You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2017/02/27 16:06:56 UTC
cxf-fediz git commit: Naming OIDC Client logout property as required
by the OIDC RP-initiated logout text
Repository: cxf-fediz
Updated Branches:
refs/heads/master d5f30aa57 -> 0468b8ec0
Naming OIDC Client logout property as required by the OIDC RP-initiated logout text
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/0468b8ec
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/0468b8ec
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/0468b8ec
Branch: refs/heads/master
Commit: 0468b8ec0389e8407e31951a196826e9808ead41
Parents: d5f30aa
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Mon Feb 27 16:06:28 2017 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Mon Feb 27 16:06:28 2017 +0000
----------------------------------------------------------------------
.../oidc/clients/ClientRegistrationService.java | 2 +-
.../service/oidc/logout/LogoutService.java | 32 +++++++++++++++-----
2 files changed, 26 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0468b8ec/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
index 3ace9ae..7d29e4e 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/clients/ClientRegistrationService.java
@@ -283,7 +283,7 @@ public class ClientRegistrationService {
throwInvalidRegistrationException("An invalid logout URI was specified: " + logoutURI);
}
//TODO: replace this code with newClient.setLogoutUri() once it becomes available
- newClient.getProperties().put("client_logout_uri", logoutURI);
+ newClient.getProperties().put("post_logout_redirect_uris", logoutURI);
}
// Client Audience URIs
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0468b8ec/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
index 138ea55..ccd5f6a 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/LogoutService.java
@@ -19,7 +19,9 @@
package org.apache.cxf.fediz.service.oidc.logout;
import java.net.URI;
+import java.util.Arrays;
import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
import javax.ws.rs.BadRequestException;
@@ -40,7 +42,8 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
@Path("/logout")
public class LogoutService {
- private static final String CLIENT_LOGOUT_URI = "client_logout_uri";
+ private static final String CLIENT_LOGOUT_URI = "post_logout_redirect_uri";
+ private static final String CLIENT_LOGOUT_URIS = "post_logout_redirect_uris";
@Context
private MessageContext mc;
private String relativeIdpLogoutUri;
@@ -72,12 +75,27 @@ public class LogoutService {
mc.getHttpServletRequest().getSession().invalidate();
// Redirect to the core IDP
- URI idpLogoutUri = getAbsoluteIdpLogoutUri(client);
+ URI idpLogoutUri = getAbsoluteIdpLogoutUri(client, params);
return Response.seeOther(idpLogoutUri).build();
}
- private URI getClientLogoutUri(Client client) {
- return URI.create(client.getProperties().get(CLIENT_LOGOUT_URI));
+ private URI getClientLogoutUri(Client client, MultivaluedMap<String, String> params) {
+ String logoutUriProp = client.getProperties().get(CLIENT_LOGOUT_URIS);
+ // logoutUriProp is guaranteed to be not null at this point
+ String[] uris = logoutUriProp.split(" ");
+ String uriStr = null;
+ if (uris.length > 1) {
+ String clientLogoutUriParam = params.getFirst(CLIENT_LOGOUT_URI);
+ if (clientLogoutUriParam == null
+ || !new HashSet<>(Arrays.asList(uris)).contains(clientLogoutUriParam)) {
+ throw new BadRequestException();
+ }
+ uriStr = clientLogoutUriParam;
+ } else {
+ uriStr = uris[0];
+ }
+
+ return URI.create(client.getProperties().get(uriStr));
}
private Client getClient(MultivaluedMap<String, String> params) {
@@ -89,16 +107,16 @@ public class LogoutService {
if (c == null) {
throw new BadRequestException();
}
- if (c.getProperties().get(CLIENT_LOGOUT_URI) == null) {
+ if (c.getProperties().get(CLIENT_LOGOUT_URIS) == null) {
//TODO: Possibly default to something ?
throw new BadRequestException();
}
return c;
}
- private URI getAbsoluteIdpLogoutUri(Client client) {
+ private URI getAbsoluteIdpLogoutUri(Client client, MultivaluedMap<String, String> params) {
UriBuilder ub = mc.getUriInfo().getAbsolutePathBuilder();
ub.path(relativeIdpLogoutUri);
- ub.queryParam("wreply", getClientLogoutUri(client));
+ ub.queryParam("wreply", getClientLogoutUri(client, params));
ub.queryParam(OAuthConstants.CLIENT_ID, client.getClientId());
return ub.build();