Repository: cxf Updated Branches: refs/heads/master 307ddaf6f -> af11d1bff
Prototyping OAuth2 redirection service which can support all the response types on a single path Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/af11d1bf Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/af11d1bf Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/af11d1bf Branch: refs/heads/master Commit: af11d1bffbd7dbc3995259418c3b8b7dbf29d85d Parents: 307ddaf Author: Sergey Beryozkin <sberyoz...@gmail.com> Authored: Fri Feb 5 16:53:40 2016 +0000 Committer: Sergey Beryozkin <sberyoz...@gmail.com> Committed: Fri Feb 5 16:53:40 2016 +0000 ---------------------------------------------------------------------- .../oauth2/services/AuthorizationService.java | 91 ++++++++++++++++++++ .../services/RedirectionBasedGrantService.java | 5 +- 2 files changed, 95 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/af11d1bf/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java new file mode 100644 index 0000000..376f74d --- /dev/null +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationService.java @@ -0,0 +1,91 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.rs.security.oauth2.services; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.ws.rs.Consumes; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MultivaluedMap; +import javax.ws.rs.core.Response; + +import org.apache.cxf.jaxrs.ext.MessageContext; +import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; +import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; + +@Path("authorize") +public class AuthorizationService { + + private Map<String, RedirectionBasedGrantService> servicesMap = + new HashMap<String, RedirectionBasedGrantService>(); + + @Context + public void setMessageContext(MessageContext context) { + for (RedirectionBasedGrantService service : servicesMap.values()) { + service.setMessageContext(context); + } + } + @GET + @Produces({"application/xhtml+xml", "text/html", "application/xml", "application/json" }) + public Response authorize(@QueryParam(OAuthConstants.RESPONSE_TYPE) String responseType) { + return getService(responseType).authorize(); + } + + @GET + @Path("/decision") + public Response authorizeDecision(@QueryParam(OAuthConstants.RESPONSE_TYPE) String responseType) { + return getService(responseType).authorizeDecision(); + } + + /** + * Processes the end user decision + * @return The grant value, authorization code or the token + */ + @POST + @Path("/decision") + @Consumes("application/x-www-form-urlencoded") + public Response authorizeDecisionForm(MultivaluedMap<String, String> params) { + String responseType = params.getFirst(OAuthConstants.RESPONSE_TYPE); + return getService(responseType).authorizeDecisionForm(params); + } + + private RedirectionBasedGrantService getService(String responseType) { + if (responseType == null || !servicesMap.containsKey(responseType)) { + throw new OAuthServiceException(OAuthConstants.INVALID_REQUEST); + } + return servicesMap.get(responseType); + } + + public void setServices(List<RedirectionBasedGrantService> services) { + for (RedirectionBasedGrantService service : services) { + for (String responseType : service.getSupportedResponseTypes()) { + servicesMap.put(responseType, service); + } + } + + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/af11d1bf/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java index 8c188be..cb833c9 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java @@ -139,7 +139,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService // Check response_type String responseType = params.getFirst(OAuthConstants.RESPONSE_TYPE); - if (responseType == null || !supportedResponseTypes.contains(responseType)) { + if (responseType == null || !getSupportedResponseTypes().contains(responseType)) { return createErrorResponse(params, redirectUri, OAuthConstants.UNSUPPORTED_RESPONSE_TYPE); } // Get the requested scopes @@ -210,6 +210,9 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService } + public Set<String> getSupportedResponseTypes() { + return supportedResponseTypes; + } protected boolean canAuthorizationBeSkipped(Client client, UserSubject userSubject, List<String> requestedScope,