You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/12/10 17:58:12 UTC
[1/2] cxf git commit: Don't write out the permission name if it's null
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes 261dde403 -> dc1a867f9
Don't write out the permission name if it's null
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4748548f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4748548f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4748548f
Branch: refs/heads/3.1.x-fixes
Commit: 4748548f2d7a88869affef9b4df3197f461604e9
Parents: 261dde4
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Dec 10 12:44:20 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Dec 10 16:51:52 2015 +0000
----------------------------------------------------------------------
.../java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/4748548f/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index 0db2313..4974760 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -136,7 +136,9 @@ public final class OAuthUtils {
if (sb.length() > 0) {
sb.append(" ");
}
- sb.append(perm.getPermission());
+ if (perm.getPermission() != null) {
+ sb.append(perm.getPermission());
+ }
}
return sb.toString();
}
[2/2] cxf git commit: Only issue an IdToken if the client has the
correct scope (for OpenId)
Posted by co...@apache.org.
Only issue an IdToken if the client has the correct scope (for OpenId)
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dc1a867f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dc1a867f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dc1a867f
Branch: refs/heads/3.1.x-fixes
Commit: dc1a867f9527ce3431f097fde27a984b0c3c324e
Parents: 4748548
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Dec 10 15:10:32 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Dec 10 16:51:53 2015 +0000
----------------------------------------------------------------------
.../apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/dc1a867f/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index 0a19d8e..b8ab2b2 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -35,7 +35,10 @@ public class IdTokenResponseFilter extends AbstractOAuthServerJoseJwtProducer im
private UserInfoProvider userInfoProvider;
@Override
public void process(ClientAccessToken ct, ServerAccessToken st) {
-
+ // Only add an IdToken if the client has the "openid" scope
+ if (ct.getApprovedScope() == null || !ct.getApprovedScope().contains(OidcUtils.OPENID_SCOPE)) {
+ return;
+ }
String idToken = getProcessedIdToken(st);
if (idToken != null) {
ct.getParameters().put(OidcUtils.ID_TOKEN, idToken);