You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2015/12/03 18:02:34 UTC
cxf git commit: Letting the oauth providers block the reporting of
some appproved scopes
Repository: cxf
Updated Branches:
refs/heads/master 02995d073 -> 4eede5fc4
Letting the oauth providers block the reporting of some appproved scopes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4eede5fc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4eede5fc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4eede5fc
Branch: refs/heads/master
Commit: 4eede5fc438c000432ee9772e0aee764d24277e8
Parents: 02995d0
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Thu Dec 3 17:02:07 2015 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Thu Dec 3 17:02:07 2015 +0000
----------------------------------------------------------------------
.../cxf/rs/security/oauth2/common/Permission.java | 15 +++++++++++++++
.../cxf/rs/security/oauth2/utils/OAuthUtils.java | 8 ++++++--
2 files changed, 21 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/4eede5fc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
index 8defa96..f6d4d29 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
@@ -29,6 +29,7 @@ public class Permission implements Serializable {
private String permission;
private String description;
private boolean isDefault;
+ private boolean invisibleToClient;
public Permission() {
@@ -88,4 +89,18 @@ public class Permission implements Serializable {
public boolean isDefault() {
return isDefault;
}
+
+ public boolean isInvisibleToClient() {
+ return invisibleToClient;
+ }
+
+ /**
+ * Set the visibility status; by default all the scopes approved by a user can
+ * be optionally reported to the client in access token responses. Some scopes may need
+ * to stay 'invisible' to client.
+ * @param invisibleToClient
+ */
+ public void setInvisibleToClient(boolean invisibleToClient) {
+ this.invisibleToClient = invisibleToClient;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/4eede5fc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index 7722d7a..65a01fa 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -129,6 +129,9 @@ public final class OAuthUtils {
public static String convertPermissionsToScope(List<OAuthPermission> perms) {
StringBuilder sb = new StringBuilder();
for (OAuthPermission perm : perms) {
+ if (perm.isInvisibleToClient()) {
+ continue;
+ }
if (sb.length() > 0) {
sb.append(" ");
}
@@ -255,8 +258,9 @@ public final class OAuthUtils {
if (supportOptionalParams) {
clientToken.setExpiresIn(serverToken.getExpiresIn());
List<OAuthPermission> perms = serverToken.getScopes();
- if (!perms.isEmpty()) {
- clientToken.setApprovedScope(OAuthUtils.convertPermissionsToScope(perms));
+ String scopeString = OAuthUtils.convertPermissionsToScope(perms);
+ if (!StringUtils.isEmpty(scopeString)) {
+ clientToken.setApprovedScope(scopeString);
}
clientToken.setParameters(serverToken.getParameters());
}