cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: Updating OAuth2 dynamic reg service to not report the reg access token and URI if the client code does not need it, as per the spec
Date Wed, 28 Sep 2016 11:23:43 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes bb3da5c5c -> 0e42bf2d5


Updating OAuth2 dynamic reg service to not report the reg access token and URI if the client
code does not need it, as per the spec


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0e42bf2d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0e42bf2d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0e42bf2d

Branch: refs/heads/3.1.x-fixes
Commit: 0e42bf2d533537be67d041da21b977124c98b23c
Parents: bb3da5c
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Wed Sep 28 12:21:57 2016 +0100
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Wed Sep 28 12:23:28 2016 +0100

----------------------------------------------------------------------
 .../oauth2/services/DynamicRegistrationService.java | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/0e42bf2d/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
index 47ea3f0..7ad1c74 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
@@ -53,6 +53,7 @@ public class DynamicRegistrationService {
     private String initialAccessToken;
     private int clientIdSizeInBytes = DEFAULT_CLIENT_ID_SIZE;
     private MessageContext mc;
+    private boolean supportRegistrationAccessTokens = true;
     
     @POST
     @Consumes("application/json")
@@ -129,10 +130,15 @@ public class DynamicRegistrationService {
         // TODO: consider making Client secret time limited
         response.setClientSecretExpiresAt(Long.valueOf(0));
         UriBuilder ub = getMessageContext().getUriInfo().getAbsolutePathBuilder();
-        response.setRegistrationClientUri(ub.path(client.getClientId()).build().toString());
         
-        response.setRegistrationAccessToken(client.getProperties()
-                                            .get(ClientRegistrationResponse.REG_ACCESS_TOKEN));
+        if (supportRegistrationAccessTokens) {
+            // both registration access token and uri are either included or excluded
+            response.setRegistrationClientUri(
+                ub.path(client.getClientId()).build().toString());
+        
+            response.setRegistrationAccessToken(
+                client.getProperties().get(ClientRegistrationResponse.REG_ACCESS_TOKEN));
+        }
         return response;
     }
     
@@ -294,4 +300,8 @@ public class DynamicRegistrationService {
     public MessageContext getMessageContext() {
         return mc;
     }
+
+    public void setSupportRegistrationAccessTokens(boolean supportRegistrationAccessTokens)
{
+        this.supportRegistrationAccessTokens = supportRegistrationAccessTokens;
+    }
 }


Mime
View raw message