cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gonza...@apache.org
Subject [cxf] branch 3.1.x-fixes updated: [CXF-7572] default port in OAuth discovery doc
Date Wed, 29 Nov 2017 08:16:23 GMT
This is an automated email from the ASF dual-hosted git repository.

gonzalad pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/3.1.x-fixes by this push:
     new 8f41363  [CXF-7572] default port in OAuth discovery doc
8f41363 is described below

commit 8f413631e20879a42120d57796e751ba222ca14a
Author: gonzalad <adr_gonzalez@yahoo.fr>
AuthorDate: Wed Nov 29 09:16:20 2017 +0100

    [CXF-7572] default port in OAuth discovery doc
    
    Default port should be removed from
    issuer and endpoints in discovery
    documents.
    
    aka
    "issuer":"https://authorization-server:443"
    should be
    "issuer":"https://authorization-server"
---
 .../services/AuthorizationMetadataService.java     | 67 ++++++++++++++++------
 1 file changed, 48 insertions(+), 19 deletions(-)

diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
index 71d33d4..1b8dba4 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.rs.security.oauth2.services;
 
 import java.net.URI;
+import java.net.URISyntaxException;
 import java.util.LinkedHashMap;
 import java.util.Map;
 
@@ -49,61 +50,69 @@ public class AuthorizationMetadataService {
     // Optional
     private boolean dynamicRegistrationEndpointNotAvailable;
     private String dynamicRegistrationEndpointAddress;
-    
+
     @GET
     @Produces("application/json")
     public String getConfiguration(@Context UriInfo ui) {
         Map<String, Object> cfg = new LinkedHashMap<String, Object>();
         String baseUri = getBaseUri(ui);
         prepareConfigurationData(cfg, baseUri);
-        
+
         JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter();
         writer.setFormat(true);
         return writer.toJson(cfg);
     }
-    
+
     protected void prepareConfigurationData(Map<String, Object> cfg, String baseUri)
{
         // Issuer
         cfg.put("issuer", buildIssuerUri(baseUri));
         // Authorization Endpoint
-        String theAuthorizationEndpointAddress = 
-            calculateEndpointAddress(authorizationEndpointAddress, baseUri, "/idp/authorize");
+        String theAuthorizationEndpointAddress =
+                calculateEndpointAddress(authorizationEndpointAddress, baseUri, "/idp/authorize");
         cfg.put("authorization_endpoint", theAuthorizationEndpointAddress);
         // Token Endpoint
         if (!isTokenEndpointNotAvailable()) {
-            String theTokenEndpointAddress = 
-                calculateEndpointAddress(tokenEndpointAddress, baseUri, "/oauth2/token");
+            String theTokenEndpointAddress =
+                    calculateEndpointAddress(tokenEndpointAddress, baseUri, "/oauth2/token");
             cfg.put("token_endpoint", theTokenEndpointAddress);
         }
         // Token Revocation Endpoint
         if (!isTokenRevocationEndpointNotAvailable()) {
-            String theTokenRevocationEndpointAddress = 
-                calculateEndpointAddress(tokenRevocationEndpointAddress, baseUri, "/oauth2/revoke");
+            String theTokenRevocationEndpointAddress =
+                    calculateEndpointAddress(tokenRevocationEndpointAddress, baseUri, "/oauth2/revoke");
             cfg.put("revocation_endpoint", theTokenRevocationEndpointAddress);
         }
         // Jwks Uri Endpoint
         if (!isJwkEndpointNotAvailable()) {
-            String theJwkEndpointAddress = 
-                calculateEndpointAddress(jwkEndpointAddress, baseUri, "/jwk/keys");
+            String theJwkEndpointAddress =
+                    calculateEndpointAddress(jwkEndpointAddress, baseUri, "/jwk/keys");
             cfg.put("jwks_uri", theJwkEndpointAddress);
         }
         // Dynamic Registration Endpoint
         if (!isDynamicRegistrationEndpointNotAvailable()) {
-            String theDynamicRegistrationEndpointAddress = 
-                calculateEndpointAddress(dynamicRegistrationEndpointAddress, baseUri, "/dynamic/register");
+            String theDynamicRegistrationEndpointAddress =
+                    calculateEndpointAddress(dynamicRegistrationEndpointAddress, baseUri,
"/dynamic/register");
             cfg.put("registration_endpoint", theDynamicRegistrationEndpointAddress);
         }
     }
 
     protected static String calculateEndpointAddress(String endpointAddress, String baseUri,
String defRelAddress) {
         endpointAddress = endpointAddress != null ? endpointAddress : defRelAddress;
-        if (endpointAddress.startsWith("https")) {
+        if (isAbsoluteUri(endpointAddress)) {
             return endpointAddress;
         } else {
-            return UriBuilder.fromUri(baseUri).path(endpointAddress).build().toString();

+            URI uri = UriBuilder.fromUri(baseUri).path(endpointAddress).build();
+            return removeDefaultPort(uri).toString();
         }
     }
 
+    private static boolean isAbsoluteUri(String endpointAddress) {
+        if (endpointAddress == null) {
+            return false;
+        }
+        return endpointAddress.startsWith("http://") || endpointAddress.startsWith("https://");
+    }
+
     private String getBaseUri(UriInfo ui) {
         String requestUri = ui.getRequestUri().toString();
         int ind = requestUri.lastIndexOf(".well-known");
@@ -143,7 +152,7 @@ public class AuthorizationMetadataService {
     public void setJwkEndpointNotAvailable(boolean jwkEndpointNotAvailable) {
         this.jwkEndpointNotAvailable = jwkEndpointNotAvailable;
     }
-    
+
     public boolean isJwkEndpointNotAvailable() {
         return jwkEndpointNotAvailable;
     }
@@ -173,8 +182,14 @@ public class AuthorizationMetadataService {
     }
 
     private String buildIssuerUri(String baseUri) {
-        URI uri = issuer == null || !issuer.startsWith("/") ? URI.create(baseUri) 
-            : UriBuilder.fromUri(baseUri).path(issuer).build();
+        URI uri;
+        if (isAbsoluteUri(issuer)) {
+            uri = UriBuilder.fromUri(issuer).build();
+        } else {
+            uri = issuer == null || !issuer.startsWith("/") ? URI.create(baseUri)
+                    : UriBuilder.fromUri(baseUri).path(issuer).build();
+        }
+        uri = removeDefaultPort(uri);
         if (stripPathFromIssuerUri) {
             StringBuilder sb = new StringBuilder();
             sb.append(uri.getScheme()).append("://").append(uri.getHost());
@@ -187,8 +202,22 @@ public class AuthorizationMetadataService {
         }
     }
 
+    private static URI removeDefaultPort(URI uri) {
+        if ((uri.getPort() == 80 && "http".equals(uri.getScheme()))
+                || (uri.getPort() == 443 && "https".equals(uri.getScheme()))) {
+            try {
+                URI newURI = new URI(uri.getScheme(), uri.getUserInfo(), uri.getHost(), -1,
+                        uri.getPath(), uri.getQuery(), uri.getFragment());
+                return newURI;
+            } catch (URISyntaxException e) {
+                throw new IllegalArgumentException("Invalid URI " + uri + " : " + e.toString(),
e);
+            }
+        }
+        return uri;
+    }
+
     public void setStripPathFromIssuerUri(boolean stripPathFromIssuerUri) {
         this.stripPathFromIssuerUri = stripPathFromIssuerUri;
     }
 
-}
+}
\ No newline at end of file

-- 
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <commits@cxf.apache.org>'].

Mime
View raw message