You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2017/03/07 17:17:50 UTC
[1/2] cxf-fediz git commit: Minor update to the Fediz OIDC data
provider
Repository: cxf-fediz
Updated Branches:
refs/heads/master 294522cbc -> 35e4891b9
Minor update to the Fediz OIDC data provider
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/0d732d97
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/0d732d97
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/0d732d97
Branch: refs/heads/master
Commit: 0d732d9779e99c0f472693d6348c80cdf09a7e85
Parents: 294522c
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Mar 7 17:05:47 2017 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Mar 7 17:05:47 2017 +0000
----------------------------------------------------------------------
.../org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/0d732d97/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
index e672b3e..6d0dc44 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
@@ -21,7 +21,6 @@ package org.apache.cxf.fediz.service.oidc;
import java.util.List;
import org.apache.cxf.rs.security.oauth2.common.Client;
-import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
@@ -30,7 +29,7 @@ import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
@Override
- public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScopes) {
+ protected void checkRequestedScopes(Client client, List<String> requestedScopes) {
//TODO: push this code into the abstract class
//NOTE: if OIDC-registered clients will be allowed to support not only code/implicit
// (as it is now) but also client credentials/etc then the check below will need to be more strict
@@ -40,6 +39,5 @@ public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
&& !requestedScopes.contains(OidcUtils.OPENID_SCOPE)) {
throw new OAuthServiceException("Required scopes are missing");
}
- return super.convertScopeToPermissions(client, requestedScopes);
}
}
[2/2] cxf-fediz git commit: Another minor update to the Fediz provider
Posted by se...@apache.org.
Another minor update to the Fediz provider
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/35e4891b
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/35e4891b
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/35e4891b
Branch: refs/heads/master
Commit: 35e4891b90d08d3110dded688d6aa4a6e2bfd486
Parents: 0d732d9
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Tue Mar 7 17:17:35 2017 +0000
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Tue Mar 7 17:17:35 2017 +0000
----------------------------------------------------------------------
.../cxf/fediz/service/oidc/OAuthDataProviderImpl.java | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/35e4891b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
index 6d0dc44..d24a5bf 100644
--- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
+++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/OAuthDataProviderImpl.java
@@ -18,7 +18,10 @@
*/
package org.apache.cxf.fediz.service.oidc;
+import java.util.Arrays;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider;
@@ -27,15 +30,14 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oidc.utils.OidcUtils;
public class OAuthDataProviderImpl extends DefaultEHCacheCodeDataProvider {
+ private static final Set<String> NON_REDIRECTION_FLOWS =
+ new HashSet<>(Arrays.asList(OAuthConstants.CLIENT_CREDENTIALS_GRANT,
+ OAuthConstants.RESOURCE_OWNER_GRANT));
@Override
protected void checkRequestedScopes(Client client, List<String> requestedScopes) {
- //TODO: push this code into the abstract class
- //NOTE: if OIDC-registered clients will be allowed to support not only code/implicit
- // (as it is now) but also client credentials/etc then the check below will need to be more strict
- // with the help of getMessageContext().get(OAuthConstants.GRANT_TYPE)
- if (!client.getAllowedGrantTypes().contains(OAuthConstants.CLIENT_CREDENTIALS_GRANT)
- && !client.getAllowedGrantTypes().contains(OAuthConstants.RESOURCE_OWNER_GRANT)
+ String grantType = super.getCurrentRequestedGrantType();
+ if (grantType != null && !NON_REDIRECTION_FLOWS.contains(grantType)
&& !requestedScopes.contains(OidcUtils.OPENID_SCOPE)) {
throw new OAuthServiceException("Required scopes are missing");
}