You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by re...@apache.org on 2016/12/04 01:12:07 UTC

[25/30] cxf git commit: [CXF-7161] Avoiding reporting a null secret key with a dangling secret expiry time, patch from Adrian Gonzalez applied, This closes #209

[CXF-7161] Avoiding reporting a null secret key with a dangling secret expiry time, patch from Adrian Gonzalez applied, This closes #209


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4dcf5120
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4dcf5120
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4dcf5120

Branch: refs/heads/CXF-6882.nio
Commit: 4dcf5120561ba5b11bf9493c931889c591cf36e0
Parents: 66e97c7
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Fri Dec 2 16:42:09 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Fri Dec 2 16:42:09 2016 +0000

----------------------------------------------------------------------
 .../security/oauth2/services/DynamicRegistrationService.java | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/4dcf5120/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
index 8a8dd93..69d7f7b 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
@@ -125,10 +125,12 @@ public class DynamicRegistrationService {
     protected ClientRegistrationResponse fromClientToRegistrationResponse(Client client) {
         ClientRegistrationResponse response = new ClientRegistrationResponse();
         response.setClientId(client.getClientId());
-        response.setClientSecret(client.getClientSecret());
+        if (client.getClientSecret() != null) {
+            response.setClientSecret(client.getClientSecret());
+            // TODO: consider making Client secret time limited
+            response.setClientSecretExpiresAt(Long.valueOf(0));
+        }
         response.setClientIdIssuedAt(client.getRegisteredAt());
-        // TODO: consider making Client secret time limited
-        response.setClientSecretExpiresAt(Long.valueOf(0));
         UriBuilder ub = getMessageContext().getUriInfo().getAbsolutePathBuilder();
         
         if (supportRegistrationAccessTokens) {