You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/09/22 16:45:35 UTC
cxf git commit: Making the reporting of some OIDC/OAuth2 endpoints
optional
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes 2adcc64ec -> 0947c0a20
Making the reporting of some OIDC/OAuth2 endpoints optional
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0947c0a2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0947c0a2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0947c0a2
Branch: refs/heads/3.1.x-fixes
Commit: 0947c0a206ae150e4985ff8c3ebf98fc048378bb
Parents: 2adcc64
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Thu Sep 22 17:42:24 2016 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Thu Sep 22 17:45:08 2016 +0100
----------------------------------------------------------------------
.../services/AuthorizationMetadataService.java | 80 +++++++++++++++++---
.../oidc/idp/OidcConfigurationService.java | 20 ++++-
2 files changed, 86 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/0947c0a2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
index 7e7d05b..10e3e93 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
@@ -32,12 +32,21 @@ import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
@Path("oauth-authorization-server")
public class AuthorizationMetadataService {
-
private String issuer;
+ // Required
private String authorizationEndpointAddress;
+ // Optional if only an implicit flow is used
+ private boolean tokenEndpointNotAvailable;
private String tokenEndpointAddress;
+ // Optional
+ private boolean tokenRevocationEndpointNotAvailable;
private String tokenRevocationEndpointAddress;
+ // Required for OIDC, optional otherwise
+ private boolean jwkEndpointNotAvailable;
private String jwkEndpointAddress;
+ // Optional
+ private boolean dynamicRegistrationEndpointNotAvailable;
+ private String dynamicRegistrationEndpointAddress;
@GET
@Produces("application/json")
@@ -59,17 +68,29 @@ public class AuthorizationMetadataService {
calculateEndpointAddress(authorizationEndpointAddress, baseUri, "/idp/authorize");
cfg.put("authorization_endpoint", theAuthorizationEndpointAddress);
// Token Endpoint
- String theTokenEndpointAddress =
- calculateEndpointAddress(tokenEndpointAddress, baseUri, "/oauth2/token");
- cfg.put("token_endpoint", theTokenEndpointAddress);
+ if (!isTokenEndpointNotAvailable()) {
+ String theTokenEndpointAddress =
+ calculateEndpointAddress(tokenEndpointAddress, baseUri, "/oauth2/token");
+ cfg.put("token_endpoint", theTokenEndpointAddress);
+ }
// Token Revocation Endpoint
- String theTokenRevocationEndpointAddress =
- calculateEndpointAddress(tokenRevocationEndpointAddress, baseUri, "/oauth2/revoke");
- cfg.put("revocation_endpoint", theTokenRevocationEndpointAddress);
+ if (!isTokenRevocationEndpointNotAvailable()) {
+ String theTokenRevocationEndpointAddress =
+ calculateEndpointAddress(tokenRevocationEndpointAddress, baseUri, "/oauth2/revoke");
+ cfg.put("revocation_endpoint", theTokenRevocationEndpointAddress);
+ }
// Jwks Uri Endpoint
- String theJwkEndpointAddress =
- calculateEndpointAddress(jwkEndpointAddress, baseUri, "/jwk/keys");
- cfg.put("jwks_uri", theJwkEndpointAddress);
+ if (!isJwkEndpointNotAvailable()) {
+ String theJwkEndpointAddress =
+ calculateEndpointAddress(jwkEndpointAddress, baseUri, "/jwk/keys");
+ cfg.put("jwks_uri", theJwkEndpointAddress);
+ }
+ // Dynamic Registration Endpoint
+ if (!isDynamicRegistrationEndpointNotAvailable()) {
+ String theDynamicRegistrationEndpointAddress =
+ calculateEndpointAddress(dynamicRegistrationEndpointAddress, baseUri, "/dynamic/register");
+ cfg.put("registration_endpoint", theDynamicRegistrationEndpointAddress);
+ }
}
protected static String calculateEndpointAddress(String endpointAddress, String baseUri, String defRelAddress) {
@@ -109,5 +130,44 @@ public class AuthorizationMetadataService {
public void setTokenRevocationEndpointAddress(String tokenRevocationEndpointAddress) {
this.tokenRevocationEndpointAddress = tokenRevocationEndpointAddress;
}
+
+ public void setTokenRevocationEndpointNotAvailable(boolean tokenRevocationEndpointNotAvailable) {
+ this.tokenRevocationEndpointNotAvailable = tokenRevocationEndpointNotAvailable;
+ }
+ public boolean isTokenRevocationEndpointNotAvailable() {
+ return tokenRevocationEndpointNotAvailable;
+ }
+
+ public void setJwkEndpointNotAvailable(boolean jwkEndpointNotAvailable) {
+ this.jwkEndpointNotAvailable = jwkEndpointNotAvailable;
+ }
+
+ public boolean isJwkEndpointNotAvailable() {
+ return jwkEndpointNotAvailable;
+ }
+
+ public boolean isTokenEndpointNotAvailable() {
+ return tokenEndpointNotAvailable;
+ }
+
+ public void setTokenEndpointNotAvailable(boolean tokenEndpointNotAvailable) {
+ this.tokenEndpointNotAvailable = tokenEndpointNotAvailable;
+ }
+
+ public boolean isDynamicRegistrationEndpointNotAvailable() {
+ return dynamicRegistrationEndpointNotAvailable;
+ }
+
+ public void setDynamicRegistrationEndpointNotAvailable(boolean dynamicRegistrationEndpointNotAvailable) {
+ this.dynamicRegistrationEndpointNotAvailable = dynamicRegistrationEndpointNotAvailable;
+ }
+
+ public String getDynamicRegistrationEndpointAddress() {
+ return dynamicRegistrationEndpointAddress;
+ }
+
+ public void setDynamicRegistrationEndpointAddress(String dynamicRegistrationEndpointAddress) {
+ this.dynamicRegistrationEndpointAddress = dynamicRegistrationEndpointAddress;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/0947c0a2/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java
index fab8037..7e7c8ce 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java
@@ -30,15 +30,19 @@ import org.apache.cxf.rs.security.oauth2.services.AuthorizationMetadataService;
@Path("openid-configuration")
public class OidcConfigurationService extends AuthorizationMetadataService {
+ // Recommended - but optional
+ private boolean userInfoEndpointNotAvailable;
private String userInfoEndpointAddress;
-
+
@Override
protected void prepareConfigurationData(Map<String, Object> cfg, String baseUri) {
super.prepareConfigurationData(cfg, baseUri);
// UriInfo Endpoint
- String theUserInfoEndpointAddress =
- calculateEndpointAddress(userInfoEndpointAddress, baseUri, "/users/userinfo");
- cfg.put("userinfo_endpoint", theUserInfoEndpointAddress);
+ if (!isUserInfoEndpointNotAvailable()) {
+ String theUserInfoEndpointAddress =
+ calculateEndpointAddress(userInfoEndpointAddress, baseUri, "/users/userinfo");
+ cfg.put("userinfo_endpoint", theUserInfoEndpointAddress);
+ }
Properties sigProps = JwsUtils.loadSignatureOutProperties(false);
if (sigProps != null && sigProps.containsKey(JoseConstants.RSSEC_SIGNATURE_ALGORITHM)) {
@@ -46,5 +50,13 @@ public class OidcConfigurationService extends AuthorizationMetadataService {
Collections.singletonList(sigProps.get(JoseConstants.RSSEC_SIGNATURE_ALGORITHM)));
}
}
+
+ public boolean isUserInfoEndpointNotAvailable() {
+ return userInfoEndpointNotAvailable;
+ }
+
+ public void setUserInfoEndpointNotAvailable(boolean userInfoEndpointNotAvailable) {
+ this.userInfoEndpointNotAvailable = userInfoEndpointNotAvailable;
+ }
}