You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2016/01/22 11:20:02 UTC
cxf git commit: Temp restoring OAuth2 filter property which can block
checking the audience against the request URI (for OIDC UserInfoService to
skip the audience check)
Repository: cxf
Updated Branches:
refs/heads/master c0d2c83b4 -> bc5776b27
Temp restoring OAuth2 filter property which can block checking the audience against the request URI (for OIDC UserInfoService to skip the audience check)
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bc5776b2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bc5776b2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bc5776b2
Branch: refs/heads/master
Commit: bc5776b27eee5f16080b645b3fc4303d2c3216b8
Parents: c0d2c83
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Fri Jan 22 10:18:40 2016 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Fri Jan 22 10:18:40 2016 +0000
----------------------------------------------------------------------
.../rs/security/oauth2/filters/OAuthRequestFilter.java | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/bc5776b2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
index 498dd02..40f4a41 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
@@ -71,7 +71,7 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
private boolean useUserSubject;
private String audience;
private boolean completeAudienceMatch;
-
+ private boolean audienceIsEndpointAddress = true;
private boolean checkFormData;
private List<String> requiredScopes = Collections.emptyList();
private boolean allPermissionsMatch;
@@ -248,7 +248,9 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
if (audience != null) {
return audiences.contains(audience);
}
-
+ if (!audienceIsEndpointAddress) {
+ return true;
+ }
boolean matched = false;
String requestPath = (String)PhaseInterceptorChain.getCurrentMessage().get(Message.REQUEST_URL);
for (String s : audiences) {
@@ -325,5 +327,9 @@ public class OAuthRequestFilter extends AbstractAccessTokenValidator
public void setCompleteAudienceMatch(boolean completeAudienceMatch) {
this.completeAudienceMatch = completeAudienceMatch;
}
+
+ public void setAudienceIsEndpointAddress(boolean audienceIsEndpointAddress) {
+ this.audienceIsEndpointAddress = audienceIsEndpointAddress;
+ }
}