Repository: cxf Updated Branches: refs/heads/master 02995d073 -> 4eede5fc4
Letting the oauth providers block the reporting of some appproved scopes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4eede5fc Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4eede5fc Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4eede5fc Branch: refs/heads/master Commit: 4eede5fc438c000432ee9772e0aee764d24277e8 Parents: 02995d0 Author: Sergey Beryozkin <[email protected]> Authored: Thu Dec 3 17:02:07 2015 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Thu Dec 3 17:02:07 2015 +0000 ---------------------------------------------------------------------- .../cxf/rs/security/oauth2/common/Permission.java | 15 +++++++++++++++ .../cxf/rs/security/oauth2/utils/OAuthUtils.java | 8 ++++++-- 2 files changed, 21 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/4eede5fc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java index 8defa96..f6d4d29 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java @@ -29,6 +29,7 @@ public class Permission implements Serializable { private String permission; private String description; private boolean isDefault; + private boolean invisibleToClient; public Permission() { @@ -88,4 +89,18 @@ public class Permission implements Serializable { public boolean isDefault() { return isDefault; } + + public boolean isInvisibleToClient() { + return invisibleToClient; + } + + /** + * Set the visibility status; by default all the scopes approved by a user can + * be optionally reported to the client in access token responses. Some scopes may need + * to stay 'invisible' to client. + * @param invisibleToClient + */ + public void setInvisibleToClient(boolean invisibleToClient) { + this.invisibleToClient = invisibleToClient; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/4eede5fc/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java index 7722d7a..65a01fa 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java @@ -129,6 +129,9 @@ public final class OAuthUtils { public static String convertPermissionsToScope(List<OAuthPermission> perms) { StringBuilder sb = new StringBuilder(); for (OAuthPermission perm : perms) { + if (perm.isInvisibleToClient()) { + continue; + } if (sb.length() > 0) { sb.append(" "); } @@ -255,8 +258,9 @@ public final class OAuthUtils { if (supportOptionalParams) { clientToken.setExpiresIn(serverToken.getExpiresIn()); List<OAuthPermission> perms = serverToken.getScopes(); - if (!perms.isEmpty()) { - clientToken.setApprovedScope(OAuthUtils.convertPermissionsToScope(perms)); + String scopeString = OAuthUtils.convertPermissionsToScope(perms); + if (!StringUtils.isEmpty(scopeString)) { + clientToken.setApprovedScope(scopeString); } clientToken.setParameters(serverToken.getParameters()); }
