[1/5] cxf git commit: Make sure the default scopes are returned to the user

Fri, 04 Dec 2015 09:11:43 -0800 

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 48ecb0fce -> 85a45a8bc


Make sure the default scopes are returned to the user


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4efd6b4c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4efd6b4c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4efd6b4c

Branch: refs/heads/3.1.x-fixes
Commit: 4efd6b4c188c7e7c94feb6afc943df831da43180
Parents: 48ecb0f
Author: Colm O hEigeartaigh <cohei...@apache.org>
Authored: Fri Dec 4 16:13:13 2015 +0000
Committer: Colm O hEigeartaigh <cohei...@apache.org>
Committed: Fri Dec 4 17:04:06 2015 +0000

----------------------------------------------------------------------
 .../oauth2/services/AuthorizationCodeGrantService.java |  6 ++++--
 .../security/oauth2/services/ImplicitGrantService.java |  4 +++-
 .../oauth2/services/RedirectionBasedGrantService.java  | 13 ++++++++++---
 3 files changed, 17 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/4efd6b4c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
index b95eae7..36615e7 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java
@@ -68,10 +68,12 @@ public class AuthorizationCodeGrantService extends 
RedirectionBasedGrantService
                                                              
MultivaluedMap<String, String> params,
                                                              String 
redirectUri,
                                                              UserSubject 
subject,
+                                                             List<String> 
requestedScopes,
                                                              
List<OAuthPermission> perms,
                                                              boolean 
authorizationCanBeSkipped) {
         OAuthAuthorizationData data = 
-            super.createAuthorizationData(client, params, redirectUri, 
subject, perms, authorizationCanBeSkipped);
+            super.createAuthorizationData(client, params, redirectUri, 
subject, 
+                                          requestedScopes, perms, 
authorizationCanBeSkipped);
         setCodeQualifier(data, params);
         return data;
     }
@@ -105,7 +107,7 @@ public class AuthorizationCodeGrantService extends 
RedirectionBasedGrantService
         codeReg.setClient(client);
         codeReg.setRedirectUri(state.getRedirectUri());
         codeReg.setRequestedScope(requestedScope);
-        if (approvedScope != null && approvedScope.isEmpty()) {
+        if (approvedScope == null || approvedScope.isEmpty()) {
             // no down-scoping done by a user, all of the requested scopes 
have been authorized
             codeReg.setApprovedScope(requestedScope);
         } else {

http://git-wip-us.apache.org/repos/asf/cxf/blob/4efd6b4c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
index 057c59d..bec3714 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java
@@ -55,10 +55,12 @@ public class ImplicitGrantService extends 
AbstractImplicitGrantService {
                                                              
MultivaluedMap<String, String> params,
                                                              String 
redirectUri,
                                                              UserSubject 
subject,
+                                                             List<String> 
requestedScopes,
                                                              
List<OAuthPermission> perms,
                                                              boolean 
authorizationCanBeSkipped) {
         OAuthAuthorizationData data = 
-            super.createAuthorizationData(client, params, redirectUri, 
subject, perms, authorizationCanBeSkipped);
+            super.createAuthorizationData(client, params, redirectUri, 
subject, 
+                                          requestedScopes, perms, 
authorizationCanBeSkipped);
         data.setImplicitFlow(true);
         return data;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/4efd6b4c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
index cc9baba..53cedaf 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java
@@ -172,8 +172,8 @@ public abstract class RedirectionBasedGrantService extends 
AbstractOAuthService
         
         // Populate the authorization challenge data 
         OAuthAuthorizationData data = 
-            createAuthorizationData(client, params, redirectUri, userSubject, 
requestedPermissions, 
-                                    authorizationCanBeSkipped);
+            createAuthorizationData(client, params, redirectUri, userSubject, 
requestedScope, 
+                                    requestedPermissions, 
authorizationCanBeSkipped);
         
         if (authorizationCanBeSkipped) {
             List<OAuthPermission> approvedScopes = 
@@ -203,6 +203,7 @@ public abstract class RedirectionBasedGrantService extends 
AbstractOAuthService
                                                              
MultivaluedMap<String, String> params,
                                                              String 
redirectUri, 
                                                              UserSubject 
subject,
+                                                             List<String> 
requestedScope,
                                                              
List<OAuthPermission> perms,
                                                              boolean 
authorizationCanBeSkipped) {
         
@@ -213,7 +214,13 @@ public abstract class RedirectionBasedGrantService extends 
AbstractOAuthService
         secData.setAudience(params.getFirst(OAuthConstants.CLIENT_AUDIENCE));
         secData.setNonce(params.getFirst(OAuthConstants.NONCE));
         secData.setClientId(client.getClientId());
-        secData.setProposedScope(params.getFirst(OAuthConstants.SCOPE));
+        if (requestedScope != null && !requestedScope.isEmpty()) {
+            StringBuilder builder = new StringBuilder();
+            for (String scope : requestedScope) {
+                builder.append(scope + " ");
+            }
+            secData.setProposedScope(builder.toString().trim());
+        }
         if (!authorizationCanBeSkipped) {
             secData.setPermissions(perms);
             secData.setApplicationName(client.getApplicationName());

Reply via email to