Skip to content
Permalink
Browse files
[CXF-5556] Minor updates
git-svn-id: https://svn.apache.org/repos/asf/cxf/trunk@1567081 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
Sergey Beryozkin committed Feb 11, 2014
1 parent dcddfbb commit d15ad11d6201bf244d9c1a2ea6db333c6eb24e82
Show file tree
Hide file tree
Showing 19 changed files with 58 additions and 50 deletions.
@@ -102,7 +102,7 @@ protected Object createInstance(Message m) {
}

private Response serverError(String msg) {
return Response.serverError().entity(msg).build();
return JAXRSUtils.toResponseBuilder(500).entity(msg).build();
}

/**
@@ -691,7 +691,7 @@ protected static StringBuilder handleExceptionStart(Exception e) {
protected static void handleExceptionEnd(Throwable t, String message, boolean read) {
Response.Status status = read
? Response.Status.BAD_REQUEST : Response.Status.INTERNAL_SERVER_ERROR;
Response r = Response.status(status)
Response r = JAXRSUtils.toResponseBuilder(status)
.type(MediaType.TEXT_PLAIN).entity(message).build();
WebApplicationException ex = read ? ExceptionUtils.toBadRequestException(t, r)
: ExceptionUtils.toInternalServerErrorException(t, r);
@@ -168,7 +168,7 @@ private byte[] getServiceTicket(String encodedServiceTicket) {
}

private static Response getFaultResponse() {
return Response.status(401).header(HttpHeaders.WWW_AUTHENTICATE, NEGOTIATE_SCHEME).build();
return JAXRSUtils.toResponseBuilder(401).header(HttpHeaders.WWW_AUTHENTICATE, NEGOTIATE_SCHEME).build();
}

protected String getCompleteServicePrincipalName() {
@@ -128,6 +128,14 @@ public static WebApplicationException toNotAuthorizedException(Throwable cause,
}
}

public static WebApplicationException toForbiddenException(Throwable cause, Response response) {
try {
return SpecExceptions.toForbiddenException(cause, response);
} catch (NoClassDefFoundError ex) {
return toWebApplicationException(ex, response);
}
}

public static WebApplicationException toNotAcceptableException(Throwable cause, Response response) {
try {
return SpecExceptions.toNotAcceptableException(cause, response);
@@ -459,7 +459,7 @@ public static void reportServerError(String messageName, String parameter, boole
if (logError) {
LOG.severe(errorMessage.toString());
}
Response r = Response.status(Response.Status.INTERNAL_SERVER_ERROR)
Response r = JAXRSUtils.toResponseBuilder(Response.Status.INTERNAL_SERVER_ERROR)
.type(MediaType.TEXT_PLAIN_TYPE)
.entity(errorMessage.toString()).build();
throw ExceptionUtils.toInternalServerErrorException(null, r);
@@ -1241,12 +1241,12 @@ public static void invokeLifeCycleMethod(Object instance, Method method) {
} catch (InvocationTargetException ex) {
String msg = "Method " + method.getName() + " can not be invoked"
+ " due to InvocationTargetException";
throw new WebApplicationException(Response.serverError().entity(msg).build());
throw new WebApplicationException(JAXRSUtils.toResponseBuilder(500).entity(msg).build());
} catch (IllegalAccessException ex) {
String msg = "Method " + method.getName() + " can not be invoked"
+ " due to IllegalAccessException";
throw ExceptionUtils.toInternalServerErrorException(ex,
Response.serverError().entity(msg).build());
JAXRSUtils.toResponseBuilder(500).entity(msg).build());
}
}
}
@@ -580,7 +580,7 @@ private static void logNoMatchMessage(OperationResourceInfo ori,

public static Response createResponse(List<ClassResourceInfo> cris, Message msg,
String responseMessage, int status, boolean addAllow) {
ResponseBuilder rb = Response.status(status);
ResponseBuilder rb = toResponseBuilder(status);
if (addAllow) {
Set<String> allowedMethods = new HashSet<String>();
for (ClassResourceInfo cri : cris) {
@@ -37,7 +37,7 @@
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;

public final class SpecExceptions {
final class SpecExceptions {

private static final Map<Integer, Class<?>> EXCEPTIONS_MAP;

@@ -94,6 +94,11 @@ public static NotAuthorizedException toNotAuthorizedException(Throwable cause, R
return new NotAuthorizedException(checkResponse(response, 401), cause);
}

public static ForbiddenException toForbiddenException(Throwable cause, Response response) {

return new ForbiddenException(checkResponse(response, 403), cause);
}

public static NotAcceptableException toNotAcceptableException(Throwable cause, Response response) {

return new NotAcceptableException(checkResponse(response, 406), cause);
@@ -62,6 +62,7 @@
import org.apache.cxf.jaxrs.provider.JAXBElementProvider;
import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.jaxrs.utils.InjectionUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;

@Produces({"application/atom+xml", "application/atom+xml;type=feed", "application/atom+xml;type=entry" })
@Consumes({"application/atom+xml", "application/atom+xml;type=feed", "application/atom+xml;type=entry" })
@@ -548,7 +549,7 @@ private void setCommonElementProperties(Factory factory, ExtensibleElement eleme
}
private void reportError(String message, Exception ex, int status) {
LOG.warning(message);
Response response = Response.status(status).type("text/plain").entity(message).build();
Response response = JAXRSUtils.toResponseBuilder(status).type("text/plain").entity(message).build();
throw ExceptionUtils.toHttpException(ex, response);
}
private void reportError(String message, Exception ex) {
@@ -25,7 +25,6 @@
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;

import org.w3c.dom.Element;

@@ -63,7 +62,7 @@ public void filter(ContainerRequestContext context) {
String assertionType = formData.getFirst(Constants.CLIENT_AUTH_ASSERTION_TYPE);
String decodedAssertionType = assertionType != null ? HttpUtils.urlDecode(assertionType) : null;
if (decodedAssertionType == null || !Constants.CLIENT_AUTH_SAML2_BEARER.equals(decodedAssertionType)) {
throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
String assertion = formData.getFirst(Constants.CLIENT_AUTH_ASSERTION_PARAM);

@@ -80,28 +79,28 @@ public void filter(ContainerRequestContext context) {
try {
FormUtils.restoreForm(provider, form, message);
} catch (Exception ex) {
throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
}

private Form readFormData(Message message) {
try {
return FormUtils.readForm(provider, message);
} catch (Exception ex) {
throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
}

protected Element readToken(Message message, String assertion) {
if (assertion == null) {
throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
try {
byte[] deflatedToken = Base64UrlUtility.decode(assertion);
InputStream is = new ByteArrayInputStream(deflatedToken);
return readToken(message, is);
} catch (Base64Exception ex) {
throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
}

@@ -116,18 +115,15 @@ protected void validateToken(Message message, Element element, String clientId)
// Introduce SAMLOAuth2Validator to be reused between auth and grant handlers
Subject subject = SAMLUtils.getSubject(message, wrapper);
if (subject.getName() == null) {
throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}

if (clientId != null && !clientId.equals(subject.getName())) {
//TODO: Attempt to map client_id to subject.getName()
throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
samlOAuthValidator.validate(message, wrapper);
message.put(OAuthConstants.CLIENT_ID, subject.getName());
}

private static Response errorResponse() {
return Response.status(401).build();
}
}
@@ -21,7 +21,6 @@

import java.util.List;

import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;

import org.apache.cxf.jaxrs.impl.UriInfoImpl;
@@ -72,11 +71,11 @@ public void validate(Message message, SamlAssertionWrapper wrapper) {
String expectedIssuer = OAuthConstants.CLIENT_ID.equals(issuer)
? wrapper.getSaml2().getSubject().getNameID().getValue() : issuer;
if (actualIssuer == null || !actualIssuer.equals(expectedIssuer)) {
throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
}
if (!validateAuthenticationSubject(message, cs, wrapper.getSaml2().getSubject())) {
throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
}

@@ -97,7 +96,7 @@ private void validateAudience(Message message, Conditions cs) {
}
}
}
throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}

private String getAbsoluteTargetAddress(Message m) {
@@ -142,33 +141,30 @@ private void validateSubjectConfirmation(Message m,
&& cs.getNotOnOrAfter() != null && !cs.getNotOnOrAfter().isBeforeNow()) {
return;
}
throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}

// Recipient must match assertion consumer URL
String recipient = subjectConfData.getRecipient();
if (recipient == null || !recipient.equals(getAbsoluteTargetAddress(m))) {
throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}

// We must have a NotOnOrAfter timestamp
if (subjectConfData.getNotOnOrAfter() == null
|| subjectConfData.getNotOnOrAfter().isBeforeNow()) {
throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}

//TODO: replay cache, same as with SAML SSO case

// Check address
if (subjectConfData.getAddress() != null
&& (clientAddress == null || !subjectConfData.getAddress().equals(clientAddress))) {
throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}


}

private static Response errorResponse() {
return Response.status(401).build();
}
}
@@ -23,12 +23,12 @@
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.ResponseBuilder;

import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
@@ -122,7 +122,7 @@ protected void reportInvalidRequestError(OAuthError entity) {
}

protected void reportInvalidRequestError(OAuthError entity, MediaType mt) {
ResponseBuilder rb = Response.status(400);
ResponseBuilder rb = JAXRSUtils.toResponseBuilder(400);
if (mt != null) {
rb.type(mt);
}
@@ -28,6 +28,7 @@
import javax.ws.rs.core.SecurityContext;

import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
@@ -97,7 +98,7 @@ protected Client getAndValidateClient(String clientId, String clientSecret) {
if (clientSecret == null || client.getClientSecret() == null
|| !client.getClientId().equals(clientId)
|| !client.getClientSecret().equals(clientSecret)) {
throw ExceptionUtils.toNotAuthorizedException(null, Response.status(401).build());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
return client;
}
@@ -117,7 +118,7 @@ protected Response createErrorResponse(MultivaluedMap<String, String> params,
}

protected Response createErrorResponseFromBean(OAuthError errorBean) {
return Response.status(400).entity(errorBean).build();
return JAXRSUtils.toResponseBuilder(400).entity(errorBean).build();
}

/**
@@ -151,7 +152,7 @@ protected void reportInvalidClient() {
}

protected void reportInvalidClient(OAuthError error) {
ResponseBuilder rb = Response.status(401);
ResponseBuilder rb = JAXRSUtils.toResponseBuilder(401);
throw ExceptionUtils.toNotAuthorizedException(null,
rb.type(MediaType.APPLICATION_JSON_TYPE).entity(error).build());
}
@@ -302,7 +302,7 @@ private SecurityContext getAndValidateSecurityContext() {
SecurityContext securityContext =
(SecurityContext)getMessageContext().get(SecurityContext.class.getName());
if (securityContext == null || securityContext.getUserPrincipal() == null) {
throw ExceptionUtils.toNotAuthorizedException(null, Response.status(401).build());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
checkTransportSecurity();
return securityContext;
@@ -30,6 +30,7 @@
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;

/**
* Authorization helpers
@@ -49,7 +50,7 @@ public static String[] getBasicAuthParts(String data) {
if (authInfo.length == 2) {
return authInfo;
}
throw ExceptionUtils.toNotAuthorizedException(null, Response.status(401).build());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}

public static String[] getAuthorizationParts(MessageContext mc) {
@@ -74,7 +75,7 @@ public static void throwAuthorizationFailure(Set<String> challenges) {
}

public static void throwAuthorizationFailure(Set<String> challenges, String realm) {
ResponseBuilder rb = Response.status(401);
ResponseBuilder rb = JAXRSUtils.toResponseBuilder(401);

StringBuilder sb = new StringBuilder();
for (String challenge : challenges) {
@@ -20,10 +20,6 @@

import java.util.List;

import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;

import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.jaxrs.utils.ExceptionUtils;
import org.apache.cxf.rs.security.oauth2.common.OAuthContext;
@@ -82,7 +78,7 @@ public static boolean isUserInRole(final MessageContext mc, final String role) {
*/
public static void assertRole(final MessageContext mc, final String role) {
if (!isUserInRole(mc, role)) {
throw new WebApplicationException(Status.FORBIDDEN);
throw ExceptionUtils.toForbiddenException(null, null);
}
}

@@ -124,7 +120,7 @@ public static String resolveClient(MessageContext mc) {
public static void assertClient(MessageContext mc, String client) {
String cl = resolveClient(mc);
if ((cl == null) || !cl.equals(client)) {
throw new WebApplicationException(Status.FORBIDDEN);
throw ExceptionUtils.toForbiddenException(null, null);
}
}

@@ -136,7 +132,7 @@ public static void assertClient(MessageContext mc, String client) {
public static OAuthContext getContext(final MessageContext mc) {
final OAuthContext oauth = mc.getContent(OAuthContext.class);
if ((oauth == null) || (oauth.getSubject() == null) || (oauth.getSubject().getLogin() == null)) {
throw ExceptionUtils.toNotAuthorizedException(null, Response.status(401).build());
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
return oauth;
}

0 comments on commit d15ad11

Please sign in to comment.