Revert "Make sure the State is always returned to the client on an error"
This reverts commit 08068c8a6c784e866ba9bb9b2b16e5b35d569e1b. Conflicts: rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6a2cd429 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6a2cd429 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6a2cd429 Branch: refs/heads/3.0.x-fixes Commit: 6a2cd429a8e5f0775e99282dcf213ec5a3b5a3f0 Parents: 20d4c14 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Mon Dec 14 11:17:14 2015 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Mon Dec 14 11:21:52 2015 +0000 ---------------------------------------------------------------------- .../services/RedirectionBasedGrantService.java | 25 ++++++++++++++++++++ 1 file changed, 25 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/6a2cd429/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java index e260bbc..923b3b6 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java @@ -235,8 +235,15 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService //TODO: additionally we can check that the Principal that got authenticated // in startAuthorization is the same that got authenticated in completeAuthorization +<<<<<<< HEAD Client client = getClient(params); String redirectUri = validateRedirectUri(client, params.getFirst(OAuthConstants.REDIRECT_URI)); +======= + OAuthRedirectionState state = + recreateRedirectionStateFromSession(userSubject, params, sessionToken); + Client client = getClient(state.getClientId()); + String redirectUri = validateRedirectUri(client, state.getRedirectUri()); +>>>>>>> f3646c6... Revert "Make sure the State is always returned to the client on an error" // Get the end user decision value String decision = params.getFirst(OAuthConstants.AUTHORIZATION_DECISION_KEY); @@ -325,7 +332,11 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService List<String> uris = client.getRedirectUris(); if (redirectUri != null) { if (!uris.contains(redirectUri)) { +<<<<<<< HEAD redirectUri = null; +======= + reportInvalidRequestError("Client Redirect Uri is invalid"); +>>>>>>> f3646c6... Revert "Make sure the State is always returned to the client on an error" } } else if (uris.size() == 1 && useRegisteredRedirectUriIfPossible) { redirectUri = uris.get(0); @@ -387,11 +398,19 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService * the error is returned directly to the end user without * following the redirect URI if any */ +<<<<<<< HEAD protected Client getClient(MultivaluedMap<String, String> params) { Client client = null; try { client = getValidClient(params); +======= + protected Client getClient(String clientId) { + Client client = null; + + try { + client = getValidClient(clientId); +>>>>>>> f3646c6... Revert "Make sure the State is always returned to the client on an error" } catch (OAuthServiceException ex) { if (ex.getError() != null) { reportInvalidRequestError(ex.getError(), null); @@ -404,6 +423,12 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService return client; } +<<<<<<< HEAD +======= + protected Client getClient(MultivaluedMap<String, String> params) { + return this.getClient(params.getFirst(OAuthConstants.CLIENT_ID)); + } +>>>>>>> f3646c6... Revert "Make sure the State is always returned to the client on an error" protected String getSupportedGrantType() { return this.supportedGrantType; }