
