Repository: cxf-fediz Updated Branches: refs/heads/master 22553ad77 -> 510bee5ad
[FEDIZ-173] Cors support for js OIDC Implicit Flow, patch from Adrian Gonzalez applied, This closes #9 Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/510bee5a Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/510bee5a Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/510bee5a Branch: refs/heads/master Commit: 510bee5adc9d1742cd942f93db2a07abc82084b5 Parents: 22553ad Author: Sergey Beryozkin <[email protected]> Authored: Wed Sep 14 12:06:29 2016 +0100 Committer: Sergey Beryozkin <[email protected]> Committed: Wed Sep 14 12:06:29 2016 +0100 ---------------------------------------------------------------------- services/oidc/pom.xml | 5 +++++ .../oidc/src/main/webapp/WEB-INF/applicationContext.xml | 9 +++++++++ 2 files changed, 14 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/510bee5a/services/oidc/pom.xml ---------------------------------------------------------------------- diff --git a/services/oidc/pom.xml b/services/oidc/pom.xml index ad3b515..aede1dd 100644 --- a/services/oidc/pom.xml +++ b/services/oidc/pom.xml @@ -58,6 +58,11 @@ <version>${cxf.version}</version> </dependency> <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-rs-security-cors</artifactId> + <version>${cxf.version}</version> + </dependency> + <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>${spring.version}</version> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/510bee5a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml index c893dd4..53bd83f 100644 --- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml +++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml @@ -95,6 +95,7 @@ <ref bean="oidcKeysService"/> </jaxrs:serviceBeans> <jaxrs:providers> + <ref bean="corsFilter"/> <bean class="org.apache.cxf.rs.security.jose.jaxrs.JsonWebKeysProvider"/> </jaxrs:providers> <jaxrs:properties> @@ -119,6 +120,7 @@ <ref bean="userInfoService"/> </jaxrs:serviceBeans> <jaxrs:providers> + <ref bean="corsFilter"/> <bean class="org.apache.cxf.jaxrs.provider.json.JsonMapObjectProvider"/> <ref bean="oauth2TokenValidationFilter"/> </jaxrs:providers> @@ -178,6 +180,13 @@ <property name="signWithClientSecret" value="true"/> --> </bean> + <!-- Cors filter for endpoints used by implicit flow (by js clients) --> + <util:list id="implicitFlowAllowHeaders"> + <value>Authorization</value> + </util:list> + <bean id="corsFilter" class="org.apache.cxf.rs.security.cors.CrossOriginResourceSharingFilter"> + <property name="allowHeaders" ref="implicitFlowAllowHeaders"/> + </bean> <bean id="refreshTokenHandler" class="org.apache.cxf.rs.security.oauth2.grants.refresh.RefreshTokenGrantHandler"> <property name="dataProvider" ref="oauthProvider"/> </bean>
