Repository: cxf Updated Branches: refs/heads/master e557d6f2c -> c70e021bc
[CXF-5599] Optional support for tokens embedded in form payloads Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c70e021b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c70e021b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c70e021b Branch: refs/heads/master Commit: c70e021bc821717a653db28ea09ade8d6c26889e Parents: e557d6f Author: Sergey Beryozkin <[email protected]> Authored: Tue Mar 11 13:52:59 2014 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Mar 11 13:52:59 2014 +0000 ---------------------------------------------------------------------- .../oauth2/filters/OAuthRequestFilter.java | 41 +++++++++++++++++++- .../oauth2/utils/AuthorizationUtils.java | 8 +++- 2 files changed, 47 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/c70e021b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java index eb57240..4522512 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java @@ -24,14 +24,20 @@ import java.util.List; import java.util.logging.Logger; import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.HttpMethod; import javax.ws.rs.WebApplicationException; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerRequestFilter; import javax.ws.rs.container.PreMatching; +import javax.ws.rs.core.Form; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.ext.Provider; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.security.SimplePrincipal; +import org.apache.cxf.jaxrs.provider.FormEncodingProvider; +import org.apache.cxf.jaxrs.utils.FormUtils; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; @@ -42,6 +48,7 @@ import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.services.AbstractAccessTokenValidator; import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; import org.apache.cxf.security.SecurityContext; @@ -56,6 +63,7 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator private boolean useUserSubject; private boolean audienceIsEndpointAddress; + private boolean checkFormData; public void filter(ContainerRequestContext context) { validateRequest(JAXRSUtils.getCurrentMessage()); @@ -198,7 +206,38 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator this.audienceIsEndpointAddress = audienceIsEndpointAddress; } + public void setCheckFormData(boolean checkFormData) { + this.checkFormData = checkFormData; + } + protected String[] getAuthorizationParts(Message m) { - return AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes); + if (!checkFormData) { + return AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes); + } else { + return new String[]{OAuthConstants.BEARER_AUTHORIZATION_SCHEME, getTokenFromFormData(m)}; + } + } + + protected String getTokenFromFormData(Message message) { + String method = (String)message.get(Message.HTTP_REQUEST_METHOD); + String type = (String)message.get(Message.CONTENT_TYPE); + if (type != null && MediaType.APPLICATION_FORM_URLENCODED.startsWith(type) + && method != null && (method.equals(HttpMethod.POST) || method.equals(HttpMethod.PUT))) { + try { + FormEncodingProvider<Form> provider = new FormEncodingProvider<Form>(true); + Form form = FormUtils.readForm(provider, message); + MultivaluedMap<String, String> formData = form.asMap(); + String token = formData.getFirst(OAuthConstants.ACCESS_TOKEN); + if (token != null) { + FormUtils.restoreForm(provider, form, message); + return token; + } + } catch (Exception ex) { + // the exception will be thrown below + } + } + AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm); + return null; } + } http://git-wip-us.apache.org/repos/asf/cxf/blob/c70e021b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java index 8f72b65..21f758c 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java @@ -59,6 +59,12 @@ public final class AuthorizationUtils { public static String[] getAuthorizationParts(MessageContext mc, Set<String> challenges) { + return getAuthorizationParts(mc, challenges, null); + } + + public static String[] getAuthorizationParts(MessageContext mc, + Set<String> challenges, + String realm) { List<String> headers = mc.getHttpHeaders().getRequestHeader("Authorization"); if (headers.size() == 1) { String[] parts = headers.get(0).split(" "); @@ -66,7 +72,7 @@ public final class AuthorizationUtils { return parts; } } - throwAuthorizationFailure(challenges); + throwAuthorizationFailure(challenges, realm); return null; }
