You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by co...@apache.org on 2015/12/10 17:51:10 UTC

[1/2] cxf git commit: Only issue an IdToken if the client has the correct scope (for OpenId)

Repository: cxf
Updated Branches:
  refs/heads/master c32ebfa59 -> 00d4e973d


Only issue an IdToken if the client has the correct scope (for OpenId)


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/00d4e973
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/00d4e973
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/00d4e973

Branch: refs/heads/master
Commit: 00d4e973dce4a2929ec88ef348a27fdbfa959954
Parents: 59d2733
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Dec 10 15:10:32 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Dec 10 16:46:00 2015 +0000

----------------------------------------------------------------------
 .../apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/00d4e973/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
index 0a19d8e..b8ab2b2 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/IdTokenResponseFilter.java
@@ -35,7 +35,10 @@ public class IdTokenResponseFilter extends AbstractOAuthServerJoseJwtProducer im
     private UserInfoProvider userInfoProvider;
     @Override
     public void process(ClientAccessToken ct, ServerAccessToken st) {
-        
+        // Only add an IdToken if the client has the "openid" scope
+        if (ct.getApprovedScope() == null || !ct.getApprovedScope().contains(OidcUtils.OPENID_SCOPE)) {
+            return;
+        }
         String idToken = getProcessedIdToken(st);
         if (idToken != null) {
             ct.getParameters().put(OidcUtils.ID_TOKEN, idToken);

[2/2] cxf git commit: Don't write out the permission name if it's null

Posted by co...@apache.org.

Don't write out the permission name if it's null


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/59d27332
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/59d27332
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/59d27332

Branch: refs/heads/master
Commit: 59d273323765150a8719da1e739ad55645e178c1
Parents: c32ebfa
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Dec 10 12:44:20 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Dec 10 16:46:00 2015 +0000

----------------------------------------------------------------------
 .../java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/59d27332/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index 0db2313..4974760 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -136,7 +136,9 @@ public final class OAuthUtils {
             if (sb.length() > 0) {
                 sb.append(" ");
             }
-            sb.append(perm.getPermission());
+            if (perm.getPermission() != null) {
+                sb.append(perm.getPermission());
+            }
         }
         return sb.toString();
     }