I don't see any issues as I use both query and header style. Raymond Feng Sent from my iPhone
On May 9, 2012, at 7:23 AM, Antonio Sanso <[email protected]> wrote: > Hi Raymond > > On May 2, 2012, at 5:23 PM, Raymond Feng wrote: > >> Hi, >> >> It's probably in the same area but not the same. My fix solves the issue >> that the validator/extractor accidentally destructs the HTTP POST/PUT >> payload when the Content-Type is application/x-www-form-urlencoded as the >> HttpServletRequest's parameter related methods try to decode the parameters >> from the body. >> >> For AMBER-15, there are two things to consider: >> >> 1) We need to make sure the list of parameter style validators/extractors >> don't interfere with each other >> 2) We also want to make sure that only one access token is used. > > so what you would do if more than style is used at the same time? At the > moment an exception is thrown if I do not get wrong. > > Regards > > Antonio > > >> >> The current seems to be fine even though we try to construct the exception >> instances. I tested Query/Header styles but not the body one. >> >> Do we have a test case showing the problem? >> >> Thanks, >> Raymond >> >> On May 2, 2012, at 8:12 AM, Antonio Sanso wrote: >> >>> Good stuff Raymond. >>> >>> Does this fix/is related to AMBER-15? >>> >>> Thanks >>> >>> Antonio >>> >>> On May 1, 2012, at 5:34 AM, <[email protected]> <[email protected]> wrote: >>> >>>> Author: rfeng >>>> Date: Tue May 1 03:34:41 2012 >>>> New Revision: 1332515 >>>> >>>> URL: http://svn.apache.org/viewvc?rev=1332515&view=rev >>>> Log: >>>> Fix the code to not mess up with HTTP POST body >>>> >>>> Modified: >>>> incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java >>>> >>>> Modified: >>>> incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java >>>> URL: >>>> http://svn.apache.org/viewvc/incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java?rev=1332515&r1=1332514&r2=1332515&view=diff >>>> ============================================================================== >>>> --- >>>> incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java >>>> (original) >>>> +++ >>>> incubator/amber/trunk/oauth-2.0/oauth2-resourceserver/src/main/java/org/apache/amber/oauth2/rs/extractor/BearerQueryTokenExtractor.java >>>> Tue May 1 03:34:41 2012 >>>> @@ -21,6 +21,9 @@ >>>> >>>> package org.apache.amber.oauth2.rs.extractor; >>>> >>>> +import java.io.UnsupportedEncodingException; >>>> +import java.net.URLDecoder; >>>> + >>>> import javax.servlet.http.HttpServletRequest; >>>> >>>> import org.apache.amber.oauth2.common.OAuth; >>>> @@ -34,16 +37,48 @@ public class BearerQueryTokenExtractor i >>>> >>>> @Override >>>> public String getAccessToken(HttpServletRequest request) { >>>> - String token = request.getParameter(OAuth.OAUTH_BEARER_TOKEN); >>>> + String token = getQueryParameter(request, >>>> OAuth.OAUTH_BEARER_TOKEN); >>>> if (token == null) { >>>> - token = request.getParameter(OAuth.OAUTH_TOKEN); >>>> + token = getQueryParameter(request, OAuth.OAUTH_TOKEN); >>>> } >>>> return token; >>>> } >>>> >>>> @Override >>>> public String getAccessToken(HttpServletRequest request, String >>>> tokenName) { >>>> - return request.getParameter(tokenName); >>>> + return getQueryParameter(request, tokenName); >>>> + } >>>> + >>>> + /** >>>> + * A replacement for HttpServletRequest.getParameter() as it will >>>> mess up with HTTP POST body >>>> + * @param request >>>> + * @param name >>>> + * @return >>>> + */ >>>> + private String getQueryParameter(HttpServletRequest request, String >>>> name) { >>>> + String query = request.getQueryString(); >>>> + if (query == null) { >>>> + return null; >>>> + } >>>> + String[] params = query.split("&"); >>>> + for (String param : params) { >>>> + try { >>>> + param = URLDecoder.decode(param, "UTF-8"); >>>> + } catch (UnsupportedEncodingException e) { >>>> + // Ignore >>>> + } >>>> + int index = param.indexOf('='); >>>> + String key = param; >>>> + String value = null; >>>> + if (index != -1) { >>>> + key = param.substring(0, index); >>>> + value = param.substring(index + 1); >>>> + } >>>> + if (key.equals(name)) { >>>> + return value; >>>> + } >>>> + } >>>> + return null; >>>> } >>>> >>>> } >>>> >>>> >>> >> >
