cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Updating OAuth2 dynamic reg service to not report the reg access token and URI if the client code does not need it, as per the spec
Date Wed, 28 Sep 2016 11:22:12 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 3d2f6954f -> dcb1e4029


Updating OAuth2 dynamic reg service to not report the reg access token and URI if the client
code does not need it, as per the spec


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dcb1e402
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dcb1e402
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dcb1e402

Branch: refs/heads/master
Commit: dcb1e4029e5f1cf809fc1899d083930f5cc55659
Parents: 3d2f695
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Sep 28 12:21:57 2016 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Sep 28 12:21:57 2016 +0100

----------------------------------------------------------------------
 .../oauth2/services/DynamicRegistrationService.java | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/dcb1e402/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
index 47ea3f0..7ad1c74 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
@@ -53,6 +53,7 @@ public class DynamicRegistrationService {
     private String initialAccessToken;
     private int clientIdSizeInBytes = DEFAULT_CLIENT_ID_SIZE;
     private MessageContext mc;
+    private boolean supportRegistrationAccessTokens = true;
     
     @POST
     @Consumes("application/json")
@@ -129,10 +130,15 @@ public class DynamicRegistrationService {
         // TODO: consider making Client secret time limited
         response.setClientSecretExpiresAt(Long.valueOf(0));
         UriBuilder ub = getMessageContext().getUriInfo().getAbsolutePathBuilder();
-        response.setRegistrationClientUri(ub.path(client.getClientId()).build().toString());
         
-        response.setRegistrationAccessToken(client.getProperties()
-                                            .get(ClientRegistrationResponse.REG_ACCESS_TOKEN));
+        if (supportRegistrationAccessTokens) {
+            // both registration access token and uri are either included or excluded
+            response.setRegistrationClientUri(
+                ub.path(client.getClientId()).build().toString());
+        
+            response.setRegistrationAccessToken(
+                client.getProperties().get(ClientRegistrationResponse.REG_ACCESS_TOKEN));
+        }
         return response;
     }
     
@@ -294,4 +300,8 @@ public class DynamicRegistrationService {
     public MessageContext getMessageContext() {
         return mc;
     }
+
+    public void setSupportRegistrationAccessTokens(boolean supportRegistrationAccessTokens)
{
+        this.supportRegistrationAccessTokens = supportRegistrationAccessTokens;
+    }
 }


Mime
View raw message