org.forgerock / org.forgerock.openig

02 Dec, 2014

1 commit

01 Dec, 2014

1 commit

28 Nov, 2014

2 commits

26 Nov, 2014

1 commit

25 Nov, 2014

3 commits

24 Nov, 2014

1 commit

22 Nov, 2014

1 commit

21 Nov, 2014

1 commit

20 Nov, 2014

3 commits

  • 0503020c   CR-5343 OPENIG-381 Update doc for change to global decorator config ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@738 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    mark
     
  • 95f1d731   OPENIG-368 (CR-5326) Use exchange.originalUri in OAuth2ClientFilter ... Browse Dir » 
    The Client filter heavily use the `exchange.request.uri` property to compute URIs.

That was causing issues because, in the set of upstream filters/handlers, someone
could have rebased the request URI (usually to globally 'redirect' the message
to the protected application). That was causing wrong URI computations (like an
OAuth2 `redirect_uri` with the hostname of the protected application, instead of
the user-facing one of OpenIG).

This changes fix this behaviour with the introduction of an immutable
`exchange.originalUri` property that is the original request URI, as received by the
web container.

The Client filter is now using this instead of the mutable one (`exchange.request.uri`).

Updated the Nascar page sample of the documentation to limit copy/paste errors.

git-svn-id: https://svn.forgerock.org/openig/trunk@735 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • cef1488f   CR-5340 OPENIG-326 The OAuth2 ResourceServer scopes is now a list of ... Browse Dir » 
    expressions.

OAuth2ResourceServerFilter.java
- Replaced 'Set<String> scopes' to 'List<Expression> scopes'.
- As the AccessToken defines scopes as Set<String>,
 added a new method to getScopes from List<Expression> to Set<String>.
- InsufficientScopeChallengeHandler is no longer a field of the
OAuth2ResourceServerFilter.
- Added realm attribute to the OAuth2ResourceServerFilter.

OAuth2ResourceServerFilterTest.java
- Fixed tests according to the above modifications.
- Added unit tests with expression evaluations.

man-OAuth2ResourceServerFilter.xml
- Modified doc according to Mark's patch.

git-svn-id: https://svn.forgerock.org/openig/trunk@732 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    violette
     

18 Nov, 2014

1 commit

14 Nov, 2014

2 commits

12 Nov, 2014

2 commits

07 Nov, 2014

3 commits

  • 471ec570   OPENIG-336 OPENIG-350 (CCR-5078) Lazily retrieve cached user info resources in OAuth2 Client Filter ... Browse Dir » 
    Without this change, the OAuth 2.0 Client Filter triggers the retrieval of
the user info resource for each request that is intercepted. It's a problem
for Identity Providers such as Google that have an allowed quota of request/sec,
because of the sudden burst of user info request.

This is even worse than that because sometimes, the intercepted request may
not even need to use theses information (think of OpenIG intercepting an
image served by the protected application and returned as-is) ...

This fix includes both a user-info resources caching for a few seconds (the
time for all requests to load a web page to be executed) and a lazy loading
of the resource (triggered the first time a downstream filter/handler access
the `user_info` structure). By default, resources are kept for 20 seconds after
the first access.

Like for OAuth2ResourceServerFilter, you can disable that cache with
`"cacheExpiration": "disabled"` in the configuration.

git-svn-id: https://svn.forgerock.org/openig/trunk@694 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 707ab045   Updated doc with new log samples ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@690 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 397990d0   OPENIG-320 CR-5181 Rename KeyStore 'file' option to 'url' ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@687 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    matthew
     

06 Nov, 2014

1 commit

03 Nov, 2014

1 commit

30 Oct, 2014

2 commits

29 Oct, 2014

1 commit

  • 6f011d88   OPENIG-358 (CR-5060) Improve generated names for inline object declarations ... Browse Dir » 
    Although the JSON pointer is sufficient to guarantee unicity of a name
within the scope of a heap, it makes it hard for reader to link that name
to the configuration object they provided.

This patch supports both improvements:
* if a `name` attribute is provided in the declaration, use it as-is
* if not, prepend the `type` attribute value to the pointer String to help identification

This patch also updates the logs samples provided in the documentation.

git-svn-id: https://svn.forgerock.org/openig/trunk@666 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

28 Oct, 2014

1 commit

24 Oct, 2014

1 commit

  • 4e05621d   Fix typo ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@664 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    mark
     

23 Oct, 2014

2 commits

25 Sep, 2014

4 commits

24 Sep, 2014

1 commit

  • 813162fa   CR-4641 OPENIG-317: Update documentation to use inlined objects ... Browse Dir » 
    This patch addresses three issues:
OPENIG-313: Instead of labelling reference values as strings, call them references
OPENIG-317: Update documentation to use inlined objects
OPENIG-327: Update documentation to reflect that empty "config" fields are now optional

There remains some work for OPENIG-313, however.
This commit only resolves OPENIG-317 & OPENIG-327.

git-svn-id: https://svn.forgerock.org/openig/trunk@592 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    mark
     

23 Sep, 2014

4 commits