You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/12/03 18:02:34 UTC

cxf git commit: Letting the oauth providers block the reporting of some appproved scopes

Repository: cxf
Updated Branches:
  refs/heads/master 02995d073 -> 4eede5fc4


Letting the oauth providers block the reporting of some appproved scopes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4eede5fc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4eede5fc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4eede5fc

Branch: refs/heads/master
Commit: 4eede5fc438c000432ee9772e0aee764d24277e8
Parents: 02995d0
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Thu Dec 3 17:02:07 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Thu Dec 3 17:02:07 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/oauth2/common/Permission.java    | 15 +++++++++++++++
 .../cxf/rs/security/oauth2/utils/OAuthUtils.java     |  8 ++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/4eede5fc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
index 8defa96..f6d4d29 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
@@ -29,6 +29,7 @@ public class Permission implements Serializable {
     private String permission;
     private String description;
     private boolean isDefault;
+    private boolean invisibleToClient;
     
     public Permission() {
         
@@ -88,4 +89,18 @@ public class Permission implements Serializable {
     public boolean isDefault() {
         return isDefault;
     }
+
+    public boolean isInvisibleToClient() {
+        return invisibleToClient;
+    }
+
+    /**
+     * Set the visibility status; by default all the scopes approved by a user can 
+     * be optionally reported to the client in access token responses. Some scopes may need
+     * to stay 'invisible' to client.
+     * @param invisibleToClient
+     */
+    public void setInvisibleToClient(boolean invisibleToClient) {
+        this.invisibleToClient = invisibleToClient;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/4eede5fc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index 7722d7a..65a01fa 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -129,6 +129,9 @@ public final class OAuthUtils {
     public static String convertPermissionsToScope(List<OAuthPermission> perms) {
         StringBuilder sb = new StringBuilder();
         for (OAuthPermission perm : perms) {
+            if (perm.isInvisibleToClient()) {
+                continue;
+            }
             if (sb.length() > 0) {
                 sb.append(" ");
             }
@@ -255,8 +258,9 @@ public final class OAuthUtils {
         if (supportOptionalParams) {
             clientToken.setExpiresIn(serverToken.getExpiresIn());
             List<OAuthPermission> perms = serverToken.getScopes();
-            if (!perms.isEmpty()) {
-                clientToken.setApprovedScope(OAuthUtils.convertPermissionsToScope(perms));    
+            String scopeString = OAuthUtils.convertPermissionsToScope(perms);
+            if (!StringUtils.isEmpty(scopeString)) {
+                clientToken.setApprovedScope(scopeString);    
             }
             clientToken.setParameters(serverToken.getParameters());
         }