Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 68d2a911d -> 98f176f5b
Letting the oauth providers block the reporting of some appproved scopes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/98f176f5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/98f176f5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/98f176f5 Branch: refs/heads/3.0.x-fixes Commit: 98f176f5b4169914f2606dad7078bc57ee3298d5 Parents: 68d2a91 Author: Sergey Beryozkin <[email protected]> Authored: Thu Dec 3 17:02:07 2015 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Thu Dec 3 17:04:42 2015 +0000 ---------------------------------------------------------------------- .../cxf/rs/security/oauth2/common/Permission.java | 15 +++++++++++++++ .../cxf/rs/security/oauth2/utils/OAuthUtils.java | 8 ++++++-- 2 files changed, 21 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/98f176f5/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java index 8defa96..f6d4d29 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/common/Permission.java @@ -29,6 +29,7 @@ public class Permission implements Serializable { private String permission; private String description; private boolean isDefault; + private boolean invisibleToClient; public Permission() { @@ -88,4 +89,18 @@ public class Permission implements Serializable { public boolean isDefault() { return isDefault; } + + public boolean isInvisibleToClient() { + return invisibleToClient; + } + + /** + * Set the visibility status; by default all the scopes approved by a user can + * be optionally reported to the client in access token responses. Some scopes may need + * to stay 'invisible' to client. + * @param invisibleToClient + */ + public void setInvisibleToClient(boolean invisibleToClient) { + this.invisibleToClient = invisibleToClient; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/98f176f5/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java index 9a3442a..d4c5dcd 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/OAuthUtils.java @@ -112,6 +112,9 @@ public final class OAuthUtils { public static String convertPermissionsToScope(List<OAuthPermission> perms) { StringBuilder sb = new StringBuilder(); for (OAuthPermission perm : perms) { + if (perm.isInvisibleToClient()) { + continue; + } if (sb.length() > 0) { sb.append(" "); } @@ -238,8 +241,9 @@ public final class OAuthUtils { if (supportOptionalParams) { clientToken.setExpiresIn(serverToken.getExpiresIn()); List<OAuthPermission> perms = serverToken.getScopes(); - if (!perms.isEmpty()) { - clientToken.setApprovedScope(OAuthUtils.convertPermissionsToScope(perms)); + String scopeString = OAuthUtils.convertPermissionsToScope(perms); + if (!StringUtils.isEmpty(scopeString)) { + clientToken.setApprovedScope(scopeString); } clientToken.setParameters(serverToken.getParameters()); }
