From 91442a18f74fb573a4dd6273c051affe6d810c46 Mon Sep 17 00:00:00 2001 From: Prarthona Paul Date: Fri, 15 Mar 2024 10:57:05 -0400 Subject: [PATCH] [squash] added changed needed for community stability deployment support --- .../security/http/oidc/ElytronMessages.java | 3 ++ .../org/wildfly/security/http/oidc/Oidc.java | 1 + .../oidc/OidcClientConfigurationBuilder.java | 29 +++++++++++++++++-- .../OidcConfigurationServletListener.java | 8 ++--- 4 files changed, 33 insertions(+), 8 deletions(-) diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java index c4ba08c8fb2..e933b11acb4 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/ElytronMessages.java @@ -233,5 +233,8 @@ interface ElytronMessages extends BasicLogger { @Message(id = 23056, value = "No message entity") IOException noMessageEntity(); + @Message(id = 23057, value = "Attribute '%s' is not supported") + IOException unsupportedAttribute(String error); + } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java index 8d0170fa75a..d59bc32dfd7 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java @@ -53,6 +53,7 @@ public class Oidc { public static final String DISCOVERY_PATH = ".well-known/openid-configuration"; public static final String KEYCLOAK_REALMS_PATH = "realms/"; public static final String JSON_CONFIG_CONTEXT_PARAM = "org.wildfly.security.http.oidc.json.config"; + public static final String JSON_CONFIG_UNSUPPORTED_ATTRIBUTE_PARAM = "unsupported-attribute"; static final String ACCOUNT_PATH = "account"; public static final String CLIENTS_MANAGEMENT_REGISTER_NODE_PATH = "clients-managements/register-node"; public static final String CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH = "clients-managements/unregister-node"; diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java index f2d757e493c..fd2e4ce527a 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcClientConfigurationBuilder.java @@ -19,8 +19,7 @@ package org.wildfly.security.http.oidc; import static org.wildfly.security.http.oidc.ElytronMessages.log; -import static org.wildfly.security.http.oidc.Oidc.SSLRequired; -import static org.wildfly.security.http.oidc.Oidc.TokenStore; +import static org.wildfly.security.http.oidc.Oidc.*; import java.io.IOException; import java.io.InputStream; @@ -176,6 +175,16 @@ public HttpClient call() { }; } + public static OidcClientConfiguration buildWithoutUnsupportedAttributes(String unsupportedAttributesParam, InputStream is) { + OidcJsonConfiguration oidcJsonConfiguration = loadOidcJsonConfiguration(is); + try { + failIfUnsupportedAttribute(unsupportedAttributesParam, oidcJsonConfiguration); + return new OidcClientConfigurationBuilder().internalBuild(oidcJsonConfiguration); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + public static OidcClientConfiguration build(InputStream is) { OidcJsonConfiguration oidcJsonConfiguration = loadOidcJsonConfiguration(is); return new OidcClientConfigurationBuilder().internalBuild(oidcJsonConfiguration); @@ -197,4 +206,20 @@ public static OidcJsonConfiguration loadOidcJsonConfiguration(InputStream is) { public static OidcClientConfiguration build(OidcJsonConfiguration oidcJsonConfiguration) { return new OidcClientConfigurationBuilder().internalBuild(oidcJsonConfiguration); } + + private static void failIfUnsupportedAttribute(String unsupportedAttributesParameter, OidcJsonConfiguration config) throws IOException { + if (unsupportedAttributesParameter == null) { + return; + } + String[] unsupportedAttributes = unsupportedAttributesParameter.split(" "); + for (String attributeName : unsupportedAttributes) { + switch(attributeName) { + case SCOPE: + if (config.getScope()!= null) { + throw log.unsupportedAttribute(attributeName); + } + break; + } + } + } } diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcConfigurationServletListener.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcConfigurationServletListener.java index 2d89be3c605..84875aaec5f 100644 --- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcConfigurationServletListener.java +++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcConfigurationServletListener.java @@ -19,11 +19,7 @@ package org.wildfly.security.http.oidc; import static org.wildfly.security.http.oidc.ElytronMessages.log; -import static org.wildfly.security.http.oidc.Oidc.JSON_CONFIG_CONTEXT_PARAM; -import static org.wildfly.security.http.oidc.Oidc.OIDC_CLIENT_CONFIG_RESOLVER; -import static org.wildfly.security.http.oidc.Oidc.OIDC_CLIENT_CONTEXT_KEY; -import static org.wildfly.security.http.oidc.Oidc.OIDC_CONFIG_FILE_LOCATION; -import static org.wildfly.security.http.oidc.Oidc.OIDC_JSON_FILE; +import static org.wildfly.security.http.oidc.Oidc.*; import jakarta.servlet.ServletContext; import jakarta.servlet.ServletContextEvent; @@ -66,7 +62,7 @@ public void contextInitialized(ServletContextEvent sce) { if (is == null) { oidcClientConfiguration = new OidcClientConfiguration(); } else { - oidcClientConfiguration = OidcClientConfigurationBuilder.build(is); + oidcClientConfiguration = OidcClientConfigurationBuilder.buildWithoutUnsupportedAttributes(servletContext.getInitParameter(JSON_CONFIG_UNSUPPORTED_ATTRIBUTE_PARAM), is); } clientContext = new OidcClientContext(oidcClientConfiguration); }