You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/03/20 10:50:20 UTC
cxf-fediz git commit: FEDIZ-193 - Add a way to support additional top
level domains when registering OIDC clients
Repository: cxf-fediz
Updated Branches:
refs/heads/1.3.x-fixes 08d9d41bf -> e8a3e3a04
FEDIZ-193 - Add a way to support additional top level domains when registering OIDC clients
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/e8a3e3a0
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/e8a3e3a0
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/e8a3e3a0
Branch: refs/heads/1.3.x-fixes
Commit: e8a3e3a04990f13d20ce6d63fe065e569dc87196
Parents: 08d9d41
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Mar 7 17:17:32 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Mar 20 10:14:05 2017 +0000
----------------------------------------------------------------------
.../oidc/clients/ClientRegistrationService.java | 22 ++++++++++-
.../cxf/fediz/systests/oidc/OIDCTest.java | 39 ++++++++++++++++++++
.../test/resources/oidc/applicationContext.xml | 7 ++++
3 files changed, 67 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8a3e3a0/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
index db65cb5..5bd8efd 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
@@ -22,6 +22,7 @@ package org.apache.cxf.fediz.service.oidc.clients;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
@@ -35,6 +36,7 @@ import java.util.Map;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
+import java.util.logging.Logger;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
@@ -48,7 +50,10 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
+import org.apache.commons.validator.routines.DomainValidator;
+import org.apache.commons.validator.routines.DomainValidator.ArrayType;
import org.apache.commons.validator.routines.UrlValidator;
+import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.rs.security.oauth2.common.Client;
@@ -65,6 +70,8 @@ import org.apache.cxf.rt.security.crypto.CryptoUtils;
@Path("/")
public class ClientRegistrationService {
+
+ private static final Logger LOG = LogUtils.getL7dLogger(ClientRegistrationService.class);
private Map<String, Collection<Client>> registrations = new HashMap<String, Collection<Client>>();
private Map<String, Set<String>> clientNames = new HashMap<String, Set<String>>();
@@ -434,7 +441,20 @@ public class ClientRegistrationService {
public void setClientProvider(ClientRegistrationProvider clientProvider) {
this.clientProvider = clientProvider;
}
-
+
+ public void setAdditionalTLDs(List<String> additionalTLDs) {
+ // Support additional top level domains
+ if (additionalTLDs != null && !additionalTLDs.isEmpty()) {
+ try {
+ String[] tldsToAddArray = additionalTLDs.toArray(new String[additionalTLDs.size()]);
+ LOG.info("Adding the following additional Top Level Domains: " + Arrays.toString(tldsToAddArray));
+ DomainValidator.updateTLDOverride(ArrayType.GENERIC_PLUS, tldsToAddArray);
+ } catch (IllegalStateException ex) {
+ //
+ }
+ }
+ }
+
private static class ClientComparator implements Comparator<Client> {
@Override
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8a3e3a0/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
index 627e44e..1a97fe9 100644
--- a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
+++ b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
@@ -653,6 +653,45 @@ public class OIDCTest {
webClient.close();
}
+ @org.junit.Test
+ public void testCreateClientWithSupportedTLD() throws Exception {
+ String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+ String user = "alice";
+ String password = "ecila";
+
+ // Login to the client page successfully
+ WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
+ HtmlPage loginPage = login(url, webClient);
+ final String bodyTextContent = loginPage.getBody().getTextContent();
+ Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
+
+ // Register a client with a supported TLD
+ HtmlPage registeredClientPage = registerNewClient(webClient, url, "tld1", "https://www.apache.corp",
+ "https://cxf.apache.org");
+ String registeredClientPageBody = registeredClientPage.getBody().getTextContent();
+ Assert.assertTrue(registeredClientPageBody.contains("Registered Clients"));
+ Assert.assertTrue(registeredClientPageBody.contains("tld1"));
+ Assert.assertTrue(registeredClientPageBody.contains("https://www.apache.corp"));
+
+ HtmlTable table = registeredClientPage.getHtmlElementById("registered_clients");
+ String clientId = table.getCellAt(3, 1).asText().trim();
+
+ // Register a client with an unsupported TLD
+ try {
+ HtmlPage errorPage = registerNewClient(webClient, url, "tld2", "https://www.apache.corp2",
+ "https://cxf.apache.org");
+ Assert.assertTrue(errorPage.asText().contains("Invalid Client Registration"));
+ } catch (Exception ex) {
+ // expected
+ }
+
+ // Delete the first client above
+ deleteClient(webClient, url, clientId);
+
+
+ webClient.close();
+ }
+
private static WebClient setupWebClient(String user, String password, String idpPort) {
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/e8a3e3a0/systests/oidc/src/test/resources/oidc/applicationContext.xml
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/resources/oidc/applicationContext.xml b/systests/oidc/src/test/resources/oidc/applicationContext.xml
index 2eefe27..0b70a91 100644
--- a/systests/oidc/src/test/resources/oidc/applicationContext.xml
+++ b/systests/oidc/src/test/resources/oidc/applicationContext.xml
@@ -146,6 +146,13 @@
<entry key="urn:org:apache:cxf:fediz:idp:realm-B" value="IDP of Realm B" />
</map>
</property>
+ <property name="additionalTLDs">
+ <list>
+ <value>domain123</value>
+ <value>corp</value>
+ <value>domain456</value>
+ </list>
+ </property>
</bean>
<!-- Console linking to the client registration service -->