Repository: cxf Updated Branches: refs/heads/master 219d31448 -> 746914a50
Pass the already approved scopes/permissions, if any, to the authorization form for the more optimal UI challenge be possible Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/746914a5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/746914a5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/746914a5 Branch: refs/heads/master Commit: 746914a5084f5db8d0c0f052802c7ef2217b9b6b Parents: 219d314 Author: Sergey Beryozkin <[email protected]> Authored: Thu Jan 28 13:13:47 2016 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Thu Jan 28 13:13:47 2016 +0000 ---------------------------------------------------------------------- .../oauth2/common/OAuthAuthorizationData.java | 51 +++++++++++++------- .../services/AuthorizationCodeGrantService.java | 6 +-- .../oauth2/services/ImplicitGrantService.java | 6 +-- .../services/RedirectionBasedGrantService.java | 29 +++++++---- 4 files changed, 59 insertions(+), 33 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/746914a5/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java index d0665e9..d234f31 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/OAuthAuthorizationData.java @@ -48,13 +48,14 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser private Map<String, String> extraApplicationProperties = new HashMap<String, String>(); private boolean implicitFlow; - private List<? extends OAuthPermission> permissions; + private List<OAuthPermission> permissions; + private List<OAuthPermission> alreadyAuthorizedPermissions; public OAuthAuthorizationData() { } /** - * Sets the client application name + * Get the client application name * @return application name */ public String getApplicationName() { @@ -62,7 +63,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser } /** - * Sets the client application name + * Set the client application name * @param applicationName application name */ public void setApplicationName(String applicationName) { @@ -70,24 +71,40 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser } /** - * Gets the list of scopes translated to {@link Permission} instances + * Get the list of scopes translated to {@link Permission} instances * requested by the client application * @return the list of scopes */ - public List<? extends OAuthPermission> getPermissions() { + public List<OAuthPermission> getPermissions() { return permissions; } /** - * Gets the list of scopes translated to {@link OAuthPermission} instances + * Set the list of scopes translated to {@link OAuthPermission} instances * @return the list of scopes **/ - public void setPermissions(List<? extends OAuthPermission> permissions) { + public void setPermissions(List<OAuthPermission> permissions) { this.permissions = permissions; } + + /** + * Get the list of scopes already approved by a user + * @return the list of approved scopes + */ + public List<OAuthPermission> getAlreadyAuthorizedPermissions() { + return alreadyAuthorizedPermissions; + } + + /** + * Set the list of scopes already approved by a user + * @param permissions the list of approved scopes + */ + public void setAlreadyAuthorizedPermissions(List<OAuthPermission> perms) { + this.alreadyAuthorizedPermissions = perms; + } /** - * Sets the authenticity token linking the authorization + * Set the authenticity token linking the authorization * challenge to the current end user session * * @param authenticityToken the session authenticity token @@ -97,7 +114,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser } /** - * Gets the authenticity token linking the authorization + * Get the authenticity token linking the authorization * challenge to the current end user session * @return the session authenticity token */ @@ -106,7 +123,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser } /** - * Sets the application description + * Set the application description * @param applicationDescription the description */ public void setApplicationDescription(String applicationDescription) { @@ -114,7 +131,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser } /** - * Gets the application description + * Get the application description * @return the description */ public String getApplicationDescription() { @@ -122,7 +139,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser } /** - * Sets the application web URI + * Set the application web URI * @param applicationWebUri the application URI */ public void setApplicationWebUri(String applicationWebUri) { @@ -130,7 +147,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser } /** - * Gets the application web URI + * Get the application web URI * @return the application URI */ public String getApplicationWebUri() { @@ -138,7 +155,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser } /** - * Sets the application logo URI + * Set the application logo URI * @param applicationLogoUri the logo URI */ public void setApplicationLogoUri(String applicationLogoUri) { @@ -146,7 +163,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser } /** - * Gets the application logo URI + * Get the application logo URI * @return the logo URI */ public String getApplicationLogoUri() { @@ -154,7 +171,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser } /** - * Sets the absolute URI where the authorization decision data + * Set the absolute URI where the authorization decision data * will need to be sent to * @param replyTo authorization decision handler URI */ @@ -163,7 +180,7 @@ public class OAuthAuthorizationData extends OAuthRedirectionState implements Ser } /** - * Gets the absolute URI where the authorization decision data + * Get the absolute URI where the authorization decision data * will need to be sent to * @return authorization decision handler URI */ http://git-wip-us.apache.org/repos/asf/cxf/blob/746914a5/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java index 9a8609a..138a600 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java @@ -68,12 +68,12 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService MultivaluedMap<String, String> params, String redirectUri, UserSubject subject, - List<String> requestedScopes, - List<OAuthPermission> perms, + List<OAuthPermission> requestedPerms, + List<OAuthPermission> alreadyAuthorizedPerms, boolean authorizationCanBeSkipped) { OAuthAuthorizationData data = super.createAuthorizationData(client, params, redirectUri, subject, - requestedScopes, perms, authorizationCanBeSkipped); + requestedPerms, alreadyAuthorizedPerms, authorizationCanBeSkipped); setCodeQualifier(data, params); return data; } http://git-wip-us.apache.org/repos/asf/cxf/blob/746914a5/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java index bec3714..50aa491 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/ImplicitGrantService.java @@ -55,12 +55,12 @@ public class ImplicitGrantService extends AbstractImplicitGrantService { MultivaluedMap<String, String> params, String redirectUri, UserSubject subject, - List<String> requestedScopes, - List<OAuthPermission> perms, + List<OAuthPermission> requestedPerms, + List<OAuthPermission> alreadyAuthorizedPerms, boolean authorizationCanBeSkipped) { OAuthAuthorizationData data = super.createAuthorizationData(client, params, redirectUri, subject, - requestedScopes, perms, authorizationCanBeSkipped); + requestedPerms, alreadyAuthorizedPerms, authorizationCanBeSkipped); data.setImplicitFlow(true); return data; } http://git-wip-us.apache.org/repos/asf/cxf/blob/746914a5/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java index 6c1a743..133ce30 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java @@ -170,15 +170,23 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService // Request a new grant only if no pre-authorized token is available ServerAccessToken preAuthorizedToken = getDataProvider().getPreauthorizedToken( client, requestedScope, userSubject, supportedGrantType); - final boolean preAuthorizationComplete = preAuthorizedToken != null - && OAuthUtils.convertPermissionsToScopeList(preAuthorizedToken.getScopes()).containsAll(requestedScope); + + List<OAuthPermission> alreadyAuthorizedPerms = null; + boolean preAuthorizationComplete = false; + if (preAuthorizedToken != null) { + alreadyAuthorizedPerms = preAuthorizedToken.getScopes(); + preAuthorizationComplete = + OAuthUtils.convertPermissionsToScopeList(alreadyAuthorizedPerms).containsAll(requestedScope); + } final boolean authorizationCanBeSkipped = preAuthorizationComplete || canAuthorizationBeSkipped(client, userSubject, requestedScope, requestedPermissions); // Populate the authorization challenge data OAuthAuthorizationData data = - createAuthorizationData(client, params, redirectUri, userSubject, requestedScope, - requestedPermissions, authorizationCanBeSkipped); + createAuthorizationData(client, params, redirectUri, userSubject, + requestedPermissions, + alreadyAuthorizedPerms, + authorizationCanBeSkipped); if (authorizationCanBeSkipped) { List<OAuthPermission> approvedScopes = @@ -209,8 +217,8 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService MultivaluedMap<String, String> params, String redirectUri, UserSubject subject, - List<String> requestedScope, - List<OAuthPermission> perms, + List<OAuthPermission> requestedPerms, + List<OAuthPermission> alreadyAuthorizedPerms, boolean authorizationCanBeSkipped) { OAuthAuthorizationData secData = new OAuthAuthorizationData(); @@ -221,15 +229,16 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService secData.setNonce(params.getFirst(OAuthConstants.NONCE)); secData.setClientId(client.getClientId()); secData.setResponseType(params.getFirst(OAuthConstants.RESPONSE_TYPE)); - if (requestedScope != null && !requestedScope.isEmpty()) { + if (requestedPerms != null && !requestedPerms.isEmpty()) { StringBuilder builder = new StringBuilder(); - for (String scope : requestedScope) { - builder.append(scope + " "); + for (OAuthPermission perm : requestedPerms) { + builder.append(perm.getPermission() + " "); } secData.setProposedScope(builder.toString().trim()); } if (!authorizationCanBeSkipped) { - secData.setPermissions(perms); + secData.setPermissions(requestedPerms); + secData.setAlreadyAuthorizedPermissions(alreadyAuthorizedPerms); secData.setApplicationName(client.getApplicationName()); secData.setApplicationWebUri(client.getApplicationWebUri()); secData.setApplicationDescription(client.getApplicationDescription());
