diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java index a6dd254e8..8e1b1f89c 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java @@ -30,6 +30,12 @@ import com.google.gson.JsonSerializationContext; import com.google.gson.JsonSerializer; /** + * + * Abstract superclass for client entity view, used with the ClientApi. + * + * @see ClientEntityViewForUsers + * @see ClientEntityViewForAdmins + * * @author jricher * */ diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java index 5c991d6bd..8ec49f70a 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java @@ -7,6 +7,7 @@ import java.io.IOException; import java.io.Writer; import java.lang.reflect.Type; import java.util.Map; +import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -21,6 +22,7 @@ import org.springframework.stereotype.Component; import org.springframework.validation.BeanPropertyBindingResult; import org.springframework.web.servlet.view.AbstractView; +import com.google.common.collect.ImmutableSet; import com.google.gson.ExclusionStrategy; import com.google.gson.FieldAttributes; import com.google.gson.Gson; @@ -31,6 +33,8 @@ import com.google.gson.JsonSerializationContext; import com.google.gson.JsonSerializer; /** + * + * View bean for full view of client entity, for admins. * * @see ClientEntityViewForUsers * @author jricher @@ -39,6 +43,8 @@ import com.google.gson.JsonSerializer; @Component("clientEntityViewAdmins") public class ClientEntityViewForAdmins extends AbstractClientEntityView { + private Set blacklistedFields = ImmutableSet.of("additionalProperties"); + /** * @return */ @@ -46,7 +52,7 @@ public class ClientEntityViewForAdmins extends AbstractClientEntityView { return new ExclusionStrategy() { public boolean shouldSkipField(FieldAttributes f) { - if (f.getName().equals("additionalProperties")) { + if (blacklistedFields.contains(f.getName())) { return true; } else { return false; diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java index 3e2eb5c19..a7f1099a5 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java @@ -7,6 +7,7 @@ import java.io.IOException; import java.io.Writer; import java.lang.reflect.Type; import java.util.Map; +import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -21,6 +22,7 @@ import org.springframework.stereotype.Component; import org.springframework.validation.BeanPropertyBindingResult; import org.springframework.web.servlet.view.AbstractView; +import com.google.common.collect.ImmutableSet; import com.google.gson.ExclusionStrategy; import com.google.gson.FieldAttributes; import com.google.gson.Gson; @@ -32,6 +34,9 @@ import com.google.gson.JsonSerializer; /** * + * View bean for field-limited view of client entity, for regular users. + * + * @see AbstractClientEntityView * @see ClientEntityViewForAdmins * @author jricher * @@ -39,6 +44,8 @@ import com.google.gson.JsonSerializer; @Component("clientEntityViewUsers") public class ClientEntityViewForUsers extends AbstractClientEntityView { + private Set whitelistedFields = ImmutableSet.of("clientName", "clientId", "id", "clientDescription", "scope", "logoUri"); + /* (non-Javadoc) * @see org.mitre.openid.connect.view.AbstractClientEntityView#getExclusionStrategy() */ @@ -48,12 +55,7 @@ public class ClientEntityViewForUsers extends AbstractClientEntityView { public boolean shouldSkipField(FieldAttributes f) { // whitelist the handful of fields that are good - if (f.getName().equals("clientName") || - f.getName().equals("clientId") || - f.getName().equals("id") || - f.getName().equals("clientDescription") || - f.getName().equals("scope")) { - + if (whitelistedFields.contains(f.getName())) { return false; } else { return true;