cxf git commit: [CXF-6280] Prototyping an Implcit confidenatial grant service which returns a token directly to a JS client which is used by a huna user to copy tokens to confidential clients
Repository: cxf Updated Branches: refs/heads/master a802b442c - 982bdbc9d [CXF-6280] Prototyping an Implcit confidenatial grant service which returns a token directly to a JS client which is used by a huna user to copy tokens to confidential clients Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/982bdbc9 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/982bdbc9 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/982bdbc9 Branch: refs/heads/master Commit: 982bdbc9dc2127906d0a1ca06ae181c87c38bbfa Parents: a802b44 Author: Sergey Beryozkin sberyoz...@talend.com Authored: Wed Apr 22 17:15:39 2015 +0100 Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Wed Apr 22 17:15:39 2015 +0100 -- .../oauth2/filters/OAuthRequestFilter.java | 16 +- .../services/AbstractImplicitGrantService.java | 163 +++ .../ImplicitConfidentialGrantService.java | 51 ++ .../oauth2/services/ImplicitGrantService.java | 130 +-- .../services/RedirectionBasedGrantService.java | 4 +- .../security/oauth2/utils/OAuthConstants.java | 4 + 6 files changed, 236 insertions(+), 132 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/982bdbc9/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java index fe638be..22af72c 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java @@ -28,7 +28,6 @@ import javax.annotation.Priority; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.HttpMethod; import javax.ws.rs.Priorities; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerRequestFilter; import javax.ws.rs.container.PreMatching; @@ -40,6 +39,7 @@ import javax.ws.rs.ext.Provider; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.security.SimplePrincipal; import org.apache.cxf.jaxrs.provider.FormEncodingProvider; +import org.apache.cxf.jaxrs.utils.ExceptionUtils; import org.apache.cxf.jaxrs.utils.FormUtils; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.message.Message; @@ -71,6 +71,7 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator private boolean checkFormData; private ListString requiredScopes = Collections.emptyList(); private boolean allPermissionsMatch; +private boolean blockPublicClients; public void filter(ContainerRequestContext context) { validateRequest(JAXRSUtils.getCurrentMessage()); @@ -111,7 +112,7 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator || !requiredScopes.isEmpty() requiredScopes.size() != matchingPermissions.size()) { String message = Client has no valid permissions; LOG.warning(message); -throw new WebApplicationException(403); +throw ExceptionUtils.toForbiddenException(null, null); } if (accessTokenV.getClientIpAddress() != null) { @@ -119,9 +120,14 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator if (remoteAddress == null || accessTokenV.getClientIpAddress().matches(remoteAddress)) { String message = Client IP Address is invalid; LOG.warning(message); -throw new WebApplicationException(403); +throw ExceptionUtils.toForbiddenException(null, null); } } +if (blockPublicClients !accessTokenV.isClientConfidential()) { +String message = Only Confidential Clients are supported; +LOG.warning(message); +throw ExceptionUtils.toForbiddenException(null, null); +} // Create the security context and make it available on the message SecurityContext sc = createSecurityContext(req, accessTokenV); @@ -273,5 +279,9 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator public void setAllPermissionsMatch(boolean allPermissionsMatch) { this.allPermissionsMatch = allPermissionsMatch; } + +public void setBlockPublicClients(boolean blockPublicClients) { +this.blockPublicClients = blockPublicClients; +}
cxf git commit: [CXF-6280] Prototyping an Implcit confidenatial grant service which returns a token directly to a JS client which is used by a huna user to copy tokens to confidential clients
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 03b7d19c8 - 06b934503 [CXF-6280] Prototyping an Implcit confidenatial grant service which returns a token directly to a JS client which is used by a huna user to copy tokens to confidential clients Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/06b93450 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/06b93450 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/06b93450 Branch: refs/heads/3.0.x-fixes Commit: 06b9345031e37084fb0ed44b08cb6c6787ac3886 Parents: 03b7d19 Author: Sergey Beryozkin sberyoz...@talend.com Authored: Wed Apr 22 17:15:39 2015 +0100 Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Wed Apr 22 17:32:35 2015 +0100 -- .../oauth2/filters/OAuthRequestFilter.java | 16 +- .../services/AbstractImplicitGrantService.java | 167 +++ .../ImplicitConfidentialGrantService.java | 51 ++ .../oauth2/services/ImplicitGrantService.java | 134 +-- .../services/RedirectionBasedGrantService.java | 4 +- .../security/oauth2/utils/OAuthConstants.java | 4 + 6 files changed, 240 insertions(+), 136 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/06b93450/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java index fe638be..22af72c 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java @@ -28,7 +28,6 @@ import javax.annotation.Priority; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.HttpMethod; import javax.ws.rs.Priorities; -import javax.ws.rs.WebApplicationException; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerRequestFilter; import javax.ws.rs.container.PreMatching; @@ -40,6 +39,7 @@ import javax.ws.rs.ext.Provider; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.security.SimplePrincipal; import org.apache.cxf.jaxrs.provider.FormEncodingProvider; +import org.apache.cxf.jaxrs.utils.ExceptionUtils; import org.apache.cxf.jaxrs.utils.FormUtils; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.message.Message; @@ -71,6 +71,7 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator private boolean checkFormData; private ListString requiredScopes = Collections.emptyList(); private boolean allPermissionsMatch; +private boolean blockPublicClients; public void filter(ContainerRequestContext context) { validateRequest(JAXRSUtils.getCurrentMessage()); @@ -111,7 +112,7 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator || !requiredScopes.isEmpty() requiredScopes.size() != matchingPermissions.size()) { String message = Client has no valid permissions; LOG.warning(message); -throw new WebApplicationException(403); +throw ExceptionUtils.toForbiddenException(null, null); } if (accessTokenV.getClientIpAddress() != null) { @@ -119,9 +120,14 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator if (remoteAddress == null || accessTokenV.getClientIpAddress().matches(remoteAddress)) { String message = Client IP Address is invalid; LOG.warning(message); -throw new WebApplicationException(403); +throw ExceptionUtils.toForbiddenException(null, null); } } +if (blockPublicClients !accessTokenV.isClientConfidential()) { +String message = Only Confidential Clients are supported; +LOG.warning(message); +throw ExceptionUtils.toForbiddenException(null, null); +} // Create the security context and make it available on the message SecurityContext sc = createSecurityContext(req, accessTokenV); @@ -273,5 +279,9 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator public void setAllPermissionsMatch(boolean allPermissionsMatch) { this.allPermissionsMatch = allPermissionsMatch; } + +public void setBlockPublicClients(boolean blockPublicClients) { +this.blockPublicClients = blockPublicClients; +