Make sure the default scopes are returned to the user
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/796fda4c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/796fda4c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/796fda4c Branch: refs/heads/master Commit: 796fda4c78788994686f2cad961b5bbdf8bcb4ef Parents: 0b9ce1c Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Fri Dec 4 16:13:13 2015 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Fri Dec 4 16:35:04 2015 +0000 ---------------------------------------------------------------------- .../oauth2/services/AuthorizationCodeGrantService.java | 6 ++++-- .../security/oauth2/services/ImplicitGrantService.java | 4 +++- .../oauth2/services/RedirectionBasedGrantService.java | 13 ++++++++++--- 3 files changed, 17 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/796fda4c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java index b95eae7..36615e7 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java @@ -68,10 +68,12 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService MultivaluedMap<String, String> params, String redirectUri, UserSubject subject, + List<String> requestedScopes, List<OAuthPermission> perms, boolean authorizationCanBeSkipped) { OAuthAuthorizationData data = - super.createAuthorizationData(client, params, redirectUri, subject, perms, authorizationCanBeSkipped); + super.createAuthorizationData(client, params, redirectUri, subject, + requestedScopes, perms, authorizationCanBeSkipped); setCodeQualifier(data, params); return data; } @@ -105,7 +107,7 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService codeReg.setClient(client); codeReg.setRedirectUri(state.getRedirectUri()); codeReg.setRequestedScope(requestedScope); - if (approvedScope != null && approvedScope.isEmpty()) { + if (approvedScope == null || approvedScope.isEmpty()) { // no down-scoping done by a user, all of the requested scopes have been authorized codeReg.setApprovedScope(requestedScope); } else { http://git-wip-us.apache.org/repos/asf/cxf/blob/796fda4c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java index 057c59d..bec3714 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java @@ -55,10 +55,12 @@ public class ImplicitGrantService extends AbstractImplicitGrantService { MultivaluedMap<String, String> params, String redirectUri, UserSubject subject, + List<String> requestedScopes, List<OAuthPermission> perms, boolean authorizationCanBeSkipped) { OAuthAuthorizationData data = - super.createAuthorizationData(client, params, redirectUri, subject, perms, authorizationCanBeSkipped); + super.createAuthorizationData(client, params, redirectUri, subject, + requestedScopes, perms, authorizationCanBeSkipped); data.setImplicitFlow(true); return data; } http://git-wip-us.apache.org/repos/asf/cxf/blob/796fda4c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java index cc9baba..53cedaf 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java @@ -172,8 +172,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService // Populate the authorization challenge data OAuthAuthorizationData data = - createAuthorizationData(client, params, redirectUri, userSubject, requestedPermissions, - authorizationCanBeSkipped); + createAuthorizationData(client, params, redirectUri, userSubject, requestedScope, + requestedPermissions, authorizationCanBeSkipped); if (authorizationCanBeSkipped) { List<OAuthPermission> approvedScopes = @@ -203,6 +203,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService MultivaluedMap<String, String> params, String redirectUri, UserSubject subject, + List<String> requestedScope, List<OAuthPermission> perms, boolean authorizationCanBeSkipped) { @@ -213,7 +214,13 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService secData.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE)); secData.setNonce(params.getFirst(OAuthConstants.NONCE)); secData.setClientId(client.getClientId()); - secData.setProposedScope(params.getFirst(OAuthConstants.SCOPE)); + if (requestedScope != null && !requestedScope.isEmpty()) { + StringBuilder builder = new StringBuilder(); + for (String scope : requestedScope) { + builder.append(scope + " "); + } + secData.setProposedScope(builder.toString().trim()); + } if (!authorizationCanBeSkipped) { secData.setPermissions(perms); secData.setApplicationName(client.getApplicationName());