Repository: cxf
Updated Branches:
  refs/heads/master c2dc0e355 -> a4e4b8f9b


Making the reporting of some OIDC/OAuth2 endpoints optional


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ea23ff80
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ea23ff80
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ea23ff80

Branch: refs/heads/master
Commit: ea23ff80850a5f56c60a692936200c7cc5e27e2b
Parents: f66dea9
Author: Sergey Beryozkin <sberyoz...@gmail.com>
Authored: Thu Sep 22 17:42:24 2016 +0100
Committer: Sergey Beryozkin <sberyoz...@gmail.com>
Committed: Thu Sep 22 17:42:24 2016 +0100

----------------------------------------------------------------------
 .../services/AuthorizationMetadataService.java  | 80 +++++++++++++++++---
 .../oidc/idp/OidcConfigurationService.java      | 20 ++++-
 2 files changed, 86 insertions(+), 14 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/ea23ff80/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
index 7e7d05b..10e3e93 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
@@ -32,12 +32,21 @@ import 
org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter;
 
 @Path("oauth-authorization-server")
 public class AuthorizationMetadataService {
-
     private String issuer;
+    // Required
     private String authorizationEndpointAddress;
+    // Optional if only an implicit flow is used
+    private boolean tokenEndpointNotAvailable;
     private String tokenEndpointAddress;
+    // Optional
+    private boolean tokenRevocationEndpointNotAvailable;
     private String tokenRevocationEndpointAddress;
+    // Required for OIDC, optional otherwise
+    private boolean jwkEndpointNotAvailable;
     private String jwkEndpointAddress;
+    // Optional
+    private boolean dynamicRegistrationEndpointNotAvailable;
+    private String dynamicRegistrationEndpointAddress;
     
     @GET
     @Produces("application/json")
@@ -59,17 +68,29 @@ public class AuthorizationMetadataService {
             calculateEndpointAddress(authorizationEndpointAddress, baseUri, 
"/idp/authorize");
         cfg.put("authorization_endpoint", theAuthorizationEndpointAddress);
         // Token Endpoint
-        String theTokenEndpointAddress = 
-            calculateEndpointAddress(tokenEndpointAddress, baseUri, 
"/oauth2/token");
-        cfg.put("token_endpoint", theTokenEndpointAddress);
+        if (!isTokenEndpointNotAvailable()) {
+            String theTokenEndpointAddress = 
+                calculateEndpointAddress(tokenEndpointAddress, baseUri, 
"/oauth2/token");
+            cfg.put("token_endpoint", theTokenEndpointAddress);
+        }
         // Token Revocation Endpoint
-        String theTokenRevocationEndpointAddress = 
-            calculateEndpointAddress(tokenRevocationEndpointAddress, baseUri, 
"/oauth2/revoke");
-        cfg.put("revocation_endpoint", theTokenRevocationEndpointAddress);
+        if (!isTokenRevocationEndpointNotAvailable()) {
+            String theTokenRevocationEndpointAddress = 
+                calculateEndpointAddress(tokenRevocationEndpointAddress, 
baseUri, "/oauth2/revoke");
+            cfg.put("revocation_endpoint", theTokenRevocationEndpointAddress);
+        }
         // Jwks Uri Endpoint
-        String theJwkEndpointAddress = 
-            calculateEndpointAddress(jwkEndpointAddress, baseUri, "/jwk/keys");
-        cfg.put("jwks_uri", theJwkEndpointAddress);
+        if (!isJwkEndpointNotAvailable()) {
+            String theJwkEndpointAddress = 
+                calculateEndpointAddress(jwkEndpointAddress, baseUri, 
"/jwk/keys");
+            cfg.put("jwks_uri", theJwkEndpointAddress);
+        }
+        // Dynamic Registration Endpoint
+        if (!isDynamicRegistrationEndpointNotAvailable()) {
+            String theDynamicRegistrationEndpointAddress = 
+                calculateEndpointAddress(dynamicRegistrationEndpointAddress, 
baseUri, "/dynamic/register");
+            cfg.put("registration_endpoint", 
theDynamicRegistrationEndpointAddress);
+        }
     }
 
     protected static String calculateEndpointAddress(String endpointAddress, 
String baseUri, String defRelAddress) {
@@ -109,5 +130,44 @@ public class AuthorizationMetadataService {
     public void setTokenRevocationEndpointAddress(String 
tokenRevocationEndpointAddress) {
         this.tokenRevocationEndpointAddress = tokenRevocationEndpointAddress;
     }
+
+    public void setTokenRevocationEndpointNotAvailable(boolean 
tokenRevocationEndpointNotAvailable) {
+        this.tokenRevocationEndpointNotAvailable = 
tokenRevocationEndpointNotAvailable;
+    }
+    public boolean isTokenRevocationEndpointNotAvailable() {
+        return tokenRevocationEndpointNotAvailable;
+    }
+
+    public void setJwkEndpointNotAvailable(boolean jwkEndpointNotAvailable) {
+        this.jwkEndpointNotAvailable = jwkEndpointNotAvailable;
+    }
+    
+    public boolean isJwkEndpointNotAvailable() {
+        return jwkEndpointNotAvailable;
+    }
+
+    public boolean isTokenEndpointNotAvailable() {
+        return tokenEndpointNotAvailable;
+    }
+
+    public void setTokenEndpointNotAvailable(boolean 
tokenEndpointNotAvailable) {
+        this.tokenEndpointNotAvailable = tokenEndpointNotAvailable;
+    }
+
+    public boolean isDynamicRegistrationEndpointNotAvailable() {
+        return dynamicRegistrationEndpointNotAvailable;
+    }
+
+    public void setDynamicRegistrationEndpointNotAvailable(boolean 
dynamicRegistrationEndpointNotAvailable) {
+        this.dynamicRegistrationEndpointNotAvailable = 
dynamicRegistrationEndpointNotAvailable;
+    }
+
+    public String getDynamicRegistrationEndpointAddress() {
+        return dynamicRegistrationEndpointAddress;
+    }
+
+    public void setDynamicRegistrationEndpointAddress(String 
dynamicRegistrationEndpointAddress) {
+        this.dynamicRegistrationEndpointAddress = 
dynamicRegistrationEndpointAddress;
+    }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/ea23ff80/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java
 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java
index fab8037..7e7c8ce 100644
--- 
a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java
+++ 
b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java
@@ -30,15 +30,19 @@ import 
org.apache.cxf.rs.security.oauth2.services.AuthorizationMetadataService;
 
 @Path("openid-configuration")
 public class OidcConfigurationService extends AuthorizationMetadataService {
+    // Recommended - but optional
+    private boolean userInfoEndpointNotAvailable;
     private String userInfoEndpointAddress;
-    
+        
     @Override
     protected void prepareConfigurationData(Map<String, Object> cfg, String 
baseUri) {
         super.prepareConfigurationData(cfg, baseUri);
         // UriInfo Endpoint
-        String theUserInfoEndpointAddress = 
-            calculateEndpointAddress(userInfoEndpointAddress, baseUri, 
"/users/userinfo");
-        cfg.put("userinfo_endpoint", theUserInfoEndpointAddress);
+        if (!isUserInfoEndpointNotAvailable()) {
+            String theUserInfoEndpointAddress = 
+                calculateEndpointAddress(userInfoEndpointAddress, baseUri, 
"/users/userinfo");
+            cfg.put("userinfo_endpoint", theUserInfoEndpointAddress);
+        }
         
         Properties sigProps = JwsUtils.loadSignatureOutProperties(false);
         if (sigProps != null && 
sigProps.containsKey(JoseConstants.RSSEC_SIGNATURE_ALGORITHM)) {
@@ -46,5 +50,13 @@ public class OidcConfigurationService extends 
AuthorizationMetadataService {
                     
Collections.singletonList(sigProps.get(JoseConstants.RSSEC_SIGNATURE_ALGORITHM)));
    
         }
     }
+
+    public boolean isUserInfoEndpointNotAvailable() {
+        return userInfoEndpointNotAvailable;
+    }
+
+    public void setUserInfoEndpointNotAvailable(boolean 
userInfoEndpointNotAvailable) {
+        this.userInfoEndpointNotAvailable = userInfoEndpointNotAvailable;
+    }
     
 }

Reply via email to