Repository: cxf-fediz Updated Branches: refs/heads/master 10b9246ae -> 11826312b
Wrapping the collection of clients to make it simpler to manage multiple views for a single path Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/11826312 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/11826312 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/11826312 Branch: refs/heads/master Commit: 11826312ba5e2be08f457814655efe2460e79578 Parents: 10b9246 Author: Sergey Beryozkin <sberyoz...@gmail.com> Authored: Fri Jan 29 13:51:57 2016 +0000 Committer: Sergey Beryozkin <sberyoz...@gmail.com> Committed: Fri Jan 29 13:51:57 2016 +0000 ---------------------------------------------------------------------- .../service/oidc/ClientRegistrationService.java | 70 ++++++++++++-------- .../fediz/service/oidc/InvalidRegistration.java | 31 +++++++++ .../oidc/InvalidRegistrationException.java | 32 --------- .../fediz/service/oidc/RegisteredClients.java | 35 ++++++++++ .../main/webapp/WEB-INF/applicationContext.xml | 7 +- .../WEB-INF/views/invalidRegistration.jsp | 24 +++++++ .../webapp/WEB-INF/views/registeredClients.jsp | 3 +- 7 files changed, 141 insertions(+), 61 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/11826312/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java index 733f7ea..dfe2a01 100644 --- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/ClientRegistrationService.java @@ -40,6 +40,7 @@ import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; import javax.ws.rs.core.SecurityContext; import org.apache.commons.validator.routines.UrlValidator; @@ -76,8 +77,8 @@ public class ClientRegistrationService { @GET @Produces(MediaType.TEXT_HTML) @Path("/") - public Collection<Client> getClients() { - return getClientRegistrations(); + public RegisteredClients getClients() { + return new RegisteredClients(getClientRegistrations()); } @GET @@ -97,7 +98,7 @@ public class ClientRegistrationService { @Consumes(MediaType.APPLICATION_FORM_URLENCODED) @Produces(MediaType.TEXT_HTML) @Path("/{id}/remove") - public Collection<Client> removeClient(@PathParam("id") String id) { + public RegisteredClients removeClient(@PathParam("id") String id) { Collection<Client> clients = getClientRegistrations(); for (Iterator<Client> it = clients.iterator(); it.hasNext();) { Client c = it.next(); @@ -107,7 +108,7 @@ public class ClientRegistrationService { break; } } - return clients; + return new RegisteredClients(clients); } @POST @Consumes(MediaType.APPLICATION_FORM_URLENCODED) @@ -193,62 +194,68 @@ public class ClientRegistrationService { @Consumes(MediaType.APPLICATION_FORM_URLENCODED) @Produces(MediaType.TEXT_HTML) @Path("/") - public Collection<Client> registerForm(@FormParam("client_name") String appName, + public Response registerForm(@FormParam("client_name") String appName, @FormParam("client_type") String appType, @FormParam("client_audience") String audience, @FormParam("client_redirectURI") String redirectURI, @FormParam("client_homeRealm") String homeRealm - ) throws InvalidRegistrationException { + ) { - // Check parameters - if (appName == null || "".equals(appName)) { - throw new InvalidRegistrationException("The client id must not be empty"); + // Client Name + if (StringUtils.isEmpty(appName)) { + return invalidRegistrationResponse("The client name must not be empty"); } - if (appType == null) { - throw new InvalidRegistrationException("The client type must not be empty"); + // Client Type + if (StringUtils.isEmpty(appType)) { + return invalidRegistrationResponse("The client type must not be empty"); } if (!("confidential".equals(appType) || "public".equals(appType))) { - throw new InvalidRegistrationException("An invalid client type was specified: " + appType); + return invalidRegistrationResponse("An invalid client type was specified: " + appType); } - + // Client ID String clientId = generateClientId(); boolean isConfidential = "confidential".equals(appType); + // Client Secret String clientSecret = isConfidential ? generateClientSecret() : null; FedizClient newClient = new FedizClient(clientId, clientSecret, isConfidential, appName); + + // User who registered this client + String userName = sc.getUserPrincipal().getName(); + UserSubject userSubject = new UserSubject(userName); + newClient.setResourceOwnerSubject(userSubject); + + // Client Registration Time + newClient.setRegisteredAt(System.currentTimeMillis() / 1000); + + // Client Realm newClient.setHomeRealm(homeRealm); + + // Client Redirect URIs if (!StringUtils.isEmpty(redirectURI)) { String[] allUris = redirectURI.trim().split(" "); List<String> redirectUris = new LinkedList<String>(); for (String uri : allUris) { if (!StringUtils.isEmpty(uri)) { if (!isValidURI(uri, false)) { - throw new InvalidRegistrationException("An invalid redirect URI was specified: " + uri); + return invalidRegistrationResponse("An invalid redirect URI was specified: " + uri); } redirectUris.add(uri); } } newClient.setRedirectUris(redirectUris); } - String userName = sc.getUserPrincipal().getName(); - UserSubject userSubject = new UserSubject(userName); - newClient.setResourceOwnerSubject(userSubject); - - newClient.setRegisteredAt(System.currentTimeMillis() / 1000); - - if (clientScopes != null && !clientScopes.isEmpty()) { - newClient.setRegisteredScopes(new ArrayList<String>(clientScopes.keySet())); - } + // Client Audience URIs if (!StringUtils.isEmpty(audience)) { String[] auds = audience.trim().split(" "); List<String> registeredAuds = new LinkedList<String>(); for (String aud : auds) { if (!StringUtils.isEmpty(aud)) { if (!isValidURI(aud, true)) { - throw new InvalidRegistrationException("An invalid audience URI was specified: " + aud); + return invalidRegistrationResponse("An invalid audience URI was specified: " + aud); } registeredAuds.add(aud); } @@ -256,9 +263,18 @@ public class ClientRegistrationService { newClient.setRegisteredAudiences(registeredAuds); } - return registerNewClient(newClient); + // Client Scopes + if (clientScopes != null && !clientScopes.isEmpty()) { + newClient.setRegisteredScopes(new ArrayList<String>(clientScopes.keySet())); + } + + return Response.ok(registerNewClient(newClient)).build(); } + private Response invalidRegistrationResponse(String error) { + return Response.ok(new InvalidRegistration(error)).build(); + } + private boolean isValidURI(String uri, boolean requireHttps) { UrlValidator urlValidator = null; @@ -301,11 +317,11 @@ public class ClientRegistrationService { return Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(keySizeOctets)); } - protected Collection<Client> registerNewClient(Client newClient) { + protected RegisteredClients registerNewClient(Client newClient) { clientProvider.setClient(newClient); Collection<Client> clientRegistrations = getClientRegistrations(); clientRegistrations.add(newClient); - return clientRegistrations; + return new RegisteredClients(clientRegistrations); } protected Collection<Client> getClientRegistrations() { http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/11826312/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/InvalidRegistration.java ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/InvalidRegistration.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/InvalidRegistration.java new file mode 100644 index 0000000..31637a7 --- /dev/null +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/InvalidRegistration.java @@ -0,0 +1,31 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.fediz.service.oidc; + +public class InvalidRegistration { + private String message; + public InvalidRegistration(String message) { + this.message = message; + } + public String getMessage() { + return message; + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/11826312/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/InvalidRegistrationException.java ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/InvalidRegistrationException.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/InvalidRegistrationException.java deleted file mode 100644 index d115f31..0000000 --- a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/InvalidRegistrationException.java +++ /dev/null @@ -1,32 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.fediz.service.oidc; - -public class InvalidRegistrationException extends Exception { - - /** - * - */ - private static final long serialVersionUID = 6251451448320551293L; - - public InvalidRegistrationException(String message) { - super(message); - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/11826312/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/RegisteredClients.java ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/RegisteredClients.java b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/RegisteredClients.java new file mode 100644 index 0000000..dc30b27 --- /dev/null +++ b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/RegisteredClients.java @@ -0,0 +1,35 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.fediz.service.oidc; + +import java.util.Collection; + +import org.apache.cxf.rs.security.oauth2.common.Client; + +public class RegisteredClients { + private Collection<Client> clients; + public RegisteredClients(Collection<Client> clients) { + this.clients = clients; + } + public Collection<Client> getClients() { + return clients; + } + + +} http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/11826312/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml index 48422fc..040500b 100644 --- a/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml +++ b/services/oidc/src/main/webapp/WEB-INF/applicationContext.xml @@ -122,10 +122,15 @@ <property name="dispatcherName" value="jsp"/> <property name="resourcePaths"> <map> - <entry key="/clients" value="/WEB-INF/views/registeredClients.jsp"/> <entry key="/remove" value="/WEB-INF/views/registeredClients.jsp"/> </map> </property> + <property name="classResources"> + <map> + <entry key="org.apache.cxf.fediz.service.oidc.InvalidRegistration" value="/WEB-INF/views/invalidRegistration.jsp"/> + </map> + </property> + </bean> <bean id="idTokenFilter" class="org.apache.cxf.rs.security.oidc.idp.IdTokenResponseFilter"> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/11826312/services/oidc/src/main/webapp/WEB-INF/views/invalidRegistration.jsp ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/webapp/WEB-INF/views/invalidRegistration.jsp b/services/oidc/src/main/webapp/WEB-INF/views/invalidRegistration.jsp new file mode 100644 index 0000000..c87b963 --- /dev/null +++ b/services/oidc/src/main/webapp/WEB-INF/views/invalidRegistration.jsp @@ -0,0 +1,24 @@ +<%@ page import="javax.servlet.http.HttpServletRequest" %> +<%@ page import="org.apache.cxf.fediz.service.oidc.InvalidRegistration" %> + +<% + InvalidRegistration invalidReg = (InvalidRegistration)request.getAttribute("data"); + String basePath = request.getContextPath() + request.getServletPath(); + if (!basePath.endsWith("/")) { + basePath += "/"; + } +%> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> + <title>Invalid Client Registration</title> +</head> +<body> +<div class="padded"> +<h2><%= invalidReg.getMessage() %></h2> +<br/> +<p>Return to <a href="<%=basePath%>clients/register">Client registration</a></p> +<p>Return to <a href="<%=basePath%>clients">registered Clients</a></p> +</div> +</body> +</html> + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/11826312/services/oidc/src/main/webapp/WEB-INF/views/registeredClients.jsp ---------------------------------------------------------------------- diff --git a/services/oidc/src/main/webapp/WEB-INF/views/registeredClients.jsp b/services/oidc/src/main/webapp/WEB-INF/views/registeredClients.jsp index afd91ae..47807d3 100644 --- a/services/oidc/src/main/webapp/WEB-INF/views/registeredClients.jsp +++ b/services/oidc/src/main/webapp/WEB-INF/views/registeredClients.jsp @@ -5,9 +5,10 @@ <%@ page import="java.util.Locale"%> <%@ page import="java.util.TimeZone"%> <%@ page import="javax.servlet.http.HttpServletRequest" %> +<%@ page import="org.apache.cxf.fediz.service.oidc.RegisteredClients" %> <% - Collection<Client> regs = (Collection<Client>)request.getAttribute("data"); + Collection<Client> regs = ((RegisteredClients)request.getAttribute("data")).getClients(); String basePath = request.getContextPath() + request.getServletPath(); if (!basePath.endsWith("/")) { basePath += "/";