Repository: cxf Updated Branches: refs/heads/master 2d131122c -> 855ab395b
Adding an OAuth2 code request preprocessor Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a1243805 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a1243805 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a1243805 Branch: refs/heads/master Commit: a1243805cb50b6f38c2f74188d8686b1d6457255 Parents: 969cdb0 Author: Sergey Beryozkin <sberyoz...@talend.com> Authored: Fri Nov 14 16:22:30 2014 +0000 Committer: Sergey Beryozkin <sberyoz...@talend.com> Committed: Fri Nov 14 16:22:30 2014 +0000 ---------------------------------------------------------------------- .../AuthorizationCodeRequestFilter.java | 27 ++++++++++++++++++++ .../services/AuthorizationCodeGrantService.java | 13 +++++++++- .../services/RedirectionBasedGrantService.java | 14 +++++----- 3 files changed, 47 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/a1243805/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java new file mode 100644 index 0000000..d9d4442 --- /dev/null +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/AuthorizationCodeRequestFilter.java @@ -0,0 +1,27 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.rs.security.oauth2.provider; + +import javax.ws.rs.core.MultivaluedMap; + +import org.apache.cxf.rs.security.oauth2.common.UserSubject; + +public interface AuthorizationCodeRequestFilter { + MultivaluedMap<String, String> process(MultivaluedMap<String, String> params, UserSubject endUser); +} http://git-wip-us.apache.org/repos/asf/cxf/blob/a1243805/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java index d7092a5..ec2bf75 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java @@ -34,6 +34,7 @@ import org.apache.cxf.rs.security.oauth2.common.UserSubject; import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider; import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeRegistration; import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant; +import org.apache.cxf.rs.security.oauth2.provider.AuthorizationCodeRequestFilter; import org.apache.cxf.rs.security.oauth2.provider.AuthorizationCodeResponseFilter; import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException; import org.apache.cxf.rs.security.oauth2.provider.OOBResponseDeliverer; @@ -51,12 +52,18 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; public class AuthorizationCodeGrantService extends RedirectionBasedGrantService { private boolean canSupportPublicClients; private OOBResponseDeliverer oobDeliverer; + private AuthorizationCodeRequestFilter codeRequestFilter; private AuthorizationCodeResponseFilter codeResponseFilter; public AuthorizationCodeGrantService() { super(OAuthConstants.CODE_RESPONSE_TYPE, OAuthConstants.AUTHORIZATION_CODE_GRANT); } - + protected Response startAuthorization(MultivaluedMap<String, String> params, UserSubject userSubject) { + if (codeRequestFilter != null) { + params = codeRequestFilter.process(params, userSubject); + } + return super.startAuthorization(params, userSubject); + } protected Response createGrant(MultivaluedMap<String, String> params, Client client, String redirectUri, @@ -148,6 +155,10 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService public void setCodeResponseFilter(AuthorizationCodeResponseFilter filter) { this.codeResponseFilter = filter; } + + public void setCodeRequestFilter(AuthorizationCodeRequestFilter codeRequestFilter) { + this.codeRequestFilter = codeRequestFilter; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/a1243805/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java index b42d6c3..351993c 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java @@ -108,8 +108,13 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService */ protected Response startAuthorization(MultivaluedMap<String, String> params) { // Make sure the end user has authenticated, check if HTTPS is used - SecurityContext sc = getAndValidateSecurityContext(); + SecurityContext sc = getAndValidateSecurityContext(params); + // Create a UserSubject representing the end user + UserSubject userSubject = createUserSubject(sc); + return startAuthorization(params, userSubject); + } + protected Response startAuthorization(MultivaluedMap<String, String> params, UserSubject userSubject) { Client client = getClient(params); // Validate the provided request URI, if any, against the ones Client provided @@ -138,9 +143,6 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService } - // Create a UserSubject representing the end user - UserSubject userSubject = createUserSubject(sc); - // Request a new grant only if no pre-authorized token is available ServerAccessToken preauthorizedToken = getDataProvider().getPreauthorizedToken( client, requestedScope, userSubject, supportedGrantType); @@ -217,7 +219,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService */ protected Response completeAuthorization(MultivaluedMap<String, String> params) { // Make sure the end user has authenticated, check if HTTPS is used - SecurityContext securityContext = getAndValidateSecurityContext(); + SecurityContext securityContext = getAndValidateSecurityContext(params); UserSubject userSubject = createUserSubject(securityContext); // Make sure the session is valid @@ -307,7 +309,7 @@ public abstract class RedirectionBasedGrantService extends AbstractOAuthService UserSubject userSubject, ServerAccessToken preAuthorizedToken); - private SecurityContext getAndValidateSecurityContext() { + protected SecurityContext getAndValidateSecurityContext(MultivaluedMap<String, String> params) { SecurityContext securityContext = (SecurityContext)getMessageContext().get(SecurityContext.class.getName()); if (securityContext == null || securityContext.getUserPrincipal() == null) {