cxf git commit: [CXF-6280] Updating AuthorizationCode service to support returning a code out of band even for confidential clients
Repository: cxf Updated Branches: refs/heads/master 6fd84bc9f - a802b442c [CXF-6280] Updating AuthorizationCode service to support returning a code out of band even for confidential clients Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a802b442 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a802b442 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a802b442 Branch: refs/heads/master Commit: a802b442cdfdd8e4c23fae7de16a11f5de2004dc Parents: 6fd84bc Author: Sergey Beryozkin sberyoz...@talend.com Authored: Wed Apr 22 13:22:03 2015 +0100 Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Wed Apr 22 13:22:03 2015 +0100 -- .../oauth2/services/AuthorizationCodeGrantService.java | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a802b442/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java index 9b7239a..184d219 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java @@ -55,6 +55,7 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; public class AuthorizationCodeGrantService extends RedirectionBasedGrantService { private static final Integer RECOMMENDED_CODE_EXPIRY_TIME_MINS = 10; private boolean canSupportPublicClients; +private boolean canSupportEmptyRedirectForPrivateClients; private OOBResponseDeliverer oobDeliverer; private AuthorizationCodeRequestFilter codeRequestFilter; private AuthorizationCodeResponseFilter codeResponseFilter; @@ -179,7 +180,10 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService @Override protected boolean canRedirectUriBeEmpty(Client c) { -return canSupportPublicClient(c) c.getRedirectUris().isEmpty(); +// If a redirect URI is empty then the code will be returned out of band, +// typically will be returned directly to a human user +return (c.isConfidential() canSupportEmptyRedirectForPrivateClients || canSupportPublicClient(c)) + c.getRedirectUris().isEmpty(); } public void setCanSupportPublicClients(boolean support) { @@ -193,6 +197,9 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService public void setCodeRequestFilter(AuthorizationCodeRequestFilter codeRequestFilter) { this.codeRequestFilter = codeRequestFilter; } +public void setCanSupportEmptyRedirectForPrivateClients(boolean canSupportEmptyRedirectForPrivateClients) { +this.canSupportEmptyRedirectForPrivateClients = canSupportEmptyRedirectForPrivateClients; +} }
cxf git commit: [CXF-6280] Updating AuthorizationCode service to support returning a code out of band even for confidential clients
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 312e27e75 - 03b7d19c8 [CXF-6280] Updating AuthorizationCode service to support returning a code out of band even for confidential clients Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/03b7d19c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/03b7d19c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/03b7d19c Branch: refs/heads/3.0.x-fixes Commit: 03b7d19c8e934e98040f064bb36843638b428f63 Parents: 312e27e Author: Sergey Beryozkin sberyoz...@talend.com Authored: Wed Apr 22 13:22:03 2015 +0100 Committer: Sergey Beryozkin sberyoz...@talend.com Committed: Wed Apr 22 13:24:11 2015 +0100 -- .../oauth2/services/AuthorizationCodeGrantService.java | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/03b7d19c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java -- diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java index edbbe51..a4c9d9e 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/AuthorizationCodeGrantService.java @@ -54,6 +54,7 @@ import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants; public class AuthorizationCodeGrantService extends RedirectionBasedGrantService { private static final Integer RECOMMENDED_CODE_EXPIRY_TIME_MINS = 10; private boolean canSupportPublicClients; +private boolean canSupportEmptyRedirectForPrivateClients; private OOBResponseDeliverer oobDeliverer; private AuthorizationCodeRequestFilter codeRequestFilter; private AuthorizationCodeResponseFilter codeResponseFilter; @@ -171,7 +172,10 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService @Override protected boolean canRedirectUriBeEmpty(Client c) { -return canSupportPublicClient(c) c.getRedirectUris().isEmpty(); +// If a redirect URI is empty then the code will be returned out of band, +// typically will be returned directly to a human user +return (c.isConfidential() canSupportEmptyRedirectForPrivateClients || canSupportPublicClient(c)) + c.getRedirectUris().isEmpty(); } public void setCanSupportPublicClients(boolean support) { @@ -185,6 +189,9 @@ public class AuthorizationCodeGrantService extends RedirectionBasedGrantService public void setCodeRequestFilter(AuthorizationCodeRequestFilter codeRequestFilter) { this.codeRequestFilter = codeRequestFilter; } +public void setCanSupportEmptyRedirectForPrivateClients(boolean canSupportEmptyRedirectForPrivateClients) { +this.canSupportEmptyRedirectForPrivateClients = canSupportEmptyRedirectForPrivateClients; +} }