[CXF-5556] Minor updates

git-svn-id: https://svn.apache.org/repos/asf/cxf/trunk@1567081 13f79535-47bb-0310-9956-ffa450edef68

rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/lifecycle/PerRequestResourceProvider.java

@@ -102,7 +102,7 @@ protected Object createInstance(Message m) {
     }
 
     private Response serverError(String msg) {
-        return Response.serverError().entity(msg).build();
+        return JAXRSUtils.toResponseBuilder(500).entity(msg).build();
     }
 
     /**

rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/provider/AbstractJAXBProvider.java

@@ -691,7 +691,7 @@ protected static StringBuilder handleExceptionStart(Exception e) {
     protected static void handleExceptionEnd(Throwable t, String message, boolean read) {
         Response.Status status = read 
             ? Response.Status.BAD_REQUEST : Response.Status.INTERNAL_SERVER_ERROR; 
-        Response r = Response.status(status)
+        Response r = JAXRSUtils.toResponseBuilder(status)
             .type(MediaType.TEXT_PLAIN).entity(message).build();
         WebApplicationException ex = read ? ExceptionUtils.toBadRequestException(t, r) 
             : ExceptionUtils.toInternalServerErrorException(t, r);

rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/security/KerberosAuthenticationFilter.java

@@ -168,7 +168,7 @@ private byte[] getServiceTicket(String encodedServiceTicket) {
     }
 
     private static Response getFaultResponse() {
-        return Response.status(401).header(HttpHeaders.WWW_AUTHENTICATE, NEGOTIATE_SCHEME).build();
+        return JAXRSUtils.toResponseBuilder(401).header(HttpHeaders.WWW_AUTHENTICATE, NEGOTIATE_SCHEME).build();
     }
 
     protected String getCompleteServicePrincipalName() {

rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/ExceptionUtils.java

@@ -128,6 +128,14 @@ public static WebApplicationException toNotAuthorizedException(Throwable cause,
         }
     }
 
+    public static WebApplicationException toForbiddenException(Throwable cause, Response response) {
+        try {
+            return SpecExceptions.toForbiddenException(cause, response);
+        } catch (NoClassDefFoundError ex) { 
+            return toWebApplicationException(ex, response);
+        }
+    }
+
     public static WebApplicationException toNotAcceptableException(Throwable cause, Response response) {
         try {
             return SpecExceptions.toNotAcceptableException(cause, response);

rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/InjectionUtils.java

@@ -459,7 +459,7 @@ public static void reportServerError(String messageName, String parameter, boole
         if (logError) {
             LOG.severe(errorMessage.toString());
         }
-        Response r = Response.status(Response.Status.INTERNAL_SERVER_ERROR)
+        Response r = JAXRSUtils.toResponseBuilder(Response.Status.INTERNAL_SERVER_ERROR)
                          .type(MediaType.TEXT_PLAIN_TYPE)
                          .entity(errorMessage.toString()).build();
         throw ExceptionUtils.toInternalServerErrorException(null, r);
@@ -1241,12 +1241,12 @@ public static void invokeLifeCycleMethod(Object instance, Method method) {
             } catch (InvocationTargetException ex) {
                 String msg = "Method " + method.getName() + " can not be invoked"
                     + " due to InvocationTargetException";
-                throw new WebApplicationException(Response.serverError().entity(msg).build());
+                throw new WebApplicationException(JAXRSUtils.toResponseBuilder(500).entity(msg).build());
             } catch (IllegalAccessException ex) {
                 String msg = "Method " + method.getName() + " can not be invoked"
                     + " due to IllegalAccessException";
                 throw ExceptionUtils.toInternalServerErrorException(ex, 
-                                                                    Response.serverError().entity(msg).build());
+                    JAXRSUtils.toResponseBuilder(500).entity(msg).build());
             } 
         }
     }

rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/JAXRSUtils.java

@@ -580,7 +580,7 @@ private static void logNoMatchMessage(OperationResourceInfo ori,
 
     public static Response createResponse(List<ClassResourceInfo> cris, Message msg,
                                           String responseMessage, int status, boolean addAllow) {
-        ResponseBuilder rb = Response.status(status);
+        ResponseBuilder rb = toResponseBuilder(status);
         if (addAllow) {
             Set<String> allowedMethods = new HashSet<String>();
             for (ClassResourceInfo cri : cris) {

rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/utils/SpecExceptions.java

@@ -37,7 +37,7 @@
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Response;
 
-public final class SpecExceptions {
+final class SpecExceptions {
 
     private static final Map<Integer, Class<?>> EXCEPTIONS_MAP;
 
@@ -94,6 +94,11 @@ public static NotAuthorizedException toNotAuthorizedException(Throwable cause, R
         return new NotAuthorizedException(checkResponse(response, 401), cause);
     }
 
+    public static ForbiddenException toForbiddenException(Throwable cause, Response response) {
+
+        return new ForbiddenException(checkResponse(response, 403), cause);
+    }
+
     public static NotAcceptableException toNotAcceptableException(Throwable cause, Response response) {
 
         return new NotAcceptableException(checkResponse(response, 406), cause);

rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/atom/AtomPojoProvider.java

@@ -62,6 +62,7 @@
 import org.apache.cxf.jaxrs.provider.JAXBElementProvider;
 import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.jaxrs.utils.InjectionUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 
 @Produces({"application/atom+xml", "application/atom+xml;type=feed", "application/atom+xml;type=entry" })
 @Consumes({"application/atom+xml", "application/atom+xml;type=feed", "application/atom+xml;type=entry" })
@@ -548,7 +549,7 @@ private void setCommonElementProperties(Factory factory, ExtensibleElement eleme
     }
     private void reportError(String message, Exception ex, int status) {
         LOG.warning(message);
-        Response response = Response.status(status).type("text/plain").entity(message).build();
+        Response response = JAXRSUtils.toResponseBuilder(status).type("text/plain").entity(message).build();
         throw ExceptionUtils.toHttpException(ex, response);
     }
     private void reportError(String message, Exception ex) {

rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/auth/saml/Saml2BearerAuthHandler.java

@@ -25,7 +25,6 @@
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.core.Form;
 import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
 
 import org.w3c.dom.Element;
 
@@ -63,7 +62,7 @@ public void filter(ContainerRequestContext context) {
         String assertionType = formData.getFirst(Constants.CLIENT_AUTH_ASSERTION_TYPE);
         String decodedAssertionType = assertionType != null ? HttpUtils.urlDecode(assertionType) : null;
         if (decodedAssertionType == null || !Constants.CLIENT_AUTH_SAML2_BEARER.equals(decodedAssertionType)) {
-            throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
         String assertion = formData.getFirst(Constants.CLIENT_AUTH_ASSERTION_PARAM);
 
@@ -80,28 +79,28 @@ public void filter(ContainerRequestContext context) {
         try {
             FormUtils.restoreForm(provider, form, message);
         } catch (Exception ex) {
-            throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
     }
 
     private Form readFormData(Message message) {
         try {
             return FormUtils.readForm(provider, message);
         } catch (Exception ex) {
-            throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());    
+            throw ExceptionUtils.toNotAuthorizedException(null, null);    
         }
     }
 
     protected Element readToken(Message message, String assertion) {
         if (assertion == null) {
-            throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
         try {
             byte[] deflatedToken = Base64UrlUtility.decode(assertion);
             InputStream is = new ByteArrayInputStream(deflatedToken); 
             return readToken(message, is); 
         } catch (Base64Exception ex) {
-            throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
         }         
     }
 
@@ -116,18 +115,15 @@ protected void validateToken(Message message, Element element, String clientId)
         // Introduce SAMLOAuth2Validator to be reused between auth and grant handlers
         Subject subject = SAMLUtils.getSubject(message, wrapper);
         if (subject.getName() == null) {
-            throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());  
+            throw ExceptionUtils.toNotAuthorizedException(null, null);  
         }
 
         if (clientId != null && !clientId.equals(subject.getName())) {
             //TODO:  Attempt to map client_id to subject.getName()
-            throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
         samlOAuthValidator.validate(message, wrapper);
         message.put(OAuthConstants.CLIENT_ID, subject.getName());
     }
 
-    private static Response errorResponse() {
-        return Response.status(401).build();
-    }
 }

rt/rs/security/oauth-parent/oauth2-saml/src/main/java/org/apache/cxf/rs/security/oauth2/saml/SamlOAuthValidator.java

@@ -21,7 +21,6 @@
 
 import java.util.List;
 
-import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 
 import org.apache.cxf.jaxrs.impl.UriInfoImpl;
@@ -72,11 +71,11 @@ public void validate(Message message, SamlAssertionWrapper wrapper) {
             String expectedIssuer = OAuthConstants.CLIENT_ID.equals(issuer) 
                 ? wrapper.getSaml2().getSubject().getNameID().getValue() : issuer;
             if (actualIssuer == null || !actualIssuer.equals(expectedIssuer)) {
-                throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
+                throw ExceptionUtils.toNotAuthorizedException(null, null);
             }
         }
         if (!validateAuthenticationSubject(message, cs, wrapper.getSaml2().getSubject())) {
-            throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
     }
 
@@ -97,7 +96,7 @@ private void validateAudience(Message message, Conditions cs) {
                 }
             }
         }
-        throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
+        throw ExceptionUtils.toNotAuthorizedException(null, null);
     }
 
     private String getAbsoluteTargetAddress(Message m) {
@@ -142,33 +141,30 @@ private void validateSubjectConfirmation(Message m,
                 && cs.getNotOnOrAfter() != null && !cs.getNotOnOrAfter().isBeforeNow()) {
                 return;
             }
-            throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
 
         // Recipient must match assertion consumer URL
         String recipient = subjectConfData.getRecipient();
         if (recipient == null || !recipient.equals(getAbsoluteTargetAddress(m))) {
-            throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
 
         // We must have a NotOnOrAfter timestamp
         if (subjectConfData.getNotOnOrAfter() == null
             || subjectConfData.getNotOnOrAfter().isBeforeNow()) {
-            throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
 
         //TODO: replay cache, same as with SAML SSO case
 
         // Check address
         if (subjectConfData.getAddress() != null
             && (clientAddress == null || !subjectConfData.getAddress().equals(clientAddress))) {
-            throw ExceptionUtils.toNotAuthorizedException(null, errorResponse());
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
 
 
     }
 
-    private static Response errorResponse() {
-        return Response.status(401).build();
-    }
 }

rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractOAuthService.java

@@ -23,12 +23,12 @@
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.ResponseBuilder;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.jaxrs.utils.ExceptionUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthError;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
@@ -122,7 +122,7 @@ protected void reportInvalidRequestError(OAuthError entity) {
     }
 
     protected void reportInvalidRequestError(OAuthError entity, MediaType mt) {
-        ResponseBuilder rb = Response.status(400);
+        ResponseBuilder rb = JAXRSUtils.toResponseBuilder(400);
         if (mt != null) {
             rb.type(mt);
         }

rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AbstractTokenService.java

@@ -28,6 +28,7 @@
 import javax.ws.rs.core.SecurityContext;
 
 import org.apache.cxf.jaxrs.utils.ExceptionUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 import org.apache.cxf.rs.security.oauth2.common.Client;
 import org.apache.cxf.rs.security.oauth2.common.OAuthError;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
@@ -97,7 +98,7 @@ protected Client getAndValidateClient(String clientId, String clientSecret) {
         if (clientSecret == null || client.getClientSecret() == null 
             || !client.getClientId().equals(clientId) 
             || !client.getClientSecret().equals(clientSecret)) {
-            throw ExceptionUtils.toNotAuthorizedException(null, Response.status(401).build());
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
         return client;
     }
@@ -117,7 +118,7 @@ protected Response createErrorResponse(MultivaluedMap<String, String> params,
     }
 
     protected Response createErrorResponseFromBean(OAuthError errorBean) {
-        return Response.status(400).entity(errorBean).build();
+        return JAXRSUtils.toResponseBuilder(400).entity(errorBean).build();
     }
 
     /**
@@ -151,7 +152,7 @@ protected void reportInvalidClient() {
     }
 
     protected void reportInvalidClient(OAuthError error) {
-        ResponseBuilder rb = Response.status(401);
+        ResponseBuilder rb = JAXRSUtils.toResponseBuilder(401);
         throw ExceptionUtils.toNotAuthorizedException(null, 
             rb.type(MediaType.APPLICATION_JSON_TYPE).entity(error).build());
     }

rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/RedirectionBasedGrantService.java

@@ -302,7 +302,7 @@ private SecurityContext getAndValidateSecurityContext() {
         SecurityContext securityContext =  
             (SecurityContext)getMessageContext().get(SecurityContext.class.getName());
         if (securityContext == null || securityContext.getUserPrincipal() == null) {
-            throw ExceptionUtils.toNotAuthorizedException(null, Response.status(401).build());
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
         checkTransportSecurity();
         return securityContext;

rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/AuthorizationUtils.java

@@ -30,6 +30,7 @@
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.jaxrs.utils.ExceptionUtils;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
 
 /**
  * Authorization helpers
@@ -49,7 +50,7 @@ public static String[] getBasicAuthParts(String data) {
         if (authInfo.length == 2) {
             return authInfo;
         }
-        throw ExceptionUtils.toNotAuthorizedException(null, Response.status(401).build());
+        throw ExceptionUtils.toNotAuthorizedException(null, null);
     }
 
     public static String[] getAuthorizationParts(MessageContext mc) {
@@ -74,7 +75,7 @@ public static void throwAuthorizationFailure(Set<String> challenges) {
     }
 
     public static void throwAuthorizationFailure(Set<String> challenges, String realm) {
-        ResponseBuilder rb = Response.status(401);
+        ResponseBuilder rb = JAXRSUtils.toResponseBuilder(401);
 
         StringBuilder sb = new StringBuilder();
         for (String challenge : challenges) {

rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthContextUtils.java

@@ -20,10 +20,6 @@
 
 import java.util.List;
 
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.Status;
-
 import org.apache.cxf.jaxrs.ext.MessageContext;
 import org.apache.cxf.jaxrs.utils.ExceptionUtils;
 import org.apache.cxf.rs.security.oauth2.common.OAuthContext;
@@ -82,7 +78,7 @@ public static boolean isUserInRole(final MessageContext mc, final String role) {
      */
     public static void assertRole(final MessageContext mc, final String role) {
         if (!isUserInRole(mc, role)) {
-            throw new WebApplicationException(Status.FORBIDDEN);
+            throw ExceptionUtils.toForbiddenException(null, null);
         }
     }
 
@@ -124,7 +120,7 @@ public static String resolveClient(MessageContext mc) {
     public static void assertClient(MessageContext mc, String client) {
         String cl = resolveClient(mc);
         if ((cl == null) || !cl.equals(client)) {
-            throw new WebApplicationException(Status.FORBIDDEN);
+            throw ExceptionUtils.toForbiddenException(null, null);
         }
     }
 
@@ -136,7 +132,7 @@ public static void assertClient(MessageContext mc, String client) {
     public static OAuthContext getContext(final MessageContext mc) {
         final OAuthContext oauth = mc.getContent(OAuthContext.class);
         if ((oauth == null) || (oauth.getSubject() == null) || (oauth.getSubject().getLogin() == null)) {
-            throw ExceptionUtils.toNotAuthorizedException(null, Response.status(401).build());
+            throw ExceptionUtils.toNotAuthorizedException(null, null);
         }
         return oauth;
     }