You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/02/09 11:36:38 UTC
cxf-fediz git commit: Moving the code for manging client regs and
tokens to a clients subpackage
Repository: cxf-fediz
Updated Branches:
refs/heads/master 28dcba96a -> 6e1c0ddf7
Moving the code for manging client regs and tokens to a clients subpackage
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/6e1c0ddf
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/6e1c0ddf
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/6e1c0ddf
Branch: refs/heads/master
Commit: 6e1c0ddf76c39a5b223b47cbdb93d93e665ff1e8
Parents: 28dcba9
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Feb 9 10:36:23 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Feb 9 10:36:23 2016 +0000
----------------------------------------------------------------------
.../fediz/service/oidc/ClientCodeGrants.java | 48 ---
.../service/oidc/ClientRegistrationService.java | 378 -------------------
.../cxf/fediz/service/oidc/ClientTokens.java | 48 ---
.../fediz/service/oidc/InvalidRegistration.java | 31 --
.../cxf/fediz/service/oidc/RegisterClient.java | 33 --
.../fediz/service/oidc/RegisteredClients.java | 35 --
.../service/oidc/clients/ClientCodeGrants.java | 48 +++
.../oidc/clients/ClientRegistrationService.java | 378 +++++++++++++++++++
.../service/oidc/clients/ClientTokens.java | 48 +++
.../oidc/clients/InvalidRegistration.java | 31 ++
.../service/oidc/clients/RegisterClient.java | 33 ++
.../service/oidc/clients/RegisteredClients.java | 35 ++
.../main/webapp/WEB-INF/applicationContext.xml | 5 +-
.../webapp/WEB-INF/views/clientCodeGrants.jsp | 2 +-
.../main/webapp/WEB-INF/views/clientTokens.jsp | 2 +-
.../WEB-INF/views/invalidRegistration.jsp | 2 +-
.../webapp/WEB-INF/views/registerClient.jsp | 2 +-
.../webapp/WEB-INF/views/registeredClients.jsp | 2 +-
18 files changed, 581 insertions(+), 580 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientCodeGrants.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientCodeGrants.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientCodeGrants.java
deleted file mode 100644
index 6134fcc..0000000
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientCodeGrants.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.oidc;
-
-import java.util.LinkedList;
-import java.util.List;
-
-import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
-
-public class ClientCodeGrants {
- private Client client;
- private List<ServerAuthorizationCodeGrant> codeGrants = new LinkedList<ServerAuthorizationCodeGrant>();
- public ClientCodeGrants(Client c, List<ServerAuthorizationCodeGrant> codeGrants) {
- this.client = c;
- this.setCodeGrants(codeGrants);
- }
- public Client getClient() {
- return client;
- }
- public void setClient(Client client) {
- this.client = client;
- }
- public List<ServerAuthorizationCodeGrant> getCodeGrants() {
- return codeGrants;
- }
- public void setCodeGrants(List<ServerAuthorizationCodeGrant> codeGrants) {
- this.codeGrants = codeGrants;
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
deleted file mode 100644
index ad4e7a8..0000000
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java
+++ /dev/null
@@ -1,378 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.service.oidc;
-
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-
-import javax.ws.rs.Consumes;
-import javax.ws.rs.FormParam;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.SecurityContext;
-
-import org.apache.commons.validator.routines.UrlValidator;
-import org.apache.cxf.common.util.Base64UrlUtility;
-import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.common.UserSubject;
-import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider;
-import org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider;
-import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
-import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
-import org.apache.cxf.rt.security.crypto.CryptoUtils;
-
-@Path("/")
-public class ClientRegistrationService {
-
- private Map<String, Collection<Client>> registrations = new ConcurrentHashMap<String, Collection<Client>>();
- private OAuthDataProvider dataProvider;
- private ClientRegistrationProvider clientProvider;
- private Map<String, String> homeRealms = new LinkedHashMap<String, String>();
- private boolean protectIdTokenWithClientSecret;
- private Map<String, String> clientScopes;
-
- @Context
- private SecurityContext sc;
-
- @GET
- @Produces(MediaType.TEXT_HTML)
- @Path("/register")
- public RegisterClient registerStart() {
- return new RegisterClient(homeRealms);
- }
-
- @GET
- @Produces(MediaType.TEXT_HTML)
- @Path("/")
- public RegisteredClients getClients() {
- return new RegisteredClients(getClientRegistrations());
- }
-
- @GET
- @Produces(MediaType.TEXT_HTML)
- @Path("/{id}")
- public Client getRegisteredClient(@PathParam("id") String id) {
- for (Client c : getClientRegistrations()) {
- if (c.getClientId().equals(id)) {
- return c;
- }
- }
- return null;
- }
-
-
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces(MediaType.TEXT_HTML)
- @Path("/{id}/remove")
- public RegisteredClients removeClient(@PathParam("id") String id) {
- Collection<Client> clients = getClientRegistrations();
- for (Iterator<Client> it = clients.iterator(); it.hasNext();) {
- Client c = it.next();
- if (c.getClientId().equals(id)) {
- clientProvider.removeClient(id);
- it.remove();
- break;
- }
- }
- return new RegisteredClients(clients);
- }
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces(MediaType.TEXT_HTML)
- @Path("/{id}/reset")
- public Client resetClient(@PathParam("id") String id) {
- Client c = getRegisteredClient(id);
- if (c.isConfidential()) {
- c.setClientSecret(generateClientSecret());
- }
- clientProvider.setClient(c);
- return c;
- }
-
- @GET
- @Produces(MediaType.TEXT_HTML)
- @Path("/{id}/tokens")
- public ClientTokens getClientIssuedTokens(@PathParam("id") String id) {
- Client c = getRegisteredClient(id);
- return doGetClientIssuedTokens(c);
- }
-
- protected ClientTokens doGetClientIssuedTokens(Client c) {
- // Right now the user who is registering the clients
- // is the one who is working with them, i.e, client registrations
- // are user specific, so passing null is OK
- return new ClientTokens(c,
- dataProvider.getAccessTokens(c, null),
- dataProvider.getRefreshTokens(c, null));
- }
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces(MediaType.TEXT_HTML)
- @Path("/{id}/at/{tokenId}/revoke")
- public ClientTokens revokeClientAccessToken(@PathParam("id") String clientId,
- @PathParam("tokenId") String tokenId) {
- return doRevokeClientToken(clientId, tokenId, OAuthConstants.ACCESS_TOKEN);
- }
-
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces(MediaType.TEXT_HTML)
- @Path("/{id}/rt/{tokenId}/revoke")
- public ClientTokens revokeClientRefreshToken(@PathParam("id") String clientId,
- @PathParam("tokenId") String tokenId) {
- return doRevokeClientToken(clientId, tokenId, OAuthConstants.REFRESH_TOKEN);
- }
-
- protected ClientTokens doRevokeClientToken(String clientId,
- String tokenId,
- String tokenType) {
- Client c = getRegisteredClient(clientId);
- dataProvider.revokeToken(c, tokenId, tokenType);
- return doGetClientIssuedTokens(c);
- }
-
- @GET
- @Produces(MediaType.TEXT_HTML)
- @Path("/{id}/codes")
- public ClientCodeGrants getClientCodeGrants(@PathParam("id") String id) {
- if (dataProvider instanceof AuthorizationCodeDataProvider) {
- Client c = getRegisteredClient(id);
- return new ClientCodeGrants(c,
- ((AuthorizationCodeDataProvider)dataProvider).getCodeGrants(c, null));
- }
- return null;
- }
-
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces(MediaType.TEXT_HTML)
- @Path("/{id}/codes/{code}/revoke")
- public ClientCodeGrants revokeClientCodeGrant(@PathParam("id") String id,
- @PathParam("code") String code) {
- if (dataProvider instanceof AuthorizationCodeDataProvider) {
- ((AuthorizationCodeDataProvider)dataProvider).removeCodeGrant(code);
- return getClientCodeGrants(id);
- }
- return null;
- }
-
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces(MediaType.TEXT_HTML)
- @Path("/")
- public Response registerForm(@FormParam("client_name") String appName,
- @FormParam("client_type") String appType,
- @FormParam("client_audience") String audience,
- @FormParam("client_redirectURI") String redirectURI,
- @FormParam("client_homeRealm") String homeRealm
- ) {
-
- // Client Name
- if (StringUtils.isEmpty(appName)) {
- return invalidRegistrationResponse("The client name must not be empty");
- }
- // Client Type
- if (StringUtils.isEmpty(appType)) {
- return invalidRegistrationResponse("The client type must not be empty");
- }
- if (!("confidential".equals(appType) || "public".equals(appType))) {
- return invalidRegistrationResponse("An invalid client type was specified: " + appType);
- }
- // Client ID
- String clientId = generateClientId();
- boolean isConfidential = "confidential".equals(appType);
- // Client Secret
- String clientSecret = isConfidential
- ? generateClientSecret()
- : null;
-
- Client newClient = new Client(clientId, clientSecret, isConfidential, appName);
-
- // User who registered this client
- String userName = sc.getUserPrincipal().getName();
- UserSubject userSubject = new UserSubject(userName);
- newClient.setResourceOwnerSubject(userSubject);
-
- // Client Registration Time
- newClient.setRegisteredAt(System.currentTimeMillis() / 1000);
-
- // Client Realm
- newClient.setHomeRealm(homeRealm);
-
- // Client Redirect URIs
- if (!StringUtils.isEmpty(redirectURI)) {
- String[] allUris = redirectURI.trim().split(" ");
- List<String> redirectUris = new LinkedList<String>();
- for (String uri : allUris) {
- if (!StringUtils.isEmpty(uri)) {
- if (!isValidURI(uri, false)) {
- return invalidRegistrationResponse("An invalid redirect URI was specified: " + uri);
- }
- redirectUris.add(uri);
- }
- }
- newClient.setRedirectUris(redirectUris);
- }
-
- // Client Audience URIs
- if (!StringUtils.isEmpty(audience)) {
- String[] auds = audience.trim().split(" ");
- List<String> registeredAuds = new LinkedList<String>();
- for (String aud : auds) {
- if (!StringUtils.isEmpty(aud)) {
- if (!isValidURI(aud, true)) {
- return invalidRegistrationResponse("An invalid audience URI was specified: " + aud);
- }
- registeredAuds.add(aud);
- }
- }
- newClient.setRegisteredAudiences(registeredAuds);
- }
-
- // Client Scopes
- if (clientScopes != null && !clientScopes.isEmpty()) {
- newClient.setRegisteredScopes(new ArrayList<String>(clientScopes.keySet()));
- }
-
- return Response.ok(registerNewClient(newClient)).build();
- }
-
- private Response invalidRegistrationResponse(String error) {
- return Response.ok(new InvalidRegistration(error)).build();
- }
-
- private boolean isValidURI(String uri, boolean requireHttps) {
-
- UrlValidator urlValidator = null;
-
- if (requireHttps) {
- String[] schemes = {"https"};
- urlValidator = new UrlValidator(schemes, UrlValidator.ALLOW_LOCAL_URLS);
- } else {
- urlValidator = new UrlValidator(UrlValidator.ALLOW_LOCAL_URLS
- + UrlValidator.ALLOW_ALL_SCHEMES);
- }
-
- if (!urlValidator.isValid(uri)) {
- return false;
- }
-
- // Do additional checks on the URI
- try {
- URI parsedURI = new URI(uri);
- // The URI can't have a fragment according to the OAuth 2.0 spec (+ audience spec)
- if (parsedURI.getFragment() != null) {
- return false;
- }
- } catch (URISyntaxException ex) {
- return false;
- }
-
- return true;
- }
-
- protected String generateClientId() {
- return Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(10));
- }
-
- protected String generateClientSecret() {
- // TODO: may need to be 384/8 or 512/8 if not a default HS256 but HS384 or HS512
- int keySizeOctets = protectIdTokenWithClientSecret
- ? 32
- : 16;
- return Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(keySizeOctets));
- }
-
- protected RegisteredClients registerNewClient(Client newClient) {
- clientProvider.setClient(newClient);
- Collection<Client> clientRegistrations = getClientRegistrations();
- clientRegistrations.add(newClient);
- return new RegisteredClients(clientRegistrations);
- }
-
- protected Collection<Client> getClientRegistrations() {
- String userName = getUserName();
- return getClientRegistrations(userName);
- }
-
- protected Collection<Client> getClientRegistrations(String userName) {
- Collection<Client> userClientRegs = registrations.get(userName);
- if (userClientRegs == null) {
- userClientRegs = new HashSet<Client>();
- registrations.put(userName, userClientRegs);
- }
- return userClientRegs;
- }
-
- private String getUserName() {
- if (sc == null || sc.getUserPrincipal() == null) {
- return null;
- }
- return sc.getUserPrincipal().getName();
- }
-
- public void setHomeRealms(Map<String, String> homeRealms) {
- this.homeRealms = homeRealms;
- }
-
- public void init() {
- for (Client c : clientProvider.getClients(null)) {
- String userName = c.getResourceOwnerSubject().getLogin();
- getClientRegistrations(userName).add(c);
- }
- }
-
- public void setProtectIdTokenWithClientSecret(boolean protectIdTokenWithClientSecret) {
- this.protectIdTokenWithClientSecret = protectIdTokenWithClientSecret;
- }
-
- public void setClientScopes(Map<String, String> clientScopes) {
- this.clientScopes = clientScopes;
- }
-
- public OAuthDataProvider getDataProvider() {
- return dataProvider;
- }
-
- public void setDataProvider(OAuthDataProvider dataProvider) {
- this.dataProvider = dataProvider;
- }
-
- public void setClientProvider(ClientRegistrationProvider clientProvider) {
- this.clientProvider = clientProvider;
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientTokens.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientTokens.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientTokens.java
deleted file mode 100644
index e7ad7f6..0000000
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientTokens.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.oidc;
-
-import java.util.LinkedList;
-import java.util.List;
-
-import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
-import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
-
-public class ClientTokens {
- private Client client;
- private List<ServerAccessToken> accessTokens = new LinkedList<ServerAccessToken>();
- private List<RefreshToken> refreshTokens = new LinkedList<RefreshToken>();
- public ClientTokens(Client c,
- List<ServerAccessToken> accessTokens,
- List<RefreshToken> refreshTokens) {
- this.client = c;
- this.accessTokens = accessTokens;
- this.refreshTokens = refreshTokens;
- }
- public Client getClient() {
- return client;
- }
- public List<ServerAccessToken> getAccessTokens() {
- return accessTokens;
- }
- public List<RefreshToken> getRefreshTokens() {
- return refreshTokens;
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/InvalidRegistration.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/InvalidRegistration.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/InvalidRegistration.java
deleted file mode 100644
index 31637a7..0000000
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/InvalidRegistration.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.service.oidc;
-
-public class InvalidRegistration {
- private String message;
- public InvalidRegistration(String message) {
- this.message = message;
- }
- public String getMessage() {
- return message;
- }
-
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/RegisterClient.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/RegisterClient.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/RegisterClient.java
deleted file mode 100644
index 9a3b0b2..0000000
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/RegisterClient.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.oidc;
-
-import java.util.Map;
-
-public class RegisterClient {
- private Map<String, String> homeRealms;
- public RegisterClient(Map<String, String> homeRealms) {
- this.homeRealms = homeRealms;
- }
- public Map<String, String> getHomeRealms() {
- return homeRealms;
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/RegisteredClients.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/RegisteredClients.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/RegisteredClients.java
deleted file mode 100644
index dc30b27..0000000
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/RegisteredClients.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.fediz.service.oidc;
-
-import java.util.Collection;
-
-import org.apache.cxf.rs.security.oauth2.common.Client;
-
-public class RegisteredClients {
- private Collection<Client> clients;
- public RegisteredClients(Collection<Client> clients) {
- this.clients = clients;
- }
- public Collection<Client> getClients() {
- return clients;
- }
-
-
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientCodeGrants.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientCodeGrants.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientCodeGrants.java
new file mode 100644
index 0000000..af2b45f
--- /dev/null
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientCodeGrants.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.oidc.clients;
+
+import java.util.LinkedList;
+import java.util.List;
+
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.grants.code.ServerAuthorizationCodeGrant;
+
+public class ClientCodeGrants {
+ private Client client;
+ private List<ServerAuthorizationCodeGrant> codeGrants = new LinkedList<ServerAuthorizationCodeGrant>();
+ public ClientCodeGrants(Client c, List<ServerAuthorizationCodeGrant> codeGrants) {
+ this.client = c;
+ this.setCodeGrants(codeGrants);
+ }
+ public Client getClient() {
+ return client;
+ }
+ public void setClient(Client client) {
+ this.client = client;
+ }
+ public List<ServerAuthorizationCodeGrant> getCodeGrants() {
+ return codeGrants;
+ }
+ public void setCodeGrants(List<ServerAuthorizationCodeGrant> codeGrants) {
+ this.codeGrants = codeGrants;
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
new file mode 100644
index 0000000..f8eef3f
--- /dev/null
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
@@ -0,0 +1,378 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.oidc.clients;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.FormParam;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.SecurityContext;
+
+import org.apache.commons.validator.routines.UrlValidator;
+import org.apache.cxf.common.util.Base64UrlUtility;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.UserSubject;
+import org.apache.cxf.rs.security.oauth2.grants.code.AuthorizationCodeDataProvider;
+import org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider;
+import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
+import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
+import org.apache.cxf.rt.security.crypto.CryptoUtils;
+
+@Path("/")
+public class ClientRegistrationService {
+
+ private Map<String, Collection<Client>> registrations = new ConcurrentHashMap<String, Collection<Client>>();
+ private OAuthDataProvider dataProvider;
+ private ClientRegistrationProvider clientProvider;
+ private Map<String, String> homeRealms = new LinkedHashMap<String, String>();
+ private boolean protectIdTokenWithClientSecret;
+ private Map<String, String> clientScopes;
+
+ @Context
+ private SecurityContext sc;
+
+ @GET
+ @Produces(MediaType.TEXT_HTML)
+ @Path("/register")
+ public RegisterClient registerStart() {
+ return new RegisterClient(homeRealms);
+ }
+
+ @GET
+ @Produces(MediaType.TEXT_HTML)
+ @Path("/")
+ public RegisteredClients getClients() {
+ return new RegisteredClients(getClientRegistrations());
+ }
+
+ @GET
+ @Produces(MediaType.TEXT_HTML)
+ @Path("/{id}")
+ public Client getRegisteredClient(@PathParam("id") String id) {
+ for (Client c : getClientRegistrations()) {
+ if (c.getClientId().equals(id)) {
+ return c;
+ }
+ }
+ return null;
+ }
+
+
+ @POST
+ @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+ @Produces(MediaType.TEXT_HTML)
+ @Path("/{id}/remove")
+ public RegisteredClients removeClient(@PathParam("id") String id) {
+ Collection<Client> clients = getClientRegistrations();
+ for (Iterator<Client> it = clients.iterator(); it.hasNext();) {
+ Client c = it.next();
+ if (c.getClientId().equals(id)) {
+ clientProvider.removeClient(id);
+ it.remove();
+ break;
+ }
+ }
+ return new RegisteredClients(clients);
+ }
+ @POST
+ @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+ @Produces(MediaType.TEXT_HTML)
+ @Path("/{id}/reset")
+ public Client resetClient(@PathParam("id") String id) {
+ Client c = getRegisteredClient(id);
+ if (c.isConfidential()) {
+ c.setClientSecret(generateClientSecret());
+ }
+ clientProvider.setClient(c);
+ return c;
+ }
+
+ @GET
+ @Produces(MediaType.TEXT_HTML)
+ @Path("/{id}/tokens")
+ public ClientTokens getClientIssuedTokens(@PathParam("id") String id) {
+ Client c = getRegisteredClient(id);
+ return doGetClientIssuedTokens(c);
+ }
+
+ protected ClientTokens doGetClientIssuedTokens(Client c) {
+ // Right now the user who is registering the clients
+ // is the one who is working with them, i.e, client registrations
+ // are user specific, so passing null is OK
+ return new ClientTokens(c,
+ dataProvider.getAccessTokens(c, null),
+ dataProvider.getRefreshTokens(c, null));
+ }
+ @POST
+ @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+ @Produces(MediaType.TEXT_HTML)
+ @Path("/{id}/at/{tokenId}/revoke")
+ public ClientTokens revokeClientAccessToken(@PathParam("id") String clientId,
+ @PathParam("tokenId") String tokenId) {
+ return doRevokeClientToken(clientId, tokenId, OAuthConstants.ACCESS_TOKEN);
+ }
+
+ @POST
+ @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+ @Produces(MediaType.TEXT_HTML)
+ @Path("/{id}/rt/{tokenId}/revoke")
+ public ClientTokens revokeClientRefreshToken(@PathParam("id") String clientId,
+ @PathParam("tokenId") String tokenId) {
+ return doRevokeClientToken(clientId, tokenId, OAuthConstants.REFRESH_TOKEN);
+ }
+
+ protected ClientTokens doRevokeClientToken(String clientId,
+ String tokenId,
+ String tokenType) {
+ Client c = getRegisteredClient(clientId);
+ dataProvider.revokeToken(c, tokenId, tokenType);
+ return doGetClientIssuedTokens(c);
+ }
+
+ @GET
+ @Produces(MediaType.TEXT_HTML)
+ @Path("/{id}/codes")
+ public ClientCodeGrants getClientCodeGrants(@PathParam("id") String id) {
+ if (dataProvider instanceof AuthorizationCodeDataProvider) {
+ Client c = getRegisteredClient(id);
+ return new ClientCodeGrants(c,
+ ((AuthorizationCodeDataProvider)dataProvider).getCodeGrants(c, null));
+ }
+ return null;
+ }
+
+ @POST
+ @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+ @Produces(MediaType.TEXT_HTML)
+ @Path("/{id}/codes/{code}/revoke")
+ public ClientCodeGrants revokeClientCodeGrant(@PathParam("id") String id,
+ @PathParam("code") String code) {
+ if (dataProvider instanceof AuthorizationCodeDataProvider) {
+ ((AuthorizationCodeDataProvider)dataProvider).removeCodeGrant(code);
+ return getClientCodeGrants(id);
+ }
+ return null;
+ }
+
+ @POST
+ @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+ @Produces(MediaType.TEXT_HTML)
+ @Path("/")
+ public Response registerForm(@FormParam("client_name") String appName,
+ @FormParam("client_type") String appType,
+ @FormParam("client_audience") String audience,
+ @FormParam("client_redirectURI") String redirectURI,
+ @FormParam("client_homeRealm") String homeRealm
+ ) {
+
+ // Client Name
+ if (StringUtils.isEmpty(appName)) {
+ return invalidRegistrationResponse("The client name must not be empty");
+ }
+ // Client Type
+ if (StringUtils.isEmpty(appType)) {
+ return invalidRegistrationResponse("The client type must not be empty");
+ }
+ if (!("confidential".equals(appType) || "public".equals(appType))) {
+ return invalidRegistrationResponse("An invalid client type was specified: " + appType);
+ }
+ // Client ID
+ String clientId = generateClientId();
+ boolean isConfidential = "confidential".equals(appType);
+ // Client Secret
+ String clientSecret = isConfidential
+ ? generateClientSecret()
+ : null;
+
+ Client newClient = new Client(clientId, clientSecret, isConfidential, appName);
+
+ // User who registered this client
+ String userName = sc.getUserPrincipal().getName();
+ UserSubject userSubject = new UserSubject(userName);
+ newClient.setResourceOwnerSubject(userSubject);
+
+ // Client Registration Time
+ newClient.setRegisteredAt(System.currentTimeMillis() / 1000);
+
+ // Client Realm
+ newClient.setHomeRealm(homeRealm);
+
+ // Client Redirect URIs
+ if (!StringUtils.isEmpty(redirectURI)) {
+ String[] allUris = redirectURI.trim().split(" ");
+ List<String> redirectUris = new LinkedList<String>();
+ for (String uri : allUris) {
+ if (!StringUtils.isEmpty(uri)) {
+ if (!isValidURI(uri, false)) {
+ return invalidRegistrationResponse("An invalid redirect URI was specified: " + uri);
+ }
+ redirectUris.add(uri);
+ }
+ }
+ newClient.setRedirectUris(redirectUris);
+ }
+
+ // Client Audience URIs
+ if (!StringUtils.isEmpty(audience)) {
+ String[] auds = audience.trim().split(" ");
+ List<String> registeredAuds = new LinkedList<String>();
+ for (String aud : auds) {
+ if (!StringUtils.isEmpty(aud)) {
+ if (!isValidURI(aud, true)) {
+ return invalidRegistrationResponse("An invalid audience URI was specified: " + aud);
+ }
+ registeredAuds.add(aud);
+ }
+ }
+ newClient.setRegisteredAudiences(registeredAuds);
+ }
+
+ // Client Scopes
+ if (clientScopes != null && !clientScopes.isEmpty()) {
+ newClient.setRegisteredScopes(new ArrayList<String>(clientScopes.keySet()));
+ }
+
+ return Response.ok(registerNewClient(newClient)).build();
+ }
+
+ private Response invalidRegistrationResponse(String error) {
+ return Response.ok(new InvalidRegistration(error)).build();
+ }
+
+ private boolean isValidURI(String uri, boolean requireHttps) {
+
+ UrlValidator urlValidator = null;
+
+ if (requireHttps) {
+ String[] schemes = {"https"};
+ urlValidator = new UrlValidator(schemes, UrlValidator.ALLOW_LOCAL_URLS);
+ } else {
+ urlValidator = new UrlValidator(UrlValidator.ALLOW_LOCAL_URLS
+ + UrlValidator.ALLOW_ALL_SCHEMES);
+ }
+
+ if (!urlValidator.isValid(uri)) {
+ return false;
+ }
+
+ // Do additional checks on the URI
+ try {
+ URI parsedURI = new URI(uri);
+ // The URI can't have a fragment according to the OAuth 2.0 spec (+ audience spec)
+ if (parsedURI.getFragment() != null) {
+ return false;
+ }
+ } catch (URISyntaxException ex) {
+ return false;
+ }
+
+ return true;
+ }
+
+ protected String generateClientId() {
+ return Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(10));
+ }
+
+ protected String generateClientSecret() {
+ // TODO: may need to be 384/8 or 512/8 if not a default HS256 but HS384 or HS512
+ int keySizeOctets = protectIdTokenWithClientSecret
+ ? 32
+ : 16;
+ return Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(keySizeOctets));
+ }
+
+ protected RegisteredClients registerNewClient(Client newClient) {
+ clientProvider.setClient(newClient);
+ Collection<Client> clientRegistrations = getClientRegistrations();
+ clientRegistrations.add(newClient);
+ return new RegisteredClients(clientRegistrations);
+ }
+
+ protected Collection<Client> getClientRegistrations() {
+ String userName = getUserName();
+ return getClientRegistrations(userName);
+ }
+
+ protected Collection<Client> getClientRegistrations(String userName) {
+ Collection<Client> userClientRegs = registrations.get(userName);
+ if (userClientRegs == null) {
+ userClientRegs = new HashSet<Client>();
+ registrations.put(userName, userClientRegs);
+ }
+ return userClientRegs;
+ }
+
+ private String getUserName() {
+ if (sc == null || sc.getUserPrincipal() == null) {
+ return null;
+ }
+ return sc.getUserPrincipal().getName();
+ }
+
+ public void setHomeRealms(Map<String, String> homeRealms) {
+ this.homeRealms = homeRealms;
+ }
+
+ public void init() {
+ for (Client c : clientProvider.getClients(null)) {
+ String userName = c.getResourceOwnerSubject().getLogin();
+ getClientRegistrations(userName).add(c);
+ }
+ }
+
+ public void setProtectIdTokenWithClientSecret(boolean protectIdTokenWithClientSecret) {
+ this.protectIdTokenWithClientSecret = protectIdTokenWithClientSecret;
+ }
+
+ public void setClientScopes(Map<String, String> clientScopes) {
+ this.clientScopes = clientScopes;
+ }
+
+ public OAuthDataProvider getDataProvider() {
+ return dataProvider;
+ }
+
+ public void setDataProvider(OAuthDataProvider dataProvider) {
+ this.dataProvider = dataProvider;
+ }
+
+ public void setClientProvider(ClientRegistrationProvider clientProvider) {
+ this.clientProvider = clientProvider;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientTokens.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientTokens.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientTokens.java
new file mode 100644
index 0000000..32c2859
--- /dev/null
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientTokens.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.oidc.clients;
+
+import java.util.LinkedList;
+import java.util.List;
+
+import org.apache.cxf.rs.security.oauth2.common.Client;
+import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
+import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
+
+public class ClientTokens {
+ private Client client;
+ private List<ServerAccessToken> accessTokens = new LinkedList<ServerAccessToken>();
+ private List<RefreshToken> refreshTokens = new LinkedList<RefreshToken>();
+ public ClientTokens(Client c,
+ List<ServerAccessToken> accessTokens,
+ List<RefreshToken> refreshTokens) {
+ this.client = c;
+ this.accessTokens = accessTokens;
+ this.refreshTokens = refreshTokens;
+ }
+ public Client getClient() {
+ return client;
+ }
+ public List<ServerAccessToken> getAccessTokens() {
+ return accessTokens;
+ }
+ public List<RefreshToken> getRefreshTokens() {
+ return refreshTokens;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/InvalidRegistration.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/InvalidRegistration.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/InvalidRegistration.java
new file mode 100644
index 0000000..c0f54ee
--- /dev/null
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/InvalidRegistration.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.service.oidc.clients;
+
+public class InvalidRegistration {
+ private String message;
+ public InvalidRegistration(String message) {
+ this.message = message;
+ }
+ public String getMessage() {
+ return message;
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisterClient.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisterClient.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisterClient.java
new file mode 100644
index 0000000..b1409f4
--- /dev/null
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisterClient.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.oidc.clients;
+
+import java.util.Map;
+
+public class RegisterClient {
+ private Map<String, String> homeRealms;
+ public RegisterClient(Map<String, String> homeRealms) {
+ this.homeRealms = homeRealms;
+ }
+ public Map<String, String> getHomeRealms() {
+ return homeRealms;
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisteredClients.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisteredClients.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisteredClients.java
new file mode 100644
index 0000000..7fb35f3
--- /dev/null
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/RegisteredClients.java
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.oidc.clients;
+
+import java.util.Collection;
+
+import org.apache.cxf.rs.security.oauth2.common.Client;
+
+public class RegisteredClients {
+ private Collection<Client> clients;
+ public RegisteredClients(Collection<Client> clients) {
+ this.clients = clients;
+ }
+ public Collection<Client> getClients() {
+ return clients;
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
index 4ff8856..b676c98 100644
--- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
@@ -117,7 +117,8 @@
<bean id="keyPasswordProvider" class="org.apache.cxf.fediz.service.oidc.PrivateKeyPasswordProviderImpl"/>
- <bean id="clientRegService" init-method="init" class="org.apache.cxf.fediz.service.oidc.ClientRegistrationService">
+ <bean id="clientRegService" init-method="init"
+ class="org.apache.cxf.fediz.service.oidc.clients.ClientRegistrationService">
<property name="dataProvider" ref="oauthProvider"/>
<property name="clientProvider" ref="oauthProvider"/>
<!--
@@ -151,7 +152,7 @@
</property>
<property name="classResources">
<map>
- <entry key="org.apache.cxf.fediz.service.oidc.InvalidRegistration" value="/WEB-INF/views/invalidRegistration.jsp"/>
+ <entry key="org.apache.cxf.fediz.service.oidc.clients.InvalidRegistration" value="/WEB-INF/views/invalidRegistration.jsp"/>
</map>
</property>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/webapp/WEB-INF/views/clientCodeGrants.jsp
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/views/clientCodeGrants.jsp b/services/oidc/src/main/webapp/WEB-INF/views/clientCodeGrants.jsp
index 1213e9a..33c463f 100644
--- a/services/oidc/src/main/webapp/WEB-INF/views/clientCodeGrants.jsp
+++ b/services/oidc/src/main/webapp/WEB-INF/views/clientCodeGrants.jsp
@@ -6,7 +6,7 @@
<%@ page import="java.util.Locale"%>
<%@ page import="java.util.TimeZone"%>
<%@ page import="javax.servlet.http.HttpServletRequest" %>
-<%@ page import="org.apache.cxf.fediz.service.oidc.ClientCodeGrants" %>
+<%@ page import="org.apache.cxf.fediz.service.oidc.clients.ClientCodeGrants" %>
<%
ClientCodeGrants tokens = (ClientCodeGrants)request.getAttribute("data");
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/webapp/WEB-INF/views/clientTokens.jsp
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/views/clientTokens.jsp b/services/oidc/src/main/webapp/WEB-INF/views/clientTokens.jsp
index dd1505f..7d65bab 100644
--- a/services/oidc/src/main/webapp/WEB-INF/views/clientTokens.jsp
+++ b/services/oidc/src/main/webapp/WEB-INF/views/clientTokens.jsp
@@ -7,7 +7,7 @@
<%@ page import="java.util.Locale"%>
<%@ page import="java.util.TimeZone"%>
<%@ page import="javax.servlet.http.HttpServletRequest" %>
-<%@ page import="org.apache.cxf.fediz.service.oidc.ClientTokens" %>
+<%@ page import="org.apache.cxf.fediz.service.oidc.clients.ClientTokens" %>
<%
ClientTokens tokens = (ClientTokens)request.getAttribute("data");
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/webapp/WEB-INF/views/invalidRegistration.jsp
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/views/invalidRegistration.jsp b/services/oidc/src/main/webapp/WEB-INF/views/invalidRegistration.jsp
index c87b963..84306c6 100644
--- a/services/oidc/src/main/webapp/WEB-INF/views/invalidRegistration.jsp
+++ b/services/oidc/src/main/webapp/WEB-INF/views/invalidRegistration.jsp
@@ -1,5 +1,5 @@
<%@ page import="javax.servlet.http.HttpServletRequest" %>
-<%@ page import="org.apache.cxf.fediz.service.oidc.InvalidRegistration" %>
+<%@ page import="org.apache.cxf.fediz.service.oidc.clients.InvalidRegistration" %>
<%
InvalidRegistration invalidReg = (InvalidRegistration)request.getAttribute("data");
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/webapp/WEB-INF/views/registerClient.jsp
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/views/registerClient.jsp b/services/oidc/src/main/webapp/WEB-INF/views/registerClient.jsp
index b610053..5a9dd36 100644
--- a/services/oidc/src/main/webapp/WEB-INF/views/registerClient.jsp
+++ b/services/oidc/src/main/webapp/WEB-INF/views/registerClient.jsp
@@ -1,5 +1,5 @@
<%@ page
- import="javax.servlet.http.HttpServletRequest,java.util.Map,java.util.Iterator,org.apache.cxf.fediz.service.oidc.RegisterClient"%>
+ import="javax.servlet.http.HttpServletRequest,java.util.Map,java.util.Iterator,org.apache.cxf.fediz.service.oidc.clients.RegisterClient"%>
<%
RegisterClient reg = (RegisterClient)request.getAttribute("data");
String basePath = request.getContextPath() + request.getServletPath();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6e1c0ddf/services/oidc/src/main/webapp/WEB-INF/views/registeredClients.jsp
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/views/registeredClients.jsp b/services/oidc/src/main/webapp/WEB-INF/views/registeredClients.jsp
index 47807d3..4134f23 100644
--- a/services/oidc/src/main/webapp/WEB-INF/views/registeredClients.jsp
+++ b/services/oidc/src/main/webapp/WEB-INF/views/registeredClients.jsp
@@ -5,7 +5,7 @@
<%@ page import="java.util.Locale"%>
<%@ page import="java.util.TimeZone"%>
<%@ page import="javax.servlet.http.HttpServletRequest" %>
-<%@ page import="org.apache.cxf.fediz.service.oidc.RegisteredClients" %>
+<%@ page import="org.apache.cxf.fediz.service.oidc.clients.RegisteredClients" %>
<%
Collection<Client> regs = ((RegisteredClients)request.getAttribute("data")).getClients();