cxf-fediz git commit: Making sure a given Client only gets a single back channel logout request

Fri, 02 Jun 2017 08:58:40 -0700 

Repository: cxf-fediz
Updated Branches:
  refs/heads/master 8908d9a86 -> c3723ed59


Making sure a given Client only gets a single back channel logout request


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/c3723ed5
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/c3723ed5
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/c3723ed5

Branch: refs/heads/master
Commit: c3723ed59fd21980251a544194aa9aa5177f7418
Parents: 8908d9a
Author: Sergey Beryozkin <[email protected]>
Authored: Fri Jun 2 16:58:11 2017 +0100
Committer: Sergey Beryozkin <[email protected]>
Committed: Fri Jun 2 16:58:11 2017 +0100

----------------------------------------------------------------------
 .../oidc/logout/BackChannelLogoutHandler.java        | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c3723ed5/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/BackChannelLogoutHandler.java
----------------------------------------------------------------------
diff --git 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/BackChannelLogoutHandler.java
 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/BackChannelLogoutHandler.java
index 28dfff9..b3e9904 100644
--- 
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/BackChannelLogoutHandler.java
+++ 
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/logout/BackChannelLogoutHandler.java
@@ -19,7 +19,9 @@
 package org.apache.cxf.fediz.service.oidc.logout;
 
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 
@@ -52,15 +54,20 @@ public class BackChannelLogoutHandler extends 
JoseJwtProducer {
         // in cases when ATs have expired or been revoked or Implicit id_token 
flow is used.
         // Most likely a 'visited sites' cookie as suggested by the spec will 
need to be used.
         List<ServerAccessToken> accessTokens = 
dataProvider.getAccessTokens(client,  subject);
+        Set<String> processedClients = new HashSet<String>();
         for (ServerAccessToken at : accessTokens) {
-            if (client.getClientId().equals(at.getClient().getClientId())) {
+            if (client.getClientId().equals(at.getClient().getClientId())
+                || processedClients.contains(client.getClientId())) {
                 continue;
             }
             String uri = client.getProperties().get(BACK_CHANNEL_LOGOUT_URI);
             if (uri != null) {
+                processedClients.add(client.getClientId());
                 submitBackChannelLogoutRequest(client, subject, idTokenHint, 
uri);
             }
         }
+        
+        
 
     }
 
@@ -82,7 +89,11 @@ public class BackChannelLogoutHandler extends 
JoseJwtProducer {
 
             @Override
             public void run() {
-                wc.form(new Form().param(LOGOUT_TOKEN, logoutToken));
+                try {
+                    wc.form(new Form().param(LOGOUT_TOKEN, logoutToken));
+                } catch (Exception ex) {
+                    // nothing else can be done
+                }
             }
         
         });

Reply via email to