cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject cxf git commit: [CXF-7161] Avoiding reporting a null secret key with a dangling secret expiry time, patch from Adrian Gonzalez applied, This closes #209
Date Fri, 02 Dec 2016 16:42:28 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 66e97c77e -> 4dcf51205


[CXF-7161] Avoiding reporting a null secret key with a dangling secret expiry time, patch
from Adrian Gonzalez applied, This closes #209


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4dcf5120
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4dcf5120
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4dcf5120

Branch: refs/heads/master
Commit: 4dcf5120561ba5b11bf9493c931889c591cf36e0
Parents: 66e97c7
Author: Sergey Beryozkin <sberyozkin@gmail.com>
Authored: Fri Dec 2 16:42:09 2016 +0000
Committer: Sergey Beryozkin <sberyozkin@gmail.com>
Committed: Fri Dec 2 16:42:09 2016 +0000

----------------------------------------------------------------------
 .../security/oauth2/services/DynamicRegistrationService.java | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/4dcf5120/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
index 8a8dd93..69d7f7b 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
@@ -125,10 +125,12 @@ public class DynamicRegistrationService {
     protected ClientRegistrationResponse fromClientToRegistrationResponse(Client client)
{
         ClientRegistrationResponse response = new ClientRegistrationResponse();
         response.setClientId(client.getClientId());
-        response.setClientSecret(client.getClientSecret());
+        if (client.getClientSecret() != null) {
+            response.setClientSecret(client.getClientSecret());
+            // TODO: consider making Client secret time limited
+            response.setClientSecretExpiresAt(Long.valueOf(0));
+        }
         response.setClientIdIssuedAt(client.getRegisteredAt());
-        // TODO: consider making Client secret time limited
-        response.setClientSecretExpiresAt(Long.valueOf(0));
         UriBuilder ub = getMessageContext().getUriInfo().getAbsolutePathBuilder();
         
         if (supportRegistrationAccessTokens) {


Mime
View raw message