You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by se...@apache.org on 2016/01/22 11:20:02 UTC

cxf git commit: Temp restoring OAuth2 filter property which can block checking the audience against the request URI (for OIDC UserInfoService to skip the audience check)

Repository: cxf
Updated Branches:
  refs/heads/master c0d2c83b4 -> bc5776b27


Temp restoring OAuth2 filter property which can block checking the audience against the request URI (for OIDC UserInfoService to skip the audience check)


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bc5776b2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bc5776b2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bc5776b2

Branch: refs/heads/master
Commit: bc5776b27eee5f16080b645b3fc4303d2c3216b8
Parents: c0d2c83
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Fri Jan 22 10:18:40 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Fri Jan 22 10:18:40 2016 +0000

----------------------------------------------------------------------
 .../rs/security/oauth2/filters/OAuthRequestFilter.java    | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/bc5776b2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
index 498dd02..40f4a41 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
@@ -71,7 +71,7 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
     private boolean useUserSubject;
     private String audience;
     private boolean completeAudienceMatch;
-    
+    private boolean audienceIsEndpointAddress = true;
     private boolean checkFormData;
     private List<String> requiredScopes = Collections.emptyList();
     private boolean allPermissionsMatch;
@@ -248,7 +248,9 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
         if (audience != null) {
             return audiences.contains(audience);
         } 
-        
+        if (!audienceIsEndpointAddress) {
+            return true;
+        }
         boolean matched = false;
         String requestPath = (String)PhaseInterceptorChain.getCurrentMessage().get(Message.REQUEST_URL);
         for (String s : audiences) {
@@ -325,5 +327,9 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
     public void setCompleteAudienceMatch(boolean completeAudienceMatch) {
         this.completeAudienceMatch = completeAudienceMatch;
     }
+
+    public void setAudienceIsEndpointAddress(boolean audienceIsEndpointAddress) {
+        this.audienceIsEndpointAddress = audienceIsEndpointAddress;
+    }
     
 }