subject:"cxf git commit\: \[CXF\-6280\] Prototyping an Implcit confidenatial grant service which returns a token directly to a JS client which is used by a huna user to copy tokens to confidential clients"

cxf git commit: [CXF-6280] Prototyping an Implcit confidenatial grant service which returns a token directly to a JS client which is used by a huna user to copy tokens to confidential clients

2015-04-22 Thread sergeyb

Repository: cxf
Updated Branches:
  refs/heads/master a802b442c - 982bdbc9d


[CXF-6280] Prototyping an Implcit confidenatial grant service which returns a 
token directly to a JS client which is used by a huna user to copy tokens to 
confidential clients


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/982bdbc9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/982bdbc9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/982bdbc9

Branch: refs/heads/master
Commit: 982bdbc9dc2127906d0a1ca06ae181c87c38bbfa
Parents: a802b44
Author: Sergey Beryozkin sberyoz...@talend.com
Authored: Wed Apr 22 17:15:39 2015 +0100
Committer: Sergey Beryozkin sberyoz...@talend.com
Committed: Wed Apr 22 17:15:39 2015 +0100

--
 .../oauth2/filters/OAuthRequestFilter.java  |  16 +-
 .../services/AbstractImplicitGrantService.java  | 163 +++
 .../ImplicitConfidentialGrantService.java   |  51 ++
 .../oauth2/services/ImplicitGrantService.java   | 130 +--
 .../services/RedirectionBasedGrantService.java  |   4 +-
 .../security/oauth2/utils/OAuthConstants.java   |   4 +
 6 files changed, 236 insertions(+), 132 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/982bdbc9/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
index fe638be..22af72c 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
@@ -28,7 +28,6 @@ import javax.annotation.Priority;
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.HttpMethod;
 import javax.ws.rs.Priorities;
-import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.container.PreMatching;
@@ -40,6 +39,7 @@ import javax.ws.rs.ext.Provider;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.security.SimplePrincipal;
 import org.apache.cxf.jaxrs.provider.FormEncodingProvider;
+import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.jaxrs.utils.FormUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.message.Message;
@@ -71,6 +71,7 @@ public class OAuthRequestFilter extends 
AbstractAccessTokenValidator
 private boolean checkFormData;
 private ListString requiredScopes = Collections.emptyList();
 private boolean allPermissionsMatch;
+private boolean blockPublicClients;
 
 public void filter(ContainerRequestContext context) {
 validateRequest(JAXRSUtils.getCurrentMessage());
@@ -111,7 +112,7 @@ public class OAuthRequestFilter extends 
AbstractAccessTokenValidator
 || !requiredScopes.isEmpty()  requiredScopes.size() != 
matchingPermissions.size()) {
 String message = Client has no valid permissions;
 LOG.warning(message);
-throw new WebApplicationException(403);
+throw ExceptionUtils.toForbiddenException(null, null);
 }
   
 if (accessTokenV.getClientIpAddress() != null) {
@@ -119,9 +120,14 @@ public class OAuthRequestFilter extends 
AbstractAccessTokenValidator
 if (remoteAddress == null || 
accessTokenV.getClientIpAddress().matches(remoteAddress)) {
 String message = Client IP Address is invalid;
 LOG.warning(message);
-throw new WebApplicationException(403);
+throw ExceptionUtils.toForbiddenException(null, null);
 }
 }
+if (blockPublicClients  !accessTokenV.isClientConfidential()) {
+String message = Only Confidential Clients are supported;
+LOG.warning(message);
+throw ExceptionUtils.toForbiddenException(null, null);
+}
 
 // Create the security context and make it available on the message
 SecurityContext sc = createSecurityContext(req, accessTokenV);
@@ -273,5 +279,9 @@ public class OAuthRequestFilter extends 
AbstractAccessTokenValidator
 public void setAllPermissionsMatch(boolean allPermissionsMatch) {
 this.allPermissionsMatch = allPermissionsMatch;
 }
+
+public void setBlockPublicClients(boolean blockPublicClients) {
+this.blockPublicClients = blockPublicClients;
+}

cxf git commit: [CXF-6280] Prototyping an Implcit confidenatial grant service which returns a token directly to a JS client which is used by a huna user to copy tokens to confidential clients

2015-04-22 Thread sergeyb

Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 03b7d19c8 - 06b934503


[CXF-6280] Prototyping an Implcit confidenatial grant service which returns a 
token directly to a JS client which is used by a huna user to copy tokens to 
confidential clients


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/06b93450
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/06b93450
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/06b93450

Branch: refs/heads/3.0.x-fixes
Commit: 06b9345031e37084fb0ed44b08cb6c6787ac3886
Parents: 03b7d19
Author: Sergey Beryozkin sberyoz...@talend.com
Authored: Wed Apr 22 17:15:39 2015 +0100
Committer: Sergey Beryozkin sberyoz...@talend.com
Committed: Wed Apr 22 17:32:35 2015 +0100

--
 .../oauth2/filters/OAuthRequestFilter.java  |  16 +-
 .../services/AbstractImplicitGrantService.java  | 167 +++
 .../ImplicitConfidentialGrantService.java   |  51 ++
 .../oauth2/services/ImplicitGrantService.java   | 134 +--
 .../services/RedirectionBasedGrantService.java  |   4 +-
 .../security/oauth2/utils/OAuthConstants.java   |   4 +
 6 files changed, 240 insertions(+), 136 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/06b93450/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
--
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
index fe638be..22af72c 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
@@ -28,7 +28,6 @@ import javax.annotation.Priority;
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.HttpMethod;
 import javax.ws.rs.Priorities;
-import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.container.PreMatching;
@@ -40,6 +39,7 @@ import javax.ws.rs.ext.Provider;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.security.SimplePrincipal;
 import org.apache.cxf.jaxrs.provider.FormEncodingProvider;
+import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.jaxrs.utils.FormUtils;
 import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.message.Message;
@@ -71,6 +71,7 @@ public class OAuthRequestFilter extends 
AbstractAccessTokenValidator
 private boolean checkFormData;
 private ListString requiredScopes = Collections.emptyList();
 private boolean allPermissionsMatch;
+private boolean blockPublicClients;
 
 public void filter(ContainerRequestContext context) {
 validateRequest(JAXRSUtils.getCurrentMessage());
@@ -111,7 +112,7 @@ public class OAuthRequestFilter extends 
AbstractAccessTokenValidator
 || !requiredScopes.isEmpty()  requiredScopes.size() != 
matchingPermissions.size()) {
 String message = Client has no valid permissions;
 LOG.warning(message);
-throw new WebApplicationException(403);
+throw ExceptionUtils.toForbiddenException(null, null);
 }
   
 if (accessTokenV.getClientIpAddress() != null) {
@@ -119,9 +120,14 @@ public class OAuthRequestFilter extends 
AbstractAccessTokenValidator
 if (remoteAddress == null || 
accessTokenV.getClientIpAddress().matches(remoteAddress)) {
 String message = Client IP Address is invalid;
 LOG.warning(message);
-throw new WebApplicationException(403);
+throw ExceptionUtils.toForbiddenException(null, null);
 }
 }
+if (blockPublicClients  !accessTokenV.isClientConfidential()) {
+String message = Only Confidential Clients are supported;
+LOG.warning(message);
+throw ExceptionUtils.toForbiddenException(null, null);
+}
 
 // Create the security context and make it available on the message
 SecurityContext sc = createSecurityContext(req, accessTokenV);
@@ -273,5 +279,9 @@ public class OAuthRequestFilter extends 
AbstractAccessTokenValidator
 public void setAllPermissionsMatch(boolean allPermissionsMatch) {
 this.allPermissionsMatch = allPermissionsMatch;
 }
+
+public void setBlockPublicClients(boolean blockPublicClients) {
+this.blockPublicClients = blockPublicClients;
+

cxf git commit: [CXF-6280] Prototyping an Implcit confidenatial grant service which returns a token directly to a JS client which is used by a huna user to copy tokens to confidential clients

cxf git commit: [CXF-6280] Prototyping an Implcit confidenatial grant service which returns a token directly to a JS client which is used by a huna user to copy tokens to confidential clients

2 matches

Site Navigation

Mail list logo

Footer information