Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 2adcc64ec -> 0947c0a20
Making the reporting of some OIDC/OAuth2 endpoints optional Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0947c0a2 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0947c0a2 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0947c0a2 Branch: refs/heads/3.1.x-fixes Commit: 0947c0a206ae150e4985ff8c3ebf98fc048378bb Parents: 2adcc64 Author: Sergey Beryozkin <sberyoz...@gmail.com> Authored: Thu Sep 22 17:42:24 2016 +0100 Committer: Sergey Beryozkin <sberyoz...@gmail.com> Committed: Thu Sep 22 17:45:08 2016 +0100 ---------------------------------------------------------------------- .../services/AuthorizationMetadataService.java | 80 +++++++++++++++++--- .../oidc/idp/OidcConfigurationService.java | 20 ++++- 2 files changed, 86 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/0947c0a2/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java index 7e7d05b..10e3e93 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java @@ -32,12 +32,21 @@ import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter; @Path("oauth-authorization-server") public class AuthorizationMetadataService { - private String issuer; + // Required private String authorizationEndpointAddress; + // Optional if only an implicit flow is used + private boolean tokenEndpointNotAvailable; private String tokenEndpointAddress; + // Optional + private boolean tokenRevocationEndpointNotAvailable; private String tokenRevocationEndpointAddress; + // Required for OIDC, optional otherwise + private boolean jwkEndpointNotAvailable; private String jwkEndpointAddress; + // Optional + private boolean dynamicRegistrationEndpointNotAvailable; + private String dynamicRegistrationEndpointAddress; @GET @Produces("application/json") @@ -59,17 +68,29 @@ public class AuthorizationMetadataService { calculateEndpointAddress(authorizationEndpointAddress, baseUri, "/idp/authorize"); cfg.put("authorization_endpoint", theAuthorizationEndpointAddress); // Token Endpoint - String theTokenEndpointAddress = - calculateEndpointAddress(tokenEndpointAddress, baseUri, "/oauth2/token"); - cfg.put("token_endpoint", theTokenEndpointAddress); + if (!isTokenEndpointNotAvailable()) { + String theTokenEndpointAddress = + calculateEndpointAddress(tokenEndpointAddress, baseUri, "/oauth2/token"); + cfg.put("token_endpoint", theTokenEndpointAddress); + } // Token Revocation Endpoint - String theTokenRevocationEndpointAddress = - calculateEndpointAddress(tokenRevocationEndpointAddress, baseUri, "/oauth2/revoke"); - cfg.put("revocation_endpoint", theTokenRevocationEndpointAddress); + if (!isTokenRevocationEndpointNotAvailable()) { + String theTokenRevocationEndpointAddress = + calculateEndpointAddress(tokenRevocationEndpointAddress, baseUri, "/oauth2/revoke"); + cfg.put("revocation_endpoint", theTokenRevocationEndpointAddress); + } // Jwks Uri Endpoint - String theJwkEndpointAddress = - calculateEndpointAddress(jwkEndpointAddress, baseUri, "/jwk/keys"); - cfg.put("jwks_uri", theJwkEndpointAddress); + if (!isJwkEndpointNotAvailable()) { + String theJwkEndpointAddress = + calculateEndpointAddress(jwkEndpointAddress, baseUri, "/jwk/keys"); + cfg.put("jwks_uri", theJwkEndpointAddress); + } + // Dynamic Registration Endpoint + if (!isDynamicRegistrationEndpointNotAvailable()) { + String theDynamicRegistrationEndpointAddress = + calculateEndpointAddress(dynamicRegistrationEndpointAddress, baseUri, "/dynamic/register"); + cfg.put("registration_endpoint", theDynamicRegistrationEndpointAddress); + } } protected static String calculateEndpointAddress(String endpointAddress, String baseUri, String defRelAddress) { @@ -109,5 +130,44 @@ public class AuthorizationMetadataService { public void setTokenRevocationEndpointAddress(String tokenRevocationEndpointAddress) { this.tokenRevocationEndpointAddress = tokenRevocationEndpointAddress; } + + public void setTokenRevocationEndpointNotAvailable(boolean tokenRevocationEndpointNotAvailable) { + this.tokenRevocationEndpointNotAvailable = tokenRevocationEndpointNotAvailable; + } + public boolean isTokenRevocationEndpointNotAvailable() { + return tokenRevocationEndpointNotAvailable; + } + + public void setJwkEndpointNotAvailable(boolean jwkEndpointNotAvailable) { + this.jwkEndpointNotAvailable = jwkEndpointNotAvailable; + } + + public boolean isJwkEndpointNotAvailable() { + return jwkEndpointNotAvailable; + } + + public boolean isTokenEndpointNotAvailable() { + return tokenEndpointNotAvailable; + } + + public void setTokenEndpointNotAvailable(boolean tokenEndpointNotAvailable) { + this.tokenEndpointNotAvailable = tokenEndpointNotAvailable; + } + + public boolean isDynamicRegistrationEndpointNotAvailable() { + return dynamicRegistrationEndpointNotAvailable; + } + + public void setDynamicRegistrationEndpointNotAvailable(boolean dynamicRegistrationEndpointNotAvailable) { + this.dynamicRegistrationEndpointNotAvailable = dynamicRegistrationEndpointNotAvailable; + } + + public String getDynamicRegistrationEndpointAddress() { + return dynamicRegistrationEndpointAddress; + } + + public void setDynamicRegistrationEndpointAddress(String dynamicRegistrationEndpointAddress) { + this.dynamicRegistrationEndpointAddress = dynamicRegistrationEndpointAddress; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/0947c0a2/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java index fab8037..7e7c8ce 100644 --- a/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java +++ b/rt/rs/security/sso/oidc/src/main/java/org/apache/cxf/rs/security/oidc/idp/OidcConfigurationService.java @@ -30,15 +30,19 @@ import org.apache.cxf.rs.security.oauth2.services.AuthorizationMetadataService; @Path("openid-configuration") public class OidcConfigurationService extends AuthorizationMetadataService { + // Recommended - but optional + private boolean userInfoEndpointNotAvailable; private String userInfoEndpointAddress; - + @Override protected void prepareConfigurationData(Map<String, Object> cfg, String baseUri) { super.prepareConfigurationData(cfg, baseUri); // UriInfo Endpoint - String theUserInfoEndpointAddress = - calculateEndpointAddress(userInfoEndpointAddress, baseUri, "/users/userinfo"); - cfg.put("userinfo_endpoint", theUserInfoEndpointAddress); + if (!isUserInfoEndpointNotAvailable()) { + String theUserInfoEndpointAddress = + calculateEndpointAddress(userInfoEndpointAddress, baseUri, "/users/userinfo"); + cfg.put("userinfo_endpoint", theUserInfoEndpointAddress); + } Properties sigProps = JwsUtils.loadSignatureOutProperties(false); if (sigProps != null && sigProps.containsKey(JoseConstants.RSSEC_SIGNATURE_ALGORITHM)) { @@ -46,5 +50,13 @@ public class OidcConfigurationService extends AuthorizationMetadataService { Collections.singletonList(sigProps.get(JoseConstants.RSSEC_SIGNATURE_ALGORITHM))); } } + + public boolean isUserInfoEndpointNotAvailable() { + return userInfoEndpointNotAvailable; + } + + public void setUserInfoEndpointNotAvailable(boolean userInfoEndpointNotAvailable) { + this.userInfoEndpointNotAvailable = userInfoEndpointNotAvailable; + } }