cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [1/2] cxf git commit: Making the reporting of some OIDC/OAuth2 endpoints optional
Date Thu, 22 Sep 2016 16:43:03 GMT
Repository: cxf
Updated Branches:
  refs/heads/master c2dc0e355 -> a4e4b8f9b


Making the reporting of some OIDC/OAuth2 endpoints optional


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ea23ff80
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ea23ff80
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ea23ff80

Branch: refs/heads/master
Commit: ea23ff80850a5f56c60a692936200c7cc5e27e2b
Parents: f66dea9
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Thu Sep 22 17:42:24 2016 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Thu Sep 22 17:42:24 2016 +0100

----------------------------------------------------------------------
 .../services/AuthorizationMetadataService.java  | 80 +++++++++++++++++---
 .../oidc/idp/OidcConfigurationService.java      | 20 ++++-
 2 files changed, 86 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/ea23ff80/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
index 7e7d05b..10e3e93 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
@@ -32,12 +32,21 @@ import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
 
 @Path("oauth-authorization-server")
 public class AuthorizationMetadataService {
-
     private String issuer;
+    // Required
     private String authorizationEndpointAddress;
+    // Optional if only an implicit flow is used
+    private boolean tokenEndpointNotAvailable;
     private String tokenEndpointAddress;
+    // Optional
+    private boolean tokenRevocationEndpointNotAvailable;
     private String tokenRevocationEndpointAddress;
+    // Required for OIDC, optional otherwise
+    private boolean jwkEndpointNotAvailable;
     private String jwkEndpointAddress;
+    // Optional
+    private boolean dynamicRegistrationEndpointNotAvailable;
+    private String dynamicRegistrationEndpointAddress;
     
     @GET
     @Produces("application/json")
@@ -59,17 +68,29 @@ public class AuthorizationMetadataService {
             calculateEndpointAddress(authorizationEndpointAddress, baseUri, "/idp/authorize");
         cfg.put("authorization_endpoint", theAuthorizationEndpointAddress);
         // Token Endpoint
-        String theTokenEndpointAddress = 
-            calculateEndpointAddress(tokenEndpointAddress, baseUri, "/oauth2/token");
-        cfg.put("token_endpoint", theTokenEndpointAddress);
+        if (!isTokenEndpointNotAvailable()) {
+            String theTokenEndpointAddress = 
+                calculateEndpointAddress(tokenEndpointAddress, baseUri, "/oauth2/token");
+            cfg.put("token_endpoint", theTokenEndpointAddress);
+        }
         // Token Revocation Endpoint
-        String theTokenRevocationEndpointAddress = 
-            calculateEndpointAddress(tokenRevocationEndpointAddress, baseUri, "/oauth2/revoke");
-        cfg.put("revocation_endpoint", theTokenRevocationEndpointAddress);
+        if (!isTokenRevocationEndpointNotAvailable()) {
+            String theTokenRevocationEndpointAddress = 
+                calculateEndpointAddress(tokenRevocationEndpointAddress, baseUri, "/oauth2/revoke");
+            cfg.put("revocation_endpoint", theTokenRevocationEndpointAddress);
+        }
         // Jwks Uri Endpoint
-        String theJwkEndpointAddress = 
-            calculateEndpointAddress(jwkEndpointAddress, baseUri, "/jwk/keys");
-        cfg.put("jwks_uri", theJwkEndpointAddress);
+        if (!isJwkEndpointNotAvailable()) {
+            String theJwkEndpointAddress = 
+                calculateEndpointAddress(jwkEndpointAddress, baseUri, "/jwk/keys");
+            cfg.put("jwks_uri", theJwkEndpointAddress);
+        }
+        // Dynamic Registration Endpoint
+        if (!isDynamicRegistrationEndpointNotAvailable()) {
+            String theDynamicRegistrationEndpointAddress = 
+                calculateEndpointAddress(dynamicRegistrationEndpointAddress, baseUri, "/dynamic/register");
+            cfg.put("registration_endpoint", theDynamicRegistrationEndpointAddress);
+        }
     }
 
     protected static String calculateEndpointAddress(String endpointAddress, String baseUri,
String defRelAddress) {
@@ -109,5 +130,44 @@ public class AuthorizationMetadataService {
     public void setTokenRevocationEndpointAddress(String tokenRevocationEndpointAddress)
{
         this.tokenRevocationEndpointAddress = tokenRevocationEndpointAddress;
     }
+
+    public void setTokenRevocationEndpointNotAvailable(boolean tokenRevocationEndpointNotAvailable)
{
+        this.tokenRevocationEndpointNotAvailable = tokenRevocationEndpointNotAvailable;
+    }
+    public boolean isTokenRevocationEndpointNotAvailable() {
+        return tokenRevocationEndpointNotAvailable;
+    }
+
+    public void setJwkEndpointNotAvailable(boolean jwkEndpointNotAvailable) {
+        this.jwkEndpointNotAvailable = jwkEndpointNotAvailable;
+    }
+    
+    public boolean isJwkEndpointNotAvailable() {
+        return jwkEndpointNotAvailable;
+    }
+
+    public boolean isTokenEndpointNotAvailable() {
+        return tokenEndpointNotAvailable;
+    }
+
+    public void setTokenEndpointNotAvailable(boolean tokenEndpointNotAvailable) {
+        this.tokenEndpointNotAvailable = tokenEndpointNotAvailable;
+    }
+
+    public boolean isDynamicRegistrationEndpointNotAvailable() {
+        return dynamicRegistrationEndpointNotAvailable;
+    }
+
+    public void setDynamicRegistrationEndpointNotAvailable(boolean dynamicRegistrationEndpointNotAvailable)
{
+        this.dynamicRegistrationEndpointNotAvailable = dynamicRegistrationEndpointNotAvailable;
+    }
+
+    public String getDynamicRegistrationEndpointAddress() {
+        return dynamicRegistrationEndpointAddress;
+    }
+
+    public void setDynamicRegistrationEndpointAddress(String dynamicRegistrationEndpointAddress)
{
+        this.dynamicRegistrationEndpointAddress = dynamicRegistrationEndpointAddress;
+    }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/ea23ff80/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java
index fab8037..7e7c8ce 100644
--- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java
+++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java
@@ -30,15 +30,19 @@ import org.apache.cxf.rs.security.oauth2.services.AuthorizationMetadataService;
 
 @Path("openid-configuration")
 public class OidcConfigurationService extends AuthorizationMetadataService {
+    // Recommended - but optional
+    private boolean userInfoEndpointNotAvailable;
     private String userInfoEndpointAddress;
-    
+        
     @Override
     protected void prepareConfigurationData(Map<String, Object> cfg, String baseUri)
{
         super.prepareConfigurationData(cfg, baseUri);
         // UriInfo Endpoint
-        String theUserInfoEndpointAddress = 
-            calculateEndpointAddress(userInfoEndpointAddress, baseUri, "/users/userinfo");
-        cfg.put("userinfo_endpoint", theUserInfoEndpointAddress);
+        if (!isUserInfoEndpointNotAvailable()) {
+            String theUserInfoEndpointAddress = 
+                calculateEndpointAddress(userInfoEndpointAddress, baseUri, "/users/userinfo");
+            cfg.put("userinfo_endpoint", theUserInfoEndpointAddress);
+        }
         
         Properties sigProps = JwsUtils.loadSignatureOutProperties(false);
         if (sigProps != null && sigProps.containsKey(JoseConstants.RSSEC_SIGNATURE_ALGORITHM))
{
@@ -46,5 +50,13 @@ public class OidcConfigurationService extends AuthorizationMetadataService
{
                     Collections.singletonList(sigProps.get(JoseConstants.RSSEC_SIGNATURE_ALGORITHM)));
   
         }
     }
+
+    public boolean isUserInfoEndpointNotAvailable() {
+        return userInfoEndpointNotAvailable;
+    }
+
+    public void setUserInfoEndpointNotAvailable(boolean userInfoEndpointNotAvailable) {
+        this.userInfoEndpointNotAvailable = userInfoEndpointNotAvailable;
+    }
     
 }


Mime
View raw message