You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/11/26 13:59:37 UTC
cxf-fediz git commit: [FEDIZ-134] Setting an jwk keys endpoint for
those clients which may prefer to pull the validation keys
Repository: cxf-fediz
Updated Branches:
refs/heads/master ab2ef8660 -> 8571be994
[FEDIZ-134] Setting an jwk keys endpoint for those clients which may prefer to pull the validation keys
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/8571be99
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/8571be99
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/8571be99
Branch: refs/heads/master
Commit: 8571be994c911ff0350e03de3d370197fc861f19
Parents: ab2ef86
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Thu Nov 26 12:59:16 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Thu Nov 26 12:59:16 2015 +0000
----------------------------------------------------------------------
.../main/webapp/WEB-INF/applicationContext.xml | 28 ++++++++++++++++----
1 file changed, 23 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/8571be99/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
index 8d58bed..c8c85bb 100644
--- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
@@ -28,13 +28,15 @@
<import resource="classpath:data-manager.xml" />
+ <bean id="oidcAuthorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
+ <property name="dataProvider" ref="oauthProvider"/>
+ <property name="skipAuthorizationWithOidcScope" value="true"/>
+ <property name="canSupportPublicClients" value="true"/>
+ </bean>
+ <bean id="oidcKeysService" class="org.apache.cxf.rs.security.oidc.idp.OidcKeysService"/>
<jaxrs:server address="/idp">
<jaxrs:serviceBeans>
- <bean id="oidcService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
- <property name="dataProvider" ref="oauthProvider"/>
- <property name="skipAuthorizationWithOidcScope" value="true"/>
- <property name="canSupportPublicClients" value="true"/>
- </bean>
+ <ref bean="oidcAuthorizationService"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="viewProvider"/>
@@ -44,6 +46,22 @@
<entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
</jaxrs:properties>
</jaxrs:server>
+ <jaxrs:server address="/jwk">
+ <jaxrs:serviceBeans>
+ <!--
+ disable it if the client secret is used or if
+ pre-installing public OIDC keys to clients is preferred
+ -->
+ <ref bean="oidcKeysService"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/>
+ </jaxrs:providers>
+ <jaxrs:properties>
+ <entry key="rs.security.signature.properties" value="rs.security.properties"/>
+ <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
+ </jaxrs:properties>
+ </jaxrs:server>
<bean id="keyPasswordProvider" class="org.apache.cxf.fediz.service.oidc.PrivateKeyPasswordProviderImpl"/>