cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf-fediz git commit: [FEDIZ-134] Setting an jwk keys endpoint for those clients which may prefer to pull the validation keys
Date Thu, 26 Nov 2015 12:59:37 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master ab2ef8660 -> 8571be994


[FEDIZ-134] Setting an jwk keys endpoint for those clients which may prefer to pull the validation
keys


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/8571be99
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/8571be99
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/8571be99

Branch: refs/heads/master
Commit: 8571be994c911ff0350e03de3d370197fc861f19
Parents: ab2ef86
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Nov 26 12:59:16 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Nov 26 12:59:16 2015 +0000

----------------------------------------------------------------------
 .../main/webapp/WEB-INF/applicationContext.xml  | 28 ++++++++++++++++----
 1 file changed, 23 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/8571be99/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
index 8d58bed..c8c85bb 100644
--- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml
@@ -28,13 +28,15 @@
 
     <import resource="classpath:data-manager.xml" />
     
+    <bean id="oidcAuthorizationService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
+         <property name="dataProvider" ref="oauthProvider"/>
+         <property name="skipAuthorizationWithOidcScope" value="true"/>
+         <property name="canSupportPublicClients" value="true"/>
+    </bean>
+    <bean id="oidcKeysService" class="org.apache.cxf.rs.security.oidc.idp.OidcKeysService"/>
     <jaxrs:server address="/idp">
         <jaxrs:serviceBeans>
-           <bean id="oidcService" class="org.apache.cxf.rs.security.oidc.idp.OidcAuthorizationCodeService">
-             <property name="dataProvider" ref="oauthProvider"/>
-             <property name="skipAuthorizationWithOidcScope" value="true"/>
-             <property name="canSupportPublicClients" value="true"/>
-           </bean>
+           <ref bean="oidcAuthorizationService"/>
         </jaxrs:serviceBeans>
         <jaxrs:providers>
             <ref bean="viewProvider"/>
@@ -44,6 +46,22 @@
             <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
         </jaxrs:properties>
     </jaxrs:server>
+    <jaxrs:server address="/jwk">
+        <jaxrs:serviceBeans>
+           <!-- 
+                disable it if the client secret is used or if 
+                pre-installing public OIDC keys to clients is preferred
+           -->     
+           <ref bean="oidcKeysService"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/>
+        </jaxrs:providers>
+        <jaxrs:properties>
+            <entry key="rs.security.signature.properties" value="rs.security.properties"/>
+            <entry key="rs.security.signature.key.password.provider" value-ref="keyPasswordProvider"/>
+        </jaxrs:properties>
+    </jaxrs:server>
     
     <bean id="keyPasswordProvider" class="org.apache.cxf.fediz.service.oidc.PrivateKeyPasswordProviderImpl"/>
     


Mime
View raw message