You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2017/06/02 15:58:25 UTC
cxf-fediz git commit: Making sure a given Client only gets a single
back channel logout request
Repository: cxf-fediz
Updated Branches:
refs/heads/master 8908d9a86 -> c3723ed59
Making sure a given Client only gets a single back channel logout request
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/c3723ed5
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/c3723ed5
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/c3723ed5
Branch: refs/heads/master
Commit: c3723ed59fd21980251a544194aa9aa5177f7418
Parents: 8908d9a
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Fri Jun 2 16:58:11 2017 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Fri Jun 2 16:58:11 2017 +0100
----------------------------------------------------------------------
.../oidc/logout/BackChannelLogoutHandler.java | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c3723ed5/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/BackChannelLogoutHandler.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/BackChannelLogoutHandler.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/BackChannelLogoutHandler.java
index 28dfff9..b3e9904 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/BackChannelLogoutHandler.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/BackChannelLogoutHandler.java
@@ -19,7 +19,9 @@
package org.apache.cxf.fediz.service.oidc.logout;
import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
@@ -52,15 +54,20 @@ public class BackChannelLogoutHandler extends JoseJwtProducer {
// in cases when ATs have expired or been revoked or Implicit id_token flow is used.
// Most likely a 'visited sites' cookie as suggested by the spec will need to be used.
List<ServerAccessToken> accessTokens = dataProvider.getAccessTokens(client, subject);
+ Set<String> processedClients = new HashSet<String>();
for (ServerAccessToken at : accessTokens) {
- if (client.getClientId().equals(at.getClient().getClientId())) {
+ if (client.getClientId().equals(at.getClient().getClientId())
+ || processedClients.contains(client.getClientId())) {
continue;
}
String uri = client.getProperties().get(BACK_CHANNEL_LOGOUT_URI);
if (uri != null) {
+ processedClients.add(client.getClientId());
submitBackChannelLogoutRequest(client, subject, idTokenHint, uri);
}
}
+
+
}
@@ -82,7 +89,11 @@ public class BackChannelLogoutHandler extends JoseJwtProducer {
@Override
public void run() {
- wc.form(new Form().param(LOGOUT_TOKEN, logoutToken));
+ try {
+ wc.form(new Form().param(LOGOUT_TOKEN, logoutToken));
+ } catch (Exception ex) {
+ // nothing else can be done
+ }
}
});