cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Letting the oauth providers block the reporting of some appproved scopes
Date Thu, 03 Dec 2015 17:04:57 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 68d2a911d -> 98f176f5b


Letting the oauth providers block the reporting of some appproved scopes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/98f176f5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/98f176f5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/98f176f5

Branch: refs/heads/3.0.x-fixes
Commit: 98f176f5b4169914f2606dad7078bc57ee3298d5
Parents: 68d2a91
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Dec 3 17:02:07 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Dec 3 17:04:42 2015 +0000

----------------------------------------------------------------------
 .../cxf/rs/security/oauth2/common/Permission.java    | 15 +++++++++++++++
 .../cxf/rs/security/oauth2/utils/OAuthUtils.java     |  8 ++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/98f176f5/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
index 8defa96..f6d4d29 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java
@@ -29,6 +29,7 @@ public class Permission implements Serializable {
     private String permission;
     private String description;
     private boolean isDefault;
+    private boolean invisibleToClient;
     
     public Permission() {
         
@@ -88,4 +89,18 @@ public class Permission implements Serializable {
     public boolean isDefault() {
         return isDefault;
     }
+
+    public boolean isInvisibleToClient() {
+        return invisibleToClient;
+    }
+
+    /**
+     * Set the visibility status; by default all the scopes approved by a user can 
+     * be optionally reported to the client in access token responses. Some scopes may need
+     * to stay 'invisible' to client.
+     * @param invisibleToClient
+     */
+    public void setInvisibleToClient(boolean invisibleToClient) {
+        this.invisibleToClient = invisibleToClient;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/98f176f5/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
index 9a3442a..d4c5dcd 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java
@@ -112,6 +112,9 @@ public final class OAuthUtils {
     public static String convertPermissionsToScope(List<OAuthPermission> perms) {
         StringBuilder sb = new StringBuilder();
         for (OAuthPermission perm : perms) {
+            if (perm.isInvisibleToClient()) {
+                continue;
+            }
             if (sb.length() > 0) {
                 sb.append(" ");
             }
@@ -238,8 +241,9 @@ public final class OAuthUtils {
         if (supportOptionalParams) {
             clientToken.setExpiresIn(serverToken.getExpiresIn());
             List<OAuthPermission> perms = serverToken.getScopes();
-            if (!perms.isEmpty()) {
-                clientToken.setApprovedScope(OAuthUtils.convertPermissionsToScope(perms));
   
+            String scopeString = OAuthUtils.convertPermissionsToScope(perms);
+            if (!StringUtils.isEmpty(scopeString)) {
+                clientToken.setApprovedScope(scopeString);    
             }
             clientToken.setParameters(serverToken.getParameters());
         }


Mime
View raw message