Repository: cxf Updated Branches: refs/heads/master 144ee70dc -> 0b8ac3e0e
Making sure an empty/null secret is not used for getting tokens for public clients Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0b8ac3e0 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0b8ac3e0 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0b8ac3e0 Branch: refs/heads/master Commit: 0b8ac3e0e2488b015f52d178a33da943ce81ce0e Parents: 144ee70 Author: Sergey Beryozkin <sberyoz...@gmail.com> Authored: Fri Nov 13 11:35:16 2015 +0000 Committer: Sergey Beryozkin <sberyoz...@gmail.com> Committed: Fri Nov 13 11:35:16 2015 +0000 ---------------------------------------------------------------------- .../cxf/rs/security/oauth2/client/OAuthClientUtils.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/0b8ac3e0/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java index 971b481..17471f8 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/client/OAuthClientUtils.java @@ -33,6 +33,7 @@ import javax.ws.rs.core.Response; import javax.ws.rs.core.UriBuilder; import org.apache.cxf.common.util.Base64Utility; +import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.oauth2.common.AccessTokenGrant; import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; @@ -281,7 +282,8 @@ public final class OAuthClientUtils { } } if (consumer != null) { - if (setAuthorizationHeader) { + boolean secretAvailable = !StringUtils.isEmpty(consumer.getSecret()); + if (setAuthorizationHeader && secretAvailable) { StringBuilder sb = new StringBuilder(); sb.append("Basic "); try { @@ -293,7 +295,7 @@ public final class OAuthClientUtils { accessTokenService.replaceHeader("Authorization", sb.toString()); } else { form.param(OAuthConstants.CLIENT_ID, consumer.getKey()); - if (consumer.getSecret() != null) { + if (secretAvailable) { form.param(OAuthConstants.CLIENT_SECRET, consumer.getSecret()); } } @@ -315,7 +317,7 @@ public final class OAuthClientUtils { } else { return token; } - } else if (400 == response.getStatus() && map.containsKey(OAuthConstants.ERROR_KEY)) { + } else if (response.getStatus() >= 400 && map.containsKey(OAuthConstants.ERROR_KEY)) { OAuthError error = new OAuthError(map.get(OAuthConstants.ERROR_KEY), map.get(OAuthConstants.ERROR_DESCRIPTION_KEY)); error.setErrorUri(map.get(OAuthConstants.ERROR_URI_KEY));