[cxf] branch master updated: [CXF-7919]OAuthRequestFilter should be able to check PATH_INO from Message as fallback

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[cxf] branch master updated: [CXF-7919]OAuthRequestFilter should be able to check PATH_INO from Message as fallback

ffang
This is an automated email from the ASF dual-hosted git repository.

ffang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new d7c48ad  [CXF-7919]OAuthRequestFilter should be able to check PATH_INO from Message as fallback
d7c48ad is described below

commit d7c48adcb1eb48a9677c3b9a79a522734c763d57
Author: Freeman Fang <[hidden email]>
AuthorDate: Wed Dec 5 12:58:12 2018 +0800

    [CXF-7919]OAuthRequestFilter should be able to check PATH_INO from Message as fallback
---
 .../apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
index 6d96196..ecd7c14 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
@@ -121,7 +121,7 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
 
         HttpServletRequest req = getMessageContext().getHttpServletRequest();
         for (OAuthPermission perm : permissions) {
-            boolean uriOK = checkRequestURI(req, perm.getUris());
+            boolean uriOK = checkRequestURI(req, perm.getUris(), m);
             boolean verbOK = checkHttpVerb(req, perm.getHttpVerbs());
             boolean scopeOk = checkScopeProperty(perm.getPermission());
             if (uriOK && verbOK && scopeOk) {
@@ -197,12 +197,16 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
         return true;
     }
 
-    protected boolean checkRequestURI(HttpServletRequest request, List<String> uris) {
+        
+    protected boolean checkRequestURI(HttpServletRequest request, List<String> uris, Message m) {
 
         if (uris.isEmpty()) {
             return true;
         }
         String servletPath = request.getPathInfo();
+        if (servletPath == null) {
+            servletPath = (String)m.get(Message.PATH_INFO);
+        }
         boolean foundValidScope = false;
         for (String uri : uris) {
             if (OAuthUtils.checkRequestURI(servletPath, uri)) {