Repository: cxf Updated Branches: refs/heads/3.0.x-fixes b14d56de7 -> ea30a2c24
[CXF-6142] Updating AcceptTokenValidator interface Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ea30a2c2 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ea30a2c2 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ea30a2c2 Branch: refs/heads/3.0.x-fixes Commit: ea30a2c24b15d8e3a4d2c11187037b5619f638d3 Parents: b14d56d Author: Sergey Beryozkin <sberyoz...@talend.com> Authored: Tue Dec 9 11:21:21 2014 +0000 Committer: Sergey Beryozkin <sberyoz...@talend.com> Committed: Wed Dec 10 17:12:11 2014 +0000 ---------------------------------------------------------------------- .../oauth2/filters/AccessTokenValidatorClient.java | 16 +++++++++++----- .../security/oauth2/filters/OAuthRequestFilter.java | 2 +- .../oauth2/provider/AccessTokenValidator.java | 5 ++++- .../services/AbstractAccessTokenValidator.java | 7 +++++-- .../services/AccessTokenValidatorService.java | 2 +- .../hawk/AbstractHawkAccessTokenValidator.java | 15 ++++++++++----- .../tokens/hawk/HawkAccessTokenValidator.java | 8 ++++++-- .../tokens/hawk/HawkAccessTokenValidatorClient.java | 11 +++++++---- .../tokens/hawk/HawkAccessTokenValidatorTest.java | 3 ++- 9 files changed, 47 insertions(+), 22 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/ea30a2c2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java index 7f76407..984995b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/AccessTokenValidatorClient.java @@ -21,10 +21,11 @@ package org.apache.cxf.rs.security.oauth2.filters; import java.util.Collections; import java.util.List; -import javax.ws.rs.core.Form; +import javax.ws.rs.core.MultivaluedMap; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.jaxrs.ext.MessageContext; +import org.apache.cxf.jaxrs.impl.MetadataMap; import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation; import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; @@ -40,12 +41,17 @@ public class AccessTokenValidatorClient implements AccessTokenValidator { public AccessTokenValidation validateAccessToken(MessageContext mc, String authScheme, - String authSchemeData) + String authSchemeData, + MultivaluedMap<String, String> extraProps) throws OAuthServiceException { WebClient client = WebClient.fromClient(tokenValidatorClient, true); - Form form = new Form().param(OAuthConstants.AUTHORIZATION_SCHEME_TYPE, authScheme) - .param(OAuthConstants.AUTHORIZATION_SCHEME_DATA, authSchemeData); - return client.post(form, AccessTokenValidation.class); + MultivaluedMap<String, String> props = new MetadataMap<String, String>(); + props.putSingle(OAuthConstants.AUTHORIZATION_SCHEME_TYPE, authScheme); + props.putSingle(OAuthConstants.AUTHORIZATION_SCHEME_DATA, authSchemeData); + if (extraProps != null) { + props.putAll(extraProps); + } + return client.post(props, AccessTokenValidation.class); } public void setTokenValidatorClient(WebClient tokenValidatorClient) { http://git-wip-us.apache.org/repos/asf/cxf/blob/ea30a2c2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java index e8c052c..a41292a 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java @@ -85,7 +85,7 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator String authSchemeData = authParts[1]; // Get the access token - AccessTokenValidation accessTokenV = getAccessTokenValidation(authScheme, authSchemeData); + AccessTokenValidation accessTokenV = getAccessTokenValidation(authScheme, authSchemeData, null); // Find the scopes which match the current request http://git-wip-us.apache.org/repos/asf/cxf/blob/ea30a2c2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java index 0826361..96151d8 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AccessTokenValidator.java @@ -21,6 +21,8 @@ package org.apache.cxf.rs.security.oauth2.provider; import java.util.List; +import javax.ws.rs.core.MultivaluedMap; + import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation; @@ -28,6 +30,7 @@ public interface AccessTokenValidator { List<String> getSupportedAuthorizationSchemes(); AccessTokenValidation validateAccessToken(MessageContext mc, String authScheme, - String authSchemeData) + String authSchemeData, + MultivaluedMap<String, String> extraProps) throws OAuthServiceException; } http://git-wip-us.apache.org/repos/asf/cxf/blob/ea30a2c2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java index 16146f9..4594e35 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.java @@ -25,6 +25,7 @@ import java.util.List; import java.util.Set; import javax.ws.rs.core.Context; +import javax.ws.rs.core.MultivaluedMap; import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.jaxrs.ext.MessageContextImpl; @@ -90,7 +91,8 @@ public abstract class AbstractAccessTokenValidator { /** * Get the access token */ - protected AccessTokenValidation getAccessTokenValidation(String authScheme, String authSchemeData) { + protected AccessTokenValidation getAccessTokenValidation(String authScheme, String authSchemeData, + MultivaluedMap<String, String> extraProps) { AccessTokenValidation accessTokenV = null; if (dataProvider == null && tokenHandlers.isEmpty()) { throw ExceptionUtils.toInternalServerErrorException(null, null); @@ -101,7 +103,8 @@ public abstract class AbstractAccessTokenValidator { if (handler != null) { try { // Convert the HTTP Authorization scheme data into a token - accessTokenV = handler.validateAccessToken(getMessageContext(), authScheme, authSchemeData); + accessTokenV = handler.validateAccessToken(getMessageContext(), authScheme, authSchemeData, + extraProps); } catch (OAuthServiceException ex) { AuthorizationUtils.throwAuthorizationFailure( Collections.singleton(authScheme), realm); http://git-wip-us.apache.org/repos/asf/cxf/blob/ea30a2c2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java index 6f80679..6cb4a4b 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.java @@ -41,6 +41,6 @@ public class AccessTokenValidatorService extends AbstractAccessTokenValidator { } String authScheme = params.getFirst(OAuthConstants.AUTHORIZATION_SCHEME_TYPE); String authSchemeData = params.getFirst(OAuthConstants.AUTHORIZATION_SCHEME_DATA); - return super.getAccessTokenValidation(authScheme, authSchemeData); + return super.getAccessTokenValidation(authScheme, authSchemeData, params); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/ea30a2c2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java index dbecb50..82f655e 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java @@ -24,6 +24,8 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import javax.ws.rs.core.MultivaluedMap; + import org.apache.cxf.common.util.Base64Exception; import org.apache.cxf.common.util.Base64Utility; import org.apache.cxf.common.util.crypto.HmacUtils; @@ -42,11 +44,12 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal } public AccessTokenValidation validateAccessToken(MessageContext mc, - String authScheme, - String authSchemeData) throws OAuthServiceException { + String authScheme, String authSchemeData, MultivaluedMap<String, String> extraProps) + throws OAuthServiceException { Map<String, String> schemeParams = getSchemeParameters(authSchemeData); - AccessTokenValidation atv = getAccessTokenValidation(mc, schemeParams, authSchemeData); + AccessTokenValidation atv = + getAccessTokenValidation(mc, authScheme, authSchemeData, extraProps, schemeParams); String macKey = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_KEY); String macAlgo = atv.getExtraProps().get(OAuthConstants.HAWK_TOKEN_ALGORITHM); @@ -74,8 +77,10 @@ public abstract class AbstractHawkAccessTokenValidator implements AccessTokenVal } protected abstract AccessTokenValidation getAccessTokenValidation(MessageContext mc, - Map<String, String> schemeParams, - String authSchemeData); + String authScheme, + String authSchemeData, + MultivaluedMap<String, String> extraProps, + Map<String, String> schemeParams); private static Map<String, String> getSchemeParameters(String authData) { String[] attributePairs = authData.split(","); http://git-wip-us.apache.org/repos/asf/cxf/blob/ea30a2c2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java index 9955ffe..977c531 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidator.java @@ -20,6 +20,8 @@ package org.apache.cxf.rs.security.oauth2.tokens.hawk; import java.util.Map; +import javax.ws.rs.core.MultivaluedMap; + import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation; import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken; @@ -32,8 +34,10 @@ public class HawkAccessTokenValidator extends AbstractHawkAccessTokenValidator { private boolean remoteSignatureValidation; protected AccessTokenValidation getAccessTokenValidation(MessageContext mc, - Map<String, String> schemeParams, - String authSchemeData) { + String authScheme, + String authSchemeData, + MultivaluedMap<String, String> extraProps, + Map<String, String> schemeParams) { String macKey = schemeParams.get(OAuthConstants.HAWK_TOKEN_ID); ServerAccessToken accessToken = dataProvider.getAccessToken(macKey); if (!(accessToken instanceof HawkAccessToken)) { http://git-wip-us.apache.org/repos/asf/cxf/blob/ea30a2c2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java index 8e615fb..4ab3a0f 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorClient.java @@ -21,6 +21,8 @@ package org.apache.cxf.rs.security.oauth2.tokens.hawk; import java.util.List; import java.util.Map; +import javax.ws.rs.core.MultivaluedMap; + import org.apache.cxf.jaxrs.ext.MessageContext; import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation; import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator; @@ -30,10 +32,11 @@ public class HawkAccessTokenValidatorClient extends AbstractHawkAccessTokenValid private AccessTokenValidator validator; protected AccessTokenValidation getAccessTokenValidation(MessageContext mc, - Map<String, String> schemeParams, - String authSchemeData) { - return validator.validateAccessToken(mc, OAuthConstants.HAWK_AUTHORIZATION_SCHEME, - authSchemeData); + String authScheme, + String authSchemeData, + MultivaluedMap<String, String> extraProps, + Map<String, String> schemeParams) { + return validator.validateAccessToken(mc, authScheme, authSchemeData, extraProps); } public void setValidator(AccessTokenValidator validator) { http://git-wip-us.apache.org/repos/asf/cxf/blob/ea30a2c2/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorTest.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorTest.java b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorTest.java index 65de61d..ebb213a 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorTest.java +++ b/rt/rs/security/oauth-parent/oauth2/src/test/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/HawkAccessTokenValidatorTest.java @@ -63,7 +63,8 @@ public class HawkAccessTokenValidatorTest extends Assert { AccessTokenValidation tokenValidation = validator .validateAccessToken(messageContext, OAuthConstants.HAWK_AUTHORIZATION_SCHEME, - authData.split(" ")[1]); + authData.split(" ")[1], + null); assertNotNull(tokenValidation); EasyMock.verify(dataProvider, messageContext, httpRequest); }