cxf git commit: [CXF-7161] Avoiding reporting a null secret key with a dangling secret expiry time, patch from Adrian Gonzalez applied, This closes #209

Fri, 02 Dec 2016 08:44:08 -0800 

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 49da1446b -> 6187ae4e1


[CXF-7161] Avoiding reporting a null secret key with a dangling secret expiry 
time, patch from Adrian Gonzalez applied, This closes #209


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6187ae4e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6187ae4e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6187ae4e

Branch: refs/heads/3.1.x-fixes
Commit: 6187ae4e155acad436ae2ef53e5cc606c64c703f
Parents: 49da144
Author: Sergey Beryozkin <sberyoz...@gmail.com>
Authored: Fri Dec 2 16:42:09 2016 +0000
Committer: Sergey Beryozkin <sberyoz...@gmail.com>
Committed: Fri Dec 2 16:43:43 2016 +0000

----------------------------------------------------------------------
 .../security/oauth2/services/DynamicRegistrationService.java | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6187ae4e/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
----------------------------------------------------------------------
diff --git 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
index 8a8dd93..69d7f7b 100644
--- 
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
+++ 
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/services/DynamicRegistrationService.java
@@ -125,10 +125,12 @@ public class DynamicRegistrationService {
     protected ClientRegistrationResponse 
fromClientToRegistrationResponse(Client client) {
         ClientRegistrationResponse response = new ClientRegistrationResponse();
         response.setClientId(client.getClientId());
-        response.setClientSecret(client.getClientSecret());
+        if (client.getClientSecret() != null) {
+            response.setClientSecret(client.getClientSecret());
+            // TODO: consider making Client secret time limited
+            response.setClientSecretExpiresAt(Long.valueOf(0));
+        }
         response.setClientIdIssuedAt(client.getRegisteredAt());
-        // TODO: consider making Client secret time limited
-        response.setClientSecretExpiresAt(Long.valueOf(0));
         UriBuilder ub = 
getMessageContext().getUriInfo().getAbsolutePathBuilder();
         
         if (supportRegistrationAccessTokens) {

Reply via email to