[cxf] branch 3.1.x-fixes updated: [CXF-7572] default port in OAuth discovery doc

Wed, 29 Nov 2017 00:17:14 -0800 

This is an automated email from the ASF dual-hosted git repository.

gonzalad pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/3.1.x-fixes by this push:
     new 8f41363  [CXF-7572] default port in OAuth discovery doc
8f41363 is described below

commit 8f413631e20879a42120d57796e751ba222ca14a
Author: gonzalad <[email protected]>
AuthorDate: Wed Nov 29 09:16:20 2017 +0100

    [CXF-7572] default port in OAuth discovery doc
    
    Default port should be removed from
    issuer and endpoints in discovery
    documents.
    
    aka
    "issuer":"https://authorization-server:443";
    should be
    "issuer":"https://authorization-server";
---
 .../services/AuthorizationMetadataService.java     | 67 ++++++++++++++++------
 1 file changed, 48 insertions(+), 19 deletions(-)

diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
index 71d33d4..1b8dba4 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationMetadataService.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.rs.security.oauth2.services;
 
 import java.net.URI;
+import java.net.URISyntaxException;
 import java.util.LinkedHashMap;
 import java.util.Map;
 
@@ -49,61 +50,69 @@ public class AuthorizationMetadataService {
     // Optional
     private boolean dynamicRegistrationEndpointNotAvailable;
     private String dynamicRegistrationEndpointAddress;
-    
+
     @GET
     @Produces("application/json")
     public String getConfiguration(@Context UriInfo ui) {
         Map<String, Object> cfg = new LinkedHashMap<String, Object>();
         String baseUri = getBaseUri(ui);
         prepareConfigurationData(cfg, baseUri);
-        
+
         JsonMapObjectReaderWriter writer = new JsonMapObjectReaderWriter();
         writer.setFormat(true);
         return writer.toJson(cfg);
     }
-    
+
     protected void prepareConfigurationData(Map<String, Object> cfg, String 
baseUri) {
         // Issuer
         cfg.put("issuer", buildIssuerUri(baseUri));
         // Authorization Endpoint
-        String theAuthorizationEndpointAddress = 
-            calculateEndpointAddress(authorizationEndpointAddress, baseUri, 
"/idp/authorize");
+        String theAuthorizationEndpointAddress =
+                calculateEndpointAddress(authorizationEndpointAddress, 
baseUri, "/idp/authorize");
         cfg.put("authorization_endpoint", theAuthorizationEndpointAddress);
         // Token Endpoint
         if (!isTokenEndpointNotAvailable()) {
-            String theTokenEndpointAddress = 
-                calculateEndpointAddress(tokenEndpointAddress, baseUri, 
"/oauth2/token");
+            String theTokenEndpointAddress =
+                    calculateEndpointAddress(tokenEndpointAddress, baseUri, 
"/oauth2/token");
             cfg.put("token_endpoint", theTokenEndpointAddress);
         }
         // Token Revocation Endpoint
         if (!isTokenRevocationEndpointNotAvailable()) {
-            String theTokenRevocationEndpointAddress = 
-                calculateEndpointAddress(tokenRevocationEndpointAddress, 
baseUri, "/oauth2/revoke");
+            String theTokenRevocationEndpointAddress =
+                    calculateEndpointAddress(tokenRevocationEndpointAddress, 
baseUri, "/oauth2/revoke");
             cfg.put("revocation_endpoint", theTokenRevocationEndpointAddress);
         }
         // Jwks Uri Endpoint
         if (!isJwkEndpointNotAvailable()) {
-            String theJwkEndpointAddress = 
-                calculateEndpointAddress(jwkEndpointAddress, baseUri, 
"/jwk/keys");
+            String theJwkEndpointAddress =
+                    calculateEndpointAddress(jwkEndpointAddress, baseUri, 
"/jwk/keys");
             cfg.put("jwks_uri", theJwkEndpointAddress);
         }
         // Dynamic Registration Endpoint
         if (!isDynamicRegistrationEndpointNotAvailable()) {
-            String theDynamicRegistrationEndpointAddress = 
-                calculateEndpointAddress(dynamicRegistrationEndpointAddress, 
baseUri, "/dynamic/register");
+            String theDynamicRegistrationEndpointAddress =
+                    
calculateEndpointAddress(dynamicRegistrationEndpointAddress, baseUri, 
"/dynamic/register");
             cfg.put("registration_endpoint", 
theDynamicRegistrationEndpointAddress);
         }
     }
 
     protected static String calculateEndpointAddress(String endpointAddress, 
String baseUri, String defRelAddress) {
         endpointAddress = endpointAddress != null ? endpointAddress : 
defRelAddress;
-        if (endpointAddress.startsWith("https")) {
+        if (isAbsoluteUri(endpointAddress)) {
             return endpointAddress;
         } else {
-            return 
UriBuilder.fromUri(baseUri).path(endpointAddress).build().toString(); 
+            URI uri = 
UriBuilder.fromUri(baseUri).path(endpointAddress).build();
+            return removeDefaultPort(uri).toString();
         }
     }
 
+    private static boolean isAbsoluteUri(String endpointAddress) {
+        if (endpointAddress == null) {
+            return false;
+        }
+        return endpointAddress.startsWith("http://";) || 
endpointAddress.startsWith("https://";);
+    }
+
     private String getBaseUri(UriInfo ui) {
         String requestUri = ui.getRequestUri().toString();
         int ind = requestUri.lastIndexOf(".well-known");
@@ -143,7 +152,7 @@ public class AuthorizationMetadataService {
     public void setJwkEndpointNotAvailable(boolean jwkEndpointNotAvailable) {
         this.jwkEndpointNotAvailable = jwkEndpointNotAvailable;
     }
-    
+
     public boolean isJwkEndpointNotAvailable() {
         return jwkEndpointNotAvailable;
     }
@@ -173,8 +182,14 @@ public class AuthorizationMetadataService {
     }
 
     private String buildIssuerUri(String baseUri) {
-        URI uri = issuer == null || !issuer.startsWith("/") ? 
URI.create(baseUri) 
-            : UriBuilder.fromUri(baseUri).path(issuer).build();
+        URI uri;
+        if (isAbsoluteUri(issuer)) {
+            uri = UriBuilder.fromUri(issuer).build();
+        } else {
+            uri = issuer == null || !issuer.startsWith("/") ? 
URI.create(baseUri)
+                    : UriBuilder.fromUri(baseUri).path(issuer).build();
+        }
+        uri = removeDefaultPort(uri);
         if (stripPathFromIssuerUri) {
             StringBuilder sb = new StringBuilder();
             sb.append(uri.getScheme()).append("://").append(uri.getHost());
@@ -187,8 +202,22 @@ public class AuthorizationMetadataService {
         }
     }
 
+    private static URI removeDefaultPort(URI uri) {
+        if ((uri.getPort() == 80 && "http".equals(uri.getScheme()))
+                || (uri.getPort() == 443 && "https".equals(uri.getScheme()))) {
+            try {
+                URI newURI = new URI(uri.getScheme(), uri.getUserInfo(), 
uri.getHost(), -1,
+                        uri.getPath(), uri.getQuery(), uri.getFragment());
+                return newURI;
+            } catch (URISyntaxException e) {
+                throw new IllegalArgumentException("Invalid URI " + uri + " : 
" + e.toString(), e);
+            }
+        }
+        return uri;
+    }
+
     public void setStripPathFromIssuerUri(boolean stripPathFromIssuerUri) {
         this.stripPathFromIssuerUri = stripPathFromIssuerUri;
     }
 
-}
+}
\ No newline at end of file

-- 
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].

Reply via email to