Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 3e4d51342 -> 1d5b5a954
[CXF-5599] Optional support for tokens embedded in form payloads Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1d5b5a95 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1d5b5a95 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1d5b5a95 Branch: refs/heads/2.7.x-fixes Commit: 1d5b5a954d148087ac5e085870290b2442b986e6 Parents: 3e4d513 Author: Sergey Beryozkin <[email protected]> Authored: Tue Mar 11 13:52:59 2014 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Tue Mar 11 15:56:22 2014 +0000 ---------------------------------------------------------------------- .../oauth2/filters/OAuthRequestFilter.java | 41 +++++++++++++++++++- .../oauth2/utils/AuthorizationUtils.java | 8 +++- 2 files changed, 47 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/1d5b5a95/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java index 0058a6d..b3cbed5 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java @@ -24,14 +24,20 @@ import java.util.List; import java.util.logging.Logger; import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.HttpMethod; import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; import javax.ws.rs.ext.Provider; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.security.SimplePrincipal; import org.apache.cxf.jaxrs.ext.RequestHandler; +import org.apache.cxf.jaxrs.ext.form.Form; import org.apache.cxf.jaxrs.model.ClassResourceInfo; +import org.apache.cxf.jaxrs.provider.FormEncodingProvider; +import org.apache.cxf.jaxrs.utils.FormUtils; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.phase.PhaseInterceptorChain; @@ -41,6 +47,7 @@ import org.apache.cxf.rs.security.oauth2.common.OAuthPermission; import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.services.AbstractAccessTokenValidator; import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils; import org.apache.cxf.security.SecurityContext; @@ -53,6 +60,7 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator implements private boolean useUserSubject; private boolean audienceIsEndpointAddress; + private boolean checkFormData; public Response handleRequest(Message m, ClassResourceInfo resourceClass) { validateRequest(m); @@ -196,7 +204,38 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator implements this.audienceIsEndpointAddress = audienceIsEndpointAddress; } + public void setCheckFormData(boolean checkFormData) { + this.checkFormData = checkFormData; + } + protected String[] getAuthorizationParts(Message m) { - return AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes); + if (!checkFormData) { + return AuthorizationUtils.getAuthorizationParts(getMessageContext(), supportedSchemes); + } else { + return new String[]{OAuthConstants.BEARER_AUTHORIZATION_SCHEME, getTokenFromFormData(m)}; + } } + + protected String getTokenFromFormData(Message message) { + String method = (String)message.get(Message.HTTP_REQUEST_METHOD); + String type = (String)message.get(Message.CONTENT_TYPE); + if (type != null && MediaType.APPLICATION_FORM_URLENCODED.startsWith(type) + && method != null && (method.equals(HttpMethod.POST) || method.equals(HttpMethod.PUT))) { + try { + FormEncodingProvider<Form> provider = new FormEncodingProvider<Form>(true); + Form form = FormUtils.readForm(provider, message); + MultivaluedMap<String, String> formData = form.getData(); + String token = formData.getFirst(OAuthConstants.ACCESS_TOKEN); + if (token != null) { + FormUtils.restoreForm(provider, form, message); + return token; + } + } catch (Exception ex) { + // the exception will be thrown below + } + } + AuthorizationUtils.throwAuthorizationFailure(supportedSchemes, realm); + return null; + } + } http://git-wip-us.apache.org/repos/asf/cxf/blob/1d5b5a95/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java index 8f72b65..21f758c 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java @@ -59,6 +59,12 @@ public final class AuthorizationUtils { public static String[] getAuthorizationParts(MessageContext mc, Set<String> challenges) { + return getAuthorizationParts(mc, challenges, null); + } + + public static String[] getAuthorizationParts(MessageContext mc, + Set<String> challenges, + String realm) { List<String> headers = mc.getHttpHeaders().getRequestHeader("Authorization"); if (headers.size() == 1) { String[] parts = headers.get(0).split(" "); @@ -66,7 +72,7 @@ public final class AuthorizationUtils { return parts; } } - throwAuthorizationFailure(challenges); + throwAuthorizationFailure(challenges, realm); return null; }
